Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

vpn-slice: init at 0.14 #87256

Merged
merged 2 commits into from Aug 24, 2020
Merged

vpn-slice: init at 0.14 #87256

merged 2 commits into from Aug 24, 2020

Conversation

@jdbaldry
Copy link
Contributor

@jdbaldry jdbaldry commented May 8, 2020

As a NixOS beginner, I would appreciate any guidance on the following:

In order to work, vpn-slice edits the systems /etc/hosts file which is read-only by default on NixOS. As the changes are temporary (only needed during operation of the split tunnel), I was happy to add write permissions to the host file using environment.etc.hosts.mode = "0644"; as I feel like it wasn't against the spirit of declarative system configuration.

Would you recommend a different approach?

Motivation for this change

Python tool for convenient configuration of a split tunnel VPN

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.
@Lassulus
Copy link
Contributor

@Lassulus Lassulus commented Aug 23, 2020

hey, sorry for the delay. I guess editing /etc/hosts from a package. I can't think of a better way right now.

@Lassulus
Copy link
Contributor

@Lassulus Lassulus commented Aug 23, 2020

can you split the commit into 2 commits? they should look like this:

maintainers: add jdbaldry
vpn-slice: init at 0.14
jdbaldry added 2 commits Aug 24, 2020
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
Python tool for convenient configuration of a split tunnel VPN

Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
@jdbaldry jdbaldry force-pushed the jdbaldry:master branch from 7fc7c07 to 62b812f Aug 24, 2020
@jdbaldry
Copy link
Contributor Author

@jdbaldry jdbaldry commented Aug 24, 2020

No problem about the delay, nixpkgs is clearly a very active project!

I've split the commit into two as requested. Would you be able to expand on how I might edit the /etc/hosts from the package. I must admit I'm pretty inexperienced with Nixpkgs and NixOS and haven't done anything beyond building basic packages and related overlays.

@Lassulus
Copy link
Contributor

@Lassulus Lassulus commented Aug 24, 2020

Oh there is no special way to modify it, what you have done is a perfectly fine way with setting the mode accordingly. Another way would be maybe to wrap the program to copy the /etc/hosts before running and restoring it after running. But that should not happen generally in the package since nix packages can also be used outside of NixOS

@jdbaldry
Copy link
Contributor Author

@jdbaldry jdbaldry commented Aug 24, 2020

Cool! Thanks for the clarification :)

@Lassulus Lassulus merged commit e23ed2f into NixOS:master Aug 24, 2020
16 checks passed
16 checks passed
Evaluation Performance Report Evaluator Performance Report
Details
grahamcofborg-eval ^.^!
Details
grahamcofborg-eval-check-maintainers matching changed paths to changed attrs...
Details
grahamcofborg-eval-check-meta config.nix: checkMeta = true
Details
grahamcofborg-eval-darwin nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="62b812f"; rev="62b812fbc0864bf03e3fba267eff32f2794cb67a"; } ./pkgs/t
Details
grahamcofborg-eval-lib-tests nix-build --arg pkgs import ./. {} ./lib/tests/release.nix
Details
grahamcofborg-eval-nixos nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="62b812f"; rev="62b812fbc0864bf03e3fba267eff32f2794cb67a"; } ./nixos/
Details
grahamcofborg-eval-nixos-manual nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="62b812f"; rev="62b812fbc0864bf03e3fba267eff32f2794cb67a"; } ./nixos/
Details
grahamcofborg-eval-nixos-options nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="62b812f"; rev="62b812fbc0864bf03e3fba267eff32f2794cb67a"; } ./nixos/
Details
grahamcofborg-eval-nixpkgs-manual nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="62b812f"; rev="62b812fbc0864bf03e3fba267eff32f2794cb67a"; } ./pkgs/t
Details
grahamcofborg-eval-nixpkgs-tarball nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="62b812f"; rev="62b812fbc0864bf03e3fba267eff32f2794cb67a"; } ./pkgs/t
Details
grahamcofborg-eval-nixpkgs-unstable-jobset nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="62b812f"; rev="62b812fbc0864bf03e3fba267eff32f2794cb67a"; } ./pkgs/t
Details
grahamcofborg-eval-package-list nix-env -qa --json --file .
Details
grahamcofborg-eval-package-list-no-aliases nix-env -qa --json --file . --arg config { allowAliases = false; }
Details
vpn-slice, vpn-slice.passthru.tests on aarch64-linux Success
Details
vpn-slice, vpn-slice.passthru.tests on x86_64-linux Success
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

2 participants
You can’t perform that action at this time.