diff --git a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
index 0b01c4e08847..abb176196135 100644
--- a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
+++ b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
@@ -1660,6 +1660,12 @@
+
+
+ The programs.nncp options were added for
+ generating host-global NNCP configuration.
+
+
diff --git a/nixos/doc/manual/release-notes/rl-2205.section.md b/nixos/doc/manual/release-notes/rl-2205.section.md
index 5b93b644eea9..909b6cd8b7ba 100644
--- a/nixos/doc/manual/release-notes/rl-2205.section.md
+++ b/nixos/doc/manual/release-notes/rl-2205.section.md
@@ -587,4 +587,6 @@ In addition to numerous new and upgraded packages, this release has the followin
- Testing has been enabled for `aarch64-linux` in addition to `x86_64-linux`.
- The `spark3` package is now usable on `aarch64-darwin` as a result of [#158613](https://github.com/NixOS/nixpkgs/pull/158613) and [#158992](https://github.com/NixOS/nixpkgs/pull/158992).
+- The `programs.nncp` options were added for generating host-global NNCP configuration.
+
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index 93172aa08246..a4c389e69373 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -184,6 +184,7 @@
./programs/nix-ld.nix
./programs/neovim.nix
./programs/nm-applet.nix
+ ./programs/nncp.nix
./programs/npm.nix
./programs/noisetorch.nix
./programs/oblogout.nix
diff --git a/nixos/modules/programs/nncp.nix b/nixos/modules/programs/nncp.nix
new file mode 100644
index 000000000000..29a703eadf10
--- /dev/null
+++ b/nixos/modules/programs/nncp.nix
@@ -0,0 +1,101 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+ nncpCfgFile = "/run/nncp.hjson";
+ programCfg = config.programs.nncp;
+ settingsFormat = pkgs.formats.json { };
+ jsonCfgFile = settingsFormat.generate "nncp.json" programCfg.settings;
+ pkg = programCfg.package;
+in {
+ options.programs.nncp = {
+
+ enable =
+ mkEnableOption "NNCP (Node to Node copy) utilities and configuration";
+
+ group = mkOption {
+ type = types.str;
+ default = "uucp";
+ description = ''
+ The group under which NNCP files shall be owned.
+ Any member of this group may access the secret keys
+ of this NNCP node.
+ '';
+ };
+
+ package = mkOption {
+ type = types.package;
+ default = pkgs.nncp;
+ defaultText = literalExpression "pkgs.nncp";
+ description = "The NNCP package to use system-wide.";
+ };
+
+ secrets = mkOption {
+ type = with types; listOf str;
+ example = [ "/run/keys/nncp.hjson" ];
+ description = ''
+ A list of paths to NNCP configuration files that should not be
+ in the Nix store. These files are layered on top of the values at
+ .
+ '';
+ };
+
+ settings = mkOption {
+ type = settingsFormat.type;
+ description = ''
+ NNCP configuration, see
+ .
+ At runtime these settings will be overlayed by the contents of
+ into the file
+ ${nncpCfgFile}. Node keypairs go in
+ secrets, do not specify them in
+ settings as they will be leaked into
+ /nix/store!
+ '';
+ default = { };
+ };
+
+ };
+
+ config = mkIf programCfg.enable {
+
+ environment = {
+ systemPackages = [ pkg ];
+ etc."nncp.hjson".source = nncpCfgFile;
+ };
+
+ programs.nncp.settings = {
+ spool = mkDefault "/var/spool/nncp";
+ log = mkDefault "/var/spool/nncp/log";
+ };
+
+ systemd.tmpfiles.rules = [
+ "d ${programCfg.settings.spool} 0770 root ${programCfg.group}"
+ "f ${programCfg.settings.log} 0770 root ${programCfg.group}"
+ ];
+
+ systemd.services.nncp-config = {
+ path = [ pkg ];
+ description = "Generate NNCP configuration";
+ wantedBy = [ "basic.target" ];
+ serviceConfig.Type = "oneshot";
+ script = ''
+ umask u=rw
+ nncpCfgDir=$(mktemp --directory nncp.XXX)
+ for f in ${jsonCfgFile} ${toString config.programs.nncp.secrets}; do
+ tmpdir=$(mktemp --directory nncp.XXX)
+ nncp-cfgdir -cfg $f -dump $tmpdir
+ find $tmpdir -size 1c -delete
+ cp -a $tmpdir/* $nncpCfgDir/
+ rm -rf $tmpdir
+ done
+ nncp-cfgdir -load $nncpCfgDir > ${nncpCfgFile}
+ rm -rf $nncpCfgDir
+ chgrp ${programCfg.group} ${nncpCfgFile}
+ chmod g+r ${nncpCfgFile}
+ '';
+ };
+ };
+
+ meta.maintainers = with lib.maintainers; [ ehmry ];
+}