NNCP: Difference between revisions

Revision as of 08:57, 29 April 2025

NNCP (Node to Node copy) is a collection of utilities simplifying secure store-and-forward files, mail and command exchanging.
These utilities are intended to help build up small size (dozens of nodes) ad-hoc friend-to-friend (F2F) statically routed darknet delay-tolerant networks for fire-and-forget secure reliable files, file requests, Internet mail and commands transmission. All packets are integrity checked, end-to-end encrypted, explicitly authenticated by known participants public keys. Onion encryption is applied to relayed packets. Each node acts both as a client and server, can use push and poll behaviour model. Also there is multicasting areas support.
Out-of-box offline sneakernet/floppynet, dead drops, sequential and append-only CD-ROM/tape storages, air-gapped computers support. But online TCP daemon with full-duplex resumable data transmission exists.

http://www.nncpgo.org/

Configuration

NNCP can be installed and configured manually or via NixOS configuration.

In any case the first step is to generate a configuration file.

$ nncp-cfgnew -nocomments > /etc/secrets/nncp.hjson

This generated file should be stripped down to include only the self and neigh sections:

{
  self: {
    # DO NOT show anyone your private keys!!!
    id: HFTEI…SITTA
    exchpub: RG2SF…7JEYA
    exchprv: 4YAON…LWCMA
    signpub: ASKTA…EFVSQ
    signprv: Z6Q4R…SC2ZI
    noiseprv: ACJVW…7G7NA
    noisepub: J2W5C…SZM6Q
  }
  neigh: {
    self: {
      id: HFTEI…SITTA
      exchpub: RG2SF…7JEYA
      signpub: ASKTA…EFVSQ
      noisepub: J2W5C…SZM6Q
    }
  }
}

The location of this file should be defined in your NixOS configuration at programs.nncp.secrets:

{
  programs.nncp = {
    enable = true;
    secrets = [ "/etc/secrets/nncp.hjson" ];
  };
}

In this example the secret keys are stored outside the Nix store an we will add public keys for neighboring nodes in the NixOS configuration.

{
  programs.nncp = {
    enable = true;
    secrets = [ "/etc/secrets/nncp.hjson" ];
    neigh = {
      alice = {
        # information that Alice has given us about her "self".
        id = "D6BOO…YTYWQ";
        exchpub = "V4WJ6…4VA3Q";
        signpub = "NZLTN…HCGOA";
        noisepub = "UNL2J…7FRDA";
        # We can connect directly to Alice over network.
        addr = {
          lan = "[fe80::1234%igb0]:5400";
          internet = "alice.com:3389";
          proxied = "|ssh remote.host nncp-daemon -ucspi";
        };
      };
      bob = {
        # information that Bob has given us about his "self".
        id = "3I3HC…F4P4Q";
        exchpub = "7VJN7…BWUTQ";
        signpub = "E6XSC…5VYRA";
        noisepub = "TAKXG…Z6MZQ";
        # We cannoct connect to Bob but be can relay packets to him thru Alice.
        via = [ "alice" ];
      };
    };
  };
}

Callers and Daemons

The NNCP caller and daemon can be enabled for NixOS using the options services.nncp.caller and services.nncp.daemon.

{
  services.nncp = let
    attrs = {
      enable = true;
      extraArgs = [ "-autotoss" ];
    };
  in {
    caller = attrs;
    daemon = attrs;
  };
}

Remote command execution

Store path importing

NNCP config:

{
  programs.nncp.settings.neigh.${NODE}.exec.nix-store-import = "nix-store --import";
}

Export command:

$ nix-store --export ./result | nncp-exec "$NODE" nix-store-import

Receiving Email

# NixOS module that allows Bob and Carol to send email to Alice.
#
let
  mailer.exec.sendmail = [
    "/run/wrappers/bin/sendmail" # Use the system `sendmail`.
    "alice"                      # Redirect all messages to the `alice` user.
  ];
in
{
  programs.nncp.settings.neigh = {
    bob = mailer;
    carol = mailer;
  };
}