NNCP: Difference between revisions
imported>Ehmry Add store path importing example |
m Fix typo, update status of caller and daemon services. |
||
| Line 16: | Line 16: | ||
$ nncp-cfgnew -nocomments > /etc/secrets/nncp.hjson | $ nncp-cfgnew -nocomments > /etc/secrets/nncp.hjson | ||
</syntaxhighlight> | </syntaxhighlight> | ||
This | This generated file should be stripped down to include only the <code>self</code> and <code>neigh</code> sections: | ||
<pre> | <pre> | ||
| Line 88: | Line 88: | ||
== Callers and Daemons == | == Callers and Daemons == | ||
The NNCP caller and daemon can be enabled for NixOS using the options <code>services.nncp.caller</code> and <code>services.nncp.daemon</code>. | |||
<syntaxhighlight lang="nix"> | |||
{ | |||
services.nncp = let | |||
attrs = { | |||
enable = true; | |||
extraArgs = [ "-autotoss" ]; | |||
}; | |||
in { | |||
caller = attrs; | |||
daemon = attrs; | |||
}; | |||
} | |||
</syntaxhighlight> | |||
== Remote command execution == | == Remote command execution == | ||
Revision as of 08:48, 29 April 2025
NNCP (Node to Node copy) is a collection of utilities simplifying secure store-and-forward files, mail and command exchanging.
These utilities are intended to help build up small size (dozens of nodes) ad-hoc friend-to-friend (F2F) statically routed darknet delay-tolerant networks for fire-and-forget secure reliable files, file requests, Internet mail and commands transmission. All packets are integrity checked, end-to-end encrypted, explicitly authenticated by known participants public keys. Onion encryption is applied to relayed packets. Each node acts both as a client and server, can use push and poll behaviour model. Also there is multicasting areas support.
Out-of-box offline sneakernet/floppynet, dead drops, sequential and append-only CD-ROM/tape storages, air-gapped computers support. But online TCP daemon with full-duplex resumable data transmission exists.
Configuration
NNCP can be installed and configured manually or via NixOS configuration.
In any case the first step is to generate a configuration file.
$ nncp-cfgnew -nocomments > /etc/secrets/nncp.hjson
This generated file should be stripped down to include only the self and neigh sections:
{
self: {
# DO NOT show anyone your private keys!!!
id: HFTEI…SITTA
exchpub: RG2SF…7JEYA
exchprv: 4YAON…LWCMA
signpub: ASKTA…EFVSQ
signprv: Z6Q4R…SC2ZI
noiseprv: ACJVW…7G7NA
noisepub: J2W5C…SZM6Q
}
neigh: {
self: {
id: HFTEI…SITTA
exchpub: RG2SF…7JEYA
signpub: ASKTA…EFVSQ
noisepub: J2W5C…SZM6Q
}
}
}
The location of this file should be defined in your NixOS configuration at programs.nncp.secrets:
{
programs.nncp = {
enable = true;
secrets = [ "/etc/secrets/nncp.hjson" ];
};
}
In this example the secret keys are stored outside the Nix store an we will add public keys for neighboring nodes in the NixOS configuration.
{
programs.nncp = {
enable = true;
secrets = [ "/etc/secrets/nncp.hjson" ];
neigh = {
alice = {
# information that Alice has given us about her "self".
id = "D6BOO…YTYWQ";
exchpub = "V4WJ6…4VA3Q";
signpub = "NZLTN…HCGOA";
noisepub = "UNL2J…7FRDA";
# We can connect directly to Alice over network.
addr = {
lan = "[fe80::1234%igb0]:5400";
internet = "alice.com:3389";
proxied = "|ssh remote.host nncp-daemon -ucspi";
};
};
bob = {
# information that Bob has given us about his "self".
id = "3I3HC…F4P4Q";
exchpub = "7VJN7…BWUTQ";
signpub = "E6XSC…5VYRA";
noisepub = "TAKXG…Z6MZQ";
# We cannoct connect to Bob but be can relay packets to him thru Alice.
via = [ "alice" ];
};
};
};
}
Callers and Daemons
The NNCP caller and daemon can be enabled for NixOS using the options services.nncp.caller and services.nncp.daemon.
{
services.nncp = let
attrs = {
enable = true;
extraArgs = [ "-autotoss" ];
};
in {
caller = attrs;
daemon = attrs;
};
}
Remote command execution
Store path importing
NNCP config:
{
programs.nncp.settings.neigh.${NODE}.exec.nix-store-import = "nix-store --import";
}
Export command:
$ nix-store --export ./result | nncp-exec "$NODE" nix-store-import