diff --git a/nixos/modules/gnunet.nix b/nixos/modules/gnunet/default.nix similarity index 81% rename from nixos/modules/gnunet.nix rename to nixos/modules/gnunet/default.nix index 01f7c3f..9203876 100644 --- a/nixos/modules/gnunet.nix +++ b/nixos/modules/gnunet/default.nix @@ -12,23 +12,21 @@ let '' [PATHS] SERVICEHOME = ${homeDir} + SUID_BINARY_PATH = ${config.security.wrapperDir} [ARM] START_SYSTEM_SERVICES = YES START_USER_SERVICES = NO [DNS] - HELPER_PATH = ${config.security.wrapperDir}/ + #HELPER_PATH = ${config.security.wrapperDir}/ BINARY = ${config.security.wrapperDir}/gnunet-service-dns - [EXIT] - HELPER_PATH = ${config.security.wrapperDir}/ + #[EXIT] + #HELPER_PATH = ${config.security.wrapperDir}/ - [NAT] - HELPER_PATH = ${config.security.wrapperDir}/ - - [VPN] - HELPER_PATH = ${config.security.wrapperDir}/ + #[VPN] + #HELPER_PATH = ${config.security.wrapperDir}/ ${extraOptions} ''; @@ -59,6 +57,14 @@ in example = literalExample "pkgs.gnunet_git"; }; + nsswitch = mkOption { + default = false; + description = '' + Whether to use the GNU Name System for name resolution by enabling + the NSS module in nsswitch.conf + ''; + }; + extraOptions = mkOption { default = ""; description = '' @@ -81,6 +87,7 @@ in home = homeDir; createHome = true; uid = config.ids.uids.gnunet; + shell = pkgs.bashInteractive; }; users.groups = { @@ -137,13 +144,20 @@ in }; }; + system.nssModules = optional cfg.nsswitch cfg.package; + + #environment.extraInit = '' + # export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:${config.system.nssModules.path} + #''; + systemd.services.gnunet = { description = "GNUnet"; - after = [ "network.target" ]; + after = [ "network-online.target" ]; wantedBy = [ "multi-user.target" ]; path = [ cfg.package pkgs.miniupnpc ]; environment.TMPDIR = "/tmp"; serviceConfig.ExecStart = "${cfg.package}/lib/gnunet/libexec/gnunet-service-arm -c ${configFile}"; + serviceConfig.ExecStop = "${cfg.package}/bin/gnunet-arm -c ${configFile} -e"; serviceConfig.User = "gnunet"; serviceConfig.Group = "gnunet"; #serviceConfig.UMask = "0007"; diff --git a/pkgs/gnunet/default.nix b/pkgs/gnunet/default.nix index 8b6985d..b7350a8 100644 --- a/pkgs/gnunet/default.nix +++ b/pkgs/gnunet/default.nix @@ -1,9 +1,8 @@ { stdenv, fetchgit, libtool, pkgconfig, autoconf, automake, gettext, libgcrypt , libidn2, zlib, libunistring, glpk, miniupnpc, libextractor, jansson, libgnurl , sqlite, postgresql, mariadb, libmicrohttpd, iptables, nettools, gnutls -, unbound, coreutils, file, python3, texinfo -, makeWrapper -, withVerbose ? true +, unbound, coreutils, file, python3, texinfo, procps, iproute +, withVerbose ? false , withDocumentation ? false , withSqlite ? true , withPostgres ? false @@ -12,17 +11,18 @@ with stdenv.lib; let - rev = "b0b7de092d65d189baff2201eaa913861ef12223"; + rev = "93cb4a4f1ddecdd1d4a727dea07a53b19a5c3421"; in stdenv.mkDerivation rec { name = "gnunet-${rev}"; - src = fetchgit { - #url = https://gnunet.org/git/gnunet.git; - url = https://ulrich.earth/code/gnunet; - inherit rev; - sha256 = "1qgqw0gl3zwpl2pzdgfl6wdzsw5ild4qldf1cvfki7s3hki3myyf"; - }; + src = /home/christian/projects/gnunet-dev; + #src = fetchgit { + # #url = https://gnunet.org/git/gnunet.git; + # url = https://ulrich.earth/code/gnunet; + # inherit rev; + # sha256 = "1qgqw0gl3zwpl2pzdgfl6wdzsw5ild4qldf1cvfki7s3hki3myyf"; + #}; phases = [ "unpackPhase" "preConfigure" "configurePhase" "buildPhase" "installPhase" @@ -34,40 +34,50 @@ stdenv.mkDerivation rec { #doCheck = true; nativeBuildInputs = [ - makeWrapper libtool pkgconfig autoconf automake gettext coreutils file - python3 + libtool pkgconfig autoconf automake gettext coreutils file python3 ] ++ optional withDocumentation texinfo; - buildInputs = [ + propagatedBuildInputs = [ libgcrypt libidn2 zlib libunistring glpk miniupnpc libextractor jansson - libgnurl libmicrohttpd iptables nettools gnutls unbound + libgnurl libmicrohttpd iptables nettools gnutls unbound procps iproute ] ++ optional withSqlite sqlite ++ optional withPostgres postgresql ++ optional withMariadb mariadb; configureFlags = - optional withVerbose "--enable-logging=verbose" + [ "--enable-logging=verbose" ] ++ optional (!withDocumentation) "--disable-documentation"; + NIX_CFLAGS_COMPILE = "-g -Wall -O0"; + preConfigure = '' - substituteInPlace configure.ac --replace "/usr/sbin/iptables" "iptables" - substituteInPlace configure.ac --replace "/sbin/ifconfig" "ifconfig" + #substituteInPlace configure.ac --replace "/usr/sbin/iptables" "${iptables}/bin/iptables" + #substituteInPlace configure.ac --replace "/sbin/ifconfig" "ifconfig" sh bootstrap - substituteInPlace configure --replace "/usr/bin/file" "file" - substituteInPlace configure --replace "/usr/bin/objformat" "objformat" + #substituteInPlace configure --replace "/usr/bin/file" "file" + #substituteInPlace configure --replace "/usr/bin/objformat" "objformat" + substituteInPlace src/dns/gnunet-helper-dns.c --replace '"/sbin/iptables"' '"${iptables}/bin/iptables"' + substituteInPlace src/dns/gnunet-helper-dns.c --replace '"/sbin/ip6tables"' '"${iptables}/bin/ip6tables"' + substituteInPlace src/dns/gnunet-helper-dns.c --replace '"/sbin/ip"' '"${iproute}/bin/ip"' + substituteInPlace src/dns/gnunet-helper-dns.c --replace '"/sbin/sysctl"' '"${procps}/bin/sysctl"' + ''; + + postInstall = '' + mv $out/lib/gnunet/nss/* $out/lib/ + rmdir $out/lib/gnunet/nss ''; /* FIXME: Tests must be run this way, but there are still a couple of failures. */ - checkPhase = - '' export GNUNET_PREFIX="$out" - export GNUNET_TMP="$TMPDIR" - export PATH="$out/bin:$PATH" - make -k check - ''; + checkPhase = '' + export GNUNET_PREFIX="$out" + export GNUNET_TMP="$TMPDIR" + export PATH="$out/bin:$PATH" + make -k check + ''; meta = with stdenv.lib; { description = "GNUnet, GNU's decentralized anonymous and censorship-resistant P2P framework";