diff --git a/nixos/modules/gnunet.nix b/nixos/modules/gnunet.nix new file mode 100644 index 0000000..01f7c3f --- /dev/null +++ b/nixos/modules/gnunet.nix @@ -0,0 +1,155 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + cfg = config.services.gnunet; + + homeDir = "/var/lib/gnunet"; + + configFile = with cfg; pkgs.writeText "gnunetd.conf" + '' + [PATHS] + SERVICEHOME = ${homeDir} + + [ARM] + START_SYSTEM_SERVICES = YES + START_USER_SERVICES = NO + + [DNS] + HELPER_PATH = ${config.security.wrapperDir}/ + BINARY = ${config.security.wrapperDir}/gnunet-service-dns + + [EXIT] + HELPER_PATH = ${config.security.wrapperDir}/ + + [NAT] + HELPER_PATH = ${config.security.wrapperDir}/ + + [VPN] + HELPER_PATH = ${config.security.wrapperDir}/ + + ${extraOptions} + ''; + +in + +{ + + ###### interface + + options = { + + services.gnunet = { + + enable = mkOption { + default = false; + description = '' + Whether to run the GNUnet daemon. GNUnet is GNU's anonymous + peer-to-peer communication and file sharing framework. + ''; + }; + + package = mkOption { + type = types.package; + default = pkgs.gnunet; + defaultText = "pkgs.gnunet"; + description = "Overridable attribute of the gnunet package to use."; + example = literalExample "pkgs.gnunet_git"; + }; + + extraOptions = mkOption { + default = ""; + description = '' + Additional options that will be copied verbatim in `gnunet.conf'. + See `gnunet.conf(5)' for details. + ''; + }; + }; + + }; + + + ###### implementation + + config = mkIf config.services.gnunet.enable { + + users.users.gnunet = { + group = "gnunet"; + description = "GNUnet User"; + home = homeDir; + createHome = true; + uid = config.ids.uids.gnunet; + }; + + users.groups = { + gnunet = { gid = config.ids.gids.gnunet; }; + gnunetdns = { }; + }; + + # The user tools that talk to `gnunetd' should come from the same source, + # so install them globally. + environment.systemPackages = [ cfg.package ]; + + security.wrappers = { + gnunet-helper-vpn = { + source = "${cfg.package}/lib/gnunet/libexec/gnunet-helper-vpn"; + setuid = true; + owner = "root"; + group = "gnunet"; + permissions = "u+rwx,g+rx"; + }; + gnunet-helper-exit = { + source = "${cfg.package}/lib/gnunet/libexec/gnunet-helper-exit"; + setuid = true; + owner = "root"; + group = "gnunet"; + permissions = "u+rwx,g+rx"; + }; + gnunet-helper-nat-client = { + source = "${cfg.package}/lib/gnunet/libexec/gnunet-helper-nat-client"; + setuid = true; + owner = "root"; + group = "gnunet"; + permissions = "u+rwx,g+rx"; + }; + gnunet-helper-nat-server = { + source = "${cfg.package}/lib/gnunet/libexec/gnunet-helper-nat-server"; + setuid = true; + owner = "root"; + group = "gnunet"; + permissions = "u+rwx,g+rx"; + }; + gnunet-helper-dns = { + source = "${cfg.package}/lib/gnunet/libexec/gnunet-helper-dns"; + setuid = true; + owner = "root"; + group = "gnunetdns"; + permissions = "u+rwx,g+rx"; + }; + gnunet-service-dns = { + source = "${cfg.package}/lib/gnunet/libexec/gnunet-service-dns"; + setgid = true; + owner = "gnunet"; + group = "gnunetdns"; + permissions = "u+rwx,g+rx"; + }; + }; + + systemd.services.gnunet = { + description = "GNUnet"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + path = [ cfg.package pkgs.miniupnpc ]; + environment.TMPDIR = "/tmp"; + serviceConfig.ExecStart = "${cfg.package}/lib/gnunet/libexec/gnunet-service-arm -c ${configFile}"; + serviceConfig.User = "gnunet"; + serviceConfig.Group = "gnunet"; + #serviceConfig.UMask = "0007"; + serviceConfig.WorkingDirectory = homeDir; + }; + + }; + +}