add gnunet service
This commit is contained in:
parent
d55b417030
commit
cb0dc2ddf4
|
@ -0,0 +1,155 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
cfg = config.services.gnunet;
|
||||
|
||||
homeDir = "/var/lib/gnunet";
|
||||
|
||||
configFile = with cfg; pkgs.writeText "gnunetd.conf"
|
||||
''
|
||||
[PATHS]
|
||||
SERVICEHOME = ${homeDir}
|
||||
|
||||
[ARM]
|
||||
START_SYSTEM_SERVICES = YES
|
||||
START_USER_SERVICES = NO
|
||||
|
||||
[DNS]
|
||||
HELPER_PATH = ${config.security.wrapperDir}/
|
||||
BINARY = ${config.security.wrapperDir}/gnunet-service-dns
|
||||
|
||||
[EXIT]
|
||||
HELPER_PATH = ${config.security.wrapperDir}/
|
||||
|
||||
[NAT]
|
||||
HELPER_PATH = ${config.security.wrapperDir}/
|
||||
|
||||
[VPN]
|
||||
HELPER_PATH = ${config.security.wrapperDir}/
|
||||
|
||||
${extraOptions}
|
||||
'';
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
|
||||
###### interface
|
||||
|
||||
options = {
|
||||
|
||||
services.gnunet = {
|
||||
|
||||
enable = mkOption {
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to run the GNUnet daemon. GNUnet is GNU's anonymous
|
||||
peer-to-peer communication and file sharing framework.
|
||||
'';
|
||||
};
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.gnunet;
|
||||
defaultText = "pkgs.gnunet";
|
||||
description = "Overridable attribute of the gnunet package to use.";
|
||||
example = literalExample "pkgs.gnunet_git";
|
||||
};
|
||||
|
||||
extraOptions = mkOption {
|
||||
default = "";
|
||||
description = ''
|
||||
Additional options that will be copied verbatim in `gnunet.conf'.
|
||||
See `gnunet.conf(5)' for details.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
|
||||
###### implementation
|
||||
|
||||
config = mkIf config.services.gnunet.enable {
|
||||
|
||||
users.users.gnunet = {
|
||||
group = "gnunet";
|
||||
description = "GNUnet User";
|
||||
home = homeDir;
|
||||
createHome = true;
|
||||
uid = config.ids.uids.gnunet;
|
||||
};
|
||||
|
||||
users.groups = {
|
||||
gnunet = { gid = config.ids.gids.gnunet; };
|
||||
gnunetdns = { };
|
||||
};
|
||||
|
||||
# The user tools that talk to `gnunetd' should come from the same source,
|
||||
# so install them globally.
|
||||
environment.systemPackages = [ cfg.package ];
|
||||
|
||||
security.wrappers = {
|
||||
gnunet-helper-vpn = {
|
||||
source = "${cfg.package}/lib/gnunet/libexec/gnunet-helper-vpn";
|
||||
setuid = true;
|
||||
owner = "root";
|
||||
group = "gnunet";
|
||||
permissions = "u+rwx,g+rx";
|
||||
};
|
||||
gnunet-helper-exit = {
|
||||
source = "${cfg.package}/lib/gnunet/libexec/gnunet-helper-exit";
|
||||
setuid = true;
|
||||
owner = "root";
|
||||
group = "gnunet";
|
||||
permissions = "u+rwx,g+rx";
|
||||
};
|
||||
gnunet-helper-nat-client = {
|
||||
source = "${cfg.package}/lib/gnunet/libexec/gnunet-helper-nat-client";
|
||||
setuid = true;
|
||||
owner = "root";
|
||||
group = "gnunet";
|
||||
permissions = "u+rwx,g+rx";
|
||||
};
|
||||
gnunet-helper-nat-server = {
|
||||
source = "${cfg.package}/lib/gnunet/libexec/gnunet-helper-nat-server";
|
||||
setuid = true;
|
||||
owner = "root";
|
||||
group = "gnunet";
|
||||
permissions = "u+rwx,g+rx";
|
||||
};
|
||||
gnunet-helper-dns = {
|
||||
source = "${cfg.package}/lib/gnunet/libexec/gnunet-helper-dns";
|
||||
setuid = true;
|
||||
owner = "root";
|
||||
group = "gnunetdns";
|
||||
permissions = "u+rwx,g+rx";
|
||||
};
|
||||
gnunet-service-dns = {
|
||||
source = "${cfg.package}/lib/gnunet/libexec/gnunet-service-dns";
|
||||
setgid = true;
|
||||
owner = "gnunet";
|
||||
group = "gnunetdns";
|
||||
permissions = "u+rwx,g+rx";
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.gnunet = {
|
||||
description = "GNUnet";
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
path = [ cfg.package pkgs.miniupnpc ];
|
||||
environment.TMPDIR = "/tmp";
|
||||
serviceConfig.ExecStart = "${cfg.package}/lib/gnunet/libexec/gnunet-service-arm -c ${configFile}";
|
||||
serviceConfig.User = "gnunet";
|
||||
serviceConfig.Group = "gnunet";
|
||||
#serviceConfig.UMask = "0007";
|
||||
serviceConfig.WorkingDirectory = homeDir;
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
}
|
Loading…
Reference in New Issue