add gnunet service

nixos/modules/gnunet.nix

@@ -0,0 +1,155 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+
+  cfg = config.services.gnunet;
+
+  homeDir = "/var/lib/gnunet";
+
+  configFile = with cfg; pkgs.writeText "gnunetd.conf"
+    ''
+      [PATHS]
+      SERVICEHOME = ${homeDir}
+
+      [ARM]
+      START_SYSTEM_SERVICES = YES
+      START_USER_SERVICES = NO
+
+      [DNS]
+      HELPER_PATH = ${config.security.wrapperDir}/
+      BINARY = ${config.security.wrapperDir}/gnunet-service-dns
+
+      [EXIT]
+      HELPER_PATH = ${config.security.wrapperDir}/
+
+      [NAT]
+      HELPER_PATH = ${config.security.wrapperDir}/
+
+      [VPN]
+      HELPER_PATH = ${config.security.wrapperDir}/
+
+      ${extraOptions}
+    '';
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.gnunet = {
+
+      enable = mkOption {
+        default = false;
+        description = ''
+          Whether to run the GNUnet daemon.  GNUnet is GNU's anonymous
+          peer-to-peer communication and file sharing framework.
+        '';
+      };
+
+      package = mkOption {
+        type = types.package;
+        default = pkgs.gnunet;
+        defaultText = "pkgs.gnunet";
+        description = "Overridable attribute of the gnunet package to use.";
+        example = literalExample "pkgs.gnunet_git";
+      };
+
+      extraOptions = mkOption {
+        default = "";
+        description = ''
+          Additional options that will be copied verbatim in `gnunet.conf'.
+          See `gnunet.conf(5)' for details.
+        '';
+      };
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.services.gnunet.enable {
+
+    users.users.gnunet = {
+      group = "gnunet";
+      description = "GNUnet User";
+      home = homeDir;
+      createHome = true; 
+      uid = config.ids.uids.gnunet;
+    };
+
+    users.groups = {
+      gnunet = { gid = config.ids.gids.gnunet; };
+      gnunetdns = { };
+    };
+
+    # The user tools that talk to `gnunetd' should come from the same source,
+    # so install them globally.
+    environment.systemPackages = [ cfg.package ];
+
+    security.wrappers = {
+      gnunet-helper-vpn = {
+        source = "${cfg.package}/lib/gnunet/libexec/gnunet-helper-vpn";
+        setuid = true;
+        owner = "root";
+        group = "gnunet";
+        permissions = "u+rwx,g+rx";
+      };
+      gnunet-helper-exit = {
+        source = "${cfg.package}/lib/gnunet/libexec/gnunet-helper-exit";
+        setuid = true;
+        owner = "root";
+        group = "gnunet";
+        permissions = "u+rwx,g+rx";
+      };
+      gnunet-helper-nat-client = {
+        source = "${cfg.package}/lib/gnunet/libexec/gnunet-helper-nat-client";
+        setuid = true;
+        owner = "root";
+        group = "gnunet";
+        permissions = "u+rwx,g+rx";
+      };
+      gnunet-helper-nat-server = {
+        source = "${cfg.package}/lib/gnunet/libexec/gnunet-helper-nat-server";
+        setuid = true;
+        owner = "root";
+        group = "gnunet";
+        permissions = "u+rwx,g+rx";
+      };
+      gnunet-helper-dns = {
+        source = "${cfg.package}/lib/gnunet/libexec/gnunet-helper-dns";
+        setuid = true;
+        owner = "root";
+        group = "gnunetdns";
+        permissions = "u+rwx,g+rx";
+      };
+      gnunet-service-dns = {
+        source = "${cfg.package}/lib/gnunet/libexec/gnunet-service-dns";
+        setgid = true;
+        owner = "gnunet";
+        group = "gnunetdns";
+        permissions = "u+rwx,g+rx";
+      };
+    };
+
+    systemd.services.gnunet = {
+      description = "GNUnet";
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+      path = [ cfg.package pkgs.miniupnpc ];
+      environment.TMPDIR = "/tmp";
+      serviceConfig.ExecStart = "${cfg.package}/lib/gnunet/libexec/gnunet-service-arm -c ${configFile}";
+      serviceConfig.User = "gnunet";
+      serviceConfig.Group = "gnunet";
+      #serviceConfig.UMask = "0007";
+      serviceConfig.WorkingDirectory = homeDir;
+    };
+
+  };
+
+}