{ config, lib, pkgs, ... }: with lib; let cfg = config.services.gnunet; homeDir = "/var/lib/gnunet"; configFile = with cfg; pkgs.writeText "gnunetd.conf" '' [PATHS] SUID_BINARY_PATH = ${config.security.wrapperDir} [ARM] START_SYSTEM_SERVICES = YES START_USER_SERVICES = NO [DNS] BINARY = ${config.security.wrapperDir}/gnunet-service-dns ${extraOptions} ''; in { ###### interface options = { services.gnunet = { enable = mkOption { default = false; description = '' Whether to run the GNUnet daemon. GNUnet is GNU's anonymous peer-to-peer communication and file sharing framework. ''; }; package = mkOption { type = types.package; default = pkgs.gnunet; defaultText = "pkgs.gnunet"; description = "Overridable attribute of the gnunet package to use."; example = literalExample "pkgs.gnunet_git"; }; nsswitch = mkOption { default = false; description = '' Whether to use the GNU Name System for name resolution by enabling the NSS module in nsswitch.conf ''; }; extraOptions = mkOption { default = ""; description = '' Additional options that will be copied verbatim in `gnunet.conf'. See `gnunet.conf(5)' for details. ''; }; }; }; ###### implementation config = mkIf config.services.gnunet.enable { users.users.gnunet = { group = "gnunet"; description = "GNUnet User"; home = homeDir; createHome = true; uid = config.ids.uids.gnunet; shell = pkgs.bashInteractive; }; users.groups = { gnunet = { gid = config.ids.gids.gnunet; }; gnunetdns = { }; }; # The user tools that talk to `gnunetd' should come from the same source, # so install them globally. environment.systemPackages = [ cfg.package ]; networking.firewall.allowedTCPPorts = [ 2086 ]; networking.firewall.allowedUDPPorts = [ 2086 ]; security.wrappers = { gnunet-helper-vpn = { source = "${cfg.package}/lib/gnunet/libexec/gnunet-helper-vpn"; setuid = true; owner = "root"; group = "gnunet"; permissions = "u+rwx,g+rx"; }; gnunet-helper-exit = { source = "${cfg.package}/lib/gnunet/libexec/gnunet-helper-exit"; setuid = true; owner = "root"; group = "gnunet"; permissions = "u+rwx,g+rx"; }; gnunet-helper-nat-client = { source = "${cfg.package}/lib/gnunet/libexec/gnunet-helper-nat-client"; setuid = true; owner = "root"; group = "gnunet"; permissions = "u+rwx,g+rx"; }; gnunet-helper-nat-server = { source = "${cfg.package}/lib/gnunet/libexec/gnunet-helper-nat-server"; setuid = true; owner = "root"; group = "gnunet"; permissions = "u+rwx,g+rx"; }; gnunet-helper-dns = { source = "${cfg.package}/lib/gnunet/libexec/gnunet-helper-dns"; setuid = true; owner = "root"; group = "gnunetdns"; permissions = "u+rwx,g+rx"; }; gnunet-service-dns = { source = "${cfg.package}/lib/gnunet/libexec/gnunet-service-dns"; setgid = true; owner = "gnunet"; group = "gnunetdns"; permissions = "u+rwx,g+rx"; }; }; system.nssModules = optional cfg.nsswitch cfg.package; #environment.extraInit = '' # export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:${config.system.nssModules.path} #''; systemd.services.gnunet-system = { description = "GNUnet system services"; after = [ "network-online.target" ]; wantedBy = [ "multi-user.target" ]; path = [ cfg.package pkgs.miniupnpc ]; environment.TMPDIR = "/tmp"; serviceConfig.ExecStart = "${cfg.package}/lib/gnunet/libexec/gnunet-service-arm -c ${configFile}"; serviceConfig.ExecStop = "${cfg.package}/bin/gnunet-arm -c ${configFile} -e"; serviceConfig.User = "gnunet"; serviceConfig.Group = "gnunet"; #serviceConfig.UMask = "0007"; serviceConfig.WorkingDirectory = homeDir; }; systemd.user.services.gnunet-user = { description = "GNUnet user services"; after = [ "gnunet-system.service" ]; wantedBy = [ "default.target" ]; environment.TMPDIR = "/tmp"; serviceConfig.ExecStart = "${cfg.package}/lib/gnunet/libexec/gnunet-service-arm"; serviceConfig.ExecStop = "${cfg.package}/bin/gnunet-arm -e"; }; }; }