christian
/
nixpkgs-gnunet
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
nixpkgs-gnunet/nixos/modules/gnunet/default.nix

174 lines
4.5 KiB
Nix
Raw Blame History

{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.gnunet;
homeDir = "/var/lib/gnunet";
configFile = with cfg; pkgs.writeText "gnunetd.conf"
''
[PATHS]
SUID_BINARY_PATH = ${config.security.wrapperDir}
[ARM]
START_SYSTEM_SERVICES = YES
START_USER_SERVICES = NO
[DNS]
BINARY = ${config.security.wrapperDir}/gnunet-service-dns
${extraOptions}
'';
in
{
###### interface
options = {
services.gnunet = {
enable = mkOption {
default = false;
description = ''
Whether to run the GNUnet daemon. GNUnet is GNU's anonymous
peer-to-peer communication and file sharing framework.
'';
};
package = mkOption {
type = types.package;
default = pkgs.gnunet;
defaultText = "pkgs.gnunet";
description = "Overridable attribute of the gnunet package to use.";
example = literalExample "pkgs.gnunet_git";
};
nsswitch = mkOption {
default = false;
description = ''
Whether to use the GNU Name System for name resolution by enabling
the NSS module in nsswitch.conf
'';
};
extraOptions = mkOption {
default = "";
description = ''
Additional options that will be copied verbatim in `gnunet.conf'.
See `gnunet.conf(5)' for details.
'';
};
};
};
###### implementation
config = mkIf config.services.gnunet.enable {
users.users.gnunet = {
group = "gnunet";
description = "GNUnet User";
home = homeDir;
createHome = true;
uid = config.ids.uids.gnunet;
shell = pkgs.bashInteractive;
};
users.groups = {
gnunet = { gid = config.ids.gids.gnunet; };
gnunetdns = { };
};
# The user tools that talk to `gnunetd' should come from the same source,
# so install them globally.
environment.systemPackages = [ cfg.package ];
networking.firewall.allowedTCPPorts = [ 2086 ];
networking.firewall.allowedUDPPorts = [ 2086 ];
security.wrappers = {
gnunet-helper-vpn = {
source = "${cfg.package}/lib/gnunet/libexec/gnunet-helper-vpn";
setuid = true;
owner = "root";
group = "gnunet";
permissions = "u+rwx,g+rx";
};
gnunet-helper-exit = {
source = "${cfg.package}/lib/gnunet/libexec/gnunet-helper-exit";
setuid = true;
owner = "root";
group = "gnunet";
permissions = "u+rwx,g+rx";
};
gnunet-helper-nat-client = {
source = "${cfg.package}/lib/gnunet/libexec/gnunet-helper-nat-client";
setuid = true;
owner = "root";
group = "gnunet";
permissions = "u+rwx,g+rx";
};
gnunet-helper-nat-server = {
source = "${cfg.package}/lib/gnunet/libexec/gnunet-helper-nat-server";
setuid = true;
owner = "root";
group = "gnunet";
permissions = "u+rwx,g+rx";
};
gnunet-helper-dns = {
source = "${cfg.package}/lib/gnunet/libexec/gnunet-helper-dns";
setuid = true;
owner = "root";
group = "gnunetdns";
permissions = "u+rwx,g+rx";
};
gnunet-service-dns = {
source = "${cfg.package}/lib/gnunet/libexec/gnunet-service-dns";
setgid = true;
owner = "gnunet";
group = "gnunetdns";
permissions = "u+rwx,g+rx";
};
};
system.nssModules = optional cfg.nsswitch cfg.package;
#environment.extraInit = ''
# export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:${config.system.nssModules.path}
#'';
systemd.services.gnunet-system = {
description = "GNUnet system services";
after = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
path = [ cfg.package pkgs.miniupnpc ];
environment.TMPDIR = "/tmp";
serviceConfig.ExecStart = "${cfg.package}/lib/gnunet/libexec/gnunet-service-arm -c ${configFile}";
serviceConfig.ExecStop = "${cfg.package}/bin/gnunet-arm -c ${configFile} -e";
serviceConfig.User = "gnunet";
serviceConfig.Group = "gnunet";
#serviceConfig.UMask = "0007";
serviceConfig.WorkingDirectory = homeDir;
};
systemd.user.services.gnunet-user = {
description = "GNUnet user services";
after = [ "gnunet-system.service" ];
wantedBy = [ "default.target" ];
environment.TMPDIR = "/tmp";
serviceConfig.ExecStart = "${cfg.package}/lib/gnunet/libexec/gnunet-service-arm";
serviceConfig.ExecStop = "${cfg.package}/bin/gnunet-arm -e";
};
};
}
Reference in New Issue View Git Blame Copy Permalink