nixpkgs-gnunet/nixos/modules/gnunet.nix

156 lines
3.8 KiB
Nix

{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.gnunet;
homeDir = "/var/lib/gnunet";
configFile = with cfg; pkgs.writeText "gnunetd.conf"
''
[PATHS]
SERVICEHOME = ${homeDir}
[ARM]
START_SYSTEM_SERVICES = YES
START_USER_SERVICES = NO
[DNS]
HELPER_PATH = ${config.security.wrapperDir}/
BINARY = ${config.security.wrapperDir}/gnunet-service-dns
[EXIT]
HELPER_PATH = ${config.security.wrapperDir}/
[NAT]
HELPER_PATH = ${config.security.wrapperDir}/
[VPN]
HELPER_PATH = ${config.security.wrapperDir}/
${extraOptions}
'';
in
{
###### interface
options = {
services.gnunet = {
enable = mkOption {
default = false;
description = ''
Whether to run the GNUnet daemon. GNUnet is GNU's anonymous
peer-to-peer communication and file sharing framework.
'';
};
package = mkOption {
type = types.package;
default = pkgs.gnunet;
defaultText = "pkgs.gnunet";
description = "Overridable attribute of the gnunet package to use.";
example = literalExample "pkgs.gnunet_git";
};
extraOptions = mkOption {
default = "";
description = ''
Additional options that will be copied verbatim in `gnunet.conf'.
See `gnunet.conf(5)' for details.
'';
};
};
};
###### implementation
config = mkIf config.services.gnunet.enable {
users.users.gnunet = {
group = "gnunet";
description = "GNUnet User";
home = homeDir;
createHome = true;
uid = config.ids.uids.gnunet;
};
users.groups = {
gnunet = { gid = config.ids.gids.gnunet; };
gnunetdns = { };
};
# The user tools that talk to `gnunetd' should come from the same source,
# so install them globally.
environment.systemPackages = [ cfg.package ];
security.wrappers = {
gnunet-helper-vpn = {
source = "${cfg.package}/lib/gnunet/libexec/gnunet-helper-vpn";
setuid = true;
owner = "root";
group = "gnunet";
permissions = "u+rwx,g+rx";
};
gnunet-helper-exit = {
source = "${cfg.package}/lib/gnunet/libexec/gnunet-helper-exit";
setuid = true;
owner = "root";
group = "gnunet";
permissions = "u+rwx,g+rx";
};
gnunet-helper-nat-client = {
source = "${cfg.package}/lib/gnunet/libexec/gnunet-helper-nat-client";
setuid = true;
owner = "root";
group = "gnunet";
permissions = "u+rwx,g+rx";
};
gnunet-helper-nat-server = {
source = "${cfg.package}/lib/gnunet/libexec/gnunet-helper-nat-server";
setuid = true;
owner = "root";
group = "gnunet";
permissions = "u+rwx,g+rx";
};
gnunet-helper-dns = {
source = "${cfg.package}/lib/gnunet/libexec/gnunet-helper-dns";
setuid = true;
owner = "root";
group = "gnunetdns";
permissions = "u+rwx,g+rx";
};
gnunet-service-dns = {
source = "${cfg.package}/lib/gnunet/libexec/gnunet-service-dns";
setgid = true;
owner = "gnunet";
group = "gnunetdns";
permissions = "u+rwx,g+rx";
};
};
systemd.services.gnunet = {
description = "GNUnet";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
path = [ cfg.package pkgs.miniupnpc ];
environment.TMPDIR = "/tmp";
serviceConfig.ExecStart = "${cfg.package}/lib/gnunet/libexec/gnunet-service-arm -c ${configFile}";
serviceConfig.User = "gnunet";
serviceConfig.Group = "gnunet";
#serviceConfig.UMask = "0007";
serviceConfig.WorkingDirectory = homeDir;
};
};
}