openvpn3: 20 -> 23
Co-authored-by: Yaroslav Bolyukin <iam@lach.pw>
This commit is contained in:
parent
7fb87169ef
commit
279d00a8f5
@ -1,29 +1,87 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
json = pkgs.formats.json { };
|
||||
cfg = config.programs.openvpn3;
|
||||
in
|
||||
{
|
||||
|
||||
inherit (lib) mkEnableOption mkPackageOption mkOption literalExpression max options lists;
|
||||
inherit (lib.types) bool submodule ints;
|
||||
in {
|
||||
options.programs.openvpn3 = {
|
||||
enable = lib.mkEnableOption "the openvpn3 client";
|
||||
package = lib.mkOption {
|
||||
type = lib.types.package;
|
||||
default = pkgs.openvpn3.override {
|
||||
enableSystemdResolved = config.services.resolved.enable;
|
||||
enable = mkEnableOption "the openvpn3 client";
|
||||
package = mkPackageOption pkgs "openvpn3" { };
|
||||
netcfg = mkOption {
|
||||
description = "Network configuration";
|
||||
default = { };
|
||||
type = submodule {
|
||||
options = {
|
||||
settings = mkOption {
|
||||
description = "Options stored in {file}`/etc/openvpn3/netcfg.json` configuration file";
|
||||
default = { };
|
||||
type = submodule {
|
||||
freeformType = json.type;
|
||||
options = {
|
||||
systemd_resolved = mkOption {
|
||||
type = bool;
|
||||
description = "Whether to use systemd-resolved integration";
|
||||
default = config.services.resolved.enable;
|
||||
defaultText = literalExpression "config.services.resolved.enable";
|
||||
example = false;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
log-service = mkOption {
|
||||
description = "Log service configuration";
|
||||
default = { };
|
||||
type = submodule {
|
||||
options = {
|
||||
settings = mkOption {
|
||||
description = "Options stored in {file}`/etc/openvpn3/log-service.json` configuration file";
|
||||
default = { };
|
||||
type = submodule {
|
||||
freeformType = json.type;
|
||||
options = {
|
||||
journald = mkOption {
|
||||
description = "Use systemd-journald";
|
||||
type = bool;
|
||||
default = true;
|
||||
example = false;
|
||||
};
|
||||
log_dbus_details = mkOption {
|
||||
description = "Add D-Bus details in log file/syslog";
|
||||
type = bool;
|
||||
default = true;
|
||||
example = false;
|
||||
};
|
||||
log_level = mkOption {
|
||||
description = "How verbose should the logging be";
|
||||
type = (ints.between 0 7) // {
|
||||
merge = _loc: defs:
|
||||
lists.foldl max 0 (options.getValues defs);
|
||||
};
|
||||
default = 3;
|
||||
example = 6;
|
||||
};
|
||||
timestamp = mkOption {
|
||||
description = "Add timestamp log file";
|
||||
type = bool;
|
||||
default = false;
|
||||
example = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
defaultText = lib.literalExpression ''pkgs.openvpn3.override {
|
||||
enableSystemdResolved = config.services.resolved.enable;
|
||||
}'';
|
||||
description = ''
|
||||
Which package to use for `openvpn3`.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
services.dbus.packages = [
|
||||
cfg.package
|
||||
];
|
||||
services.dbus.packages = [ cfg.package ];
|
||||
|
||||
users.users.openvpn = {
|
||||
isSystemUser = true;
|
||||
@ -31,13 +89,20 @@ in
|
||||
group = "openvpn";
|
||||
};
|
||||
|
||||
users.groups.openvpn = {
|
||||
gid = config.ids.gids.openvpn;
|
||||
users.groups.openvpn = { gid = config.ids.gids.openvpn; };
|
||||
|
||||
environment = {
|
||||
systemPackages = [ cfg.package ];
|
||||
etc = {
|
||||
"openvpn3/netcfg.json".source =
|
||||
json.generate "netcfg.json" cfg.netcfg.settings;
|
||||
"openvpn3/log-service.json".source =
|
||||
json.generate "log-service.json" cfg.log-service.settings;
|
||||
};
|
||||
};
|
||||
|
||||
environment.systemPackages = [
|
||||
cfg.package
|
||||
];
|
||||
systemd.packages = [ cfg.package ];
|
||||
};
|
||||
|
||||
meta.maintainers = with lib.maintainers; [ shamilton progrm_jarvis ];
|
||||
}
|
||||
|
@ -0,0 +1,46 @@
|
||||
From 30b2528054e6627a7124ac04cb018356ef23d864 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Portnov <mrjarviscraft@gmail.com>
|
||||
Date: Mon, 2 Sep 2024 22:25:33 +0300
|
||||
Subject: [PATCH 1/1] build: reduce hardcode in `asio_path`
|
||||
|
||||
Currently, `asio_path` variable value is concatenated with `/asio/include`
|
||||
to specify the path to custom `asio` installation.
|
||||
The problem is that this is too strict as some distros (namely NixOS)
|
||||
may have the `include` directory with a differently named parent.
|
||||
Thus this change minimizes the hardcoded part of the path to make it more flexible.
|
||||
|
||||
Signed-off-by: Petr Portnov <mrjarviscraft@gmail.com>
|
||||
---
|
||||
meson.build | 2 +-
|
||||
meson_options.txt | 2 +-
|
||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/meson.build b/meson.build
|
||||
index c9e0a2d..c01eb8e 100644
|
||||
--- a/meson.build
|
||||
+++ b/meson.build
|
||||
@@ -74,7 +74,7 @@ endif
|
||||
#
|
||||
# Setup additional include header dirs
|
||||
#
|
||||
-asio_inc = get_option('asio_path') / 'asio' / 'include'
|
||||
+asio_inc = get_option('asio_path') / 'include'
|
||||
message ('ASIO library: ' + asio_inc)
|
||||
|
||||
openvpn3_core_inc = get_option('openvpn3_core_path')
|
||||
diff --git a/meson_options.txt b/meson_options.txt
|
||||
index d9cf02e..43e301e 100644
|
||||
--- a/meson_options.txt
|
||||
+++ b/meson_options.txt
|
||||
@@ -26,7 +26,7 @@ option('debug_options', type: 'boolean', value: false,
|
||||
#
|
||||
# Build environment and related build time options
|
||||
#
|
||||
-option('asio_path', type: 'string', value: './vendor/asio',
|
||||
+option('asio_path', type: 'string', value: './vendor/asio/asio',
|
||||
description: 'Path to the ASIO header files')
|
||||
|
||||
option('openvpn3_core_path', type: 'string', value: './openvpn3-core',
|
||||
--
|
||||
2.43.0
|
||||
|
@ -0,0 +1,115 @@
|
||||
From 848cc46d05c203de393d75434a3f571d78687f50 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Portnov <mrjarviscraft@gmail.com>
|
||||
Date: Sun, 22 Sep 2024 13:16:02 +0300
|
||||
Subject: [PATCH] build: allow installation directories' customization
|
||||
|
||||
This allows to configure the installation directories
|
||||
for systemd and D-Bus files.
|
||||
|
||||
Signed-off-by: Petr Portnov <mrjarviscraft@gmail.com>
|
||||
---
|
||||
distro/systemd/meson.build | 9 +++++++--
|
||||
meson.build | 12 ++++++++++--
|
||||
meson_options.txt | 12 ++++++++++++
|
||||
src/configmgr/meson.build | 10 ++++++----
|
||||
4 files changed, 35 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/distro/systemd/meson.build b/distro/systemd/meson.build
|
||||
index 36d556c..9c636b6 100644
|
||||
--- a/distro/systemd/meson.build
|
||||
+++ b/distro/systemd/meson.build
|
||||
@@ -15,12 +15,17 @@ systemd_cfg = configuration_data({
|
||||
|
||||
systemd_service_cfg = dependency('systemd')
|
||||
|
||||
+systemd_system_unit_dir = get_option('systemd_system_unit_dir')
|
||||
+if systemd_system_unit_dir == ''
|
||||
+ systemd_system_unit_dir = systemd_service_cfg.get_variable('systemdsystemunitdir')
|
||||
+endif
|
||||
+
|
||||
configure_file(
|
||||
input: 'openvpn3-autoload.service.in',
|
||||
output: 'openvpn3-autoload.service',
|
||||
configuration: systemd_cfg,
|
||||
install: true,
|
||||
- install_dir: systemd_service_cfg.get_variable('systemdsystemunitdir'),
|
||||
+ install_dir: systemd_system_unit_dir,
|
||||
)
|
||||
|
||||
configure_file(
|
||||
@@ -28,7 +33,7 @@ configure_file(
|
||||
output: 'openvpn3-session@.service',
|
||||
configuration: systemd_cfg,
|
||||
install: true,
|
||||
- install_dir: systemd_service_cfg.get_variable('systemdsystemunitdir'),
|
||||
+ install_dir: systemd_system_unit_dir,
|
||||
)
|
||||
|
||||
custom_target('openvpn3-systemd',
|
||||
diff --git a/meson.build b/meson.build
|
||||
index 586c72a..ba41440 100644
|
||||
--- a/meson.build
|
||||
+++ b/meson.build
|
||||
@@ -203,8 +203,16 @@ message('OpenVPN 3 Linux service binary directory: ' + get_option('prefix') / li
|
||||
|
||||
#
|
||||
# D-Bus configuration
|
||||
-dbus_policy_dir = dep_dbus.get_variable('datadir') / 'dbus-1' / 'system.d'
|
||||
-dbus_service_dir = dep_dbus.get_variable('system_bus_services_dir')
|
||||
+dbus_policy_dir = get_option('dbus_policy_dir')
|
||||
+if dbus_policy_dir == ''
|
||||
+ dbus_policy_dir = dep_dbus.get_variable('datadir') / 'dbus-1' / 'system.d'
|
||||
+endif
|
||||
+
|
||||
+dbus_service_dir = get_option('dbus_system_service_dir')
|
||||
+if dbus_service_dir == ''
|
||||
+ dbus_service_dir = dep_dbus.get_variable('system_bus_services_dir')
|
||||
+endif
|
||||
+
|
||||
dbus_config = {
|
||||
'OPENVPN_USERNAME': get_option('openvpn_username'),
|
||||
'LIBEXEC_PATH': get_option('prefix') / libexec_dir,
|
||||
diff --git a/meson_options.txt b/meson_options.txt
|
||||
index 43e301e..04809df 100644
|
||||
--- a/meson_options.txt
|
||||
+++ b/meson_options.txt
|
||||
@@ -93,6 +93,18 @@ option('use-legacy-polkit-pkla', type: 'feature', value: 'disabled',
|
||||
option('polkit_pkla_rulesdir', type: 'string', value: '',
|
||||
description: 'Override PolicyKit PKLA rules directory')
|
||||
|
||||
+#
|
||||
+# Installation
|
||||
+#
|
||||
+option('dbus_policy_dir', type: 'string',
|
||||
+ description: 'D-Bus policy directory')
|
||||
+option('dbus_system_service_dir', type: 'string',
|
||||
+ description: 'D-Bus system service directory')
|
||||
+option('systemd_system_unit_dir', type: 'string',
|
||||
+ description: 'Path to systemd system unit directory')
|
||||
+option('create_statedir', type: 'feature', value: 'enabled',
|
||||
+ description: 'Create directory for OpenVPN 3 state during install phase')
|
||||
+
|
||||
#
|
||||
# Testing tools
|
||||
#
|
||||
diff --git a/src/configmgr/meson.build b/src/configmgr/meson.build
|
||||
index 5d0a649..6f788b7 100644
|
||||
--- a/src/configmgr/meson.build
|
||||
+++ b/src/configmgr/meson.build
|
||||
@@ -52,7 +52,9 @@ configure_file(
|
||||
install_dir: dbus_service_dir,
|
||||
)
|
||||
|
||||
-# Create the configs directory for persistent configuration profiles
|
||||
-# NOTE: Can be replaced with install_emptydir() when Meson 0.60 or newer
|
||||
-# is available on all supported distros
|
||||
-meson.add_install_script('sh','-c', 'mkdir -p $DESTDIR@0@'.format(openvpn3_statedir / 'configs'))
|
||||
+if get_option('create_statedir').enabled()
|
||||
+ # Create the configs directory for persistent configuration profiles
|
||||
+ # NOTE: Can be replaced with install_emptydir() when Meson 0.60 or newer
|
||||
+ # is available on all supported distros
|
||||
+ meson.add_install_script('sh','-c', 'mkdir -p $DESTDIR@0@'.format(openvpn3_statedir / 'configs'))
|
||||
+endif
|
||||
--
|
||||
2.45.2
|
||||
|
135
pkgs/by-name/op/openvpn3/package.nix
Normal file
135
pkgs/by-name/op/openvpn3/package.nix
Normal file
@ -0,0 +1,135 @@
|
||||
{
|
||||
lib,
|
||||
stdenv,
|
||||
fetchFromGitHub,
|
||||
asio,
|
||||
glib,
|
||||
jsoncpp,
|
||||
libcap_ng,
|
||||
libnl,
|
||||
libuuid,
|
||||
lz4,
|
||||
openssl,
|
||||
pkg-config,
|
||||
protobuf,
|
||||
python3,
|
||||
systemd,
|
||||
tinyxml-2,
|
||||
wrapGAppsHook3,
|
||||
gobject-introspection,
|
||||
meson,
|
||||
ninja,
|
||||
gdbuspp,
|
||||
cmake,
|
||||
git,
|
||||
enableSystemdResolved ? true,
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "openvpn3";
|
||||
# also update openvpn3-core
|
||||
version = "23";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "OpenVPN";
|
||||
repo = "openvpn3-linux";
|
||||
rev = "refs/tags/v${version}";
|
||||
hash = "sha256-5gkutqyUPZDwRPzSFdUXg2G5mtQKbdhZu8xnNAdXoF0=";
|
||||
# `openvpn3-core` is a submodule.
|
||||
# TODO: make it into a separate package
|
||||
fetchSubmodules = true;
|
||||
};
|
||||
|
||||
patches = [
|
||||
# Merged in upstream, will land in v24
|
||||
# https://github.com/OpenVPN/openvpn3-linux/commit/75abb7dc9366ba85fb1a144d88f02a1e8a62f538
|
||||
./0001-build-reduce-hardcode-in-asio_path.patch
|
||||
./0002-build-allow-installation-directories-customization.patch
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
echo '#define OPENVPN_VERSION "3.git:unknown:unknown"
|
||||
#define PACKAGE_GUIVERSION "v${builtins.replaceStrings [ "_" ] [ ":" ] version}"
|
||||
#define PACKAGE_NAME "openvpn3-linux"
|
||||
' > ./src/build-version.h
|
||||
|
||||
patchShebangs \
|
||||
./scripts \
|
||||
./src/python/{openvpn2,openvpn3-as,openvpn3-autoload} \
|
||||
./distro/systemd/openvpn3-systemd \
|
||||
./src/tests/dbus/netcfg-subscription-test \
|
||||
./src/shell/bash-completion/gen-openvpn2-completion.py
|
||||
'';
|
||||
|
||||
pythonPath = python3.withPackages (ps: [
|
||||
ps.dbus-python
|
||||
ps.pygobject3
|
||||
ps.systemd
|
||||
]);
|
||||
|
||||
nativeBuildInputs = [
|
||||
meson
|
||||
ninja
|
||||
pkg-config
|
||||
cmake
|
||||
git
|
||||
|
||||
python3.pkgs.wrapPython
|
||||
python3.pkgs.docutils
|
||||
python3.pkgs.jinja2
|
||||
python3.pkgs.dbus-python
|
||||
wrapGAppsHook3
|
||||
gobject-introspection
|
||||
];
|
||||
|
||||
buildInputs = [
|
||||
asio
|
||||
glib
|
||||
jsoncpp
|
||||
libcap_ng
|
||||
libnl
|
||||
libuuid
|
||||
lz4
|
||||
openssl
|
||||
protobuf
|
||||
tinyxml-2
|
||||
gdbuspp
|
||||
] ++ lib.optionals enableSystemdResolved [ systemd.dev ];
|
||||
|
||||
mesonFlags = [
|
||||
(lib.mesonOption "selinux" "disabled")
|
||||
(lib.mesonOption "selinux_policy" "disabled")
|
||||
(lib.mesonOption "bash-completion" "enabled")
|
||||
(lib.mesonOption "test_programs" "disabled")
|
||||
(lib.mesonOption "unit_tests" "disabled")
|
||||
(lib.mesonOption "asio_path" "${asio}")
|
||||
(lib.mesonOption "dbus_policy_dir" "${placeholder "out"}/share/dbus-1/system.d")
|
||||
(lib.mesonOption "dbus_system_service_dir" "${placeholder "out"}/share/dbus-1/system-services")
|
||||
(lib.mesonOption "systemd_system_unit_dir" "${placeholder "out"}/lib/systemd/system")
|
||||
(lib.mesonOption "create_statedir" "disabled")
|
||||
(lib.mesonOption "sharedstatedir" "/etc")
|
||||
];
|
||||
|
||||
dontWrapGApps = true;
|
||||
preFixup = ''
|
||||
makeWrapperArgs+=("''${gappsWrapperArgs[@]}")
|
||||
'';
|
||||
postFixup = ''
|
||||
wrapPythonPrograms
|
||||
wrapPythonProgramsIn "$out/libexec/openvpn3-linux" "$out ${pythonPath}"
|
||||
'';
|
||||
|
||||
NIX_LDFLAGS = "-lpthread";
|
||||
|
||||
meta = {
|
||||
description = "OpenVPN 3 Linux client";
|
||||
license = lib.licenses.agpl3Plus;
|
||||
homepage = "https://github.com/OpenVPN/openvpn3-linux/";
|
||||
changelog = "https://github.com/OpenVPN/openvpn3-linux/releases/tag/v${version}";
|
||||
maintainers = with lib.maintainers; [
|
||||
shamilton
|
||||
progrm_jarvis
|
||||
];
|
||||
platforms = lib.platforms.linux;
|
||||
};
|
||||
}
|
@ -1,123 +0,0 @@
|
||||
{ lib
|
||||
, stdenv
|
||||
, fetchFromGitHub
|
||||
, asio
|
||||
, autoconf-archive
|
||||
, autoreconfHook
|
||||
, glib
|
||||
, gtest
|
||||
, jsoncpp
|
||||
, libcap_ng
|
||||
, libnl
|
||||
, libuuid
|
||||
, lz4
|
||||
, openssl
|
||||
, pkg-config
|
||||
, protobuf
|
||||
, python3
|
||||
, systemd
|
||||
, enableSystemdResolved ? false
|
||||
, tinyxml-2
|
||||
, wrapGAppsHook3
|
||||
}:
|
||||
|
||||
let
|
||||
openvpn3-core = fetchFromGitHub {
|
||||
owner = "OpenVPN";
|
||||
repo = "openvpn3";
|
||||
rev = "7590cb109349809b948e8edaeecabdbfe24e4b17";
|
||||
hash = "sha256-S9D/FQa7HYj0FJnyb5dCrtgTH9Nf2nvtyp/VHiebq7I=";
|
||||
};
|
||||
in
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "openvpn3";
|
||||
# also update openvpn3-core
|
||||
version = "20";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "OpenVPN";
|
||||
repo = "openvpn3-linux";
|
||||
rev = "v${version}";
|
||||
hash = "sha256-Weyb+rcx04mpDdcL7Qt4O+PvPf5MLPAP/Uy+8qoNXbQ=";
|
||||
};
|
||||
|
||||
postPatch = ''
|
||||
rm -r ./vendor/googletest
|
||||
cp -r ${gtest.src} ./vendor/googletest
|
||||
rm -r ./openvpn3-core
|
||||
ln -s ${openvpn3-core} ./openvpn3-core
|
||||
|
||||
chmod -R +w ./vendor/googletest
|
||||
shopt -s globstar
|
||||
|
||||
patchShebangs **/*.py **/*.sh ./src/python/{openvpn2,openvpn3-as,openvpn3-autoload} \
|
||||
./distro/systemd/openvpn3-systemd ./src/tests/dbus/netcfg-subscription-test
|
||||
|
||||
echo "3.git:v${version}:unknown" > openvpn3-core-version
|
||||
'';
|
||||
|
||||
preAutoreconf = ''
|
||||
substituteInPlace ./update-version-m4.sh --replace 'VERSION="$(git describe --always --tags)"' "VERSION=v${version}"
|
||||
./update-version-m4.sh
|
||||
'';
|
||||
|
||||
nativeBuildInputs = [
|
||||
autoconf-archive
|
||||
autoreconfHook
|
||||
python3.pkgs.docutils
|
||||
python3.pkgs.jinja2
|
||||
pkg-config
|
||||
wrapGAppsHook3
|
||||
python3.pkgs.wrapPython
|
||||
] ++ pythonPath;
|
||||
|
||||
buildInputs = [
|
||||
asio
|
||||
glib
|
||||
jsoncpp
|
||||
libcap_ng
|
||||
libnl
|
||||
libuuid
|
||||
lz4
|
||||
openssl
|
||||
protobuf
|
||||
tinyxml-2
|
||||
] ++ lib.optionals enableSystemdResolved [
|
||||
systemd
|
||||
];
|
||||
|
||||
# runtime deps
|
||||
pythonPath = with python3.pkgs; [
|
||||
dbus-python
|
||||
pygobject3
|
||||
];
|
||||
|
||||
dontWrapGApps = true;
|
||||
preFixup = ''
|
||||
makeWrapperArgs+=("''${gappsWrapperArgs[@]}")
|
||||
'';
|
||||
postFixup = ''
|
||||
wrapPythonPrograms
|
||||
'';
|
||||
|
||||
configureFlags = [
|
||||
"--enable-bash-completion"
|
||||
"--enable-addons-aws"
|
||||
"--disable-selinux-build"
|
||||
"--disable-build-test-progs"
|
||||
] ++ lib.optionals enableSystemdResolved [
|
||||
# This defaults to --resolv-conf /etc/resolv.conf. See
|
||||
# https://github.com/OpenVPN/openvpn3-linux/blob/v20/configure.ac#L434
|
||||
"DEFAULT_DNS_RESOLVER=--systemd-resolved"
|
||||
];
|
||||
|
||||
NIX_LDFLAGS = "-lpthread";
|
||||
|
||||
meta = with lib; {
|
||||
description = "OpenVPN 3 Linux client";
|
||||
license = licenses.agpl3Plus;
|
||||
homepage = "https://github.com/OpenVPN/openvpn3-linux/";
|
||||
maintainers = with maintainers; [ shamilton ];
|
||||
platforms = platforms.linux;
|
||||
};
|
||||
}
|
@ -10747,8 +10747,6 @@ with pkgs;
|
||||
|
||||
openvpn = callPackage ../tools/networking/openvpn {};
|
||||
|
||||
openvpn3 = callPackage ../tools/networking/openvpn3 { };
|
||||
|
||||
openvpn_learnaddress = callPackage ../tools/networking/openvpn/openvpn_learnaddress.nix { };
|
||||
|
||||
openvpn-auth-ldap = callPackage ../tools/networking/openvpn/openvpn-auth-ldap.nix {
|
||||
|
Loading…
Reference in New Issue
Block a user