commit 23dd97ee88d6b1eb208c3087314b431086b98f5c · pyrox.dev/nixpkgs

lib/maintainers.nix

···

       14
       14
        
         aespinosa = "Allan Espinosa <allan.espinosa@outlook.com>";

     

       15
       15
        
         aflatter = "Alexander Flatter <flatter@fastmail.fm>";

     

       16
       16
        
         aforemny = "Alexander Foremny <alexanderforemny@googlemail.com>";

     

       17
       17
       +
         afranchuk = "Alex Franchuk <alex.franchuk@gmail.com>";

     

       17
       18
        
         aherrmann = "Andreas Herrmann <andreash87@gmx.ch>";

     

       18
       19
        
         ak = "Alexander Kjeldaas <ak@formalprivacy.com>";

     

       19
       20
        
         akaWolf = "Artjom Vejsel <akawolf0@gmail.com>";

nixos/modules/module-list.nix

···

       327
       327
        
         ./services/networking/ircd-hybrid/default.nix

     

       328
       328
        
         ./services/networking/kippo.nix

     

       329
       329
        
         ./services/networking/lambdabot.nix

     

       330
       330
       +
         ./services/networking/libreswan.nix

     

       330
       331
        
         ./services/networking/mailpile.nix

     

       331
       332
        
         ./services/networking/minidlna.nix

     

       332
       333
        
         ./services/networking/miniupnpd.nix

+126

nixos/modules/services/networking/libreswan.nix

···

       1
       1
       +
       { config, lib, pkgs, ... }:

     

       2
       2
       +
       

     

       3
       3
       +
       with lib;

     

       4
       4
       +
       

     

       5
       5
       +
       let

     

       6
       6
       +
       

     

       7
       7
       +
         cfg = config.services.libreswan;

     

       8
       8
       +
       

     

       9
       9
       +
         libexec = "${pkgs.libreswan}/libexec/ipsec";

     

       10
       10
       +
         ipsec = "${pkgs.libreswan}/sbin/ipsec";

     

       11
       11
       +
       

     

       12
       12
       +
         trim = chars: str: let

     

       13
       13
       +
             nonchars = filter (x : !(elem x.value chars))

     

       14
       14
       +
                         (imap (i: v: {ind = (sub i 1); value = v;}) (stringToCharacters str));

     

       15
       15
       +
           in

     

       16
       16
       +
             if length nonchars == 0 then ""

     

       17
       17
       +
             else substring (head nonchars).ind (add 1 (sub (last nonchars).ind (head nonchars).ind)) str;

     

       18
       18
       +
         indent = str: concatStrings (concatMap (s: ["  " (trim [" " "\t"] s) "\n"]) (splitString "\n" str));

     

       19
       19
       +
         configText = indent (toString cfg.configSetup);

     

       20
       20
       +
         connectionText = concatStrings (mapAttrsToList (n: v: 

     

       21
       21
       +
           ''

     

       22
       22
       +
             conn ${n}

     

       23
       23
       +
             ${indent v}

     

       24
       24
       +
       

     

       25
       25
       +
           '') cfg.connections);

     

       26
       26
       +
         configFile = pkgs.writeText "ipsec.conf"

     

       27
       27
       +
           ''

     

       28
       28
       +
             config setup

     

       29
       29
       +
             ${configText}

     

       30
       30
       +
             

     

       31
       31
       +
             ${connectionText}

     

       32
       32
       +
           '';

     

       33
       33
       +
       

     

       34
       34
       +
       in

     

       35
       35
       +
       

     

       36
       36
       +
       {

     

       37
       37
       +
       

     

       38
       38
       +
         ###### interface

     

       39
       39
       +
       

     

       40
       40
       +
         options = {

     

       41
       41
       +
       

     

       42
       42
       +
           services.libreswan = {

     

       43
       43
       +
       

     

       44
       44
       +
             enable = mkEnableOption "libreswan ipsec service";

     

       45
       45
       +
       

     

       46
       46
       +
             configSetup = mkOption {

     

       47
       47
       +
               type = types.lines;

     

       48
       48
       +
               default = ''

     

       49
       49
       +
                   protostack=netkey

     

       50
       50
       +
                   nat_traversal=yes

     

       51
       51
       +
                   virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10

     

       52
       52
       +
               '';

     

       53
       53
       +
               example = ''

     

       54
       54
       +
                   secretsfile=/root/ipsec.secrets

     

       55
       55
       +
                   protostack=netkey

     

       56
       56
       +
                   nat_traversal=yes

     

       57
       57
       +
                   virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10

     

       58
       58
       +
               '';

     

       59
       59
       +
               description = "Options to go in the 'config setup' section of the libreswan ipsec configuration";

     

       60
       60
       +
             };

     

       61
       61
       +
       

     

       62
       62
       +
             connections = mkOption {

     

       63
       63
       +
               type = types.attrsOf types.lines;

     

       64
       64
       +
               default = {};

     

       65
       65
       +
               example = {

     

       66
       66
       +
                 myconnection = ''

     

       67
       67
       +
                   auto=add

     

       68
       68
       +
                   left=%defaultroute

     

       69
       69
       +
                   leftid=@user

     

       70
       70
       +
       

     

       71
       71
       +
                   right=my.vpn.com

     

       72
       72
       +
       

     

       73
       73
       +
                   ikev2=no

     

       74
       74
       +
                   ikelifetime=8h

     

       75
       75
       +
                 '';

     

       76
       76
       +
               };

     

       77
       77
       +
               description = "A set of connections to define for the libreswan ipsec service";

     

       78
       78
       +
             };

     

       79
       79
       +
           };

     

       80
       80
       +
       

     

       81
       81
       +
         };

     

       82
       82
       +
       

     

       83
       83
       +
       

     

       84
       84
       +
         ###### implementation

     

       85
       85
       +
       

     

       86
       86
       +
         config = mkIf cfg.enable {

     

       87
       87
       +
       

     

       88
       88
       +
           environment.systemPackages = [ pkgs.libreswan pkgs.iproute ];

     

       89
       89
       +
       

     

       90
       90
       +
           systemd.services.ipsec = {

     

       91
       91
       +
             description = "Internet Key Exchange (IKE) Protocol Daemon for IPsec";

     

       92
       92
       +
             path = [

     

       93
       93
       +
               "${pkgs.libreswan}"

     

       94
       94
       +
               "${pkgs.iproute}"

     

       95
       95
       +
               "${pkgs.procps}"

     

       96
       96
       +
             ];

     

       97
       97
       +
       

     

       98
       98
       +
             wants = [ "network-online.target" ];

     

       99
       99
       +
             after = [ "network-online.target" ];

     

       100
       100
       +
             wantedBy = [ "multi-user.target" ];

     

       101
       101
       +
       

     

       102
       102
       +
             serviceConfig = {

     

       103
       103
       +
               Type = "simple";

     

       104
       104
       +
               Restart = "always";

     

       105
       105
       +
               EnvironmentFile = "${pkgs.libreswan}/etc/sysconfig/pluto";

     

       106
       106
       +
               ExecStartPre = [

     

       107
       107
       +
                 "${libexec}/addconn --config ${configFile} --checkconfig"

     

       108
       108
       +
                 "${libexec}/_stackmanager start"

     

       109
       109
       +
                 "${ipsec} --checknss"

     

       110
       110
       +
                 "${ipsec} --checknflog"

     

       111
       111
       +
               ];

     

       112
       112
       +
               ExecStart = "${libexec}/pluto --config ${configFile} --nofork \$PLUTO_OPTIONS";

     

       113
       113
       +
               ExecStop = "${libexec}/whack --shutdown";

     

       114
       114
       +
               ExecStopPost = [

     

       115
       115
       +
                 "${pkgs.iproute}/bin/ip xfrm policy flush"

     

       116
       116
       +
                 "${pkgs.iproute}/bin/ip xfrm state flush"

     

       117
       117
       +
                 "${ipsec} --stopnflog"

     

       118
       118
       +
               ];

     

       119
       119
       +
               ExecReload = "${libexec}/whack --listen";

     

       120
       120
       +
             };

     

       121
       121
       +
       

     

       122
       122
       +
           };

     

       123
       123
       +
       

     

       124
       124
       +
         };

     

       125
       125
       +
       

     

       126
       126
       +
       }

+73

pkgs/tools/networking/libreswan/default.nix

···

       1
       1
       +
       { stdenv, fetchurl, makeWrapper,

     

       2
       2
       +
         pkgconfig, systemd, gmp, unbound, bison, flex, pam, libevent, libcap_ng, curl, nspr,

     

       3
       3
       +
         bash, iproute, iptables, procps, coreutils, gnused, gawk, nssTools, which, python,

     

       4
       4
       +
         docs ? false, xmlto

     

       5
       5
       +
         }:

     

       6
       6
       +
       

     

       7
       7
       +
       let

     

       8
       8
       +
         optional = stdenv.lib.optional;

     

       9
       9
       +
         version = "3.16";

     

       10
       10
       +
         name = "libreswan-${version}";

     

       11
       11
       +
         binPath = stdenv.lib.makeBinPath [

     

       12
       12
       +
           bash iproute iptables procps coreutils gnused gawk nssTools which python

     

       13
       13
       +
         ];

     

       14
       14
       +
       in

     

       15
       15
       +
       

     

       16
       16
       +
       assert docs -> xmlto != null;

     

       17
       17
       +
       

     

       18
       18
       +
       stdenv.mkDerivation {

     

       19
       19
       +
         inherit name;

     

       20
       20
       +
         inherit version;

     

       21
       21
       +
       

     

       22
       22
       +
         src = fetchurl {

     

       23
       23
       +
           url = "https://download.libreswan.org/${name}.tar.gz";

     

       24
       24
       +
           sha256 = "15qv4101p1jw591l04gsfscb3farzd278mgi8yph015vmifyjxrd";

     

       25
       25
       +
         };

     

       26
       26
       +
       

     

       27
       27
       +
         nativeBuildInputs = [ makeWrapper ];

     

       28
       28
       +
         buildInputs = [ pkgconfig bash iproute iptables systemd coreutils gnused gawk gmp unbound bison flex pam libevent

     

       29
       29
       +
                         libcap_ng curl nspr nssTools python ]

     

       30
       30
       +
                       ++ optional docs xmlto;

     

       31
       31
       +
       

     

       32
       32
       +
         prePatch = ''

     

       33
       33
       +
           # Correct bash path

     

       34
       34
       +
           sed -i -e 's|/bin/bash|/usr/bin/env bash|' mk/config.mk

     

       35
       35
       +
       

     

       36
       36
       +
           # Fix systemd unit directory, and prevent the makefile from trying to reload the systemd daemon

     

       37
       37
       +
           sed -i -e 's|UNITDIR=.*$|UNITDIR=$\{out}/etc/systemd/system/|' -e 's|systemctl --system daemon-reload|true|' initsystems/systemd/Makefile

     

       38
       38
       +
       

     

       39
       39
       +
           # Fix the ipsec program from crushing the PATH

     

       40
       40
       +
           sed -i -e 's|\(PATH=".*"\):.*$|\1:$PATH|' programs/ipsec/ipsec.in

     

       41
       41
       +
       

     

       42
       42
       +
           # Fix python script to use the correct python

     

       43
       43
       +
           sed -i -e 's|#!/usr/bin/python|#!/usr/bin/env python|' -e 's/^\(\W*\)installstartcheck()/\1sscmd = "ss"\n\0/' programs/verify/verify.in

     

       44
       44
       +
         '';

     

       45
       45
       +
         

     

       46
       46
       +
         # Set appropriate paths for build

     

       47
       47
       +
         preBuild = "export INC_USRLOCAL=\${out}";

     

       48
       48
       +
       

     

       49
       49
       +
         makeFlags = [ 

     

       50
       50
       +
           "INITSYSTEM=systemd"

     

       51
       51
       +
           (if docs then "all" else "base")

     

       52
       52
       +
         ];

     

       53
       53
       +
       

     

       54
       54
       +
         installTargets = [ (if docs then "install" else "install-base") ];

     

       55
       55
       +
         # Hack to make install work

     

       56
       56
       +
         installFlags = [

     

       57
       57
       +
           "FINALVARDIR=\${out}/var"

     

       58
       58
       +
           "FINALSYSCONFDIR=\${out}/etc"

     

       59
       59
       +
         ];

     

       60
       60
       +
       

     

       61
       61
       +
         postInstall = ''

     

       62
       62
       +
           for i in $out/bin/* $out/libexec/ipsec/*; do

     

       63
       63
       +
             wrapProgram "$i" --prefix PATH ':' "$out/bin:${binPath}"

     

       64
       64
       +
           done

     

       65
       65
       +
         '';

     

       66
       66
       +
       

     

       67
       67
       +
         meta = {

     

       68
       68
       +
           homepage = "https://libreswan.org";

     

       69
       69
       +
           description = "A free software implementation of the VPN protocol based on IPSec and the Internet Key Exchange";

     

       70
       70
       +
           platforms = stdenv.lib.platforms.linux ++ stdenv.lib.platforms.darwin ++ stdenv.lib.platforms.freebsd;

     

       71
       71
       +
           maintainers = [ stdenv.lib.maintainers.afranchuk ];

     

       72
       72
       +
         };

     

       73
       73
       +
       }

pkgs/top-level/all-packages.nix

···

       2306
       2306
        
       

     

       2307
       2307
        
         librdmacm = callPackage ../development/libraries/librdmacm { };

     

       2308
       2308
        
       

     

       2309
       2309
       +
         libreswan = callPackage ../tools/networking/libreswan { };

     

       2310
       2310
       +
       

     

       2309
       2311
        
         libwebsockets = callPackage ../development/libraries/libwebsockets { };

     

       2310
       2312
        
       

     

       2311
       2313
        
         limesurvey = callPackage ../servers/limesurvey { };