diff --git a/nixos/modules/programs/openvpn3.nix b/nixos/modules/programs/openvpn3.nix index 10042b44471f..780f4d776322 100644 --- a/nixos/modules/programs/openvpn3.nix +++ b/nixos/modules/programs/openvpn3.nix @@ -1,29 +1,87 @@ { config, lib, pkgs, ... }: let + json = pkgs.formats.json { }; cfg = config.programs.openvpn3; -in -{ + + inherit (lib) mkEnableOption mkPackageOption mkOption literalExpression max options lists; + inherit (lib.types) bool submodule ints; +in { options.programs.openvpn3 = { - enable = lib.mkEnableOption "the openvpn3 client"; - package = lib.mkOption { - type = lib.types.package; - default = pkgs.openvpn3.override { - enableSystemdResolved = config.services.resolved.enable; + enable = mkEnableOption "the openvpn3 client"; + package = mkPackageOption pkgs "openvpn3" { }; + netcfg = mkOption { + description = "Network configuration"; + default = { }; + type = submodule { + options = { + settings = mkOption { + description = "Options stored in {file}`/etc/openvpn3/netcfg.json` configuration file"; + default = { }; + type = submodule { + freeformType = json.type; + options = { + systemd_resolved = mkOption { + type = bool; + description = "Whether to use systemd-resolved integration"; + default = config.services.resolved.enable; + defaultText = literalExpression "config.services.resolved.enable"; + example = false; + }; + }; + }; + }; + }; + }; + }; + log-service = mkOption { + description = "Log service configuration"; + default = { }; + type = submodule { + options = { + settings = mkOption { + description = "Options stored in {file}`/etc/openvpn3/log-service.json` configuration file"; + default = { }; + type = submodule { + freeformType = json.type; + options = { + journald = mkOption { + description = "Use systemd-journald"; + type = bool; + default = true; + example = false; + }; + log_dbus_details = mkOption { + description = "Add D-Bus details in log file/syslog"; + type = bool; + default = true; + example = false; + }; + log_level = mkOption { + description = "How verbose should the logging be"; + type = (ints.between 0 7) // { + merge = _loc: defs: + lists.foldl max 0 (options.getValues defs); + }; + default = 3; + example = 6; + }; + timestamp = mkOption { + description = "Add timestamp log file"; + type = bool; + default = false; + example = true; + }; + }; + }; + }; + }; }; - defaultText = lib.literalExpression ''pkgs.openvpn3.override { - enableSystemdResolved = config.services.resolved.enable; - }''; - description = '' - Which package to use for `openvpn3`. - ''; }; }; config = lib.mkIf cfg.enable { - services.dbus.packages = [ - cfg.package - ]; + services.dbus.packages = [ cfg.package ]; users.users.openvpn = { isSystemUser = true; @@ -31,13 +89,20 @@ in group = "openvpn"; }; - users.groups.openvpn = { - gid = config.ids.gids.openvpn; + users.groups.openvpn = { gid = config.ids.gids.openvpn; }; + + environment = { + systemPackages = [ cfg.package ]; + etc = { + "openvpn3/netcfg.json".source = + json.generate "netcfg.json" cfg.netcfg.settings; + "openvpn3/log-service.json".source = + json.generate "log-service.json" cfg.log-service.settings; + }; }; - environment.systemPackages = [ - cfg.package - ]; + systemd.packages = [ cfg.package ]; }; + meta.maintainers = with lib.maintainers; [ shamilton progrm_jarvis ]; } diff --git a/pkgs/by-name/gd/gdbuspp/package.nix b/pkgs/by-name/gd/gdbuspp/package.nix new file mode 100644 index 000000000000..7dca39208964 --- /dev/null +++ b/pkgs/by-name/gd/gdbuspp/package.nix @@ -0,0 +1,46 @@ +{ + lib, + stdenv, + fetchFromGitHub, + meson, + ninja, + glib, + pkg-config, +}: + +stdenv.mkDerivation rec { + pname = "gdbuspp"; + version = "2"; + src = fetchFromGitHub { + owner = "OpenVPN"; + repo = "gdbuspp"; + rev = "refs/tags/v${version}"; + hash = "sha256-A0sl4zZa17zMec/jJASE8lDVNohzJzEGZbWjjsorB2Y="; + }; + + postPatch = '' + patchShebangs --build ./scripts/get-git-ref + ''; + + nativeBuildInputs = [ + meson + ninja + pkg-config + ]; + + buildInputs = [ glib ]; + + meta = { + description = "GDBus++ - a glib2 D-Bus wrapper for C++"; + longDescription = '' + This library provides a simpler C++ based interface to implement D-Bus + into applications in a more C++ approach, based on the C++17 standard. + ''; + homepage = "https://codeberg.org/OpenVPN/gdbuspp"; + changelog = "https://codeberg.org/OpenVPN/gdbuspp/releases/tag/v${version}"; + license = lib.licenses.agpl3Only; + sourceProvenance = [ lib.sourceTypes.fromSource ]; + maintainers = [ lib.maintainers.progrm_jarvis ]; + platforms = lib.platforms.linux; + }; +} diff --git a/pkgs/by-name/op/openvpn3/0001-build-reduce-hardcode-in-asio_path.patch b/pkgs/by-name/op/openvpn3/0001-build-reduce-hardcode-in-asio_path.patch new file mode 100644 index 000000000000..bd289b0965ae --- /dev/null +++ b/pkgs/by-name/op/openvpn3/0001-build-reduce-hardcode-in-asio_path.patch @@ -0,0 +1,46 @@ +From 30b2528054e6627a7124ac04cb018356ef23d864 Mon Sep 17 00:00:00 2001 +From: Petr Portnov +Date: Mon, 2 Sep 2024 22:25:33 +0300 +Subject: [PATCH 1/1] build: reduce hardcode in `asio_path` + +Currently, `asio_path` variable value is concatenated with `/asio/include` +to specify the path to custom `asio` installation. +The problem is that this is too strict as some distros (namely NixOS) +may have the `include` directory with a differently named parent. +Thus this change minimizes the hardcoded part of the path to make it more flexible. + +Signed-off-by: Petr Portnov +--- + meson.build | 2 +- + meson_options.txt | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/meson.build b/meson.build +index c9e0a2d..c01eb8e 100644 +--- a/meson.build ++++ b/meson.build +@@ -74,7 +74,7 @@ endif + # + # Setup additional include header dirs + # +-asio_inc = get_option('asio_path') / 'asio' / 'include' ++asio_inc = get_option('asio_path') / 'include' + message ('ASIO library: ' + asio_inc) + + openvpn3_core_inc = get_option('openvpn3_core_path') +diff --git a/meson_options.txt b/meson_options.txt +index d9cf02e..43e301e 100644 +--- a/meson_options.txt ++++ b/meson_options.txt +@@ -26,7 +26,7 @@ option('debug_options', type: 'boolean', value: false, + # + # Build environment and related build time options + # +-option('asio_path', type: 'string', value: './vendor/asio', ++option('asio_path', type: 'string', value: './vendor/asio/asio', + description: 'Path to the ASIO header files') + + option('openvpn3_core_path', type: 'string', value: './openvpn3-core', +-- +2.43.0 + diff --git a/pkgs/by-name/op/openvpn3/0002-build-allow-installation-directories-customization.patch b/pkgs/by-name/op/openvpn3/0002-build-allow-installation-directories-customization.patch new file mode 100644 index 000000000000..535f522fa64b --- /dev/null +++ b/pkgs/by-name/op/openvpn3/0002-build-allow-installation-directories-customization.patch @@ -0,0 +1,115 @@ +From 848cc46d05c203de393d75434a3f571d78687f50 Mon Sep 17 00:00:00 2001 +From: Petr Portnov +Date: Sun, 22 Sep 2024 13:16:02 +0300 +Subject: [PATCH] build: allow installation directories' customization + +This allows to configure the installation directories +for systemd and D-Bus files. + +Signed-off-by: Petr Portnov +--- + distro/systemd/meson.build | 9 +++++++-- + meson.build | 12 ++++++++++-- + meson_options.txt | 12 ++++++++++++ + src/configmgr/meson.build | 10 ++++++---- + 4 files changed, 35 insertions(+), 8 deletions(-) + +diff --git a/distro/systemd/meson.build b/distro/systemd/meson.build +index 36d556c..9c636b6 100644 +--- a/distro/systemd/meson.build ++++ b/distro/systemd/meson.build +@@ -15,12 +15,17 @@ systemd_cfg = configuration_data({ + + systemd_service_cfg = dependency('systemd') + ++systemd_system_unit_dir = get_option('systemd_system_unit_dir') ++if systemd_system_unit_dir == '' ++ systemd_system_unit_dir = systemd_service_cfg.get_variable('systemdsystemunitdir') ++endif ++ + configure_file( + input: 'openvpn3-autoload.service.in', + output: 'openvpn3-autoload.service', + configuration: systemd_cfg, + install: true, +- install_dir: systemd_service_cfg.get_variable('systemdsystemunitdir'), ++ install_dir: systemd_system_unit_dir, + ) + + configure_file( +@@ -28,7 +33,7 @@ configure_file( + output: 'openvpn3-session@.service', + configuration: systemd_cfg, + install: true, +- install_dir: systemd_service_cfg.get_variable('systemdsystemunitdir'), ++ install_dir: systemd_system_unit_dir, + ) + + custom_target('openvpn3-systemd', +diff --git a/meson.build b/meson.build +index 586c72a..ba41440 100644 +--- a/meson.build ++++ b/meson.build +@@ -203,8 +203,16 @@ message('OpenVPN 3 Linux service binary directory: ' + get_option('prefix') / li + + # + # D-Bus configuration +-dbus_policy_dir = dep_dbus.get_variable('datadir') / 'dbus-1' / 'system.d' +-dbus_service_dir = dep_dbus.get_variable('system_bus_services_dir') ++dbus_policy_dir = get_option('dbus_policy_dir') ++if dbus_policy_dir == '' ++ dbus_policy_dir = dep_dbus.get_variable('datadir') / 'dbus-1' / 'system.d' ++endif ++ ++dbus_service_dir = get_option('dbus_system_service_dir') ++if dbus_service_dir == '' ++ dbus_service_dir = dep_dbus.get_variable('system_bus_services_dir') ++endif ++ + dbus_config = { + 'OPENVPN_USERNAME': get_option('openvpn_username'), + 'LIBEXEC_PATH': get_option('prefix') / libexec_dir, +diff --git a/meson_options.txt b/meson_options.txt +index 43e301e..04809df 100644 +--- a/meson_options.txt ++++ b/meson_options.txt +@@ -93,6 +93,18 @@ option('use-legacy-polkit-pkla', type: 'feature', value: 'disabled', + option('polkit_pkla_rulesdir', type: 'string', value: '', + description: 'Override PolicyKit PKLA rules directory') + ++# ++# Installation ++# ++option('dbus_policy_dir', type: 'string', ++ description: 'D-Bus policy directory') ++option('dbus_system_service_dir', type: 'string', ++ description: 'D-Bus system service directory') ++option('systemd_system_unit_dir', type: 'string', ++ description: 'Path to systemd system unit directory') ++option('create_statedir', type: 'feature', value: 'enabled', ++ description: 'Create directory for OpenVPN 3 state during install phase') ++ + # + # Testing tools + # +diff --git a/src/configmgr/meson.build b/src/configmgr/meson.build +index 5d0a649..6f788b7 100644 +--- a/src/configmgr/meson.build ++++ b/src/configmgr/meson.build +@@ -52,7 +52,9 @@ configure_file( + install_dir: dbus_service_dir, + ) + +-# Create the configs directory for persistent configuration profiles +-# NOTE: Can be replaced with install_emptydir() when Meson 0.60 or newer +-# is available on all supported distros +-meson.add_install_script('sh','-c', 'mkdir -p $DESTDIR@0@'.format(openvpn3_statedir / 'configs')) ++if get_option('create_statedir').enabled() ++ # Create the configs directory for persistent configuration profiles ++ # NOTE: Can be replaced with install_emptydir() when Meson 0.60 or newer ++ # is available on all supported distros ++ meson.add_install_script('sh','-c', 'mkdir -p $DESTDIR@0@'.format(openvpn3_statedir / 'configs')) ++endif +-- +2.45.2 + diff --git a/pkgs/by-name/op/openvpn3/package.nix b/pkgs/by-name/op/openvpn3/package.nix new file mode 100644 index 000000000000..b1c18f5fe011 --- /dev/null +++ b/pkgs/by-name/op/openvpn3/package.nix @@ -0,0 +1,135 @@ +{ + lib, + stdenv, + fetchFromGitHub, + asio, + glib, + jsoncpp, + libcap_ng, + libnl, + libuuid, + lz4, + openssl, + pkg-config, + protobuf, + python3, + systemd, + tinyxml-2, + wrapGAppsHook3, + gobject-introspection, + meson, + ninja, + gdbuspp, + cmake, + git, + enableSystemdResolved ? true, +}: + +stdenv.mkDerivation rec { + pname = "openvpn3"; + # also update openvpn3-core + version = "23"; + + src = fetchFromGitHub { + owner = "OpenVPN"; + repo = "openvpn3-linux"; + rev = "refs/tags/v${version}"; + hash = "sha256-5gkutqyUPZDwRPzSFdUXg2G5mtQKbdhZu8xnNAdXoF0="; + # `openvpn3-core` is a submodule. + # TODO: make it into a separate package + fetchSubmodules = true; + }; + + patches = [ + # Merged in upstream, will land in v24 + # https://github.com/OpenVPN/openvpn3-linux/commit/75abb7dc9366ba85fb1a144d88f02a1e8a62f538 + ./0001-build-reduce-hardcode-in-asio_path.patch + ./0002-build-allow-installation-directories-customization.patch + ]; + + postPatch = '' + echo '#define OPENVPN_VERSION "3.git:unknown:unknown" + #define PACKAGE_GUIVERSION "v${builtins.replaceStrings [ "_" ] [ ":" ] version}" + #define PACKAGE_NAME "openvpn3-linux" + ' > ./src/build-version.h + + patchShebangs \ + ./scripts \ + ./src/python/{openvpn2,openvpn3-as,openvpn3-autoload} \ + ./distro/systemd/openvpn3-systemd \ + ./src/tests/dbus/netcfg-subscription-test \ + ./src/shell/bash-completion/gen-openvpn2-completion.py + ''; + + pythonPath = python3.withPackages (ps: [ + ps.dbus-python + ps.pygobject3 + ps.systemd + ]); + + nativeBuildInputs = [ + meson + ninja + pkg-config + cmake + git + + python3.pkgs.wrapPython + python3.pkgs.docutils + python3.pkgs.jinja2 + python3.pkgs.dbus-python + wrapGAppsHook3 + gobject-introspection + ]; + + buildInputs = [ + asio + glib + jsoncpp + libcap_ng + libnl + libuuid + lz4 + openssl + protobuf + tinyxml-2 + gdbuspp + ] ++ lib.optionals enableSystemdResolved [ systemd.dev ]; + + mesonFlags = [ + (lib.mesonOption "selinux" "disabled") + (lib.mesonOption "selinux_policy" "disabled") + (lib.mesonOption "bash-completion" "enabled") + (lib.mesonOption "test_programs" "disabled") + (lib.mesonOption "unit_tests" "disabled") + (lib.mesonOption "asio_path" "${asio}") + (lib.mesonOption "dbus_policy_dir" "${placeholder "out"}/share/dbus-1/system.d") + (lib.mesonOption "dbus_system_service_dir" "${placeholder "out"}/share/dbus-1/system-services") + (lib.mesonOption "systemd_system_unit_dir" "${placeholder "out"}/lib/systemd/system") + (lib.mesonOption "create_statedir" "disabled") + (lib.mesonOption "sharedstatedir" "/etc") + ]; + + dontWrapGApps = true; + preFixup = '' + makeWrapperArgs+=("''${gappsWrapperArgs[@]}") + ''; + postFixup = '' + wrapPythonPrograms + wrapPythonProgramsIn "$out/libexec/openvpn3-linux" "$out ${pythonPath}" + ''; + + NIX_LDFLAGS = "-lpthread"; + + meta = { + description = "OpenVPN 3 Linux client"; + license = lib.licenses.agpl3Plus; + homepage = "https://github.com/OpenVPN/openvpn3-linux/"; + changelog = "https://github.com/OpenVPN/openvpn3-linux/releases/tag/v${version}"; + maintainers = with lib.maintainers; [ + shamilton + progrm_jarvis + ]; + platforms = lib.platforms.linux; + }; +} diff --git a/pkgs/tools/networking/openvpn3/default.nix b/pkgs/tools/networking/openvpn3/default.nix deleted file mode 100644 index 9473277d291f..000000000000 --- a/pkgs/tools/networking/openvpn3/default.nix +++ /dev/null @@ -1,123 +0,0 @@ -{ lib -, stdenv -, fetchFromGitHub -, asio -, autoconf-archive -, autoreconfHook -, glib -, gtest -, jsoncpp -, libcap_ng -, libnl -, libuuid -, lz4 -, openssl -, pkg-config -, protobuf -, python3 -, systemd -, enableSystemdResolved ? false -, tinyxml-2 -, wrapGAppsHook3 -}: - -let - openvpn3-core = fetchFromGitHub { - owner = "OpenVPN"; - repo = "openvpn3"; - rev = "7590cb109349809b948e8edaeecabdbfe24e4b17"; - hash = "sha256-S9D/FQa7HYj0FJnyb5dCrtgTH9Nf2nvtyp/VHiebq7I="; - }; -in -stdenv.mkDerivation rec { - pname = "openvpn3"; - # also update openvpn3-core - version = "20"; - - src = fetchFromGitHub { - owner = "OpenVPN"; - repo = "openvpn3-linux"; - rev = "v${version}"; - hash = "sha256-Weyb+rcx04mpDdcL7Qt4O+PvPf5MLPAP/Uy+8qoNXbQ="; - }; - - postPatch = '' - rm -r ./vendor/googletest - cp -r ${gtest.src} ./vendor/googletest - rm -r ./openvpn3-core - ln -s ${openvpn3-core} ./openvpn3-core - - chmod -R +w ./vendor/googletest - shopt -s globstar - - patchShebangs **/*.py **/*.sh ./src/python/{openvpn2,openvpn3-as,openvpn3-autoload} \ - ./distro/systemd/openvpn3-systemd ./src/tests/dbus/netcfg-subscription-test - - echo "3.git:v${version}:unknown" > openvpn3-core-version - ''; - - preAutoreconf = '' - substituteInPlace ./update-version-m4.sh --replace 'VERSION="$(git describe --always --tags)"' "VERSION=v${version}" - ./update-version-m4.sh - ''; - - nativeBuildInputs = [ - autoconf-archive - autoreconfHook - python3.pkgs.docutils - python3.pkgs.jinja2 - pkg-config - wrapGAppsHook3 - python3.pkgs.wrapPython - ] ++ pythonPath; - - buildInputs = [ - asio - glib - jsoncpp - libcap_ng - libnl - libuuid - lz4 - openssl - protobuf - tinyxml-2 - ] ++ lib.optionals enableSystemdResolved [ - systemd - ]; - - # runtime deps - pythonPath = with python3.pkgs; [ - dbus-python - pygobject3 - ]; - - dontWrapGApps = true; - preFixup = '' - makeWrapperArgs+=("''${gappsWrapperArgs[@]}") - ''; - postFixup = '' - wrapPythonPrograms - ''; - - configureFlags = [ - "--enable-bash-completion" - "--enable-addons-aws" - "--disable-selinux-build" - "--disable-build-test-progs" - ] ++ lib.optionals enableSystemdResolved [ - # This defaults to --resolv-conf /etc/resolv.conf. See - # https://github.com/OpenVPN/openvpn3-linux/blob/v20/configure.ac#L434 - "DEFAULT_DNS_RESOLVER=--systemd-resolved" - ]; - - NIX_LDFLAGS = "-lpthread"; - - meta = with lib; { - description = "OpenVPN 3 Linux client"; - license = licenses.agpl3Plus; - homepage = "https://github.com/OpenVPN/openvpn3-linux/"; - maintainers = with maintainers; [ shamilton ]; - platforms = platforms.linux; - }; -} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index a060ec069721..880cc0742ac2 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -10712,8 +10712,6 @@ with pkgs; openvpn = callPackage ../tools/networking/openvpn {}; - openvpn3 = callPackage ../tools/networking/openvpn3 { }; - openvpn_learnaddress = callPackage ../tools/networking/openvpn/openvpn_learnaddress.nix { }; openvpn-auth-ldap = callPackage ../tools/networking/openvpn/openvpn-auth-ldap.nix {