ghostfox/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

push sheeet
Some checks failed
Periodic Merges (6h) / master → staging-nixos (push) Failing after 12m50s
Details
Periodic Merges (6h) / master → staging-next (push) Failing after 12m54s
Details
Periodic Merges (24h) / merge-base(master,staging) → haskell-updates (push) Failing after 11m54s
Details
Periodic Merges (6h) / staging-next → staging (push) Failing after 12m13s
Details
Periodic Merges (24h) / staging-next-25.05 → staging-25.05 (push) Failing after 13m24s
Details
Periodic Merges (24h) / release-25.05 → staging-next-25.05 (push) Failing after 14m28s
Details

Browse Source
This commit is contained in:
Dark Steveneq
2025-10-09 14:15:47 +02:00
commit 646b892680
49168 changed files with 5897842 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
pkgs/tools/networking/acme-client/default.nix Normal file
View File

@@ -0,0 +1,40 @@
{
lib,
stdenv,
fetchurl,
libbsd,
libressl,
pkg-config,
}:
stdenv.mkDerivation rec {
pname = "acme-client";
version = "1.3.3";
src = fetchurl {
url = "https://data.wolfsden.cz/sources/acme-client-${version}.tar.gz";
hash = "sha256-HJOk2vlDD7ADrLdf/eLEp+teu9XN0KrghEe6y4FIDoI=";
};
nativeBuildInputs = [
pkg-config
];
buildInputs = [
libbsd
libressl
];
makeFlags = [
"PREFIX=${placeholder "out"}"
];
meta = with lib; {
description = "Secure ACME/Let's Encrypt client";
homepage = "https://git.wolfsden.cz/acme-client-portable";
platforms = platforms.unix;
license = licenses.isc;
maintainers = with maintainers; [ pmahoney ];
mainProgram = "acme-client";
};
}

41
pkgs/tools/networking/apc-temp-fetch/default.nix Normal file
View File

@@ -0,0 +1,41 @@
{
lib,
buildPythonApplication,
fetchPypi,
pythonOlder,
requests,
setuptools,
}:
buildPythonApplication rec {
pname = "apc-temp-fetch";
version = "0.0.2";
pyproject = true;
disabled = pythonOlder "3.6";
src = fetchPypi {
pname = "APC-Temp-fetch";
inherit version;
hash = "sha256-lXGj/xrOkdMMYvuyVVSCojjQlzISFUT14VTn//iOARo=";
};
build-system = [
setuptools
];
dependencies = [
requests
];
pythonImportsCheck = [
"APC_Temp_fetch"
];
meta = with lib; {
description = "Unified temperature fetcher interface to several UPS network adapters";
homepage = "https://github.com/YZITE/APC_Temp_fetch";
license = licenses.asl20;
maintainers = [ ];
};
}

56
pkgs/tools/networking/axel/default.nix Normal file
View File

@@ -0,0 +1,56 @@
{
lib,
stdenv,
fetchFromGitHub,
autoreconfHook,
autoconf-archive,
pkg-config,
gettext,
libssl,
txt2man,
}:
stdenv.mkDerivation rec {
pname = "axel";
version = "2.17.14";
src = fetchFromGitHub {
owner = "axel-download-accelerator";
repo = pname;
rev = "v${version}";
sha256 = "sha256-5GUna5k8GhAx1Xe8n9IvXT7IO6gksxCLh+sMANlxTBM=";
};
postPatch = ''
substituteInPlace configure.ac \
--replace-fail "AM_GNU_GETTEXT_VERSION([0.11.1])" "AM_GNU_GETTEXT_VERSION([0.12])"
'';
nativeBuildInputs = [
autoreconfHook
pkg-config
autoconf-archive
txt2man
];
buildInputs = [
gettext
libssl
];
installFlags = [ "ETCDIR=${placeholder "out"}/etc" ];
postInstall = ''
mkdir -p $out/share/doc
cp doc/axelrc.example $out/share/doc/axelrc.example
'';
meta = with lib; {
description = "Console downloading program with some features for parallel connections for faster downloading";
homepage = "https://github.com/axel-download-accelerator/axel";
maintainers = with maintainers; [ pSub ];
platforms = with platforms; unix;
license = licenses.gpl2Plus;
mainProgram = "axel";
};
}

17
pkgs/tools/networking/bitmask-vpn/build_release.patch Normal file
View File

@@ -0,0 +1,17 @@
diff --git a/bitmask.pro b/bitmask.pro
index f377bb4..3c71a71 100644
--- a/bitmask.pro
+++ b/bitmask.pro
@@ -4,9 +4,9 @@ QT += quickcontrols2 svg
CONFIG += qt staticlib
CONFIG += c++17 strict_c++
CONFIG += qtquickcompiler
-CONFIG+=force_debug_info
-CONFIG+=debug_and_release
-#CONFIG+=release
+#CONFIG+=force_debug_info
+#CONFIG+=debug_and_release
+CONFIG+=release
windows:CONFIG -= console
unix:DEBUG:CONFIG += debug
lessThan(QT_MAJOR_VERSION, 5): error("requires Qt 5")

189
pkgs/tools/networking/bitmask-vpn/default.nix Normal file
View File

@@ -0,0 +1,189 @@
{
lib,
stdenv,
replaceVars,
git,
fetchFromGitLab,
buildGoModule,
wrapQtAppsHook,
python3,
python3Packages,
pkg-config,
openvpn,
cmake,
qmake,
which,
iproute2,
iptables,
procps,
qtbase,
qtdeclarative,
qtsvg,
qttools,
qtwayland,
provider ? "riseup",
}:
let
version = "0.24.8";
src = fetchFromGitLab {
domain = "0xacab.org";
owner = "leap";
repo = "bitmask-vpn";
rev = "8b3ac473f64b6de0262fbf945ff25af8029134f1";
leaveDotGit = true;
sha256 = "sha256-XUgCVHnTLZXFU+r0s1yuYryWNBJRgQrFlf3g1iRrLWs=";
};
# bitmask-root is only used on GNU/Linux
# and may one day be replaced by pkg/helper
bitmask-root = stdenv.mkDerivation {
inherit src version;
sourceRoot = "${src.name}/helpers";
pname = "bitmask-root";
nativeBuildInputs = [ python3Packages.wrapPython ];
postPatch = ''
substituteInPlace bitmask-root \
--replace 'swhich("ip")' '"${iproute2}/bin/ip"' \
--replace 'swhich("iptables")' '"${iptables}/bin/iptables"' \
--replace 'swhich("ip6tables")' '"${iptables}/bin/ip6tables"' \
--replace 'swhich("sysctl")' '"${procps}/bin/sysctl"' \
--replace /usr/sbin/openvpn ${openvpn}/bin/openvpn
substituteInPlace se.leap.bitmask.policy \
--replace /usr/sbin/bitmask-root $out/bin/bitmask-root
'';
installPhase = ''
runHook preInstall
install -m 755 -D -t $out/bin bitmask-root
install -m 444 -D -t $out/share/polkit-1/actions se.leap.bitmask.policy
wrapPythonPrograms
runHook postInstall
'';
};
in
buildGoModule rec {
inherit src version;
pname = "${provider}-vpn";
vendorHash = null;
patches = [
# This patch fixes the paths in the build script generated by qmake
# to use the correct paths for qmlcachegen and lrelease
(replaceVars ./fix_paths.patch {
inherit qtbase qtdeclarative qttools;
})
# Don't build the debug version
./build_release.patch
];
postPatch = ''
substituteInPlace pkg/pickle/helpers.go \
--replace /usr/share $out/share
# Using $PROVIDER is not working,
# thus replacing directly into the vendor.conf
substituteInPlace providers/vendor.conf \
--replace "provider = bitmask" "provider = ${provider}"
substituteInPlace branding/templates/debian/app.desktop-template \
--replace "Icon=icon" "Icon=${pname}"
patchShebangs gui/build.sh
wrapPythonProgramsIn branding/scripts
''
+ lib.optionalString stdenv.hostPlatform.isLinux ''
substituteInPlace pkg/helper/linux.go \
--replace /usr/sbin/openvpn ${openvpn}/bin/openvpn
substituteInPlace pkg/launcher/launcher_linux.go \
--replace /usr/sbin/openvpn ${openvpn}/bin/openvpn \
--replace /usr/sbin/bitmask-root ${bitmask-root}/bin/bitmask-root \
--replace /usr/bin/lxpolkit /run/wrappers/bin/polkit-agent-helper-1 \
--replace '"polkit-gnome-authentication-agent-1",' '"polkit-gnome-authentication-agent-1","polkitd",'
'';
nativeBuildInputs = [
cmake
git
pkg-config
python3
python3Packages.wrapPython
which
wrapQtAppsHook
qmake
qttools
qtsvg
];
buildInputs = [
qtbase
qtdeclarative
qtsvg
]
++ lib.optionals stdenv.hostPlatform.isLinux [ qtwayland ];
# FIXME: building on Darwin currently fails
# due to missing debug symbols for Qt,
# this should be fixable once darwin.apple_sdk >= 10.13
# See https://bugreports.qt.io/browse/QTBUG-76777
# Not using buildGoModule's buildPhase:
# gui/build.sh will build Go modules into lib/libgoshim.a
buildPhase = ''
runHook preBuild
make vendor
# TODO: this is a hack that copies the qrc file that should by built by qmlcachegen
# qmlcachegen is in qtdeclarative/libexec, but qmake is in qtbase/bin
# but qmake searches for qmlcachegen in qtbase/libexec which leads to the error
mkdir -p build/qt
cp ${./gui_gui_qmlcache.qrc} build/qt/gui_gui_qmlcache.qrc
make build
runHook postBuild
'';
postInstall = ''
install -m 755 -D -t $out/bin build/qt/release/${pname}
VERSION=${version} VENDOR_PATH=providers branding/scripts/generate-debian branding/templates/debian/data.json
(cd branding/templates/debian && ${python3Packages.python}/bin/python3 generate.py)
install -m 444 -D branding/templates/debian/app.desktop $out/share/applications/${pname}.desktop
install -m 444 -D providers/${provider}/assets/icon.svg $out/share/icons/hicolor/scalable/apps/${pname}.svg
''
+ lib.optionalString stdenv.hostPlatform.isLinux ''
install -m 444 -D -t $out/share/polkit-1/actions ${bitmask-root}/share/polkit-1/actions/se.leap.bitmask.policy
'';
# Some tests need access to the Internet:
# Post "https://api.black.riseup.net/3/cert": dial tcp: lookup api.black.riseup.net on [::1]:53: read udp [::1]:56553->[::1]:53: read: connection refused
doCheck = false;
passthru = { inherit bitmask-root; };
meta = {
description = "Generic VPN client by LEAP";
longDescription = ''
Bitmask, by LEAP (LEAP Encryption Access Project),
is an application to provide easy and secure encrypted communication
with a VPN (Virtual Private Network). It allows you to select from
a variety of trusted service provider all from one app.
Current providers include Riseup Networks
and The Calyx Institute, where the former is default.
The <literal>${pname}</literal> executable should appear
in your desktop manager's XDG menu or could be launch in a terminal
to get an execution log. A new icon should then appear in your systray
to control the VPN and configure some options.
'';
homepage = "https://bitmask.net";
license = lib.licenses.gpl3Plus;
maintainers = with lib.maintainers; [ julm ];
# darwin requires apple_sdk >= 10.13
platforms = lib.platforms.linux;
};
}

13
pkgs/tools/networking/bitmask-vpn/fix_paths.patch Normal file
View File

@@ -0,0 +1,13 @@
diff --git a/gui/build.sh b/gui/build.sh
index a858a81..ac43f52 100755
--- a/gui/build.sh
+++ b/gui/build.sh
@@ -94,6 +94,8 @@ function buildQmake {
mkdir -p $QTBUILD
$QMAKE -early QMAKE_CC=$CC QMAKE_CXX=$CXX QMAKE_LINK=$CXX -o "$QTBUILD/Makefile" CONFIG+=release VENDOR_PATH="${VENDOR_PATH}" $PROJECT
#CONFIG=+force_debug_info CONFIG+=debug CONFIG+=debug_and_release
+ sed -i 's|@qtbase@/libexec/qmlcachegen|@qtdeclarative@/libexec/qmlcachegen|g' $QTBUILD/Makefile
+ sed -i 's|@qtbase@/bin/lrelease|@qttools@/bin/lrelease|g' $QTBUILD/Makefile
}
function renameOutput {

107
pkgs/tools/networking/bitmask-vpn/gui_gui_qmlcache.qrc Normal file
View File

@@ -0,0 +1,107 @@
<?xml version="1.0"?>
<RCC>
<qresource prefix="/">
<file alias="main.qml">../../gui/main.qml</file>
<file alias="qtquickcontrols2.conf">../../gui/qtquickcontrols2.conf</file>
<file alias="themes/themes.js">../../gui/themes/themes.js</file>
<file alias="themes/theme-riseup.js">../../gui/themes/theme-riseup.js</file>
<file alias="themes/Riseup.qml">../../gui/themes/Riseup.qml</file>
<file alias="themes/theme-calyx.js">../../gui/themes/theme-calyx.js</file>
<file alias="themes/Calyx.qml">../../gui/themes/Calyx.qml</file>
<file alias="themes/Bitmask.qml">../../gui/themes/Bitmask.qml</file>
<file alias="themes/ThemeObject.qml">../../gui/themes/ThemeObject.qml</file>
<file alias="components/MainView.qml">../../gui/components/MainView.qml</file>
<file alias="components/ThemedPage.qml">../../gui/components/ThemedPage.qml</file>
<file alias="components/Splash.qml">../../gui/components/Splash.qml</file>
<file alias="components/FadeBehavior.qml">../../gui/components/FadeBehavior.qml</file>
<file alias="components/Home.qml">../../gui/components/Home.qml</file>
<file alias="components/Header.qml">../../gui/components/Header.qml</file>
<file alias="components/Footer.qml">../../gui/components/Footer.qml</file>
<file alias="components/About.qml">../../gui/components/About.qml</file>
<file alias="components/MaterialRadioButton.qml">../../gui/components/MaterialRadioButton.qml</file>
<file alias="components/MaterialRadioIndicator.qml">../../gui/components/MaterialRadioIndicator.qml</file>
<file alias="components/WrappedRadioButton.qml">../../gui/components/WrappedRadioButton.qml</file>
<file alias="components/MaterialCheckBox.qml">../../gui/components/MaterialCheckBox.qml</file>
<file alias="components/StatusBox.qml">../../gui/components/StatusBox.qml</file>
<file alias="components/Systray.qml">../../gui/components/Systray.qml</file>
<file alias="components/Help.qml">../../gui/components/Help.qml</file>
<file alias="components/Locations.qml">../../gui/components/Locations.qml</file>
<file alias="components/SignalIcon.qml">../../gui/components/SignalIcon.qml</file>
<file alias="components/Preferences.qml">../../gui/components/Preferences.qml</file>
<file alias="components/BoldLabel.qml">../../gui/components/BoldLabel.qml</file>
<file alias="components/LightLabel.qml">../../gui/components/LightLabel.qml</file>
<file alias="components/VPNButtonBase.qml">../../gui/components/VPNButtonBase.qml</file>
<file alias="components/VPNMouseArea.qml">../../gui/components/VPNMouseArea.qml</file>
<file alias="components/VerticalSpacer.qml">../../gui/components/VerticalSpacer.qml</file>
<file alias="components/Icon.qml">../../gui/components/Icon.qml</file>
<file alias="components/VPNState.qml">../../gui/components/VPNState.qml</file>
<file alias="components/InitErrors.qml">../../gui/components/InitErrors.qml</file>
<file alias="components/ErrorBox.qml">../../gui/components/ErrorBox.qml</file>
<file alias="components/MotdBox.qml">../../gui/components/MotdBox.qml</file>
<file alias="resources/icon-noshield.svg">../../gui/resources/icon-noshield.svg</file>
<file alias="resources/location.svg">../../gui/resources/location.svg</file>
<file alias="resources/settings.svg">../../gui/resources/settings.svg</file>
<file alias="resources/power.svg">../../gui/resources/power.svg</file>
<file alias="resources/language.svg">../../gui/resources/language.svg</file>
<file alias="resources/lightning.svg">../../gui/resources/lightning.svg</file>
<file alias="resources/close.svg">../../gui/resources/close.svg</file>
<file alias="resources/donate.svg">../../gui/resources/donate.svg</file>
<file alias="resources/tools.svg">../../gui/resources/tools.svg</file>
<file alias="resources/help.svg">../../gui/resources/help.svg</file>
<file alias="resources/about.svg">../../gui/resources/about.svg</file>
<file alias="resources/bridge.svg">../../gui/resources/bridge.svg</file>
<file alias="resources/gear-fill.svg">../../gui/resources/gear-fill.svg</file>
<file alias="resources/reception-0.svg">../../gui/resources/reception-0.svg</file>
<file alias="resources/reception-2.svg">../../gui/resources/reception-2.svg</file>
<file alias="resources/reception-4.svg">../../gui/resources/reception-4.svg</file>
<file alias="resources/reception-0@24.svg">../../gui/resources/reception-0@24.svg</file>
<file alias="resources/reception-4@24.svg">../../gui/resources/reception-4@24.svg</file>
<file alias="resources/arrow-left.svg">../../gui/resources/arrow-left.svg</file>
<file alias="resources/globe.svg">../../gui/resources/globe.svg</file>
<file alias="resources/spy.gif">../../gui/resources/spy.gif</file>
<file alias="resources/quit.svg">../../gui/resources/quit.svg</file>
<file alias="resources/alert.svg">../../gui/resources/alert.svg</file>
<file alias="resources/angle-right.svg">../../gui/resources/angle-right.svg</file>
<file alias="resources/snowflake.svg">../../gui/resources/snowflake.svg</file>
<file alias="resources/button_green.png">../../gui/resources/button_green.png</file>
<file alias="resources/button_yellow.png">../../gui/resources/button_yellow.png</file>
<file alias="resources/button_red.png">../../gui/resources/button_red.png</file>
<file alias="resources/ravens.svg">../../gui/resources/ravens.svg</file>
<file alias="resources/ravens.gif">../../gui/resources/ravens.gif</file>
<file alias="resources/riseup-icon.svg">../../gui/resources/riseup-icon.svg</file>
<file alias="resources/riseup_connected_bg.png">../../gui/resources/riseup_connected_bg.png</file>
<file alias="resources/riseup_connecting_bg.png">../../gui/resources/riseup_connecting_bg.png</file>
<file alias="resources/riseup_disconnected_bg.png">../../gui/resources/riseup_disconnected_bg.png</file>
<file alias="resources/riseup_green_shield.svg">../../gui/resources/riseup_green_shield.svg</file>
<file alias="resources/calyx/calyx-shield-green.png">../../gui/resources/calyx/calyx-shield-green.png</file>
<file alias="resources/calyx/calyx-hand.png">../../gui/resources/calyx/calyx-hand.png</file>
<file alias="resources/calyx/calyx-red-shield.png">../../gui/resources/calyx/calyx-red-shield.png</file>
<file alias="resources/calyx/calyx-yellow-shield.png">../../gui/resources/calyx/calyx-yellow-shield.png</file>
<file alias="resources/bitmask/splash_logo.png">../../gui/resources/bitmask/splash_logo.png</file>
<file alias="resources/bitmask/state_connected.png">../../gui/resources/bitmask/state_connected.png</file>
<file alias="resources/bitmask/state_connecting.png">../../gui/resources/bitmask/state_connecting.png</file>
<file alias="resources/bitmask/state_disconnected.png">../../gui/resources/bitmask/state_disconnected.png</file>
<file alias="resources/bitmask/bitmask_connected_bg.png">../../gui/resources/bitmask/bitmask_connected_bg.png</file>
<file alias="resources/bitmask/bitmask_connecting_bg.png">../../gui/resources/bitmask/bitmask_connecting_bg.png</file>
<file alias="resources/bitmask/bitmask_disconnected_bg.png">../../gui/resources/bitmask/bitmask_disconnected_bg.png</file>
<file alias="poppins-regular.ttf">../../gui/resources/fonts/Poppins-Regular.ttf</file>
<file alias="poppins-bold.ttf">../../gui/resources/fonts/Poppins-Bold.ttf</file>
<file alias="monserrat-bold.ttf">../../gui/resources/fonts/Montserrat-SemiBold.ttf</file>
<file alias="roboto.ttf">../../gui/resources/fonts/Roboto-Regular.ttf</file>
<file alias="roboto-bold.ttf">../../gui/resources/fonts/Roboto-Bold.ttf</file>
<file alias="assets/icon/png/black/vpn_off.png">../../gui/assets/icon/png/black/vpn_off.png</file>
<file alias="assets/icon/png/black/vpn_on.png">../../gui/assets/icon/png/black/vpn_on.png</file>
<file alias="assets/icon/png/black/vpn_wait_0.png">../../gui/assets/icon/png/black/vpn_wait_0.png</file>
<file alias="assets/icon/png/black/vpn_wait_1.png">../../gui/assets/icon/png/black/vpn_wait_1.png</file>
<file alias="assets/icon/png/black/vpn_wait_2.png">../../gui/assets/icon/png/black/vpn_wait_2.png</file>
<file alias="assets/icon/png/black/vpn_wait_3.png">../../gui/assets/icon/png/black/vpn_wait_3.png</file>
<file alias="assets/icon/png/white/vpn_off.png">../../gui/assets/icon/png/white/vpn_off.png</file>
<file alias="assets/icon/png/white/vpn_on.png">../../gui/assets/icon/png/white/vpn_on.png</file>
<file alias="assets/icon/png/white/vpn_wait_0.png">../../gui/assets/icon/png/white/vpn_wait_0.png</file>
<file alias="assets/icon/png/white/vpn_wait_1.png">../../gui/assets/icon/png/white/vpn_wait_1.png</file>
<file alias="assets/icon/png/white/vpn_wait_2.png">../../gui/assets/icon/png/white/vpn_wait_2.png</file>
<file alias="assets/icon/png/white/vpn_wait_3.png">../../gui/assets/icon/png/white/vpn_wait_3.png</file>
<file alias="assets/img/bird.jpg">../../gui/assets/img/bird.jpg</file>
<file alias="providers.json">../../gui/providers/providers.json</file>
</qresource>
</RCC>

50
pkgs/tools/networking/cmst/default.nix Normal file
View File

@@ -0,0 +1,50 @@
{
mkDerivation,
lib,
fetchFromGitHub,
qmake,
qtbase,
qttools,
gitUpdater,
}:
mkDerivation rec {
pname = "cmst";
version = "2023.03.14";
src = fetchFromGitHub {
repo = "cmst";
owner = "andrew-bibb";
rev = "${pname}-${version}";
sha256 = "sha256-yTqPxywPbtxTy1PPG+Mq64u8MrB27fEdmt1B0pn0BVk=";
};
nativeBuildInputs = [
qmake
qttools
];
buildInputs = [ qtbase ];
postPatch = ''
for f in $(find . -name \*.cpp -o -name \*.pri -o -name \*.pro); do
substituteInPlace $f --replace /etc $out/etc --replace /usr $out
done
'';
passthru.updateScript = gitUpdater {
rev-prefix = "${pname}-";
};
meta = with lib; {
description = "QT GUI for Connman with system tray icon";
mainProgram = "cmst";
homepage = "https://github.com/andrew-bibb/cmst";
maintainers = with maintainers; [
matejc
romildo
];
platforms = platforms.linux;
license = licenses.mit;
};
}

138
pkgs/tools/networking/dd-agent/datadog-agent.nix Normal file
View File

@@ -0,0 +1,138 @@
{
lib,
stdenv,
cmake,
buildGoModule,
makeWrapper,
fetchFromGitHub,
pythonPackages,
pkg-config,
systemd,
hostname,
withSystemd ? lib.meta.availableOn stdenv.hostPlatform systemd,
withDocker ? true,
extraTags ? [ ],
testers,
datadog-agent,
}:
let
# keep this in sync with github.com/DataDog/agent-payload dependency
payloadVersion = "5.0.164";
python = pythonPackages.python;
owner = "DataDog";
repo = "datadog-agent";
goPackagePath = "github.com/${owner}/${repo}";
version = "7.70.2";
src = fetchFromGitHub {
inherit owner repo;
tag = version;
hash = "sha256-yXtybHWrm+6kWW396FLlRZI0YVuThGuLfSYzoNXAEBU=";
};
rtloader = stdenv.mkDerivation {
pname = "datadog-agent-rtloader";
src = "${src}/rtloader";
inherit version;
nativeBuildInputs = [ cmake ];
buildInputs = [ python ];
cmakeFlags = [
"-DBUILD_DEMO=OFF"
"-DDISABLE_PYTHON2=ON"
];
};
in
buildGoModule rec {
pname = "datadog-agent";
inherit src version;
doCheck = false;
vendorHash = "sha256-iWOwhfSI7mLmDy6yewV0h9Y4pjYAV6Tz6TxsINOxYMg=";
subPackages = [
"cmd/agent"
"cmd/cluster-agent"
"cmd/dogstatsd"
"cmd/trace-agent"
];
nativeBuildInputs = [
pkg-config
makeWrapper
];
buildInputs = [ rtloader ] ++ lib.optionals withSystemd [ systemd ];
proxyVendor = true;
env.PKG_CONFIG_PATH = "${python}/lib/pkgconfig";
tags = [
"ec2"
"kubelet"
"python"
"process"
"log"
"secrets"
"zlib"
]
++ lib.optionals withSystemd [ "systemd" ]
++ lib.optionals withDocker [ "docker" ]
++ extraTags;
ldflags = [
"-X ${goPackagePath}/pkg/version.Commit=${src.rev}"
"-X ${goPackagePath}/pkg/version.AgentVersion=${version}"
"-X ${goPackagePath}/pkg/serializer.AgentPayloadVersion=${payloadVersion}"
"-X ${goPackagePath}/pkg/collector/python.pythonHome3=${python}"
"-X ${goPackagePath}/pkg/config/setup.DefaultPython=3"
"-r ${python}/lib"
];
# DataDog use paths relative to the agent binary, so fix these.
# We can't just point these to $out since that would introduce self-referential paths in the go modules,
# which are a fixed-output derivation. However, the patches aren't picked up if we skip them when building
# the modules. So we'll just traverse from the bin back to the out folder.
postPatch = ''
sed -e "s|PyChecksPath =.*|PyChecksPath = filepath.Join(_here, \"..\", \"${python.sitePackages}\")|" \
-e "s|distPath =.*|distPath = filepath.Join(_here, \"..\", \"share\", \"datadog-agent\")|" \
-i pkg/util/defaultpaths/path_nix.go
sed -e "s|/bin/hostname|${lib.getBin hostname}/bin/hostname|" \
-i pkg/util/hostname/fqdn_nix.go
'';
# Install the config files and python modules from the "dist" dir
# into standard paths.
postInstall = ''
mkdir -p $out/${python.sitePackages} $out/share/datadog-agent
cp -R --no-preserve=mode $src/cmd/agent/dist/conf.d $out/share/datadog-agent
rm -rf $out/share/datadog-agent/conf.d/{apm.yaml.default,process_agent.yaml.default,winproc.d,agentcrashdetect.d,myapp.d}
cp -R $src/cmd/agent/dist/{checks,utils,config.py} $out/${python.sitePackages}
wrapProgram "$out/bin/agent" \
--set PYTHONPATH "$out/${python.sitePackages}"''
+ lib.optionalString withSystemd " --prefix LD_LIBRARY_PATH : ${
lib.makeLibraryPath [
(lib.getLib systemd)
rtloader
]
}";
passthru.tests.version = testers.testVersion {
package = datadog-agent;
command = "agent version";
};
meta = with lib; {
description = ''
Event collector for the DataDog analysis service
-- v6 new golang implementation.
'';
homepage = "https://www.datadoghq.com";
license = licenses.bsd3;
maintainers = with maintainers; [
thoughtpolice
];
};
}

13
pkgs/tools/networking/dd-agent/datadog-process-agent.nix Normal file
View File

@@ -0,0 +1,13 @@
{ lib, datadog-agent }:
datadog-agent.overrideAttrs (attrs: {
pname = "datadog-process-agent";
meta =
attrs.meta // {
description = "Live process collector for the DataDog Agent v7";
mainProgram = "process-agent";
maintainers = [ ];
};
subPackages = [ "cmd/process-agent" ];
postInstall = null;
})

136
pkgs/tools/networking/dd-agent/integrations-core.nix Normal file
View File

@@ -0,0 +1,136 @@
# The declarations in this file build the Datadog agent's core
# integrations. These integrations are tracked in a separate
# repository[1] outside of the agent's primary repository and provide
# checks for various kinds of services.
#
# Not all services are relevant for all users, however. As some of
# them depend on various tools and Python packages it is nonsensical
# to build *all* integrations by default.
#
# A set of default integrations is defined and built either way.
# Additional integrations can be specified by overriding
# `extraIntegrations` in datadog-integrations-core.
#
# In practice the syntax for using this with additional integrations
# is not the most beautiful, but it works. For example to use
# datadog-agent from the top-level with the `ntp`-integration
# included, one could say:
#
# let
# integrationsWithNtp = datadog-integrations-core {
# # Extra integrations map from the integration name (as in the
# # integrations-core repository) to a function that receives the
# # Python package set and returns the required dependencies.g
# ntp = (ps: [ ps.ntplib ]);
# };
#
# in ddAgentWithNtp = datadog-agent.overrideAttrs(_ : {
# python = integrationsWithNtp.python;
# });
#
# The NixOS module 'datadog-agent' provides a simplified interface to
# this. Please see the module itself for more information.
#
# [1]: https://github.com/DataDog/integrations-core
{
lib,
fetchFromGitHub,
python3Packages,
extraIntegrations ? { },
}:
let
inherit (lib) attrValues mapAttrs;
version = "7.70.2";
src = fetchFromGitHub {
owner = "DataDog";
repo = "integrations-core";
tag = version;
hash = "sha256-3H8nQpy/m53ZjtDfe6s89yowBXnPt+1ARfWxcx+JwQM=";
};
# Build helper to build a single datadog integration package.
buildIntegration =
{ pname, ... }@args:
python3Packages.buildPythonPackage (
args
// {
inherit src version;
name = "datadog-integration-${pname}-${version}";
pyproject = true;
sourceRoot = "${src.name}/${args.sourceRoot or pname}";
buildInputs = with python3Packages; [
hatchling
setuptools
];
doCheck = false;
}
);
# Base package depended on by all other integrations.
datadog_checks_base = buildIntegration {
pname = "checks-base";
sourceRoot = "datadog_checks_base";
dependencies = with python3Packages; [
binary
cachetools
cryptography
immutables
jellyfish
lazy-loader
prometheus-client
protobuf
pydantic
python-dateutil
pyyaml
requests
requests-toolbelt
requests-unixsocket
simplejson
uptime
wrapt
];
pythonImportsCheck = [
"datadog_checks.base"
"datadog_checks.base.checks"
"datadog_checks.checks"
];
};
# Default integrations that should be built:
defaultIntegrations = {
disk = (ps: [ ps.psutil ]);
mongo = (ps: [ ps.pymongo ]);
network = (ps: [ ps.psutil ]);
nginx = (ps: [ ]);
postgres = (
ps: with ps; [
pg8000
psycopg2
semver
]
);
process = (ps: [ ps.psutil ]);
};
# All integrations (default + extra):
integrations = defaultIntegrations // extraIntegrations;
builtIntegrations = mapAttrs (
pname: fdeps:
buildIntegration {
inherit pname;
propagatedBuildInputs = (fdeps python3Packages) ++ [ datadog_checks_base ];
}
) integrations;
in
builtIntegrations
// {
inherit datadog_checks_base;
python = python3Packages.python.withPackages (_: (attrValues builtIntegrations));
}

33
pkgs/tools/networking/dnschef/default.nix Normal file
View File

@@ -0,0 +1,33 @@
{
buildPythonApplication,
fetchFromGitHub,
dnslib,
lib,
}:
buildPythonApplication {
pname = "dnschef";
version = "0.4";
src = fetchFromGitHub {
owner = "iphelix";
repo = "dnschef";
rev = "a395411ae1f5c262d0b80d06a45a445f696f3243";
sha256 = "0ll3hw6w5zhzyqc2p3c9443gcp12sx6ddybg5rjpl01dh3svrk1q";
};
format = "other";
installPhase = ''
install -D ./dnschef.py $out/bin/dnschef
'';
propagatedBuildInputs = [ dnslib ];
meta = with lib; {
homepage = "https://github.com/iphelix/dnschef";
description = "Highly configurable DNS proxy for penetration testers and malware analysts";
mainProgram = "dnschef";
license = licenses.bsd3;
maintainers = [ maintainers.gfrascadorio ];
};
}

59
pkgs/tools/networking/ebpf-verifier/default.nix Normal file
View File

@@ -0,0 +1,59 @@
{
lib,
stdenv,
fetchFromGitHub,
boost,
cmake,
catch2,
pkg-config,
replaceVars,
yaml-cpp,
}:
stdenv.mkDerivation {
pname = "ebpf-verifier";
version = "unstable-2023-07-15";
src = fetchFromGitHub {
owner = "vbpf";
repo = "ebpf-verifier";
rev = "de14d3aa3cd2845b621faf32b599766a66e158cf";
fetchSubmodules = true;
hash = "sha256-gnxB8ZLbTyIYpd61T57LPKFm1MHufeVEq/qN9pu2Vpk=";
};
patches = [
(replaceVars ./remove-fetchcontent-usage.patch {
# We will download them instead of cmake's fetchContent
catch2Src = catch2.src;
})
];
nativeBuildInputs = [
pkg-config
cmake
];
buildInputs = [
boost
yaml-cpp
];
installPhase = ''
runHook preInstall
mkdir -p $out/bin
cp ../check $out/bin/ebpf-verifier
runHook postInstall
'';
meta = with lib; {
description = "eBPF verifier based on abstract interpretation";
homepage = "https://github.com/vbpf/ebpf-verifier";
license = licenses.mit;
platforms = platforms.linux;
maintainers = with maintainers; [ gaelreyrol ];
mainProgram = "ebpf-verifier";
};
}

14
pkgs/tools/networking/ebpf-verifier/remove-fetchcontent-usage.patch Normal file
View File

@@ -0,0 +1,14 @@
diff --git a/CMakeLists.txt b/CMakeLists.txt
index d7cf256..cb94e5a 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -6,8 +6,7 @@ project(ebpf_verifier)
include(FetchContent)
FetchContent_Declare(
Catch2
- GIT_REPOSITORY https://github.com/catchorg/Catch2.git
- GIT_TAG ac93f1943762f6fc92f0dc5bac0d720a33a27530
+ SOURCE_DIR @catch2Src@
)
FetchContent_MakeAvailable(Catch2)

40
pkgs/tools/networking/flannel/default.nix Normal file
View File

@@ -0,0 +1,40 @@
{
lib,
buildGoModule,
fetchFromGitHub,
nixosTests,
}:
buildGoModule rec {
pname = "flannel";
version = "0.27.3";
rev = "v${version}";
vendorHash = "sha256-JchHjQh1ZP6wdpgUwfNyhD93Wlf4FvCD0h4Tte47z3U=";
src = fetchFromGitHub {
inherit rev;
owner = "flannel-io";
repo = "flannel";
sha256 = "sha256-r+9pII4zlPJ7UNdE0sR6Aul7p0sK+BRHq71S+NEekvM=";
};
ldflags = [ "-X github.com/flannel-io/flannel/pkg/version.Version=${rev}" ];
# TestRouteCache/TestV6RouteCache fail with "Failed to create newns: operation not permitted"
doCheck = false;
passthru.tests = { inherit (nixosTests) flannel; };
meta = with lib; {
description = "Network fabric for containers, designed for Kubernetes";
license = licenses.asl20;
homepage = "https://github.com/flannel-io/flannel";
maintainers = with maintainers; [
johanot
offline
];
platforms = with platforms; linux;
mainProgram = "flannel";
};
}

49
pkgs/tools/networking/flannel/plugin.nix Normal file
View File

@@ -0,0 +1,49 @@
{
lib,
buildGoModule,
fetchFromGitHub,
}:
buildGoModule rec {
pname = "cni-plugin-flannel";
version = "1.8.0-flannel1";
src = fetchFromGitHub {
owner = "flannel-io";
repo = "cni-plugin";
rev = "v${version}";
sha256 = "sha256-DaE8T/c1n5Mx/MvPXw+bXO+91Ux/bcWWAdbVmNhQXIo=";
};
vendorHash = "sha256-x4QoAXrMhzEqSNBvWl3/9Lb4JjDgwcoV9a0xEYcwKFI=";
ldflags = [
"-s"
"-w"
"-X main.Version=${version}"
"-X main.Commit=${version}"
"-X main.Program=flannel"
];
postInstall = ''
mv $out/bin/cni-plugin $out/bin/flannel
'';
doCheck = false;
doInstallCheck = true;
installCheckPhase = ''
runHook preInstallCheck
$out/bin/flannel 2>&1 | fgrep -q $version
runHook postInstallCheck
'';
meta = with lib; {
description = "Network fabric for containers designed to work in conjunction with flannel";
mainProgram = "flannel";
homepage = "https://github.com/flannel-io/cni-plugin/";
license = licenses.asl20;
platforms = platforms.linux;
maintainers = with maintainers; [ abbe ];
};
}

41
pkgs/tools/networking/gandi-cli/default.nix Normal file
View File

@@ -0,0 +1,41 @@
{
lib,
buildPythonApplication,
click,
fetchFromGitHub,
ipy,
pyyaml,
requests,
}:
buildPythonApplication rec {
pname = "gandi-cli";
version = "1.6";
format = "setuptools";
src = fetchFromGitHub {
owner = "Gandi";
repo = "gandi.cli";
rev = version;
sha256 = "sha256-KLeEbbzgqpmBjeTc5RYsFScym8xtMqVjU+H0lyDM0+o=";
};
propagatedBuildInputs = [
click
ipy
pyyaml
requests
];
# Tests try to contact the actual remote API
doCheck = false;
pythonImportsCheck = [ "gandi" ];
meta = with lib; {
description = "Command-line interface to the public Gandi.net API";
mainProgram = "gandi";
homepage = "https://cli.gandi.net/";
license = licenses.gpl3Plus;
maintainers = [ ];
};
}

48
pkgs/tools/networking/globalprotect-openconnect/default.nix Normal file
View File

@@ -0,0 +1,48 @@
{
stdenv,
lib,
fetchurl,
cmake,
qtwebsockets,
qtwebengine,
qtkeychain,
wrapQtAppsHook,
openconnect,
}:
stdenv.mkDerivation rec {
pname = "globalprotect-openconnect";
version = "1.4.9";
src = fetchurl {
url = "https://github.com/yuezk/GlobalProtect-openconnect/releases/download/v${version}/globalprotect-openconnect-${version}.tar.gz";
hash = "sha256-vhvVKESLbqHx3XumxbIWOXIreDkW3yONDMXMHxhjsvk=";
};
nativeBuildInputs = [
cmake
wrapQtAppsHook
];
buildInputs = [
openconnect
qtwebsockets
qtwebengine
qtkeychain
];
patchPhase = ''
substituteInPlace GPService/gpservice.h \
--replace /usr/local/bin/openconnect ${openconnect}/bin/openconnect;
substituteInPlace GPService/CMakeLists.txt \
--replace /etc/gpservice $out/etc/gpservice;
'';
meta = with lib; {
description = "GlobalProtect VPN client (GUI) for Linux based on OpenConnect that supports SAML auth mode";
homepage = "https://github.com/yuezk/GlobalProtect-openconnect";
license = licenses.gpl3Only;
maintainers = [ maintainers.jerith666 ];
platforms = platforms.linux;
};
}

67
pkgs/tools/networking/gmrender-resurrect/default.nix Normal file
View File

@@ -0,0 +1,67 @@
{
lib,
stdenv,
fetchFromGitHub,
autoreconfHook,
pkg-config,
makeWrapper,
gstreamer,
gst-plugins-base,
gst-plugins-good,
gst-plugins-bad,
gst-plugins-ugly,
gst-libav,
libupnp,
}:
let
version = "0.3";
pluginPath = lib.makeSearchPathOutput "lib" "lib/gstreamer-1.0" [
gstreamer
gst-plugins-base
gst-plugins-good
gst-plugins-bad
gst-plugins-ugly
gst-libav
];
in
stdenv.mkDerivation {
pname = "gmrender-resurrect";
inherit version;
src = fetchFromGitHub {
owner = "hzeller";
repo = "gmrender-resurrect";
rev = "v${version}";
sha256 = "sha256-Zt8YYRqqX5L/MGLsFzR8JOdYoNX9ypXLX5i+fqkzPkk=";
};
buildInputs = [
gstreamer
libupnp
];
nativeBuildInputs = [
autoreconfHook
pkg-config
makeWrapper
];
postInstall = ''
for prog in "$out/bin/"*; do
wrapProgram "$prog" --suffix GST_PLUGIN_SYSTEM_PATH_1_0 : "${pluginPath}"
done
'';
meta = with lib; {
description = "Resource efficient UPnP/DLNA renderer, optimal for Raspberry Pi, CuBox or a general MediaServer";
mainProgram = "gmediarender";
homepage = "https://github.com/hzeller/gmrender-resurrect";
license = licenses.gpl2Plus;
platforms = platforms.linux;
maintainers = with maintainers; [
koral
hzeller
];
};
}

32
pkgs/tools/networking/iperf/2.nix Normal file
View File

@@ -0,0 +1,32 @@
{
lib,
stdenv,
fetchurl,
}:
stdenv.mkDerivation (finalAttrs: {
pname = "iperf";
version = "2.2.1";
src = fetchurl {
url = "mirror://sourceforge/iperf2/files/iperf-${finalAttrs.version}.tar.gz";
hash = "sha256-dUqwp+KAM9vqgTCO9CS8ffTW4v4xtgzFNrYbUf772Ps=";
};
configureFlags = [ "--enable-fastsampling" ];
postInstall = ''
mv $out/bin/iperf $out/bin/iperf2
ln -s $out/bin/iperf2 $out/bin/iperf
'';
meta = with lib; {
homepage = "https://sourceforge.net/projects/iperf/";
description = "Tool to measure IP bandwidth using UDP or TCP";
platforms = platforms.unix;
license = licenses.mit;
# prioritize iperf3
priority = 10;
};
})

48
pkgs/tools/networking/iperf/3.nix Normal file
View File

@@ -0,0 +1,48 @@
{
lib,
stdenv,
fetchurl,
openssl,
fetchpatch,
lksctp-tools,
}:
stdenv.mkDerivation rec {
pname = "iperf";
version = "3.19.1";
src = fetchurl {
url = "https://downloads.es.net/pub/iperf/iperf-${version}.tar.gz";
hash = "sha256-3GP4nsWB6pn4tVjY6zUQneBjgwENtaGQbCCKViugwnA=";
};
buildInputs = [ openssl ] ++ lib.optionals stdenv.hostPlatform.isLinux [ lksctp-tools ];
configureFlags = [ "--with-openssl=${openssl.dev}" ];
outputs = [
"out"
"man"
];
patches = lib.optionals stdenv.hostPlatform.isMusl [
(fetchpatch {
url = "https://git.alpinelinux.org/aports/plain/main/iperf3/remove-pg-flags.patch?id=7f979fc51ae31d5c695d8481ba84a4afc5080efb";
name = "remove-pg-flags.patch";
sha256 = "0z3zsmf7ln08rg1mmzl8s8jm5gp8x62f5cxiqcmi8dcs2nsxwgbi";
})
];
postInstall = ''
ln -s $out/bin/iperf3 $out/bin/iperf
ln -s $man/share/man/man1/iperf3.1 $man/share/man/man1/iperf.1
'';
meta = {
homepage = "https://software.es.net/iperf/";
description = "Tool to measure IP bandwidth using UDP or TCP";
platforms = lib.platforms.unix;
license = lib.licenses.bsd3;
mainProgram = "iperf3";
maintainers = with lib.maintainers; [ fpletz ];
};
}

118
pkgs/tools/networking/ivpn/default.nix Normal file
View File

@@ -0,0 +1,118 @@
{
buildGoModule,
fetchFromGitHub,
lib,
wirelesstools,
makeWrapper,
wireguard-tools,
openvpn,
obfs4,
iproute2,
dnscrypt-proxy,
iptables,
gawk,
util-linux,
nix-update-script,
}:
builtins.mapAttrs
(
pname: attrs:
buildGoModule (
attrs
// rec {
inherit pname;
version = "3.14.34";
buildInputs = [
wirelesstools
];
src = fetchFromGitHub {
owner = "ivpn";
repo = "desktop-app";
tag = "v${version}";
hash = "sha256-Q96G5mJahJnXxpqJ8IF0oFie7l0Nd1p8drHH9NSpwEw=";
};
proxyVendor = true; # .c file
ldflags = [
"-s"
"-w"
"-X github.com/ivpn/desktop-app/daemon/version._version=${version}"
"-X github.com/ivpn/desktop-app/daemon/version._time=1970-01-01"
];
postInstall = ''
mv $out/bin/{${attrs.modRoot},${pname}}
'';
passthru.updateScript = nix-update-script { };
meta = {
description = "Official IVPN Desktop app";
homepage = "https://www.ivpn.net/apps";
changelog = "https://github.com/ivpn/desktop-app/releases/tag/v${version}";
license = lib.licenses.gpl3Only;
maintainers = with lib.maintainers; [
urandom
blenderfreaky
];
mainProgram = "ivpn";
};
}
)
)
{
ivpn = {
modRoot = "cli";
vendorHash = "sha256-xZ1tMiv06fE2wtpDagKjHiVTPYWpj32hM6n/v9ZcgrE=";
};
ivpn-service = {
modRoot = "daemon";
vendorHash = "sha256-DVKSCcEeE7vI8aOYuEwk22n0wtF7MMDOyAgYoXYadwI=";
nativeBuildInputs = [ makeWrapper ];
patches = [ ./permissions.patch ];
postPatch = ''
substituteInPlace daemon/service/platform/platform_linux.go \
--replace 'openVpnBinaryPath = "/usr/sbin/openvpn"' \
'openVpnBinaryPath = "${openvpn}/bin/openvpn"' \
--replace 'routeCommand = "/sbin/ip route"' \
'routeCommand = "${iproute2}/bin/ip route"'
substituteInPlace daemon/netinfo/netinfo_linux.go \
--replace 'retErr := shell.ExecAndProcessOutput(log, outParse, "", "/sbin/ip", "route")' \
'retErr := shell.ExecAndProcessOutput(log, outParse, "", "${iproute2}/bin/ip", "route")'
substituteInPlace daemon/service/platform/platform_linux_release.go \
--replace 'installDir := "/opt/ivpn"' "installDir := \"$out\"" \
--replace 'obfsproxyStartScript = path.Join(installDir, "obfsproxy/obfs4proxy")' \
'obfsproxyStartScript = "${lib.getExe obfs4}"' \
--replace 'wgBinaryPath = path.Join(installDir, "wireguard-tools/wg-quick")' \
'wgBinaryPath = "${wireguard-tools}/bin/wg-quick"' \
--replace 'wgToolBinaryPath = path.Join(installDir, "wireguard-tools/wg")' \
'wgToolBinaryPath = "${wireguard-tools}/bin/wg"' \
--replace 'dnscryptproxyBinPath = path.Join(installDir, "dnscrypt-proxy/dnscrypt-proxy")' \
'dnscryptproxyBinPath = "${dnscrypt-proxy}/bin/dnscrypt-proxy"'
'';
postFixup = ''
mkdir -p $out/etc
cp -r $src/daemon/References/Linux/etc/* $out/etc/
cp -r $src/daemon/References/common/etc/* $out/etc/
patchShebangs --build $out/etc/firewall.sh $out/etc/splittun.sh $out/etc/client.down $out/etc/client.up
wrapProgram "$out/bin/ivpn-service" \
--suffix PATH : ${
lib.makeBinPath [
iptables
gawk
util-linux
]
}
'';
};
}

27
pkgs/tools/networking/ivpn/permissions.patch Normal file
View File

@@ -0,0 +1,27 @@
diff --git a/daemon/service/platform/platform.go b/daemon/service/platform/platform.go
index 941a99a7..df821c4d 100644
--- a/daemon/service/platform/platform.go
+++ b/daemon/service/platform/platform.go
@@ -111,12 +111,6 @@ func Init() (warnings []string, errors []error, logInfo []string) {
}
// checking file permissions
- if err := checkFileAccessRightsStaticConfig("openvpnCaKeyFile", openvpnCaKeyFile); err != nil {
- errors = append(errors, err)
- }
- if err := checkFileAccessRightsStaticConfig("openvpnTaKeyFile", openvpnTaKeyFile); err != nil {
- errors = append(errors, err)
- }
if len(openvpnUpScript) > 0 {
if err := checkFileAccessRightsExecutable("openvpnUpScript", openvpnUpScript); err != nil {
@@ -149,9 +143,6 @@ func Init() (warnings []string, errors []error, logInfo []string) {
if err := checkFileAccessRightsExecutable("dnscryptproxyBinPath", dnscryptproxyBinPath); err != nil {
errors = append(errors, err)
}
- if err := checkFileAccessRightsStaticConfig("dnscryptproxyConfigTemplate", dnscryptproxyConfigTemplate); err != nil {
- errors = append(errors, err)
- }
if len(routeCommand) > 0 {
routeBinary := strings.Split(routeCommand, " ")[0]

40
pkgs/tools/networking/knock/package.nix Normal file
View File

@@ -0,0 +1,40 @@
{
lib,
buildGoModule,
fetchFromGitea,
installShellFiles,
}:
buildGoModule rec {
pname = "knock";
version = "0.0.2";
src = fetchFromGitea {
domain = "codeberg.org";
owner = "nat-418";
repo = "knock";
rev = "v${version}";
hash = "sha256-K+L4F4bTERQSqISAmfyps/U5GJ2N0FdJ3RmpiUmt4uA=";
};
vendorHash = "sha256-wkSXdIgfkHbVJYsgm/hLAeKA9geof92U3mzSzt7eJE8=";
outputs = [
"out"
"man"
];
nativeBuildInputs = [ installShellFiles ];
postInstall = ''
installManPage man/man1/knock.1
'';
meta = with lib; {
description = "Simple CLI network reachability tester";
homepage = "https://codeberg.org/nat-418/knock";
license = licenses.bsd0;
changelog = "https://codeberg.org/nat-418/knock/raw/branch/trunk/CHANGELOG.md";
maintainers = with maintainers; [ nat-418 ];
};
}

81
pkgs/tools/networking/lxi-tools/default.nix Normal file
View File

@@ -0,0 +1,81 @@
{
lib,
stdenv,
fetchFromGitHub,
meson,
ninja,
cmake,
pkg-config,
liblxi,
readline,
lua,
bash-completion,
wrapGAppsHook4,
glib,
gtk4,
gtksourceview5,
libadwaita,
json-glib,
desktop-file-utils,
appstream-glib,
gsettings-desktop-schemas,
withGui ? false,
}:
stdenv.mkDerivation rec {
pname = "lxi-tools";
version = "2.8";
src = fetchFromGitHub {
owner = "lxi-tools";
repo = "lxi-tools";
rev = "v${version}";
sha256 = "sha256-lmWZpKI3TXwF76LDFfZcOGUtPeBmBu+0Lu/3eCMMb3Y=";
};
nativeBuildInputs = [
meson
ninja
cmake
pkg-config
]
++ lib.optional withGui wrapGAppsHook4;
buildInputs = [
liblxi
readline
lua
bash-completion
]
++ lib.optionals withGui [
glib
gtk4
gtksourceview5
libadwaita
json-glib
desktop-file-utils
appstream-glib
gsettings-desktop-schemas
];
postUnpack = "sed -i '/meson.add_install.*$/d' source/meson.build";
mesonFlags = lib.optional (!withGui) "-Dgui=false";
postInstall = lib.optionalString withGui "glib-compile-schemas $out/share/glib-2.0/schemas";
meta = with lib; {
description = "Tool for communicating with LXI compatible instruments";
longDescription = ''
lxi-tools is a collection of open source software tools
that enables control of LXI compatible instruments such
as modern oscilloscopes, power supplies,
spectrum analyzers etc.
'';
homepage = "https://lxi-tools.github.io/";
license = licenses.bsd3;
platforms = platforms.unix;
maintainers = [ maintainers.vq ];
mainProgram = "lxi";
};
}

150
pkgs/tools/networking/maubot/default.nix Normal file
View File

@@ -0,0 +1,150 @@
{
lib,
fetchPypi,
fetchpatch,
callPackage,
runCommand,
python,
encryptionSupport ? true,
sqliteSupport ? true,
}:
let
# save for overriding it
python' = python;
in
let
python = python'.override {
self = python;
packageOverrides = final: prev: {
# SQLAlchemy>=1,<1.4
# SQLAlchemy 2.0's derivation is very different, so don't override, just write it from scratch
# (see https://github.com/NixOS/nixpkgs/blob/65dbed73949e4c0207e75dcc7271b29f9e457670/pkgs/development/python-modules/sqlalchemy/default.nix)
sqlalchemy = final.buildPythonPackage rec {
pname = "SQLAlchemy";
version = "1.3.24";
format = "setuptools";
src = fetchPypi {
inherit pname version;
sha256 = "sha256-67t3fL+TEjWbiXv4G6ANrg9ctp+6KhgmXcwYpvXvdRk=";
};
postInstall = ''
sed -e 's:--max-worker-restart=5::g' -i setup.cfg
'';
# tests are pretty annoying to set up for this version, and these dependency overrides are already long enough
doCheck = false;
};
};
};
maubot = python.pkgs.buildPythonPackage rec {
pname = "maubot";
version = "0.5.1";
format = "setuptools";
disabled = python.pythonOlder "3.10";
src = fetchPypi {
inherit pname version;
hash = "sha256-0UtelZ3w0QUw825AGhSc8wfhYaL9FSYJXCvYZEefWPQ=";
};
patches = [
# add entry point - https://github.com/maubot/maubot/pull/146
(fetchpatch {
url = "https://github.com/maubot/maubot/commit/ef6e23eccb530187dd3447b6aac2047d4a32fb83.patch";
hash = "sha256-d5fu47F93aXZmk6MiSsxTE8pHjMKNL0FUdU+ynUqY2o=";
})
];
propagatedBuildInputs =
with python.pkgs;
[
# requirements.txt
(mautrix.override { withOlm = encryptionSupport; })
aiohttp
yarl
asyncpg
aiosqlite
commonmark
ruamel-yaml
attrs
bcrypt
packaging
click
colorama
questionary
jinja2
setuptools
]
# optional-requirements.txt
++ lib.optionals encryptionSupport [
python-olm
pycryptodome
unpaddedbase64
]
++ lib.optionals sqliteSupport [
sqlalchemy
];
# used for plugin tests
propagatedNativeBuildInputs = with python.pkgs; [
pytest
pytest-asyncio
];
postInstall = ''
rm $out/example-config.yaml
'';
pythonImportsCheck = [
"maubot"
];
passthru =
let
wrapper = callPackage ./wrapper.nix {
unwrapped = maubot;
python3 = python;
};
in
{
tests = {
simple = runCommand "${pname}-tests" { } ''
${maubot}/bin/mbc --help > $out
'';
};
inherit python;
plugins = callPackage ./plugins {
maubot = maubot;
python3 = python;
};
withPythonPackages = pythonPackages: wrapper { inherit pythonPackages; };
# This adds the plugins to lib/maubot-plugins
withPlugins = plugins: wrapper { inherit plugins; };
# This changes example-config.yaml in module directory
withBaseConfig = baseConfig: wrapper { inherit baseConfig; };
};
meta = with lib; {
description = "Plugin-based Matrix bot system written in Python";
homepage = "https://maubot.xyz/";
changelog = "https://github.com/maubot/maubot/blob/v${version}/CHANGELOG.md";
license = licenses.agpl3Plus;
# Presumably, people running "nix run nixpkgs#maubot" will want to run the tool
# for interacting with Maubot rather than Maubot itself, which should be used as
# a NixOS module.
mainProgram = "mbc";
maintainers = with maintainers; [ chayleaf ];
};
};
in
maubot

90
pkgs/tools/networking/maubot/plugins/default.nix Normal file
View File

@@ -0,0 +1,90 @@
{
lib,
fetchgit,
fetchFromGitHub,
fetchFromGitLab,
fetchFromGitea,
stdenvNoCC,
callPackage,
ensureNewerSourcesForZipFilesHook,
maubot,
python3,
poetry,
formats,
}:
let
# pname: plugin id (example: xyz.maubot.echo)
# version: plugin version
# other attributes are passed directly to stdenv.mkDerivation (you at least need src)
buildMaubotPlugin =
attrs@{
version,
pname,
base_config ? null,
...
}:
stdenvNoCC.mkDerivation (
removeAttrs attrs [ "base_config" ]
// {
pluginName = "${pname}-v${version}.mbp";
nativeBuildInputs = (attrs.nativeBuildInputs or [ ]) ++ [
ensureNewerSourcesForZipFilesHook
maubot
];
buildPhase = ''
runHook preBuild
mbc build
runHook postBuild
'';
postPatch =
lib.optionalString (base_config != null) ''
[ -e base-config.yaml ] || (echo "base-config.yaml doesn't exist, can't override it" && exit 1)
cp "${
if builtins.isPath base_config || lib.isDerivation base_config then
base_config
else if builtins.isString base_config then
builtins.toFile "base-config.yaml" base_config
else
(formats.yaml { }).generate "base-config.yaml" base_config
}" base-config.yaml
''
+ attrs.postPatch or "";
installPhase = ''
runHook preInstall
mkdir -p $out/lib/maubot-plugins
install -m 444 $pluginName $out/lib/maubot-plugins
runHook postInstall
'';
}
);
generated = import ./generated.nix {
inherit
lib
fetchgit
fetchFromGitHub
fetchFromGitLab
fetchFromGitea
python3
poetry
buildMaubotPlugin
;
};
in
generated
// {
inherit buildMaubotPlugin;
allOfficialPlugins = builtins.filter (x: x.isOfficial && !x.meta.broken) (
builtins.attrValues generated
);
allPlugins = builtins.filter (x: !x.meta.broken) (builtins.attrValues generated);
}

2472
pkgs/tools/networking/maubot/plugins/generated.json Normal file
View File

File diff suppressed because it is too large Load Diff

94
pkgs/tools/networking/maubot/plugins/generated.nix Normal file
View File

@@ -0,0 +1,94 @@
{
lib,
fetchgit,
fetchFromGitHub,
fetchFromGitLab,
fetchFromGitea,
python3,
poetry,
buildMaubotPlugin,
}:
let
json = builtins.fromJSON (builtins.readFile ./generated.json);
in
lib.flip builtins.mapAttrs json (
name: entry:
let
inherit (entry) manifest;
resolveDeps =
deps:
map (
name:
let
packageName = builtins.head (builtins.match "([^~=<>@]*).*" name);
lower = lib.toLower packageName;
dash = builtins.replaceStrings [ "_" ] [ "-" ] packageName;
lowerDash = builtins.replaceStrings [ "_" ] [ "-" ] lower;
in
python3.pkgs.${packageName} or python3.pkgs.${lower} or python3.pkgs.${dash}
or python3.pkgs.${lowerDash} or null
) (builtins.filter (x: x != "maubot" && x != null) deps);
reqDeps = resolveDeps (lib.toList (manifest.dependencies or null));
optDeps = resolveDeps (lib.toList (manifest.soft_dependencies or null));
in
lib.makeOverridable buildMaubotPlugin (
entry.attrs
// {
pname = manifest.id;
inherit (manifest) version;
src =
if entry ? github then
fetchFromGitHub entry.github
else if entry ? git then
fetchgit entry.git
else if entry ? gitlab then
fetchFromGitLab entry.gitlab
else if entry ? gitea then
fetchFromGitea entry.gitea
else
throw "Invalid generated entry for ${manifest.id}: missing source";
propagatedBuildInputs = builtins.filter (x: x != null) (reqDeps ++ optDeps);
passthru.isOfficial = entry.isOfficial or false;
meta = entry.attrs.meta // {
license =
let
spdx = entry.attrs.meta.license or manifest.license or "unfree";
spdxLicenses = builtins.listToAttrs (
map (x: lib.nameValuePair x.spdxId x) (
builtins.filter (x: x ? spdxId) (builtins.attrValues lib.licenses)
)
);
in
spdxLicenses.${spdx};
broken = builtins.any (x: x == null) reqDeps;
};
}
// lib.optionalAttrs (entry.isPoetry or false) {
nativeBuildInputs = [
poetry
(python3.withPackages (
p: with p; [
toml
ruamel-yaml
isort
]
))
];
preBuild = lib.optionalString (entry ? attrs.preBuild) (entry.attrs.preBuild + "\n") + ''
export HOME=$(mktemp -d)
[[ ! -d scripts ]] || patchShebangs --build scripts
make maubot.yaml
'';
}
)
)

228
pkgs/tools/networking/maubot/plugins/update.py Executable file
View File

@@ -0,0 +1,228 @@
#!/usr/bin/env nix-shell
#!nix-shell -i python3 -p git nurl "(python3.withPackages (ps: with ps; [ toml gitpython requests ruamel-yaml ]))"
import git
import json
import os
import subprocess
import ruamel.yaml
import sys
import toml
import zipfile
HOSTNAMES = {
"git.skeg1.se": "gitlab",
"edugit.org": "gitlab",
"codeberg.org": "gitea",
}
PLUGINS: dict[str, dict] = {}
# https://github.com/maubot/plugins.maubot.xyz/pull/45
SKIP = {"characterai"}
DIRS = {"matrix-to-discourse": "plugin"}
yaml = ruamel.yaml.YAML(typ="safe")
TMP = os.environ.get("TEMPDIR", "/tmp")
def process_repo(path: str, official: bool):
global PLUGINS
with open(path, "rt") as f:
data = yaml.load(f)
name, repourl, license, desc = (
data["name"],
data["repo"],
data["license"],
data["description"],
)
if name in SKIP:
return
origurl = repourl
if "/" in name or " " in name:
name = os.path.split(path)[-1].removesuffix(".yaml")
name = name.replace("_", "-").lower()
if name in PLUGINS.keys():
raise ValueError(f"Duplicate plugin {name}, refusing to continue")
repodir = os.path.join(TMP, "maubot-plugins", name)
plugindir = repodir
if "/tree/" in repourl:
repourl, rev_path = repourl.split("/tree/")
rev, subdir = rev_path.strip("/").split("/")
plugindir = os.path.join(plugindir, subdir)
elif name in DIRS.keys():
subdir = DIRS[name]
plugindir = os.path.join(plugindir, subdir)
else:
rev = None
subdir = None
if repourl.startswith("http:"):
repourl = "https" + repourl[4:]
repourl = repourl.rstrip("/")
if not os.path.exists(repodir):
print("Fetching", name)
repo = git.Repo.clone_from(repourl + ".git", repodir)
else:
repo = git.Repo(repodir)
tags = sorted(repo.tags, key=lambda t: t.commit.committed_datetime)
tags = list(filter(lambda x: "rc" not in str(x), tags))
if tags:
repo.git.checkout(tags[-1])
rev = str(tags[-1])
else:
rev = str(repo.commit("HEAD"))
ret: dict = {"attrs": {}}
if subdir:
ret["attrs"]["postPatch"] = f"cd {subdir}"
domain, query = repourl.removeprefix("https://").split("/", 1)
hash = subprocess.run(
["nurl", "--hash", f"file://{repodir}", rev], capture_output=True, check=True
).stdout.decode("utf-8")
ret["attrs"]["meta"] = {
"description": desc,
"homepage": origurl,
}
if domain == "github.com":
owner, repo = query.split("/")
ret["github"] = {
"owner": owner,
"repo": repo,
"rev": rev,
"hash": hash,
}
ret["attrs"]["meta"]["downloadPage"] = f"{repourl}/releases"
ret["attrs"]["meta"]["changelog"] = f"{repourl}/releases"
repobase = f"{repourl}/blob/{rev}"
elif (
HOSTNAMES.get(
domain, "gitea" if "gitea." in domain or "forgejo." in domain else None
)
== "gitea"
):
owner, repo = query.split("/")
ret["gitea"] = {
"domain": domain,
"owner": owner,
"repo": repo,
"rev": rev,
"hash": hash,
}
repobase = f"{repourl}/src/commit/{rev}"
ret["attrs"]["meta"]["downloadPage"] = f"{repourl}/releases"
ret["attrs"]["meta"]["changelog"] = f"{repourl}/releases"
elif HOSTNAMES.get(domain, "gitlab" if "gitlab." in domain else None) == "gitlab":
owner, repo = query.split("/")
ret["gitlab"] = {
"owner": owner,
"repo": repo,
"rev": rev,
"hash": hash,
}
if domain != "gitlab.com":
ret["gitlab"]["domain"] = domain
repobase = f"{repourl}/-/blob/{rev}"
else:
raise ValueError(
f"Is {domain} Gitea or Gitlab, or something else? Please specify in the Python script!"
)
if os.path.exists(os.path.join(plugindir, "CHANGELOG.md")):
ret["attrs"]["meta"]["changelog"] = f"{repobase}/CHANGELOG.md"
if os.path.exists(os.path.join(plugindir, "maubot.yaml")):
with open(os.path.join(plugindir, "maubot.yaml"), "rt") as f:
ret["manifest"] = yaml.load(f)
elif os.path.exists(os.path.join(plugindir, "pyproject.toml")):
ret["isPoetry"] = True
with open(os.path.join(plugindir, "pyproject.toml"), "rt") as f:
data = toml.load(f)
deps = []
for key, val in data["tool"]["poetry"].get("dependencies", {}).items():
if key in ["maubot", "mautrix", "python"]:
continue
reqs = []
for req in val.split(","):
reqs.extend(poetry_to_pep(req))
deps.append(key + ", ".join(reqs))
ret["manifest"] = data["tool"]["maubot"]
ret["manifest"]["id"] = data["tool"]["poetry"]["name"]
ret["manifest"]["version"] = data["tool"]["poetry"]["version"]
ret["manifest"]["license"] = data["tool"]["poetry"]["license"]
if deps:
ret["manifest"]["dependencies"] = deps
else:
raise ValueError(f"No maubot.yaml or pyproject.toml found in {repodir}")
# normalize non-spdx-conformant licenses this way
# (and fill out missing license info)
if "license" not in ret["manifest"] or ret["manifest"]["license"] in [
"GPLv3",
"AGPL 3.0",
]:
ret["attrs"]["meta"]["license"] = license
elif ret["manifest"]["license"] != license:
print(
f"Warning: licenses for {repourl} don't match! {ret['manifest']['license']} != {license}"
)
if official:
ret["isOfficial"] = official
PLUGINS[name] = ret
def next_incomp(ver_s: str) -> str:
ver = ver_s.split(".")
zero = False
for i in range(len(ver)):
try:
seg = int(ver[i])
except ValueError:
if zero:
ver = ver[:i]
break
continue
if zero:
ver[i] = "0"
elif seg:
ver[i] = str(seg + 1)
zero = True
return ".".join(ver)
def poetry_to_pep(ver_req: str) -> list[str]:
if "*" in ver_req:
raise NotImplementedError("Wildcard poetry versions not implemented!")
if ver_req.startswith("^"):
return [">=" + ver_req[1:], "<" + next_incomp(ver_req[1:])]
if ver_req.startswith("~"):
return ["~=" + ver_req[1:]]
return [ver_req]
def main():
cache_path = os.path.join(TMP, "maubot-plugins")
if not os.path.exists(cache_path):
os.makedirs(cache_path)
git.Repo.clone_from(
"https://github.com/maubot/plugins.maubot.xyz",
os.path.join(cache_path, "_repo"),
)
else:
pass
repodir = os.path.join(cache_path, "_repo")
for suffix, official in (("official", True), ("thirdparty", False)):
directory = os.path.join(repodir, "data", "plugins", suffix)
for plugin_name in os.listdir(directory):
process_repo(os.path.join(directory, plugin_name), official)
if os.path.isdir("pkgs/tools/networking/maubot/plugins"):
generated = "pkgs/tools/networking/maubot/plugins/generated.json"
else:
script_dir = os.path.dirname(os.path.realpath(__file__))
generated = os.path.join(script_dir, "generated.json")
with open(generated, "wt") as file:
json.dump(PLUGINS, file, indent=" ", separators=(",", ": "), sort_keys=True)
file.write("\n")
if __name__ == "__main__":
main()

89
pkgs/tools/networking/maubot/wrapper.nix Normal file
View File

@@ -0,0 +1,89 @@
{
lib,
symlinkJoin,
runCommand,
unwrapped,
python3,
formats,
}:
let
wrapper =
{
pythonPackages ? (_: [ ]),
plugins ? (_: [ ]),
baseConfig ? null,
}:
let
plugins' = plugins unwrapped.plugins;
extraPythonPackages = builtins.concatLists (map (p: p.propagatedBuildInputs or [ ]) plugins');
in
symlinkJoin {
name = "${unwrapped.pname}-with-plugins-${unwrapped.version}";
inherit unwrapped;
paths = lib.optional (baseConfig != null) unwrapped ++ plugins';
pythonPath =
lib.optional (baseConfig == null) unwrapped ++ pythonPackages python3.pkgs ++ extraPythonPackages;
nativeBuildInputs = [ python3.pkgs.wrapPython ];
postBuild = ''
rm -f $out/nix-support/propagated-build-inputs
rmdir $out/nix-support || true
${lib.optionalString (baseConfig != null) ''
rm $out/${python3.sitePackages}/maubot/example-config.yaml
substituteAll ${
(formats.yaml { }).generate "example-config.yaml" (
lib.recursiveUpdate baseConfig {
plugin_directories = lib.optionalAttrs (plugins' != [ ]) {
load = [ "@out@/lib/maubot-plugins" ] ++ (baseConfig.plugin_directories.load or [ ]);
};
# Normally it should be set to false by default to take it from package
# root, but aiohttp doesn't follow symlinks when serving static files
# unless follow_symlinks=True is passed. Instead of patching maubot, use
# this non-invasive approach
# XXX: would patching maubot be better? See:
# https://github.com/maubot/maubot/blob/75879cfb9370aade6fa0e84e1dde47222625139a/maubot/server.py#L106
server.override_resource_path =
if isNull (baseConfig.server.override_resource_path or null) then
"${unwrapped}/${python3.sitePackages}/maubot/management/frontend/build"
else
baseConfig.server.override_resource_path;
}
)
} $out/${python3.sitePackages}/maubot/example-config.yaml
rm -rf $out/bin
''}
mkdir -p $out/bin
cp $unwrapped/bin/.mbc-wrapped $out/bin/mbc
cp $unwrapped/bin/.maubot-wrapped $out/bin/maubot
wrapPythonProgramsIn "$out/bin" "${lib.optionalString (baseConfig != null) "$out "}$pythonPath"
'';
passthru = {
inherit unwrapped;
python = python3;
withPythonPackages =
filter:
wrapper {
pythonPackages = pkgs: pythonPackages pkgs ++ filter pkgs;
inherit plugins baseConfig;
};
withPlugins =
filter:
wrapper {
plugins = pkgs: plugins pkgs ++ filter pkgs;
inherit pythonPackages baseConfig;
};
withBaseConfig =
baseConfig:
wrapper {
inherit baseConfig pythonPackages plugins;
};
};
meta.priority = (unwrapped.meta.priority or lib.meta.defaultPriority) - 1;
};
in
wrapper

121
pkgs/tools/networking/miniupnpd/default.nix Normal file
View File

@@ -0,0 +1,121 @@
{
stdenv,
lib,
fetchurl,
iptables-legacy,
libuuid,
openssl,
pkg-config,
which,
iproute2,
gnused,
coreutils,
gnugrep,
gawk,
makeWrapper,
nixosTests,
firewall ? "iptables",
nftables,
libmnl,
libnftnl,
}:
let
scriptBinEnv =
lib.makeBinPath
{
iptables = [
# needed for dirname in ip{,6}tables_*.sh
coreutils
# used in miniupnpd_functions.sh:
which
iproute2
iptables-legacy
gnused
gnugrep
gawk
];
nftables = [
# needed for dirname in nft_*.sh & cat in nft_init.sh
coreutils
# used in miniupnpd_functions.sh:
which
nftables
];
}
.${firewall};
in
stdenv.mkDerivation rec {
pname = "miniupnpd";
version = "2.3.9";
src = fetchurl {
url = "https://miniupnp.tuxfamily.org/files/miniupnpd-${version}.tar.gz";
sha256 = "sha256-Zss8PWl6srs6YdPEhigWbWujKNfC2+uViY/fKjICr3s=";
};
buildInputs = [
iptables-legacy
libuuid
openssl
]
++ lib.optionals (firewall == "nftables") [
libmnl
libnftnl
];
nativeBuildInputs = [
pkg-config
makeWrapper
];
# ./configure is not a standard configure file, errors with:
# Option not recognized : --prefix=
dontAddPrefix = true;
configureFlags = [
"--firewall=${firewall}"
# allow using various config options
"--ipv6"
"--leasefile"
"--regex"
"--vendorcfg"
# hardening
"--portinuse"
];
installFlags = [
"PREFIX=$(out)"
"INSTALLPREFIX=$(out)"
];
postFixup =
{
# Ideally we'd prefer using system's config.firewall.package here for iptables,
# however for some reason switching --prefix to --suffix breaks the script
iptables = ''
for script in $out/etc/miniupnpd/ip{,6}tables_{init,removeall}.sh
do
wrapProgram $script --prefix PATH : '${scriptBinEnv}:$PATH'
done
'';
nftables = ''
for script in $out/etc/miniupnpd/nft_{delete_chain,flush,init,removeall}.sh
do
wrapProgram $script --suffix PATH : '${scriptBinEnv}:$PATH'
done
'';
}
.${firewall};
passthru.tests = {
bittorrent-integration = nixosTests.bittorrent;
inherit (nixosTests) upnp;
};
meta = with lib; {
homepage = "https://miniupnp.tuxfamily.org/";
description = "Daemon that implements the UPnP Internet Gateway Device (IGD) specification";
platforms = platforms.linux;
license = licenses.bsd3;
mainProgram = "miniupnpd";
};
}

66
pkgs/tools/networking/mtr/default.nix Normal file
View File

@@ -0,0 +1,66 @@
{
stdenv,
lib,
fetchFromGitHub,
autoreconfHook,
pkg-config,
libcap,
ncurses,
jansson,
withGtk ? false,
gtk3,
}:
stdenv.mkDerivation rec {
pname = "mtr${lib.optionalString withGtk "-gui"}";
version = "0.96";
src = fetchFromGitHub {
owner = "traviscross";
repo = "mtr";
rev = "v${version}";
sha256 = "sha256-Oit0jEm1g+jYCIoTak/mcdlF14GDkDOAWKmX2mYw30M=";
};
# we need this before autoreconfHook does its thing
postPatch = ''
echo ${version} > .tarball-version
'';
# and this after autoreconfHook has generated Makefile.in
preConfigure = ''
substituteInPlace Makefile.in \
--replace ' install-exec-hook' ""
'';
configureFlags = lib.optional (!withGtk) "--without-gtk";
nativeBuildInputs = [
autoreconfHook
pkg-config
];
buildInputs = [
ncurses
jansson
]
++ lib.optional withGtk gtk3
++ lib.optional stdenv.hostPlatform.isLinux libcap;
enableParallelBuilding = true;
meta = with lib; {
description = "Network diagnostics tool";
homepage = "https://www.bitwizard.nl/mtr/";
license = licenses.gpl2Only;
maintainers = with maintainers; [
koral
orivej
raskin
globin
ryan4yin
];
mainProgram = "mtr";
platforms = platforms.unix;
};
}

57
pkgs/tools/networking/namespaced-openvpn/default.nix Normal file
View File

@@ -0,0 +1,57 @@
{
lib,
fetchFromGitHub,
buildPythonPackage,
openvpn,
iproute2,
iptables,
util-linux,
}:
buildPythonPackage rec {
pname = "namespaced-openvpn";
version = "0.6.0";
format = "other";
src = fetchFromGitHub {
owner = "slingamn";
repo = pname;
rev = "a3fa42b2d8645272cbeb6856e26a7ea9547cb7d1";
sha256 = "+Fdaw9EGyFGH9/DSeVJczS8gPzAOv+qn+1U20zQBBqQ=";
};
buildInputs = [
openvpn
iproute2
util-linux
];
postPatch = ''
substituteInPlace namespaced-openvpn \
--replace-fail "/usr/sbin/openvpn" "${openvpn}/bin/openvpn" \
--replace-fail "/sbin/ip" "${iproute2}/bin/ip" \
--replace-fail "/usr/bin/nsenter" "${util-linux}/bin/nsenter" \
--replace-fail "/bin/mount" "${util-linux}/bin/mount" \
--replace-fail "/bin/umount" "${util-linux}/bin/umount"
substituteInPlace seal-unseal-gateway \
--replace-fail "/sbin/iptables" "${iptables}/bin/iptables"
'';
dontBuild = true;
doCheck = false;
installPhase = ''
mkdir -p $out/bin
cp namespaced-openvpn seal-unseal-gateway $out/bin
'';
meta = with lib; {
homepage = "https://github.com/slingamn/namespaced-openvpn";
description = "Network namespace isolation for OpenVPN tunnels";
license = licenses.mit;
maintainers = [ maintainers.lodi ];
platforms = platforms.linux;
mainProgram = "namespaced-openvpn";
};
}

63
pkgs/tools/networking/networkd-notify/default.nix Normal file
View File

@@ -0,0 +1,63 @@
{
lib,
fetchFromGitLab,
buildPythonApplication,
dbus-python,
pygobject3,
systemd,
wirelesstools,
wrapGAppsNoGuiHook,
}:
buildPythonApplication rec {
pname = "networkd-notify";
version = "unstable-2022-11-29";
# There is no setup.py, just a single Python script.
format = "other";
src = fetchFromGitLab {
owner = "wavexx";
repo = pname;
rev = "c2f3e71076a0f51c097064b1eb2505a361c7cc0e";
hash = "sha256-fanP1EWERT2Jy4OnMo8OMdR9flginYUgMw+XgmDve3o=";
};
nativeBuildInputs = [
wrapGAppsNoGuiHook
];
propagatedBuildInputs = [
dbus-python
pygobject3
];
patchPhase = ''
sed -i \
-e '/^NETWORKCTL = /c\NETWORKCTL = ["${systemd}/bin/networkctl"]' \
-e '/^IWCONFIG = /c\IWCONFIG = ["${wirelesstools}/bin/iwconfig"]' \
networkd-notify
'';
dontBuild = true;
installPhase = ''
install -D networkd-notify -t "$out/bin/"
install -D -m0644 networkd-notify.desktop -t "$out/share/applications/"
'';
# Let the Python wrapper add gappsWrapperArgs, to avoid two layers of wrapping.
dontWrapGApps = true;
preFixup = ''
makeWrapperArgs+=("''${gappsWrapperArgs[@]}")
'';
meta = with lib; {
description = "Desktop notification integration for systemd-networkd";
mainProgram = "networkd-notify";
homepage = "https://gitlab.com/wavexx/networkd-notify";
maintainers = with maintainers; [ danc86 ];
license = licenses.gpl3;
platforms = platforms.linux;
};
}

37
pkgs/tools/networking/nxdomain/default.nix Normal file
View File

@@ -0,0 +1,37 @@
{
lib,
buildPythonApplication,
fetchPypi,
dnspython,
pytestCheckHook,
}:
buildPythonApplication rec {
pname = "nxdomain";
version = "1.0.2";
format = "setuptools";
src = fetchPypi {
inherit pname version;
sha256 = "0va7nkbdjgzrf7fnbxkh1140pbc62wyj86rdrrh5wmg3phiziqkb";
};
propagatedBuildInputs = [ dnspython ];
nativeCheckInputs = [ pytestCheckHook ];
postCheck = ''
echo example.org > simple.list
python -m nxdomain --format dnsmasq --out dnsmasq.conf --simple ./simple.list
grep -q 'address=/example.org/' dnsmasq.conf
'';
meta = with lib; {
homepage = "https://github.com/zopieux/nxdomain";
description = "Domain (ad) block list creator";
mainProgram = "nxdomain";
platforms = platforms.all;
license = licenses.gpl3Only;
maintainers = with maintainers; [ zopieux ];
};
}

69
pkgs/tools/networking/openconnect/common.nix Normal file
View File

@@ -0,0 +1,69 @@
{
version,
src,
}:
{
lib,
stdenv,
pkg-config,
gnutls,
p11-kit,
openssl,
useOpenSSL ? false,
gmp,
libxml2,
stoken,
zlib,
pcsclite,
vpnc-scripts,
useDefaultExternalBrowser ?
stdenv.hostPlatform.isLinux && stdenv.buildPlatform == stdenv.hostPlatform, # xdg-utils doesn't cross-compile
xdg-utils,
autoreconfHook,
}:
stdenv.mkDerivation {
pname = "openconnect";
inherit version src;
outputs = [
"out"
"dev"
];
configureFlags = [
"--with-vpnc-script=${vpnc-scripts}/bin/vpnc-script"
"--disable-nls"
"--without-openssl-version-check"
];
buildInputs = [
gmp
libxml2
stoken
zlib
(if useOpenSSL then openssl else gnutls)
]
++ lib.optionals stdenv.hostPlatform.isLinux [
p11-kit
pcsclite
]
++ lib.optional useDefaultExternalBrowser xdg-utils;
nativeBuildInputs = [
pkg-config
autoreconfHook
];
meta = with lib; {
description = "VPN Client for Cisco's AnyConnect SSL VPN";
homepage = "https://www.infradead.org/openconnect/";
license = licenses.lgpl21Only;
maintainers = with maintainers; [
tricktron
pentane
];
platforms = lib.platforms.unix;
mainProgram = "openconnect";
};
}

22
pkgs/tools/networking/openconnect/default.nix Normal file
View File

@@ -0,0 +1,22 @@
{
callPackage,
fetchFromGitLab,
}:
let
common = opts: callPackage (import ./common.nix opts) { };
in
rec {
openconnect = common {
version = "9.12-unstable-2025-01-14";
src = fetchFromGitLab {
owner = "openconnect";
repo = "openconnect";
rev = "f17fe20d337b400b476a73326de642a9f63b59c8";
hash = "sha256-OBEojqOf7cmGtDa9ToPaJUHrmBhq19/CyZ5agbP7WUw=";
};
};
openconnect_openssl = openconnect.override {
useOpenSSL = true;
};
}

259
pkgs/tools/networking/openssh/common.nix Normal file
View File

@@ -0,0 +1,259 @@
{
pname,
version,
extraDesc ? "",
src,
extraPatches ? [ ],
extraNativeBuildInputs ? [ ],
extraConfigureFlags ? [ ],
extraMeta ? { },
}:
{
lib,
stdenv,
# This *is* correct, though unusual. as a way of getting krb5-config from the
# package without splicing See: https://github.com/NixOS/nixpkgs/pull/107606
pkgs,
fetchurl,
fetchpatch,
autoreconfHook,
zlib,
openssl,
softhsm,
libedit,
ldns,
pkg-config,
pam,
libredirect,
etcDir ? null,
withKerberos ? false,
withLdns ? true,
krb5,
libfido2,
libxcrypt,
hostname,
nixosTests,
withSecurityKey ? !stdenv.hostPlatform.isStatic,
withFIDO ? stdenv.hostPlatform.isUnix && !stdenv.hostPlatform.isMusl && withSecurityKey,
withPAM ? stdenv.hostPlatform.isLinux,
# Attempts to mlock the entire sshd process on startup to prevent swapping.
# Currently disabled when PAM support is enabled due to crashes
# See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103418
withLinuxMemlock ? (stdenv.hostPlatform.isLinux && !withPAM),
linkOpenssl ? true,
isNixos ? stdenv.hostPlatform.isLinux,
}:
# FIDO support requires SK support
assert withFIDO -> withSecurityKey;
stdenv.mkDerivation (finalAttrs: {
inherit pname version src;
patches = [
# Making openssh pass the LOCALE_ARCHIVE variable to the forked session processes,
# so the session 'bash' will receive the proper locale archive, and thus process
# UTF-8 properly.
./locale_archive.patch
# See discussion in https://github.com/NixOS/nixpkgs/pull/16966
./dont_create_privsep_path.patch
]
++ extraPatches;
postPatch =
# On Hydra this makes installation fail (sometimes?),
# and nix store doesn't allow such fancy permission bits anyway.
''
substituteInPlace Makefile.in --replace '$(INSTALL) -m 4711' '$(INSTALL) -m 0711'
'';
strictDeps = true;
nativeBuildInputs = [
autoreconfHook
pkg-config
]
# This is not the same as the krb5 from the inputs! pkgs.krb5 is
# needed here to access krb5-config in order to cross compile. See:
# https://github.com/NixOS/nixpkgs/pull/107606
++ lib.optional withKerberos pkgs.krb5
++ extraNativeBuildInputs;
buildInputs = [
zlib
libedit
]
++ [ (if linkOpenssl then openssl else libxcrypt) ]
++ lib.optional withFIDO libfido2
++ lib.optional withKerberos krb5
++ lib.optional withLdns ldns
++ lib.optional withPAM pam;
preConfigure = ''
# Setting LD causes `configure' and `make' to disagree about which linker
# to use: `configure' wants `gcc', but `make' wants `ld'.
unset LD
'';
env = lib.optionalAttrs isNixos {
# openssh calls passwd to allow the user to reset an expired password, but nixos
# doesn't ship it at /usr/bin/passwd.
PATH_PASSWD_PROG = "/run/wrappers/bin/passwd";
};
# I set --disable-strip because later we strip anyway. And it fails to strip
# properly when cross building.
configureFlags = [
"--sbindir=\${out}/bin"
"--localstatedir=/var"
"--with-pid-dir=/run"
"--with-mantype=doc"
"--with-libedit=yes"
"--disable-strip"
(lib.withFeature withPAM "pam")
]
++ lib.optional (etcDir != null) "--sysconfdir=${etcDir}"
++ lib.optional (!withSecurityKey) "--disable-security-key"
++ lib.optional withFIDO "--with-security-key-builtin=yes"
++ lib.optional withKerberos (
assert krb5 != null;
"--with-kerberos5=${lib.getDev krb5}"
)
++ lib.optional stdenv.hostPlatform.isDarwin "--disable-libutil"
++ lib.optional (!linkOpenssl) "--without-openssl"
++ lib.optional withLdns "--with-ldns"
++ lib.optional stdenv.hostPlatform.isOpenBSD "--with-bsd-auth"
++ lib.optional withLinuxMemlock "--with-linux-memlock-onfault"
++ extraConfigureFlags;
${if stdenv.hostPlatform.isStatic then "NIX_LDFLAGS" else null} = [
"-laudit"
]
++ lib.optional withKerberos "-lkeyutils"
++ lib.optional withLdns "-lcrypto";
buildFlags = [ "SSH_KEYSIGN=ssh-keysign" ];
enableParallelBuilding = true;
hardeningEnable = [ "pie" ];
doCheck = false;
enableParallelChecking = false;
nativeCheckInputs = [
openssl
]
++ lib.optional (!stdenv.hostPlatform.isDarwin) hostname
++ lib.optional (!stdenv.hostPlatform.isDarwin && !stdenv.hostPlatform.isMusl) softhsm;
preCheck = lib.optionalString (stdenv.buildPlatform.canExecute stdenv.hostPlatform) (
''
# construct a dummy HOME
export HOME=$(realpath ../dummy-home)
mkdir -p ~/.ssh
# construct a dummy /etc/passwd file for the sshd under test
# to use to look up the connecting user
DUMMY_PASSWD=$(realpath ../dummy-passwd)
cat > $DUMMY_PASSWD <<EOF
$(whoami)::$(id -u):$(id -g)::$HOME:$SHELL
EOF
# we need to NIX_REDIRECTS /etc/passwd both for processes
# invoked directly and those invoked by the "remote" session
cat > ~/.ssh/environment.base <<EOF
NIX_REDIRECTS=/etc/passwd=$DUMMY_PASSWD
${lib.optionalString (
!stdenv.buildPlatform.isStatic
) "LD_PRELOAD=${libredirect}/lib/libredirect.so"}
EOF
# use an ssh environment file to ensure environment is set
# up appropriately for build environment even when no shell
# is invoked by the ssh session. otherwise the PATH will
# only contain default unix paths like /bin which we don't
# have in our build environment
cat - regress/test-exec.sh > regress/test-exec.sh.new <<EOF
cp $HOME/.ssh/environment.base $HOME/.ssh/environment
echo "PATH=\$PATH" >> $HOME/.ssh/environment
EOF
mv regress/test-exec.sh.new regress/test-exec.sh
# explicitly enable the PermitUserEnvironment feature
substituteInPlace regress/test-exec.sh \
--replace \
'cat << EOF > $OBJ/sshd_config' \
$'cat << EOF > $OBJ/sshd_config\n\tPermitUserEnvironment yes'
# some tests want to use files under /bin as example files
for f in regress/sftp-cmds.sh regress/forwarding.sh; do
substituteInPlace $f --replace '/bin' "$(dirname $(type -p ls))"
done
# set up NIX_REDIRECTS for direct invocations
set -a; source ~/.ssh/environment.base; set +a
''
+ lib.optionalString (!stdenv.hostPlatform.isDarwin && !stdenv.hostPlatform.isMusl) ''
# The extra tests check PKCS#11 interactions, which softhsm emulates with software only
substituteInPlace regress/test-exec.sh \
--replace /usr/local/lib/softhsm/libsofthsm2.so ${lib.getLib softhsm}/lib/softhsm/libsofthsm2.so
''
);
# integration tests hard to get working on darwin with its shaky
# sandbox
# t-exec tests fail on musl
checkTarget =
lib.optionals (!stdenv.hostPlatform.isDarwin && !stdenv.hostPlatform.isMusl) [
"t-exec"
"extra-tests"
]
# other tests are less demanding of the environment
++ [
"unit"
"file-tests"
"interop-tests"
];
postInstall = ''
# Install ssh-copy-id, it's very useful.
cp contrib/ssh-copy-id $out/bin/
chmod +x $out/bin/ssh-copy-id
cp contrib/ssh-copy-id.1 $out/share/man/man1/
'';
installTargets = [ "install-nokeys" ];
installFlags = [
"sysconfdir=\${out}/etc/ssh"
];
doInstallCheck = true;
installCheckPhase = ''
for binary in ssh sshd; do
$out/bin/$binary -V 2>&1 | grep -P "$(printf '^OpenSSH_\\Q%s\\E,' "$version")"
done
'';
passthru = {
inherit withKerberos;
tests = {
borgbackup-integration = nixosTests.borgbackup;
nixosTest = nixosTests.openssh;
initrd-network-openssh = nixosTests.initrd-network-ssh;
openssh = finalAttrs.finalPackage.overrideAttrs (previousAttrs: {
pname = previousAttrs.pname + "-test";
doCheck = true;
});
};
};
meta = {
description = "Implementation of the SSH protocol${extraDesc}";
homepage = "https://www.openssh.com/";
changelog = "https://www.openssh.com/releasenotes.html";
license = lib.licenses.bsd2;
platforms = lib.platforms.unix ++ lib.platforms.windows;
maintainers = extraMeta.maintainers or [ ];
mainProgram = "ssh";
}
// extraMeta;
})

17
pkgs/tools/networking/openssh/copyid.nix Normal file
View File

@@ -0,0 +1,17 @@
{
lib,
runCommand,
openssh,
}:
runCommand "ssh-copy-id-${openssh.version}"
{
meta = openssh.meta // {
description = "Tool to copy SSH public keys to a remote machine";
priority = (openssh.meta.priority or lib.meta.defaultPriority) - 1;
};
}
''
install -Dm 755 {${openssh},$out}/bin/ssh-copy-id
install -Dm 644 {${openssh},$out}/share/man/man1/ssh-copy-id.1.gz
''

116
pkgs/tools/networking/openssh/default.nix Normal file
View File

@@ -0,0 +1,116 @@
{
callPackage,
lib,
fetchurl,
fetchpatch,
autoreconfHook,
}:
let
common = opts: callPackage (import ./common.nix opts) { };
# Gets the correct OpenSSH URL for a given version.
urlFor =
version:
let
urlVersion =
{
# 10.0p1 was accidentally released as 10.0p2:
# https://www.openwall.com/lists/oss-security/2025/04/09/6
"10.0p2" = "10.0p1";
}
.${version} or version;
in
"mirror://openbsd/OpenSSH/portable/openssh-${urlVersion}.tar.gz";
in
{
openssh = common rec {
pname = "openssh";
version = "10.0p2";
src = fetchurl {
url = urlFor version;
hash = "sha256-AhoucJoO30JQsSVr1anlAEEakN3avqgw7VnO+Q652Fw=";
};
extraPatches = [
# Use ssh-keysign from PATH
# ssh-keysign is used for host-based authentication, and is designed to be used
# as SUID-root program. OpenSSH defaults to referencing it from libexec, which
# cannot be made SUID in Nix.
./ssh-keysign-8.5.patch
];
extraMeta = {
maintainers = with lib.maintainers; [
philiptaron
numinit
];
teams = [ lib.teams.helsinki-systems ];
};
};
openssh_hpn = common rec {
pname = "openssh-with-hpn";
version = "10.0p2";
extraDesc = " with high performance networking patches";
src = fetchurl {
url = urlFor version;
hash = "sha256-AhoucJoO30JQsSVr1anlAEEakN3avqgw7VnO+Q652Fw=";
};
extraPatches =
let
url = "https://raw.githubusercontent.com/freebsd/freebsd-ports/dde9561b3ff73639aeebe8ec33ad52ecca0bf58d/security/openssh-portable/files/extra-patch-hpn";
in
[
./ssh-keysign-8.5.patch
# HPN Patch from FreeBSD ports
(fetchpatch {
name = "ssh-hpn-wo-channels.patch";
inherit url;
stripLen = 1;
excludes = [ "channels.c" ];
hash = "sha256-0HQAacNdvqX+7CTDhkbgAyb0WbqnnH6iAYQBFh8XenA=";
})
(fetchpatch {
name = "ssh-hpn-channels.patch";
inherit url;
extraPrefix = "";
includes = [ "channels.c" ];
hash = "sha256-pDLUbjv5XIyByEbiRAXC3WMUPKmn15af1stVmcvr7fE=";
})
];
extraNativeBuildInputs = [ autoreconfHook ];
extraConfigureFlags = [ "--with-hpn" ];
extraMeta = {
maintainers = with lib.maintainers; [ abbe ];
};
};
openssh_gssapi = common rec {
pname = "openssh-with-gssapi";
version = "10.0p2";
extraDesc = " with GSSAPI support";
src = fetchurl {
url = urlFor version;
hash = "sha256-AhoucJoO30JQsSVr1anlAEEakN3avqgw7VnO+Q652Fw=";
};
extraPatches = [
./ssh-keysign-8.5.patch
(fetchpatch {
name = "openssh-gssapi.patch";
url = "https://salsa.debian.org/ssh-team/openssh/raw/debian/1%2510.0p1-1/debian/patches/gssapi.patch";
hash = "sha256-7Q27tvtCY3b9evC3lbqEz4u7v5DcerjWZfhh8azIAQo=";
})
];
extraNativeBuildInputs = [ autoreconfHook ];
};
}

12
pkgs/tools/networking/openssh/dont_create_privsep_path.patch Normal file
View File

@@ -0,0 +1,12 @@
diff --git i/Makefile.in w/Makefile.in
index 04e1c8e5..9bd5d01b 100644
--- i/Makefile.in
+++ w/Makefile.in
@@ -329,7 +329,6 @@ install-files:
$(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)5
$(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)8
$(MKDIR_P) $(DESTDIR)$(libexecdir)
- $(MKDIR_P) -m 0755 $(DESTDIR)$(PRIVSEP_PATH)
$(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) $(DESTDIR)$(bindir)/scp$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-add$(EXEEXT) $(DESTDIR)$(bindir)/ssh-add$(EXEEXT)

15
pkgs/tools/networking/openssh/locale_archive.patch Normal file
View File

@@ -0,0 +1,15 @@
diff --git i/session.c w/session.c
index 58826db1..658dd911 100644
--- i/session.c
+++ w/session.c
@@ -1053,6 +1053,10 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell)
if (getenv("TZ"))
child_set_env(&env, &envsize, "TZ", getenv("TZ"));
+ /* NixOS path to the glibc locale archive, to be set in the systemd job */
+ if (getenv("LOCALE_ARCHIVE"))
+ child_set_env(&env, &envsize, "LOCALE_ARCHIVE", getenv("LOCALE_ARCHIVE"));
+
/* Set custom environment options from pubkey authentication. */
if (options.permit_user_env) {
for (n = 0 ; n < auth_opts->nenv; n++) {

24
pkgs/tools/networking/openssh/ssh-keysign-8.5.patch Normal file
View File

@@ -0,0 +1,24 @@
diff --git a/pathnames.h b/pathnames.h
index cb44caa4..354fdf05 100644
--- a/pathnames.h
+++ b/pathnames.h
@@ -124,7 +124,7 @@
/* Location of ssh-keysign for hostbased authentication */
#ifndef _PATH_SSH_KEY_SIGN
-#define _PATH_SSH_KEY_SIGN "/usr/libexec/ssh-keysign"
+#define _PATH_SSH_KEY_SIGN "ssh-keysign"
#endif
/* Location of ssh-pkcs11-helper to support keys in tokens */
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -2021,7 +2021,7 @@
debug3_f("[child] pid=%ld, exec %s",
(long)getpid(), _PATH_SSH_KEY_SIGN);
- execl(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *)NULL);
+ execlp(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *)NULL);
fatal_f("exec(%s): %s", _PATH_SSH_KEY_SIGN,
strerror(errno));
}

36
pkgs/tools/networking/openvpn/auth-ldap-fix-conftest.patch Normal file
View File

@@ -0,0 +1,36 @@
diff --git a/aclocal.m4 b/aclocal.m4
index e5b7dbf..01cecf1 100644
--- a/aclocal.m4
+++ b/aclocal.m4
@@ -73,6 +73,7 @@ AC_DEFUN([OD_OBJC_RUNTIME],[
AC_LANG_PROGRAM([
#include <objc/objc.h>
#include <objc/Object.h>
+ #include <stdio.h>
], [
Object *obj = @<:@Object alloc@:>@;
puts(@<:@obj name@:>@);
@@ -94,6 +95,7 @@ AC_DEFUN([OD_OBJC_RUNTIME],[
AC_LANG_PROGRAM([
#include <objc/objc.h>
#include <objc/Object.h>
+ #include <stdio.h>
], [
Object *obj = @<:@Object alloc@:>@;
puts(@<:@obj name@:>@);
@@ -131,6 +133,7 @@ AC_DEFUN([OD_OBJC_RUNTIME],[
AC_LANG_PROGRAM([
#include <objc/objc.h>
#include <objc/objc-api.h>
+ #include <stdio.h>
], [
id class = objc_lookUpClass("Object");
id obj = @<:@class alloc@:>@;
@@ -162,6 +165,7 @@ AC_DEFUN([OD_OBJC_RUNTIME],[
#else
#include <objc/objc-api.h>
#endif
+ #include <stdio.h>
], [
#ifdef __GNU_LIBOBJC_
Class class = objc_lookUpClass("Object");

25
pkgs/tools/networking/openvpn/dco.patch Normal file
View File

@@ -0,0 +1,25 @@
diff --git a/src/openvpn/ovpn_dco_linux.h b/src/openvpn/ovpn_dco_linux.h
index 73e19b5..46c2786 100644
--- a/src/openvpn/ovpn_dco_linux.h
+++ b/src/openvpn/ovpn_dco_linux.h
@@ -237,20 +237,4 @@ enum ovpn_netlink_packet_attrs {
OVPN_PACKET_ATTR_MAX = __OVPN_PACKET_ATTR_AFTER_LAST - 1,
};
-enum ovpn_ifla_attrs {
- IFLA_OVPN_UNSPEC = 0,
- IFLA_OVPN_MODE,
-
- __IFLA_OVPN_AFTER_LAST,
- IFLA_OVPN_MAX = __IFLA_OVPN_AFTER_LAST - 1,
-};
-
-enum ovpn_mode {
- __OVPN_MODE_FIRST = 0,
- OVPN_MODE_P2P = __OVPN_MODE_FIRST,
- OVPN_MODE_MP,
-
- __OVPN_MODE_AFTER_LAST,
-};
-
#endif /* _UAPI_LINUX_OVPN_DCO_H_ */

93
pkgs/tools/networking/openvpn/default.nix Normal file
View File

@@ -0,0 +1,93 @@
{
lib,
stdenv,
fetchurl,
pkg-config,
libcap_ng,
libnl,
lz4,
lzo,
openssl,
pam,
useSystemd ? lib.meta.availableOn stdenv.hostPlatform systemd,
systemd,
update-systemd-resolved,
pkcs11Support ? false,
pkcs11helper,
nixosTests,
unixtools,
}:
let
inherit (lib) optional optionals optionalString;
in
stdenv.mkDerivation (finalAttrs: {
pname = "openvpn";
version = "2.6.14";
src = fetchurl {
url = "https://swupdate.openvpn.net/community/releases/openvpn-${finalAttrs.version}.tar.gz";
hash = "sha256-nramYYNS+ee3canTiuFjG17f7tbUAjPiQ+YC3fIZXno=";
};
# Effectively a backport of https://github.com/OpenVPN/openvpn/commit/1d3c2b67a73a0aa011c13e62f876d24e49d41df0
# to fix build on linux-headers 6.16.
# FIXME: remove in next update
patches = [
./dco.patch
];
nativeBuildInputs = [
pkg-config
]
++ lib.optionals stdenv.hostPlatform.isDarwin [
unixtools.route
unixtools.ifconfig
];
buildInputs = [
lz4
lzo
openssl
]
++ optionals stdenv.hostPlatform.isLinux [
libcap_ng
libnl
pam
]
++ optional useSystemd systemd
++ optional pkcs11Support pkcs11helper;
configureFlags =
optional useSystemd "--enable-systemd"
++ optional pkcs11Support "--enable-pkcs11"
++ optional stdenv.hostPlatform.isDarwin "--disable-plugin-auth-pam";
# We used to vendor the update-systemd-resolved script inside libexec,
# but a separate package was made, that uses libexec/openvpn. Copy it
# into libexec in case any consumers expect it to be there even though
# they should use the update-systemd-resolved package instead.
postInstall = ''
mkdir -p $out/share/doc/openvpn/examples
cp -r sample/sample-{config-files,keys,scripts}/ $out/share/doc/openvpn/examples
''
+ optionalString useSystemd ''
install -Dm555 -t $out/libexec ${update-systemd-resolved}/libexec/openvpn/*
'';
enableParallelBuilding = true;
passthru.tests = {
inherit (nixosTests) initrd-network-openvpn systemd-initrd-networkd-openvpn;
};
meta = with lib; {
description = "Robust and highly flexible tunneling application";
downloadPage = "https://openvpn.net/community-downloads/";
homepage = "https://openvpn.net/";
license = licenses.gpl2Only;
maintainers = with maintainers; [ peterhoeg ];
platforms = platforms.unix;
mainProgram = "openvpn";
};
})

77
pkgs/tools/networking/openvpn/openvpn-auth-ldap.nix Normal file
View File

@@ -0,0 +1,77 @@
{
lib,
stdenv,
fetchFromGitHub,
fetchpatch2,
autoreconfHook,
gnustep-base,
re2c,
openldap,
openssl,
openvpn,
}:
stdenv.mkDerivation rec {
pname = "openvpn-auth-ldap";
version = "2.0.4";
src = fetchFromGitHub {
owner = "threerings";
repo = "openvpn-auth-ldap";
rev = "auth-ldap-${version}";
sha256 = "1j30sygj8nm8wjqxzpb7pfzr3dxqxggswzxd7z5yk7y04c0yp1hb";
};
patches = [
./auth-ldap-fix-conftest.patch
(fetchpatch2 {
name = "fix-cve-2024-28820";
url = "https://patch-diff.githubusercontent.com/raw/threerings/openvpn-auth-ldap/pull/92.patch";
hash = "sha256-SXuo1D/WywKO5hCsmoeDdTsR7EelxFxJAKmlAQJ6vuE=";
})
];
# clang > 17 dropped support for `-export-dynamic` but `-rdynamic` does the
# same thing
postPatch = ''
substituteInPlace platform.m4 \
--replace-fail -export-dynamic -rdynamic
'';
nativeBuildInputs = [
autoreconfHook
re2c
];
buildInputs = [
openldap
openssl
openvpn
gnustep-base
];
configureFlags = [
"--with-objc-runtime=GNU"
"--with-openvpn=${openvpn}/include"
"--libdir=$(out)/lib/openvpn"
];
doCheck = true;
preInstall = ''
mkdir -p $out/lib/openvpn $out/share/doc/openvpn/examples
cp README.md $out/share/doc/openvpn/
cp auth-ldap.conf $out/share/doc/openvpn/examples/
'';
meta = with lib; {
description = "LDAP authentication plugin for OpenVPN";
homepage = "https://github.com/threerings/openvpn-auth-ldap";
license = [
licenses.asl20
licenses.bsd3
];
maintainers = [ maintainers.benley ];
platforms = platforms.unix;
};
}

47
pkgs/tools/networking/openvpn/openvpn_learnaddress.nix Normal file
View File

@@ -0,0 +1,47 @@
{
lib,
stdenv,
fetchgit,
makeWrapper,
coreutils,
gawk,
util-linux,
}:
stdenv.mkDerivation {
pname = "openvpn-learnaddress";
version = "unstable-2013-10-21";
src = fetchgit {
url = "https://gist.github.com/4058733.git";
rev = "19b03c3beb0190df46ea07bf4b68244acb8eae80";
sha256 = "16pcyvyhwsx34i0cjkkx906lmrwdd9gvznvqdwlad4ha8l8f8z42";
};
nativeBuildInputs = [ makeWrapper ];
buildInputs = [
coreutils
gawk
util-linux
];
installPhase = ''
install -Dm555 ovpn-learnaddress $out/libexec/openvpn/openvpn-learnaddress
wrapProgram $out/libexec/openvpn/openvpn-learnaddress \
--prefix PATH : ${
lib.makeBinPath [
coreutils
gawk
util-linux
]
}
'';
meta = {
description = "Openvpn learn-address script to manage a hosts-like file";
homepage = "https://gist.github.com/offlinehacker/4058733/";
maintainers = [ lib.maintainers.offline ];
platforms = lib.platforms.unix;
};
}

48
pkgs/tools/networking/openvpn/update-resolv-conf.nix Normal file
View File

@@ -0,0 +1,48 @@
{
stdenv,
lib,
fetchFromGitHub,
makeWrapper,
openresolv,
coreutils,
systemd,
}:
let
binPath = lib.makeBinPath [
coreutils
openresolv
systemd
];
in
stdenv.mkDerivation {
pname = "update-resolv-conf";
version = "unstable-2017-06-21";
src = fetchFromGitHub {
owner = "masterkorp";
repo = "openvpn-update-resolv-conf";
rev = "43093c2f970bf84cd374e18ec05ac6d9cae444b8";
sha256 = "1lf66bsgv2w6nzg1iqf25zpjf4ckcr45adkpgdq9gvhkfnvlp8av";
};
nativeBuildInputs = [ makeWrapper ];
installPhase = ''
install -Dm555 update-resolv-conf.sh $out/libexec/openvpn/update-resolv-conf
install -Dm555 update-systemd-network.sh $out/libexec/openvpn/update-systemd-network
for i in $out/libexec/openvpn/*; do
wrapProgram $i --prefix PATH : ${binPath}
done
'';
meta = with lib; {
description = "Script to update your /etc/resolv.conf with DNS settings that come from the received push dhcp-options";
homepage = "https://github.com/masterkorp/openvpn-update-resolv-conf/";
maintainers = [ ];
license = licenses.gpl2Only;
platforms = platforms.unix;
};
}

51
pkgs/tools/networking/openvpn/update-systemd-resolved.nix Normal file
View File

@@ -0,0 +1,51 @@
{
lib,
stdenv,
fetchFromGitHub,
iproute2,
runtimeShell,
systemd,
coreutils,
util-linux,
}:
stdenv.mkDerivation rec {
pname = "update-systemd-resolved";
# when updating this, check if additional binaries need injecting into PATH
version = "1.3.0";
src = fetchFromGitHub {
owner = "jonathanio";
repo = "update-systemd-resolved";
rev = "v${version}";
hash = "sha256-lYJTR3oBmpENcqNHa9PFXsw7ly6agwjBWf4UXf1d8Kc=";
};
# set SCRIPT_NAME in case we are wrapped and inject PATH
patches = [
./update-systemd-resolved.patch
];
PREFIX = "${placeholder "out"}/libexec/openvpn";
postInstall = ''
substituteInPlace ${PREFIX}/update-systemd-resolved \
--subst-var-by PATH ${
lib.makeBinPath [
coreutils
iproute2
runtimeShell
systemd
util-linux
]
}
'';
meta = with lib; {
description = "Helper script for OpenVPN to directly update the DNS settings of a link through systemd-resolved via DBus";
homepage = "https://github.com/jonathanio/update-systemd-resolved";
license = licenses.gpl3Only;
maintainers = with maintainers; [ eadwu ];
platforms = platforms.linux;
};
}

26
pkgs/tools/networking/openvpn/update-systemd-resolved.patch Normal file
View File

@@ -0,0 +1,26 @@
diff --git a/Makefile b/Makefile
index 524b6b7..8a880f1 100644
--- a/Makefile
+++ b/Makefile
@@ -9,7 +9,6 @@ all: install info
install:
@install -Dm750 $(SRC) $(DEST)
- @install -Dm644 $(SRC).conf $(DEST).conf
info:
@printf 'Successfully installed %s to %s.\n' $(SRC) $(DEST)
diff --git a/update-systemd-resolved b/update-systemd-resolved
index 1452e1a..39641cb 100755
--- a/update-systemd-resolved
+++ b/update-systemd-resolved
@@ -29,7 +29,8 @@
DBUS_DEST="org.freedesktop.resolve1"
DBUS_NODE="/org/freedesktop/resolve1"
-SCRIPT_NAME="${BASH_SOURCE[0]##*/}"
+PATH="@PATH@"
+SCRIPT_NAME="update-systemd-resolved"
log() {
logger -s -t "$SCRIPT_NAME" "$@"

69
pkgs/tools/networking/pdsh/default.nix Normal file
View File

@@ -0,0 +1,69 @@
{
lib,
stdenv,
fetchurl,
autoreconfHook,
perl,
readline,
rsh,
ssh,
slurm,
slurmSupport ? false,
}:
stdenv.mkDerivation rec {
pname = "pdsh";
version = "2.35";
src = fetchurl {
url = "https://github.com/chaos/pdsh/releases/download/pdsh-${version}/pdsh-${version}.tar.gz";
sha256 = "sha256-de8VNHhI//Q/jW/5xEJP4Fx90s26ApE5kB+GGgUJPP4=";
};
buildInputs = [
perl
readline
ssh
]
++ (lib.optional slurmSupport slurm);
nativeBuildInputs = [ autoreconfHook ];
# Do not use git to derive a version.
postPatch = ''
sed -i 's/m4_esyscmd(\[git describe.*/[${version}])/' configure.ac
'';
preConfigure = ''
configureFlagsArray=(
"--infodir=$out/share/info"
"--mandir=$out/share/man"
"--with-machines=/etc/pdsh/machines"
${if readline == null then "--without-readline" else "--with-readline"}
${if ssh == null then "--without-ssh" else "--with-ssh"}
${if rsh == false then "--without-rsh" else "--with-rsh"}
${if slurmSupport then "--with-slurm" else "--without-slurm"}
"--with-dshgroups"
"--with-xcpu"
"--disable-debug"
'--with-rcmd-rank-list=ssh,krb4,exec,xcpu,rsh'
)
'';
meta = {
homepage = "https://github.com/chaos/pdsh";
description = "High-performance, parallel remote shell utility";
license = lib.licenses.gpl2Plus;
longDescription = ''
Pdsh is a high-performance, parallel remote shell utility. It has
built-in, thread-safe clients for Berkeley and Kerberos V4 rsh and
can call SSH externally (though with reduced performance). Pdsh
uses a "sliding window" parallel algorithm to conserve socket
resources on the initiating node and to allow progress to continue
while timeouts occur on some connections.
'';
platforms = lib.platforms.unix;
};
}

74
pkgs/tools/networking/privoxy/default.nix Normal file
View File

@@ -0,0 +1,74 @@
{
lib,
stdenv,
nixosTests,
fetchpatch,
fetchurl,
autoreconfHook,
zlib,
pcre,
w3m,
man,
openssl,
brotli,
}:
stdenv.mkDerivation rec {
pname = "privoxy";
version = "3.0.34";
src = fetchurl {
url = "mirror://sourceforge/ijbswa/Sources/${version}%20%28stable%29/${pname}-${version}-stable-src.tar.gz";
sha256 = "sha256-5sy8oWVvTmFrRlf4UU4zpw9ml+nXKUNWV3g5Mio8XSw=";
};
# Patch to fix socks4 and socks4a support under glibc's source fortification
# (enabled by default since glibc 2.38-0)
patches = [
(fetchpatch {
url = "https://www.privoxy.org/gitweb/?p=privoxy.git;a=commitdiff_plain;h=19d7684ca10f6c1279568aa19e9a9da2276851f1";
sha256 = "sha256-bCb0RUVrWeGfqZYFHXDEEx+76xiNyVqehtLvk9C1j+4=";
})
];
hardeningEnable = [ "pie" ];
nativeBuildInputs = [
autoreconfHook
w3m
man
];
buildInputs = [
zlib
pcre
openssl
brotli
];
makeFlags = [ "STRIP=" ];
configureFlags = [
"--with-openssl"
"--with-brotli"
"--enable-external-filters"
"--enable-compression"
];
postInstall = ''
rm -r $out/var
'';
passthru.tests.privoxy = nixosTests.privoxy;
meta = with lib; {
homepage = "https://www.privoxy.org/";
description = "Non-caching web proxy with advanced filtering capabilities";
# When linked with mbedtls, the license becomes GPLv3 (or later), otherwise
# GPLv2 (or later). See https://www.privoxy.org/user-manual/copyright.html
license = licenses.gpl2Plus;
platforms = platforms.all;
maintainers = [ ];
mainProgram = "privoxy";
};
}

33
pkgs/tools/networking/s3cmd/default.nix Normal file
View File

@@ -0,0 +1,33 @@
{
lib,
buildPythonApplication,
fetchFromGitHub,
python-magic,
python-dateutil,
}:
buildPythonApplication rec {
pname = "s3cmd";
version = "2.4.0";
format = "setuptools";
src = fetchFromGitHub {
owner = "s3tools";
repo = "s3cmd";
tag = "v${version}";
sha256 = "sha256-cxwf6+9WFt3U7+JdKRgZxFElD+Dgf2P2VyejHVoiDJk=";
};
propagatedBuildInputs = [
python-magic
python-dateutil
];
meta = with lib; {
homepage = "https://s3tools.org/s3cmd";
description = "Command line tool for managing Amazon S3 and CloudFront services";
mainProgram = "s3cmd";
license = licenses.gpl2Plus;
maintainers = [ ];
};
}

34
pkgs/tools/networking/spoof-mac/default.nix Normal file
View File

@@ -0,0 +1,34 @@
{
lib,
buildPythonPackage,
fetchFromGitHub,
docopt,
}:
buildPythonPackage {
pname = "spoof-mac";
version = "unstable-2018-01-27";
format = "setuptools";
src = fetchFromGitHub {
owner = "feross";
repo = "SpoofMAC";
rev = "2cfc796150ef48009e9b765fe733e37d82c901e0";
sha256 = "sha256-Qiu0URjUyx8QDVQQUFGxPax0J80e2m4+bPJeqFoKxX8=";
};
propagatedBuildInputs = [ docopt ];
# No tests
doCheck = false;
pythonImportsCheck = [ "spoofmac" ];
meta = with lib; {
description = "Change your MAC address for debugging purposes";
homepage = "https://github.com/feross/SpoofMAC";
license = licenses.mit;
maintainers = with maintainers; [ siraben ];
platforms = platforms.unix;
};
}

60
pkgs/tools/networking/spoofer/default.nix Normal file
View File

@@ -0,0 +1,60 @@
{
lib,
stdenv,
fetchurl,
pkg-config,
protobuf,
openssl,
libpcap,
traceroute,
withGUI ? false,
qt5,
}:
let
inherit (lib) optional;
in
stdenv.mkDerivation rec {
pname = "spoofer";
version = "1.4.12";
src = fetchurl {
url = "https://www.caida.org/projects/spoofer/downloads/${pname}-${version}.tar.gz";
sha256 = "sha256-3ljCPmazKz0fHer2yN6baFLu425Dsr9ppdjr2Iv5YJ8=";
};
nativeBuildInputs = [ pkg-config ];
buildInputs = [
openssl
protobuf
libpcap
traceroute
]
++ optional withGUI qt5.qtbase;
dontWrapQtApps = true;
enableParallelBuilding = true;
meta = with lib; {
homepage = "https://www.caida.org/projects/spoofer";
description = "Assess and report on deployment of source address validation";
longDescription = ''
Spoofer is a new client-server system for Windows, MacOS, and
UNIX-like systems that periodically tests a network's ability to
both send and receive packets with forged source IP addresses
(spoofed packets). This can be used to produce reports and
visualizations to inform operators, response teams, and policy
analysts. The system measures different types of forged
addresses, including private and neighboring addresses. The
test results allows to analyze characteristics of networks
deploying source address validation (e.g., network location,
business type).
'';
platforms = platforms.all;
license = licenses.gpl3Plus;
maintainers = with lib.maintainers; [ leenaars ];
mainProgram = "spoofer-prober";
};
}

64
pkgs/tools/networking/telepresence/default.nix Normal file
View File

@@ -0,0 +1,64 @@
{
lib,
pythonPackages,
fetchFromGitHub,
makeWrapper,
sshfs-fuse,
torsocks,
sshuttle,
conntrack-tools,
openssh,
coreutils,
iptables,
bash,
}:
let
sshuttle-telepresence = lib.overrideDerivation sshuttle (p: {
postInstall = "mv $out/bin/sshuttle $out/bin/sshuttle-telepresence";
});
in
pythonPackages.buildPythonPackage rec {
pname = "telepresence";
version = "0.109";
format = "setuptools";
src = fetchFromGitHub {
owner = "telepresenceio";
repo = "telepresence";
rev = version;
sha256 = "1ccc8bzcdxp6rh6llk7grcnmyc05fq7dz5w0mifdzjv3a473hsky";
};
patches = [
./fix-versioneer.patch
];
nativeBuildInputs = [ makeWrapper ];
postInstall = ''
wrapProgram $out/bin/telepresence \
--prefix PATH : ${
lib.makeBinPath [
sshfs-fuse
torsocks
conntrack-tools
sshuttle-telepresence
openssh
coreutils
iptables
bash
]
}
'';
doCheck = false;
meta = {
homepage = "https://www.telepresence.io/";
description = "Local development against a remote Kubernetes or OpenShift cluster";
mainProgram = "telepresence";
license = with lib.licenses; [ asl20 ];
maintainers = with lib.maintainers; [ offline ];
};
}

16
pkgs/tools/networking/telepresence/fix-versioneer.patch Normal file
View File

@@ -0,0 +1,16 @@
diff --git a/versioneer.py b/versioneer.py
index 7e5bb402e..60d65ef76 100644
--- a/versioneer.py
+++ b/versioneer.py
@@ -339,9 +339,9 @@ def get_config_from_root(root):
# configparser.NoOptionError (if it lacks "VCS="). See the docstring at
# the top of versioneer.py for instructions on writing your setup.cfg .
setup_cfg = os.path.join(root, "setup.cfg")
- parser = configparser.SafeConfigParser()
+ parser = configparser.ConfigParser()
with open(setup_cfg, "r") as f:
- parser.readfp(f)
+ parser.read_file(f)
VCS = parser.get("versioneer", "VCS") # mandatory
def get(parser, name):

45
pkgs/tools/networking/tinc/default.nix Normal file
View File

@@ -0,0 +1,45 @@
{
lib,
stdenv,
fetchurl,
lzo,
openssl,
zlib,
}:
stdenv.mkDerivation rec {
version = "1.0.36";
pname = "tinc";
src = fetchurl {
url = "https://www.tinc-vpn.org/packages/tinc-${version}.tar.gz";
sha256 = "021i2sl2mjscbm8g59d7vs74iw3gf0m48wg7w3zhwj6czarkpxs0";
};
buildInputs = [
lzo
openssl
zlib
];
configureFlags = [
"--localstatedir=/var"
"--sysconfdir=/etc"
];
#passthru.tests = { inherit (nixosTests) tinc; }; # test uses tinc_pre
meta = {
description = "VPN daemon with full mesh routing";
longDescription = ''
tinc is a Virtual Private Network (VPN) daemon that uses tunnelling and
encryption to create a secure private network between hosts on the
Internet. It features full mesh routing, as well as encryption,
authentication, compression and ethernet bridging.
'';
homepage = "http://www.tinc-vpn.org/";
license = lib.licenses.gpl2Plus;
mainProgram = "tincd";
platforms = lib.platforms.unix;
};
}

75
pkgs/tools/networking/tinc/pre.nix Normal file
View File

@@ -0,0 +1,75 @@
{
lib,
stdenv,
fetchFromGitHub,
autoreconfHook,
texinfo,
ncurses,
readline,
zlib,
lzo,
openssl,
nixosTests,
}:
stdenv.mkDerivation rec {
pname = "tinc";
version = "1.1pre18";
src = fetchFromGitHub {
owner = "gsliepen";
repo = "tinc";
rev = "release-${version}";
hash = "sha256-1anjTUlVLx57FlUqGwBd590lfkZ2MmrM1qRcMl4P7Sg=";
};
outputs = [
"out"
"man"
"info"
];
nativeBuildInputs = [
autoreconfHook
texinfo
];
buildInputs = [
ncurses
readline
zlib
lzo
openssl
];
# needed so the build doesn't need to run git to find out the version.
prePatch = ''
substituteInPlace configure.ac --replace UNKNOWN ${version}
echo "${version}" > configure-version
echo "https://tinc-vpn.org/git/browse?p=tinc;a=log;h=refs/tags/release-${version}" > ChangeLog
sed -i '/AC_INIT/s/m4_esyscmd_s.*/${version})/' configure.ac
'';
configureFlags = [
"--sysconfdir=/etc"
"--localstatedir=/var"
];
passthru.tests = { inherit (nixosTests) tinc; };
meta = with lib; {
description = "VPN daemon with full mesh routing";
longDescription = ''
tinc is a Virtual Private Network (VPN) daemon that uses tunnelling and
encryption to create a secure private network between hosts on the
Internet. It features full mesh routing, as well as encryption,
authentication, compression and ethernet bridging.
'';
homepage = "http://www.tinc-vpn.org/";
license = licenses.gpl2Plus;
platforms = platforms.unix;
maintainers = with maintainers; [
lassulus
mic92
];
};
}

61
pkgs/tools/networking/vpn-slice/default.nix Normal file
View File

@@ -0,0 +1,61 @@
{
lib,
stdenv,
buildPythonApplication,
nix-update-script,
fetchFromGitHub,
dnspython,
iproute2,
iptables,
setproctitle,
setuptools,
unixtools,
}:
buildPythonApplication rec {
pname = "vpn-slice";
version = "0.16.1";
pyproject = true;
src = fetchFromGitHub {
owner = "dlenski";
repo = "vpn-slice";
rev = "v${version}";
sha256 = "sha256-T6VULLNRLWO4OcAsuTmhty6H4EhinyxQSg0dfv2DUJs=";
};
postPatch =
lib.optionalString stdenv.hostPlatform.isDarwin ''
substituteInPlace vpn_slice/mac.py \
--replace-fail "'/sbin/route'" "'${unixtools.route}/bin/route'"
''
+ lib.optionalString stdenv.hostPlatform.isLinux ''
substituteInPlace vpn_slice/linux.py \
--replace-fail "'/sbin/ip'" "'${iproute2}/bin/ip'" \
--replace-fail "'/sbin/iptables'" "'${iptables}/bin/iptables'"
'';
build-system = [
setuptools
];
dependencies = [
setuptools # can be removed with next package update, upstream no longer has a dependency on distutils
setproctitle
dnspython
];
doCheck = false;
passthru = {
updateScript = nix-update-script { };
};
meta = with lib; {
homepage = "https://github.com/dlenski/vpn-slice";
description = "vpnc-script replacement for easy and secure split-tunnel VPN setup";
mainProgram = "vpn-slice";
license = licenses.gpl3;
maintainers = [ ];
};
}