openvpn3: 20 -> 22_dev

Co-authored-by: Yaroslav Bolyukin <iam@lach.pw>
NixOS · Jul 20, 2024 · 7ad804c · 7ad804c
1 parent 5d8362b
commit 7ad804c
Show file tree

Hide file tree

Showing 4 changed files with 265 additions and 75 deletions.
diff --git a/nixos/modules/programs/openvpn3.nix b/nixos/modules/programs/openvpn3.nix
@@ -1,43 +1,123 @@
 { config, lib, pkgs, ... }:
-
 let
+ json = pkgs.formats.json { };
  cfg = config.programs.openvpn3;
-in
-{
- options.programs.openvpn3 = {
- enable = lib.mkEnableOption "the openvpn3 client";
- package = lib.mkOption {
+ user = "openvpn";
+ group = "openvpn";
+ netcfg-config = "netcfg.json";
+ log-service-config = "log-service.json";
+in {
+ options.programs.openvpn3 = let
+ inherit (lib) mkEnableOption mkOption literalExpression max options lists;
+ inherit (lib.types) bool submodule ints;
+ in {
+ enable = mkEnableOption "the openvpn3 client";
+ package = mkOption {
  type = lib.types.package;
  default = pkgs.openvpn3.override {
  enableSystemdResolved = config.services.resolved.enable;
  };
- defaultText = lib.literalExpression ''pkgs.openvpn3.override {
- enableSystemdResolved = config.services.resolved.enable;
- }'';
- description = ''
- Which package to use for `openvpn3`.
+ defaultText = literalExpression ''
+ pkgs.openvpn3.override {
+ enableSystemdResolved = config.services.resolved.enable;
+ }
  '';
+ description = "Which package to use for `openvpn3`";
+ };
+ netcfg = mkOption {
+ description = "Network configuration";
+ default = { };
+ type = submodule {
+ options = {
+ settings = mkOption {
+ description =
+ "Options stored in `${netcfg-config}` configuration file";
+ default = { };
+ type = submodule {
+ freeformType = json.type;
+ options = {
+ systemd_resolved = mkOption {
+ type = bool;
+ description = "Whether to use systemd-resolved integration";
+ default = config.services.resolved.enable;
+ defaultText =
+ literalExpression "config.services.resolved.enable";
+ example = false;
+ };
+ };
+ };
+ };
+ };
+ };
+ };
+ log-service = mkOption {
+ description = "Log service configuration";
+ default = { };
+ type = submodule {
+ options = {
+ settings = mkOption {
+ description =
+ "Options stored in `${log-service-config}` configuration file";
+ default = { };
+ type = submodule {
+ freeformType = json.type;
+ options = {
+ journald = mkOption {
+ description = "Use systemd-journald";
+ type = bool;
+ default = true;
+ example = false;
+ };
+ log_dbus_details = mkOption {
+ description = "Add D-Bus details in log file/syslog";
+ type = bool;
+ default = true;
+ example = false;
+ };
+ log_level = mkOption {
+ description = "How verbose should the logging be";
+ type = (ints.between 0 7) // {
+ merge = _loc: defs:
+ lists.foldl max 0 (options.getValues defs);
+ };
+ default = 3;
+ example = 6;
+ };
+ timestamp = mkOption {
+ description = "Add timestamp log file";
+ type = bool;
+ default = true;
+ example = false;
+ };
+ };
+ };
+ };
+ };
+ };
  };
  };
 
  config = lib.mkIf cfg.enable {
- services.dbus.packages = [
- cfg.package
- ];
+ services.dbus.packages = [ cfg.package ];
 
- users.users.openvpn = {
+ users.users."${user}" = {
  isSystemUser = true;
- uid = config.ids.uids.openvpn;
- group = "openvpn";
+ uid = config.ids.uids."${user}";
+ inherit group;
  };
 
- users.groups.openvpn = {
- gid = config.ids.gids.openvpn;
+ users.groups."${group}" = { gid = config.ids.gids."${group}"; };
+
+ environment = {
+ systemPackages = [ cfg.package ];
+ etc = let
+ genConfig = name: options: {
+ "openvpn3/${name}".source = json.generate name options;
+ };
+ in (genConfig netcfg-config cfg.netcfg.settings)
+ // (genConfig log-service-config cfg.log-service.settings);
  };
 
- environment.systemPackages = [
- cfg.package
- ];
+ systemd.packages = [ cfg.package ];
  };
-
 }
diff --git a/pkgs/tools/networking/openvpn3/default.nix b/pkgs/tools/networking/openvpn3/default.nix
@@ -2,10 +2,7 @@
 , stdenv
 , fetchFromGitHub
 , asio
-, autoconf-archive
-, autoreconfHook
 , glib
-, gtest
 , jsoncpp
 , libcap_ng
 , libnl
@@ -16,60 +13,72 @@
 , protobuf
 , python3
 , systemd
-, enableSystemdResolved ? false
 , tinyxml-2
 , wrapGAppsHook3
+, gobject-introspection
+, meson
+, ninja
+, bash
+, gdbuspp
+, cmake
+, git
+, enableSystemdResolved ? false
 }:
 
-let
- openvpn3-core = fetchFromGitHub {
- owner = "OpenVPN";
- repo = "openvpn3";
- rev = "7590cb109349809b948e8edaeecabdbfe24e4b17";
- hash = "sha256-S9D/FQa7HYj0FJnyb5dCrtgTH9Nf2nvtyp/VHiebq7I=";
- };
-in
 stdenv.mkDerivation rec {
  pname = "openvpn3";
  # also update openvpn3-core
- version = "20";
+ version = "22_dev";
 
  src = fetchFromGitHub {
  owner = "OpenVPN";
  repo = "openvpn3-linux";
  rev = "v${version}";
- hash = "sha256-Weyb+rcx04mpDdcL7Qt4O+PvPf5MLPAP/Uy+8qoNXbQ=";
+ # Don't forget to actualize version scripts in `postPatch`
+ hash = "sha256-UbphN5gHgO30ry0kX6W4qSs5Ksrvfhm4xiRNBdzEOhA=";
+ # `openvpn3-core` is a submodule.
+ # TODO: make it into a separate package
+ fetchSubmodules = true;
  };
 
- postPatch = ''
- rm -r ./vendor/googletest
- cp -r ${gtest.src} ./vendor/googletest
- rm -r ./openvpn3-core
- ln -s ${openvpn3-core} ./openvpn3-core
-
- chmod -R +w ./vendor/googletest
- shopt -s globstar
+ patches = [
+ ./patches/0001-customizable-asio-path.patch
+ ./patches/0002-customizable-installation-paths.patch
+ ];
 
- patchShebangs **/*.py **/*.sh ./src/python/{openvpn2,openvpn3-as,openvpn3-autoload} \
- ./distro/systemd/openvpn3-systemd ./src/tests/dbus/netcfg-subscription-test
+ postPatch = ''
+ echo '#define OPENVPN_VERSION "3.git:release/3.8.5:03236ed7"' > ./src/build-version.h
+ echo '#define PACKAGE_GUIVERSION "v22:dev_62f3536b015ab9f3__s"' >> ./src/build-version.h
+ echo '#define PACKAGE_NAME "openvpn3-linux"' >> ./src/build-version.h
 
- echo "3.git:v${version}:unknown" > openvpn3-core-version
+ patchShebangs ** /*.py ** /*.sh \
+ ./scripts \
+ ./src/python/{openvpn2,openvpn3-as,openvpn3-autoload} \
+ ./distro/systemd/openvpn3-systemd \
+ ./src/tests/dbus/netcfg-subscription-test
  '';
 
- preAutoreconf = ''
- substituteInPlace ./update-version-m4.sh --replace 'VERSION="$(git describe --always --tags)"' "VERSION=v${version}"
- ./update-version-m4.sh
- '';
+ pythonPath = python3.withPackages (ps: [
+ ps.dbus-python
+ ps.pygobject3
+ ps.systemd
+ ]);
 
  nativeBuildInputs = [
- autoconf-archive
- autoreconfHook
+ meson
+ ninja
+ bash
+ cmake
+ git
+
+ python3.pkgs.wrapPython
  python3.pkgs.docutils
  python3.pkgs.jinja2
+ python3.pkgs.dbus-python
  pkg-config
  wrapGAppsHook3
- python3.pkgs.wrapPython
- ] ++ pythonPath;
+ gobject-introspection
+ ];
 
  buildInputs = [
  asio
@@ -82,14 +91,22 @@ stdenv.mkDerivation rec {
  openssl
  protobuf
  tinyxml-2
+ gdbuspp
  ] ++ lib.optionals enableSystemdResolved [
  systemd
  ];
 
- # runtime deps
- pythonPath = with python3.pkgs; [
- dbus-python
- pygobject3
+ mesonFlags = [
+ (lib.mesonOption "selinux" "disabled")
+ (lib.mesonOption "selinux_policy" "disabled")
+ (lib.mesonOption "bash-completion" "enabled")
+ (lib.mesonOption "test_programs" "disabled")
+ (lib.mesonOption "unit_tests" "disabled")
+ (lib.mesonOption "asio_path" "${asio}")
+ (lib.mesonOption "dbus_policy_dir" "${placeholder "out"}/share/dbus-1/system.d")
+ (lib.mesonOption "dbus_system_service_dir" "${placeholder "out"}/share/dbus-1/system-services")
+ (lib.mesonOption "systemd_system_unit_dir" "${placeholder "out"}/lib/systemd/system")
+ (lib.mesonOption "sharedstatedir" "/etc")
  ];
 
  dontWrapGApps = true;
@@ -98,26 +115,20 @@ stdenv.mkDerivation rec {
  '';
  postFixup = ''
  wrapPythonPrograms
+ wrapPythonProgramsIn "$out/libexec/openvpn3-linux" "$out ${pythonPath}"
  '';
 
- configureFlags = [
- "--enable-bash-completion"
- "--enable-addons-aws"
- "--disable-selinux-build"
- "--disable-build-test-progs"
- ] ++ lib.optionals enableSystemdResolved [
- # This defaults to --resolv-conf /etc/resolv.conf. See
- # https://github.com/OpenVPN/openvpn3-linux/blob/v20/configure.ac#L434
- "DEFAULT_DNS_RESOLVER=--systemd-resolved"
- ];
-
  NIX_LDFLAGS = "-lpthread";
 
- meta = with lib; {
+ meta = {
  description = "OpenVPN 3 Linux client";
- license = licenses.agpl3Plus;
+ license = lib.licenses.agpl3Plus;
  homepage = "https://github.com/OpenVPN/openvpn3-linux/";
- maintainers = with maintainers; [ shamilton kfears ];
- platforms = platforms.linux;
+ maintainers = [
+ lib.maintainers.shamilton
+ lib.maintainers.kfears
+ lib.maintainers.progrm_jarvis
+ ];
+ platforms = lib.platforms.linux;
  };
 }
diff --git a/pkgs/tools/networking/openvpn3/patches/0001-customizable-asio-path.patch b/pkgs/tools/networking/openvpn3/patches/0001-customizable-asio-path.patch
@@ -0,0 +1,13 @@
+diff --git a/meson.build b/meson.build
+index 2bba337..092b4ce 100644
+--- a/meson.build
++++ b/meson.build
+@@ -68,7 +68,7 @@ endif
+ #
+ # Setup additional include header dirs
+ #
+-asio_inc = get_option('asio_path') / 'asio' / 'include'
++asio_inc = get_option('asio_path') / 'include'
+ message ('ASIO library: ' + asio_inc)
+
+ openvpn3_core_inc = get_option('openvpn3_core_path')