openvpn3: 20 -> 22_dev

Co-authored-by: Yaroslav Bolyukin <iam@lach.pw>

nixos/modules/programs/openvpn3.nix

@@ -1,43 +1,116 @@
 { config, lib, pkgs, ... }:
-
 let
+ json = pkgs.formats.json { };
  cfg = config.programs.openvpn3;
-in
-{
- options.programs.openvpn3 = {
- enable = lib.mkEnableOption "the openvpn3 client";
- package = lib.mkOption {
- type = lib.types.package;
- default = pkgs.openvpn3.override {
- enableSystemdResolved = config.services.resolved.enable;
+in {
+ options.programs.openvpn3 = let
+ inherit (lib)
+ mkEnableOption mkPackageOption mkOption literalExpression max options
+ lists;
+ inherit (lib.types) bool submodule ints;
+ in {
+ enable = mkEnableOption "the openvpn3 client";
+ package = mkPackageOption pkgs "openvpn3" { };
+ netcfg = mkOption {
+ description = "Network configuration";
+ default = { };
+ type = submodule {
+ options = {
+ settings = mkOption {
+ description =
+ "Options stored in {file}`/etc/openvpn3/netcfg.json` configuration file";
+ default = { };
+ type = submodule {
+ freeformType = json.type;
+ options = {
+ systemd_resolved = mkOption {
+ type = bool;
+ description = "Whether to use systemd-resolved integration";
+ default = config.services.resolved.enable;
+ defaultText =
+ literalExpression "config.services.resolved.enable";
+ example = false;
+ };
+ };
+ };
+ };
+ };
+ };
+ };
+ log-service = mkOption {
+ description = "Log service configuration";
+ default = { };
+ type = submodule {
+ options = {
+ settings = mkOption {
+ description =
+ "Options stored in {file}`/etc/openvpn3/log-service.json` configuration file";
+ default = { };
+ type = submodule {
+ freeformType = json.type;
+ options = {
+ journald = mkOption {
+ description = "Use systemd-journald";
+ type = bool;
+ default = true;
+ example = false;
+ };
+ log_dbus_details = mkOption {
+ description = "Add D-Bus details in log file/syslog";
+ type = bool;
+ default = true;
+ example = false;
+ };
+ log_level = mkOption {
+ description = "How verbose should the logging be";
+ type = (ints.between 0 7) // {
+ merge = _loc: defs:
+ lists.foldl max 0 (options.getValues defs);
+ };
+ default = 3;
+ example = 6;
+ };
+ timestamp = mkOption {
+ description = "Add timestamp log file";
+ type = bool;
+ default = false;
+ example = true;
+ };
+ };
+ };
+ };
+ };
  };
- defaultText = lib.literalExpression ''pkgs.openvpn3.override {
- enableSystemdResolved = config.services.resolved.enable;
- }'';
- description = ''
- Which package to use for `openvpn3`.
- '';
  };
  };
 
  config = lib.mkIf cfg.enable {
- services.dbus.packages = [
- cfg.package
- ];
+ services.dbus.packages = [ cfg.package ];
 
  users.users.openvpn = {
  isSystemUser = true;
  uid = config.ids.uids.openvpn;
  group = "openvpn";
  };
 
- users.groups.openvpn = {
- gid = config.ids.gids.openvpn;
+ users.groups.openvpn = { gid = config.ids.gids.openvpn; };
+
+ environment = {
+ systemPackages = [ cfg.package ];
+ etc = let
+ genConfig = name: options: {
+ "openvpn3/${name}".source = json.generate name options;
+ };
+ in (genConfig "netcfg.json" cfg.netcfg.settings)
+ // (genConfig "log-service.json" cfg.log-service.settings);
  };
 
- environment.systemPackages = [
- cfg.package
- ];
+ systemd.packages = [ cfg.package ];
  };
 
+ meta.maintainers = [
+ lib.maintainers.shamilton
+ lib.maintainers.kfears
+ lib.maintainers.progrm_jarvis
+ ];
 }

pkgs/by-name/op/openvpn3/package.nix

@@ -0,0 +1,133 @@
+{ lib
+, stdenv
+, fetchFromGitHub
+, asio
+, glib
+, jsoncpp
+, libcap_ng
+, libnl
+, libuuid
+, lz4
+, openssl
+, pkg-config
+, protobuf
+, python3
+, systemd
+, tinyxml-2
+, wrapGAppsHook3
+, gobject-introspection
+, meson
+, ninja
+, gdbuspp
+, cmake
+, git
+, enableSystemdResolved ? true
+}:
+
+stdenv.mkDerivation rec {
+ pname = "openvpn3";
+ # also update openvpn3-core
+ version = "22_dev";
+
+ src = fetchFromGitHub {
+ owner = "OpenVPN";
+ repo = "openvpn3-linux";
+ rev = "refs/tags/v${version}";
+ # Don't forget to actualize version scripts in `postPatch`
+ hash = "sha256-UbphN5gHgO30ry0kX6W4qSs5Ksrvfhm4xiRNBdzEOhA=";
+ # `openvpn3-core` is a submodule.
+ # TODO: make it into a separate package
+ fetchSubmodules = true;
+ };
+
+ patches = [
+ ./patches/0001-customizable-asio-path.patch
+ ./patches/0002-customizable-installation-paths.patch
+ ];
+
+ postPatch = ''
+ echo '#define OPENVPN_VERSION "3.git:unknown:unknown"' > ./src/build-version.h
+ echo '#define PACKAGE_GUIVERSION "${builtins.replaceStrings ["_"] [":"] version}_{unknown}__s"' >> ./src/build-version.h
+ echo '#define PACKAGE_NAME "openvpn3-linux"' >> ./src/build-version.h
+
+ patchShebangs ** /*.py ** /*.sh \
+ ./scripts \
+ ./src/python/{openvpn2,openvpn3-as,openvpn3-autoload} \
+ ./distro/systemd/openvpn3-systemd \
+ ./src/tests/dbus/netcfg-subscription-test
+ '';
+
+ pythonPath = python3.withPackages (ps: [
+ ps.dbus-python
+ ps.pygobject3
+ ps.systemd
+ ]);
+
+ nativeBuildInputs = [
+ meson
+ ninja
+ pkg-config
+ cmake
+ git
+
+ python3.pkgs.wrapPython
+ python3.pkgs.docutils
+ python3.pkgs.jinja2
+ python3.pkgs.dbus-python
+ wrapGAppsHook3
+ gobject-introspection.dev
+ ];
+
+ buildInputs = [
+ asio
+ glib.dev
+ jsoncpp.dev
+ libcap_ng.dev
+ libnl.dev
+ libuuid.dev
+ lz4.dev
+ openssl.dev
+ protobuf
+ tinyxml-2
+ gdbuspp
+ ] ++ lib.optionals enableSystemdResolved [
+ systemd.dev
+ ];
+
+ mesonFlags = [
+ (lib.mesonOption "selinux" "disabled")
+ (lib.mesonOption "selinux_policy" "disabled")
+ (lib.mesonOption "bash-completion" "enabled")
+ (lib.mesonOption "test_programs" "disabled")
+ (lib.mesonOption "unit_tests" "disabled")
+ (lib.mesonOption "asio_path" "${asio}")
+ (lib.mesonOption "dbus_policy_dir" "${placeholder "out"}/share/dbus-1/system.d")
+ (lib.mesonOption "dbus_system_service_dir" "${placeholder "out"}/share/dbus-1/system-services")
+ (lib.mesonOption "systemd_system_unit_dir" "${placeholder "out"}/lib/systemd/system")
+ (lib.mesonOption "sharedstatedir" "/etc")
+ ];
+
+ dontWrapGApps = true;
+ preFixup = ''
+ makeWrapperArgs+=("''${gappsWrapperArgs[@]}")
+ '';
+ postFixup = ''
+ wrapPythonPrograms
+ wrapPythonProgramsIn "$out/libexec/openvpn3-linux" "$out ${pythonPath}"
+ '';
+
+ NIX_LDFLAGS = "-lpthread";
+
+ meta = {
+ description = "OpenVPN 3 Linux client";
+ license = lib.licenses.agpl3Plus;
+ homepage = "https://github.com/OpenVPN/openvpn3-linux/";
+ changelog = "https://github.com/OpenVPN/openvpn3-linux/releases/tag/v${version}";
+ maintainers = [
+ lib.maintainers.shamilton
+ lib.maintainers.kfears
+ lib.maintainers.progrm_jarvis
+ ];
+ platforms = lib.platforms.linux;
+ };
+}

pkgs/by-name/op/openvpn3/patches/0001-customizable-asio-path.patch

@@ -0,0 +1,13 @@
+diff --git a/meson.build b/meson.build
+index 2bba337..092b4ce 100644
+--- a/meson.build
++++ b/meson.build
+@@ -68,7 +68,7 @@ endif
+ #
+ # Setup additional include header dirs
+ #
+-asio_inc = get_option('asio_path') / 'asio' / 'include'
++asio_inc = get_option('asio_path') / 'include'
+ message ('ASIO library: ' + asio_inc)
+
+ openvpn3_core_inc = get_option('openvpn3_core_path')

pkgs/by-name/op/openvpn3/patches/0002-customizable-installation-paths.patch

@@ -0,0 +1,86 @@
+diff --git a/distro/systemd/meson.build b/distro/systemd/meson.build
+index 36d556c..9c636b6 100644
+--- a/distro/systemd/meson.build
++++ b/distro/systemd/meson.build
+@@ -15,12 +15,17 @@ systemd_cfg = configuration_data({
+
+ systemd_service_cfg = dependency('systemd')
+
++systemd_system_unit_dir = get_option('systemd_system_unit_dir')
++if systemd_system_unit_dir == ''
++ systemd_system_unit_dir = systemd_service_cfg.get_variable('systemdsystemunitdir')
++endif
++
+ configure_file(
+ input: 'openvpn3-autoload.service.in',
+ output: 'openvpn3-autoload.service',
+ configuration: systemd_cfg,
+ install: true,
+- install_dir: systemd_service_cfg.get_variable('systemdsystemunitdir'),
++ install_dir: systemd_system_unit_dir,
+ )
+
+ configure_file(
+@@ -28,7 +33,7 @@ configure_file(
+ output: 'openvpn3-session@.service',
+ configuration: systemd_cfg,
+ install: true,
+- install_dir: systemd_service_cfg.get_variable('systemdsystemunitdir'),
++ install_dir: systemd_system_unit_dir,
+ )
+
+ custom_target('openvpn3-systemd',
+diff --git a/meson.build b/meson.build
+index 092b4ce..e1ec8c1 100644
+--- a/meson.build
++++ b/meson.build
+@@ -180,8 +180,16 @@ message('OpenVPN 3 Linux service binary directory: ' + get_option('prefix') / li
+
+ #
+ # D-Bus configuration
+-dbus_policy_dir = dep_dbus.get_variable('datadir') / 'dbus-1' / 'system.d'
+-dbus_service_dir = dep_dbus.get_variable('system_bus_services_dir')
++dbus_policy_dir = get_option('dbus_policy_dir')
++if dbus_policy_dir == ''
++ dbus_policy_dir = dep_dbus.get_variable('datadir') / 'dbus-1' / 'system.d'
++endif
++
++dbus_service_dir = get_option('dbus_system_service_dir')
++if dbus_service_dir == ''
++ dbus_service_dir = dep_dbus.get_variable('system_bus_services_dir')
++endif
++
+ dbus_config = {
+ 'OPENVPN_USERNAME': get_option('openvpn_username'),
+ 'LIBEXEC_PATH': get_option('prefix') / libexec_dir,
+diff --git a/meson_options.txt b/meson_options.txt
+index e9e759e..68fec37 100644
+--- a/meson_options.txt
++++ b/meson_options.txt
+@@ -81,6 +81,16 @@ option('use-legacy-polkit-pkla', type: 'feature', value: 'disabled',
+ option('polkit_pkla_rulesdir', type: 'string', value: '',
+ description: 'Override PolicyKit PKLA rules directory')
+
++#
++# Installation paths
++#
++option('dbus_policy_dir', type: 'string',
++ description: 'D-Bus policy directory')
++option('dbus_system_service_dir', type: 'string',
++ description: 'D-Bus system service directory')
++option('systemd_system_unit_dir', type: 'string',
++ description: 'Path to systemd system unit directory')
++
+ #
+ # Testing tools
+ #
+diff --git a/src/configmgr/meson.build b/src/configmgr/meson.build
+index 5d0a649..b534817 100644
+--- a/src/configmgr/meson.build
++++ b/src/configmgr/meson.build
+@@ -55,4 +55,4 @@ configure_file(
+ # Create the configs directory for persistent configuration profiles
+ # NOTE: Can be replaced with install_emptydir() when Meson 0.60 or newer
+ # is available on all supported distros
+-meson.add_install_script('sh','-c', 'mkdir -p $DESTDIR@0@'.format(openvpn3_statedir / 'configs'))
++# meson.add_install_script('sh','-c', 'mkdir -p $DESTDIR@0@'.format(openvpn3_statedir / 'configs'))