openvpn3: 20 -> 23

{ config, lib, pkgs, ... }:

let

  json = pkgs.formats.json { };

  cfg = config.programs.openvpn3;

in

{

  inherit (lib) mkEnableOption mkPackageOption mkOption literalExpression max options lists;

  inherit (lib.types) bool submodule ints;

in {

  options.programs.openvpn3 = {

    enable = lib.mkEnableOption "the openvpn3 client";

    package = lib.mkOption {

      type = lib.types.package;

      default = pkgs.openvpn3.override {

        enableSystemdResolved = config.services.resolved.enable;

    enable = mkEnableOption "the openvpn3 client";

    package = mkPackageOption pkgs "openvpn3" { };

    netcfg = mkOption {

      description = "Network configuration";

      default = { };

      type = submodule {

        options = {

          settings = mkOption {

            description = "Options stored in {file}`/etc/openvpn3/netcfg.json` configuration file";

            default = { };

            type = submodule {

              freeformType = json.type;

              options = {

                systemd_resolved = mkOption {

                  type = bool;

                  description = "Whether to use systemd-resolved integration";

                  default = config.services.resolved.enable;

                  defaultText = literalExpression "config.services.resolved.enable";

                  example = false;

                };

              };

            };

          };

        };

      };

    };

    log-service = mkOption {

      description = "Log service configuration";

      default = { };

      type = submodule {

        options = {

          settings = mkOption {

            description = "Options stored in {file}`/etc/openvpn3/log-service.json` configuration file";

            default = { };

            type = submodule {

              freeformType = json.type;

              options = {

                journald = mkOption {

                  description = "Use systemd-journald";

                  type = bool;

                  default = true;

                  example = false;

                };

                log_dbus_details = mkOption {

                  description = "Add D-Bus details in log file/syslog";

                  type = bool;

                  default = true;

                  example = false;

                };

                log_level = mkOption {

                  description = "How verbose should the logging be";

                  type = (ints.between 0 7) // {

                    merge = _loc: defs:

                      lists.foldl max 0 (options.getValues defs);

                  };

                  default = 3;

                  example = 6;

                };

                timestamp = mkOption {

                  description = "Add timestamp log file";

                  type = bool;

                  default = false;

                  example = true;

                };

              };

            };

          };

        };

      };

      defaultText = lib.literalExpression ''pkgs.openvpn3.override {

        enableSystemdResolved = config.services.resolved.enable;

      }'';

      description = ''

        Which package to use for `openvpn3`.

      '';

    };

  };

  config = lib.mkIf cfg.enable {

    services.dbus.packages = [

      cfg.package

    ];

    services.dbus.packages = [ cfg.package ];

    users.users.openvpn = {

      isSystemUser = true;

      group = "openvpn";

    };

    users.groups.openvpn = {

      gid = config.ids.gids.openvpn;

    users.groups.openvpn = { gid = config.ids.gids.openvpn; };

    environment = {

      systemPackages = [ cfg.package ];

      etc = {

        "openvpn3/netcfg.json".source =

          json.generate "netcfg.json" cfg.netcfg.settings;

        "openvpn3/log-service.json".source =

          json.generate "log-service.json" cfg.log-service.settings;

      };

    };

    environment.systemPackages = [

      cfg.package

    ];

    systemd.packages = [ cfg.package ];

  };

  meta.maintainers = with lib.maintainers; [ shamilton progrm_jarvis ];

}

From 30b2528054e6627a7124ac04cb018356ef23d864 Mon Sep 17 00:00:00 2001

From: Petr Portnov <mrjarviscraft@gmail.com>

Date: Mon, 2 Sep 2024 22:25:33 +0300

Subject: [PATCH 1/1] build: reduce hardcode in `asio_path`

Currently, `asio_path` variable value is concatenated with `/asio/include`

to specify the path to custom `asio` installation.

The problem is that this is too strict as some distros (namely NixOS)

may have the `include` directory with a differently named parent.

Thus this change minimizes the hardcoded part of the path to make it more flexible.

Signed-off-by: Petr Portnov <mrjarviscraft@gmail.com>

---

 meson.build       | 2 +-

 meson_options.txt | 2 +-

 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/meson.build b/meson.build

index c9e0a2d..c01eb8e 100644

--- a/meson.build

+++ b/meson.build

@@ -74,7 +74,7 @@ endif

 #

 #  Setup additional include header dirs

 #

-asio_inc = get_option('asio_path') / 'asio' / 'include'

+asio_inc = get_option('asio_path') / 'include'

 message ('ASIO library: ' + asio_inc)

 openvpn3_core_inc = get_option('openvpn3_core_path')

diff --git a/meson_options.txt b/meson_options.txt

index d9cf02e..43e301e 100644

--- a/meson_options.txt

+++ b/meson_options.txt

@@ -26,7 +26,7 @@ option('debug_options', type: 'boolean', value: false,

 #

 #  Build environment and related build time options

 #

-option('asio_path', type: 'string', value: './vendor/asio',

+option('asio_path', type: 'string', value: './vendor/asio/asio',

        description: 'Path to the ASIO header files')

 option('openvpn3_core_path', type: 'string', value: './openvpn3-core',

-- 

2.43.0

From 848cc46d05c203de393d75434a3f571d78687f50 Mon Sep 17 00:00:00 2001

From: Petr Portnov <mrjarviscraft@gmail.com>

Date: Sun, 22 Sep 2024 13:16:02 +0300

Subject: [PATCH] build: allow installation directories' customization

This allows to configure the installation directories

for systemd and D-Bus files.

Signed-off-by: Petr Portnov <mrjarviscraft@gmail.com>

---

 distro/systemd/meson.build |  9 +++++++--

 meson.build                | 12 ++++++++++--

 meson_options.txt          | 12 ++++++++++++

 src/configmgr/meson.build  | 10 ++++++----

 4 files changed, 35 insertions(+), 8 deletions(-)

diff --git a/distro/systemd/meson.build b/distro/systemd/meson.build

index 36d556c..9c636b6 100644

--- a/distro/systemd/meson.build

+++ b/distro/systemd/meson.build

@@ -15,12 +15,17 @@ systemd_cfg = configuration_data({

 systemd_service_cfg = dependency('systemd')

+systemd_system_unit_dir = get_option('systemd_system_unit_dir')

+if systemd_system_unit_dir == ''

+  systemd_system_unit_dir = systemd_service_cfg.get_variable('systemdsystemunitdir')

+endif

+

 configure_file(

     input: 'openvpn3-autoload.service.in',

     output: 'openvpn3-autoload.service',

     configuration: systemd_cfg,

     install: true,

-    install_dir: systemd_service_cfg.get_variable('systemdsystemunitdir'),

+    install_dir: systemd_system_unit_dir,

 )

 configure_file(

@@ -28,7 +33,7 @@ configure_file(

     output: 'openvpn3-session@.service',

     configuration: systemd_cfg,

     install: true,

-    install_dir: systemd_service_cfg.get_variable('systemdsystemunitdir'),

+    install_dir: systemd_system_unit_dir,

 )

 custom_target('openvpn3-systemd',

diff --git a/meson.build b/meson.build

index 586c72a..ba41440 100644

--- a/meson.build

+++ b/meson.build

@@ -203,8 +203,16 @@ message('OpenVPN 3 Linux service binary directory: ' + get_option('prefix') / li

 #

 #  D-Bus configuration

-dbus_policy_dir = dep_dbus.get_variable('datadir') / 'dbus-1' / 'system.d'

-dbus_service_dir = dep_dbus.get_variable('system_bus_services_dir')

+dbus_policy_dir = get_option('dbus_policy_dir')

+if dbus_policy_dir == ''

+    dbus_policy_dir = dep_dbus.get_variable('datadir') / 'dbus-1' / 'system.d'

+endif

+

+dbus_service_dir = get_option('dbus_system_service_dir')

+if dbus_service_dir == ''

+    dbus_service_dir = dep_dbus.get_variable('system_bus_services_dir')

+endif

+

 dbus_config = {

     'OPENVPN_USERNAME': get_option('openvpn_username'),

     'LIBEXEC_PATH': get_option('prefix') / libexec_dir,

diff --git a/meson_options.txt b/meson_options.txt

index 43e301e..04809df 100644

--- a/meson_options.txt

+++ b/meson_options.txt

@@ -93,6 +93,18 @@ option('use-legacy-polkit-pkla', type: 'feature', value: 'disabled',

 option('polkit_pkla_rulesdir', type: 'string', value: '',

        description: 'Override PolicyKit PKLA rules directory')

+#

+# Installation

+#

+option('dbus_policy_dir', type: 'string',

+       description: 'D-Bus policy directory')

+option('dbus_system_service_dir', type: 'string',

+       description: 'D-Bus system service directory')

+option('systemd_system_unit_dir', type: 'string',

+       description: 'Path to systemd system unit directory')

+option('create_statedir', type: 'feature', value: 'enabled',

+       description: 'Create directory for OpenVPN 3 state during install phase')

+

 #

 #  Testing tools

 #

diff --git a/src/configmgr/meson.build b/src/configmgr/meson.build

index 5d0a649..6f788b7 100644

--- a/src/configmgr/meson.build

+++ b/src/configmgr/meson.build

@@ -52,7 +52,9 @@ configure_file(

     install_dir: dbus_service_dir,

 )

-# Create the configs directory for persistent configuration profiles

-# NOTE: Can be replaced with install_emptydir() when Meson 0.60 or newer

-#       is available on all supported distros

-meson.add_install_script('sh','-c', 'mkdir -p $DESTDIR@0@'.format(openvpn3_statedir / 'configs'))

+if get_option('create_statedir').enabled()

+    # Create the configs directory for persistent configuration profiles

+    # NOTE: Can be replaced with install_emptydir() when Meson 0.60 or newer

+    #       is available on all supported distros

+    meson.add_install_script('sh','-c', 'mkdir -p $DESTDIR@0@'.format(openvpn3_statedir / 'configs'))

+endif

-- 

2.45.2

{

  lib,

  stdenv,

  fetchFromGitHub,

  asio,

  glib,

  jsoncpp,

  libcap_ng,

  libnl,

  libuuid,

  lz4,

  openssl,

  pkg-config,

  protobuf,

  python3,

  systemd,

  tinyxml-2,

  wrapGAppsHook3,

  gobject-introspection,

  meson,

  ninja,

  gdbuspp,

  cmake,

  git,

  enableSystemdResolved ? true,

}:

stdenv.mkDerivation rec {

  pname = "openvpn3";

  # also update openvpn3-core

  version = "23";

  src = fetchFromGitHub {

    owner = "OpenVPN";

    repo = "openvpn3-linux";

    rev = "refs/tags/v${version}";

    hash = "sha256-5gkutqyUPZDwRPzSFdUXg2G5mtQKbdhZu8xnNAdXoF0=";

    # `openvpn3-core` is a submodule.

    # TODO: make it into a separate package

    fetchSubmodules = true;

  };

  patches = [

    # Merged in upstream, will land in v24

    # https://github.com/OpenVPN/openvpn3-linux/commit/75abb7dc9366ba85fb1a144d88f02a1e8a62f538

    ./0001-build-reduce-hardcode-in-asio_path.patch

    ./0002-build-allow-installation-directories-customization.patch

  ];

  postPatch = ''

    echo '#define OPENVPN_VERSION "3.git:unknown:unknown"

    #define PACKAGE_GUIVERSION "v${builtins.replaceStrings [ "_" ] [ ":" ] version}"

    #define PACKAGE_NAME "openvpn3-linux"

    ' > ./src/build-version.h

    patchShebangs \

      ./scripts \

      ./src/python/{openvpn2,openvpn3-as,openvpn3-autoload} \

      ./distro/systemd/openvpn3-systemd \

      ./src/tests/dbus/netcfg-subscription-test \

      ./src/shell/bash-completion/gen-openvpn2-completion.py

  '';

  pythonPath = python3.withPackages (ps: [

    ps.dbus-python

    ps.pygobject3

    ps.systemd

  ]);

  nativeBuildInputs = [

    meson

    ninja

    pkg-config

    cmake

    git

    python3.pkgs.wrapPython

    python3.pkgs.docutils

    python3.pkgs.jinja2

    python3.pkgs.dbus-python

    wrapGAppsHook3

    gobject-introspection

  ];

  buildInputs = [

    asio

    glib

    jsoncpp

    libcap_ng

    libnl

    libuuid

    lz4

    openssl

    protobuf

    tinyxml-2

    gdbuspp

  ] ++ lib.optionals enableSystemdResolved [ systemd.dev ];

  mesonFlags = [

    (lib.mesonOption "selinux" "disabled")

    (lib.mesonOption "selinux_policy" "disabled")

    (lib.mesonOption "bash-completion" "enabled")

    (lib.mesonOption "test_programs" "disabled")

    (lib.mesonOption "unit_tests" "disabled")

    (lib.mesonOption "asio_path" "${asio}")

    (lib.mesonOption "dbus_policy_dir" "${placeholder "out"}/share/dbus-1/system.d")

    (lib.mesonOption "dbus_system_service_dir" "${placeholder "out"}/share/dbus-1/system-services")

    (lib.mesonOption "systemd_system_unit_dir" "${placeholder "out"}/lib/systemd/system")

    (lib.mesonOption "create_statedir" "disabled")

    (lib.mesonOption "sharedstatedir" "/etc")

  ];

  dontWrapGApps = true;

  preFixup = ''

    makeWrapperArgs+=("''${gappsWrapperArgs[@]}")

  '';

  postFixup = ''

    wrapPythonPrograms

    wrapPythonProgramsIn "$out/libexec/openvpn3-linux" "$out ${pythonPath}"

  '';

  NIX_LDFLAGS = "-lpthread";

  meta = {

    description = "OpenVPN 3 Linux client";

    license = lib.licenses.agpl3Plus;

    homepage = "https://github.com/OpenVPN/openvpn3-linux/";

    changelog = "https://github.com/OpenVPN/openvpn3-linux/releases/tag/v${version}";

    maintainers = with lib.maintainers; [

      shamilton

      progrm_jarvis

    ];

    platforms = lib.platforms.linux;

  };

}

{ lib

, stdenv

, fetchFromGitHub

, asio

, autoconf-archive

, autoreconfHook

, glib

, gtest

, jsoncpp

, libcap_ng

, libnl

, libuuid

, lz4

, openssl

, pkg-config

, protobuf

, python3

, systemd

, enableSystemdResolved ? false

, tinyxml-2

, wrapGAppsHook3

}:

let

  openvpn3-core = fetchFromGitHub {

    owner = "OpenVPN";

    repo = "openvpn3";

    rev = "7590cb109349809b948e8edaeecabdbfe24e4b17";

    hash = "sha256-S9D/FQa7HYj0FJnyb5dCrtgTH9Nf2nvtyp/VHiebq7I=";

  };

in

stdenv.mkDerivation rec {

  pname = "openvpn3";

  # also update openvpn3-core

  version = "20";

  src = fetchFromGitHub {

    owner = "OpenVPN";

    repo = "openvpn3-linux";

    rev = "v${version}";

    hash = "sha256-Weyb+rcx04mpDdcL7Qt4O+PvPf5MLPAP/Uy+8qoNXbQ=";

  };

  postPatch = ''

    rm -r ./vendor/googletest

    cp -r ${gtest.src} ./vendor/googletest

    rm -r ./openvpn3-core

    ln -s ${openvpn3-core} ./openvpn3-core

    chmod -R +w ./vendor/googletest

    shopt -s globstar

    patchShebangs **/*.py **/*.sh ./src/python/{openvpn2,openvpn3-as,openvpn3-autoload} \

    ./distro/systemd/openvpn3-systemd ./src/tests/dbus/netcfg-subscription-test

    echo "3.git:v${version}:unknown" > openvpn3-core-version

  '';

  preAutoreconf = ''

    substituteInPlace ./update-version-m4.sh --replace 'VERSION="$(git describe --always --tags)"' "VERSION=v${version}"

    ./update-version-m4.sh

  '';

  nativeBuildInputs = [

    autoconf-archive

    autoreconfHook

    python3.pkgs.docutils

    python3.pkgs.jinja2

    pkg-config

    wrapGAppsHook3

    python3.pkgs.wrapPython

  ] ++ pythonPath;

  buildInputs = [

    asio

    glib

    jsoncpp

    libcap_ng

    libnl

    libuuid

    lz4

    openssl

    protobuf

    tinyxml-2

  ] ++ lib.optionals enableSystemdResolved [

    systemd

  ];

  # runtime deps

  pythonPath = with python3.pkgs; [

    dbus-python

    pygobject3

  ];

  dontWrapGApps = true;

  preFixup = ''

    makeWrapperArgs+=("''${gappsWrapperArgs[@]}")

  '';

  postFixup = ''

    wrapPythonPrograms

  '';

  configureFlags = [

    "--enable-bash-completion"

    "--enable-addons-aws"

    "--disable-selinux-build"

    "--disable-build-test-progs"

  ] ++ lib.optionals enableSystemdResolved [

    # This defaults to --resolv-conf /etc/resolv.conf. See

    # https://github.com/OpenVPN/openvpn3-linux/blob/v20/configure.ac#L434

    "DEFAULT_DNS_RESOLVER=--systemd-resolved"

  ];

  NIX_LDFLAGS = "-lpthread";

  meta = with lib; {

    description = "OpenVPN 3 Linux client";

    license = licenses.agpl3Plus;

    homepage = "https://github.com/OpenVPN/openvpn3-linux/";

    maintainers = with maintainers; [ shamilton ];

    platforms = platforms.linux;

  };

}