diff --git a/glicid/packages/vpn.scm b/glicid/packages/vpn.scm index d6f4ab1..1885e94 100644 --- a/glicid/packages/vpn.scm +++ b/glicid/packages/vpn.scm @@ -1,22 +1,113 @@ (define-module (glicid packages vpn) - #:use-module (guix packages) - #:use-module ((gnu packages vpn) - #:prefix gnu:) - #:use-module (guix download)) + #:use-module (guix) + #:use-module (ice-9 match) + #:use-module ((guix licenses) #:prefix license:) + #:use-module (guix utils) + #:use-module (guix download) + #:use-module (guix git-download) + #:use-module (guix packages) + #:use-module (guix build-system copy) + #:use-module (guix build-system go) + #:use-module (nonguix build-system binary) + #:use-module (gnu packages dns) + #:use-module (gnu packages gl) + #:use-module (gnu packages golang) + #:use-module (gnu packages golang-build) + #:use-module (gnu packages golang-web) + #:use-module (gnu packages golang-xyz) + #:use-module (gnu packages linux) + #:use-module (gnu packages xorg) + ) -; guix defined openconnect is now newer +(define %netbird-version "0.30.2") -;(define-public openconnect-upstream -; (package -; (inherit gnu:openconnect) -; (version "8.20") -; (source -; (origin -; (method url-fetch) -; (uri (string-append "https://www.infradead.org/openconnect/download/openconnect-" version ".tar.gz")) -; (sha256 (base32 "1cdsx4nsrwawbsisfkldfc9i4qn60g03vxb13nzppr2br9p4rrih")) -; ) -; ) -; (name "openconnect-upstream") -; ) -; ) +(define-public netbird-cli + (package + (name "netbird-cli") + (version %netbird-version) + (source (origin + (method url-fetch) + (uri (string-append "https://github.com/netbirdio/netbird/releases/download/v" version "/netbird_" version "_linux_amd64.tar.gz")) + (sha256 (base32 "0ydmvq5q5f4ga2b8ms4aiiwkla27c0s6lps3sadzhjzn0j36l45n")))) + (build-system copy-build-system) + (arguments + `(#:install-plan `(("netbird" "/bin/")))) + (propagated-inputs (list openresolv iptables nftables ebtables)) + (synopsis "NetBird combines a configuration-free peer-to-peer private network and a centralized access control system in a single platform, making it easy to create secure private networks for your organization or home. +Connect. NetBird creates a WireGuard-based overlay network that automatically connects your machines over an encrypted tunnel, leaving behind the hassle of opening ports, complex firewall rules, VPN gateways, and so forth. +Secure. NetBird enables secure remote access by applying granular access policies while allowing you to manage them intuitively from a single place. Works universally on any infrastructure.") + (description "netbird client cli program. dirty version from github artifacts.") + (home-page "https://github.com/netbirdio/netbird") + (license license:expat))) + +(define-public go-netbird-cli + (package + (name "go-netbird-cli") + (version %netbird-version) + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/netbirdio/netbird") + (commit (string-append "v" version)))) + (file-name (git-file-name name version)) + (sha256 (base32 "1q8vsk2hmb0mq3553vhss1cad7z0hj7055n4ga6bh3x7wmx13wph")))) + (build-system go-build-system) + (native-inputs (list go-github-com-cenkalti-backoff-v4 + go-github-com-ayufan-golang-kardianos-service + go-github-com-google-uuid + go-github-com-pion-ice-v3 + go-github-com-pion-logging + go-github-com-pion-stun-v2 + go-github-com-pion-transport-v3 + go-github-com-sirupsen-logrus + go-golang-zx2c4-com-wireguard + go-github-com-google-gopacket + go-github-com-libp2p-go-netroute + go-github-com-mdlayher-socket + go-github-com-hashicorp-go-multierror + go-github-com-godbus-dbus-v5 + go-github-com-vishvananda-netlink + go-gopkg-in-natefinch-lumberjack.v2 + go-google-golang-org-protobuf + go-github-com-spf13-pflag + go-github-com-spf13-cobra + go-github-com-skratchdot-open-golang + go-golang-org-x-oauth2 + go-github-com-miekg-dns + go-github-com-hashicorp-go-version + go-github-com-fsnotify-fsnotify + )) + (arguments + `(#:import-path "github.com/netbirdio/netbird" + #:phases + (modify-phases %standard-phases + (replace 'build + (lambda _ + (invoke "go" "build" "-C" "src/github.com/netbirdio/netbird/client") + ))))) + (synopsis "") + (description "") + (home-page "") + (license #f) + )) + +(define-public netbird-ui + (package + (name "netbird-ui") + (version %netbird-version) + (source (origin + (method url-fetch) + (uri (string-append "https://github.com/netbirdio/netbird/releases/download/v" version "/netbird-ui-linux_" version "_linux_amd64.tar.gz")) + (sha256 (base32 "06261pqrgpmr4macrcp5d2052i5rhgq87a7l64w9hjn0dh6wg6rc")))) + (build-system binary-build-system) + (inputs (list libx11 libglvnd)) + (arguments + `(#:install-plan `(("netbird-ui" "/bin/")) + #:patchelf-plan `(("netbird-ui" ("libx11" "libglvnd"))) + #:strip-binaries? #f)) + (synopsis "NetBird combines a configuration-free peer-to-peer private network and a centralized access control system in a single platform, making it easy to create secure private networks for your organization or home. +Connect. NetBird creates a WireGuard-based overlay network that automatically connects your machines over an encrypted tunnel, leaving behind the hassle of opening ports, complex firewall rules, VPN gateways, and so forth. +Secure. NetBird enables secure remote access by applying granular access policies while allowing you to manage them intuitively from a single place. Works universally on any infrastructure.") + (description "netbird client ui program. dirty version from github artifacts.") + (home-page "https://github.com/netbirdio/netbird") + (license license:expat))) diff --git a/glicid/services/vpn.scm b/glicid/services/vpn.scm new file mode 100644 index 0000000..ab3a332 --- /dev/null +++ b/glicid/services/vpn.scm @@ -0,0 +1,85 @@ +(define-module (glicid services vpn) + #:use-module (guix gexp) + #:use-module (gnu packages bash) + #:use-module (gnu services) + #:use-module (gnu services shepherd) + #:use-module (guix records) + #:use-module (gnu system shadow) + #:use-module (glicid packages vpn) + #:use-module (ice-9 match) + #:export ( + %netbird-accounts + %netbird-user + %netbird-group + %netbird-activation + netbird-configuration + netbird-configuration? + netbird-shepherd-service + netbird-service-type + )) + +(define %netbird-group + (user-group + (name "netbird") + (system? #t))) + +(define %netbird-user + (user-account + (name "netbird") + (group "netbird") + (system? #t) + (comment "netbird server user") + (home-directory "/etc/netbird") + (shell (file-append bash "/bin/bash")))) + +(define %netbird-accounts + (list %netbird-group %netbird-user)) + +(define-record-type* netbird-configuration + make-netbird-configuration + netbird-configuration? + (netbird netbird (default netbird-cli)) + (config-file config-file (default "/etc/netbird/config.json")) + (daemon-addr daemon-addr (default "unix:///var/run/netbird.sock")) + (log-file log-file (default "/var/log/netbird.log")) + ) + +(define %netbird-activation + #~(begin + (mkdir-p "/etc/netbird") + #t)) + +(define netbird-shepherd-service + (match-lambda + (($ netbird config-file daemon-addr log-file) + (list + (shepherd-service + (provision '(netbird)) + (documentation "Run netbird daemon.") + (requirement '(user-processes)) + (respawn? #t) + (start #~(make-forkexec-constructor + (list (string-append #$netbird "/bin/netbird") + "service" + "run" + "--config" + #$config-file + "--log-level" + "info" + "--daemon-addr" + #$daemon-addr + "--log-file" + "console") + #:environment-variables (list + "PATH=/run/current-system/profile/bin:/run/current-system/profile/sbin:/run/current-system/profile/libexec") + #:log-file #$log-file )) + (stop #~(make-kill-destructor))))))) + +(define netbird-service-type + (service-type + (name 'netbird) + (default-value (netbird-configuration)) + (extensions (list + (service-extension activation-service-type (const %netbird-activation)) + (service-extension shepherd-root-service-type netbird-shepherd-service))) + (description "run netbird vpn service")))