diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index a69066023bb50..b48648dfd4e5c 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -10186,6 +10186,16 @@ github = "ymarkus"; githubId = 62380378; }; + ymatsiuk = { + name = "Yurii Matsiuk"; + email = "ymatsiuk@users.noreply.github.com"; + github = "ymatsiuk"; + githubId = 24990891; + keys = [{ + longkeyid = "rsa4096/0x61302290298601AA"; + fingerprint = "7BB8 84B5 74DA FDB1 E194 ED21 6130 2290 2986 01AA"; + }]; + }; ymeister = { name = "Yuri Meister"; email = "47071325+ymeister@users.noreply.github.com"; diff --git a/nixos/modules/programs/appgate-sdp.nix b/nixos/modules/programs/appgate-sdp.nix new file mode 100644 index 0000000000000..1dec4ecf9eccb --- /dev/null +++ b/nixos/modules/programs/appgate-sdp.nix @@ -0,0 +1,23 @@ +{ config, pkgs, lib, ... }: + +with lib; + +{ + options = { + programs.appgate-sdp = { + enable = mkEnableOption + "AppGate SDP VPN client"; + }; + }; + + config = mkIf config.programs.appgate-sdp.enable { + boot.kernelModules = [ "tun" ]; + environment.systemPackages = [ pkgs.appgate-sdp ]; + services.dbus.packages = [ pkgs.appgate-sdp ]; + systemd = { + packages = [ pkgs.appgate-sdp ]; + # https://github.com/NixOS/nixpkgs/issues/81138 + services.appgatedriver.wantedBy = [ "multi-user.target" ]; + }; + }; +} diff --git a/pkgs/applications/networking/appgate-sdp/default.nix b/pkgs/applications/networking/appgate-sdp/default.nix new file mode 100644 index 0000000000000..c56a6eb658257 --- /dev/null +++ b/pkgs/applications/networking/appgate-sdp/default.nix @@ -0,0 +1,169 @@ +{ alsaLib +, at-spi2-atk +, at-spi2-core +, atk +, bash +, cairo +, coreutils +, cups +, curl +, dbus +, dnsmasq +, dpkg +, e2fsprogs +, expat +, fetchurl +, gdk-pixbuf +, glib +, gtk3 +, icu +, iproute +, krb5 +, lib +, libX11 +, libXScrnSaver +, libXcomposite +, libXcursor +, libXdamage +, libXext +, libXfixes +, libXi +, libXrandr +, libXrender +, libXtst +, libsecret +, libuuid +, libxcb +, lttng-ust +, makeWrapper +, networkmanager +, nspr +, nss +, openssl +, pango +, procps +, python37 +, python37Packages +, stdenv +, systemd +, zlib +}: +with stdenv.lib; +let + deps = [ + alsaLib + at-spi2-atk + at-spi2-core + atk + cairo + cups + curl + dbus + expat + gdk-pixbuf + glib + gtk3 + icu + krb5 + libX11 + libXScrnSaver + libXcomposite + libXcursor + libXdamage + libXext + libXfixes + libXi + libXrandr + libXrender + libXtst + libsecret + libuuid + libxcb + lttng-ust + nspr + nss + openssl + pango + stdenv.cc.cc + systemd + zlib + ]; + rpath = stdenv.lib.makeLibraryPath deps ; +in +stdenv.mkDerivation rec { + pname = "appgate-sdp"; + version = "5.1.2"; + + src = fetchurl { + url = "https://bin.appgate-sdp.com/5.1/client/appgate-sdp_${version}_amd64.deb"; + sha256 = "0v4vfibg1giml3vfz2w7qypqzymvfchi5qm6vfagah2vfbkw7xc2"; + }; + + dontConfigure = true; + dontBuild = true; + enableParallelBuilding = true; + + buildInputs = [ + python37 + python37Packages.dbus-python + ]; + + nativeBuildInputs = [ + makeWrapper + dpkg + ]; + + unpackPhase = '' + dpkg-deb -x $src $out + ''; + + installPhase = '' + mkdir -p $out/bin + ln -s "$out/opt/appgate/appgate" "$out/bin/appgate" + cp -r $out/usr/share $out/share + + for file in $out/opt/appgate/linux/appgate-resolver.pre \ + $out/opt/appgate/linux/appgate-dumb-resolver.pre \ + $out/lib/systemd/system/appgatedriver.service \ + $out/lib/systemd/system/appgate-dumb-resolver.service \ + $out/lib/systemd/system/appgate-resolver.service + do + substituteInPlace $file \ + --replace "/bin/sh" "${bash}/bin/sh" \ + --replace "/opt/" "$out/opt/" \ + --replace "/usr/sbin/dnsmasq" "${dnsmasq}/bin/dnsmasq" \ + --replace "InaccessiblePaths=/mnt /srv /boot /media" "InaccessiblePaths=-/mnt -/srv -/boot -/media" \ + --replace "cat" "${coreutils}/bin/cat" \ + --replace "chattr" "${e2fsprogs}/bin/chattr" \ + --replace "mv" "${coreutils}/bin/mv" \ + --replace "pkill" "${procps}/bin/pkill" + done + + substituteInPlace $out/opt/appgate/linux/nm.py --replace "/usr/sbin/dnsmasq" "${dnsmasq}/bin/dnsmasq" + substituteInPlace $out/opt/appgate/linux/set_dns \ + --replace "service appgate-resolver stop" "${systemd.out}/bin/systemctl stop appgate-resolver" \ + --replace "/etc/appgate.conf" "$out/etc/appgate.conf" + + ''; + + postFixup = '' + find $out -type f -name "*.so" -exec patchelf --set-rpath '$ORIGIN:${rpath}' {} \; + for binary in $out/opt/appgate/appgate-driver \ + $out/opt/appgate/appgate \ + $out/opt/appgate/service/createdump \ + $out/opt/appgate/service/appgateservice.bin + do + patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" --set-rpath "$ORIGIN:$out/opt/appgate/service/:$out/opt/appgate/:${rpath}" $binary + done + + wrapProgram $out/opt/appgate/appgate-driver --prefix PATH : ${stdenv.lib.makeBinPath [ iproute networkmanager dnsmasq ]} + wrapProgram $out/opt/appgate/linux/set_dns --set PYTHONPATH $PYTHONPATH + ''; + meta = with stdenv.lib; { + description = "Appgate SDP (Software Defined Perimeter) desktop client"; + homepage = https://www.appgate.com/support/software-defined-perimeter-support; + license = licenses.unfree; + platforms = platforms.linux; + maintainers = with maintainers; [ ymatsiuk ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index c0bdfa323fe5c..e5d98c6c08e9a 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -20646,6 +20646,8 @@ in appeditor = callPackage ../applications/misc/appeditor { }; + appgate-sdp = callPackage ../applications/networking/appgate-sdp { }; + apostrophe = callPackage ../applications/editors/apostrophe { pythonPackages = python3Packages; };