public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #63539 from ivan/usbguard-nox

Browse Source 
usbguard-nox: init at 0.7.4
This commit is contained in:
Sarah Brofeldt 2019-08-23 16:25:13 +02:00 committed by GitHub
commit 3a64303a20
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 28 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
nixos/modules/services/security/usbguard.nix
View File

@ -39,6 +39,16 @@ in {
services.usbguard = { services.usbguard = {
enable = mkEnableOption "USBGuard daemon"; enable = mkEnableOption "USBGuard daemon";
package = mkOption {
type = types.package;
default = pkgs.usbguard;
defaultText = "pkgs.usbguard";
description = ''
The usbguard package to use. If you do not need the Qt GUI, use
<literal>pkgs.usbguard-nox</literal> to save disk space.
'';
};
ruleFile = mkOption { ruleFile = mkOption {
type = types.path; type = types.path;
default = "/var/lib/usbguard/rules.conf"; default = "/var/lib/usbguard/rules.conf";
@ -179,7 +189,7 @@ in {
config = mkIf cfg.enable { config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.usbguard ]; environment.systemPackages = [ cfg.package ];
systemd.services.usbguard = { systemd.services.usbguard = {
description = "USBGuard daemon"; description = "USBGuard daemon";
@ -195,7 +205,7 @@ in {
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
ExecStart = ''${pkgs.usbguard}/bin/usbguard-daemon -P -k -c ${daemonConfFile}''; ExecStart = ''${cfg.package}/bin/usbguard-daemon -P -k -c ${daemonConfFile}'';
Restart = "on-failure"; Restart = "on-failure";
}; };
}; };

25
pkgs/os-specific/linux/usbguard/default.nix
View File

@ -1,8 +1,11 @@
{ {
stdenv, fetchurl, lib, stdenv, fetchurl, lib,
libxslt, pandoc, asciidoctor, pkgconfig, pkgconfig, libxml2, libxslt,
dbus-glib, libcap_ng, libqb, libseccomp, polkit, protobuf, qtbase, qttools, qtsvg, dbus-glib, libcap_ng, libqb, libseccomp, polkit, protobuf, audit,
audit, withGui ? true,
qtbase ? null,
qttools ? null,
qtsvg ? null,
libgcrypt ? null, libgcrypt ? null,
libsodium ? null libsodium ? null
}: }:
@ -23,10 +26,9 @@ stdenv.mkDerivation rec {
}; };
nativeBuildInputs = [ nativeBuildInputs = [
libxslt
asciidoctor
pandoc # for rendering documentation
pkgconfig pkgconfig
libxslt # xsltproc
libxml2 # xmllint
]; ];
buildInputs = [ buildInputs = [
@ -37,23 +39,20 @@ stdenv.mkDerivation rec {
polkit polkit
protobuf protobuf
audit audit
qtbase
qtsvg
qttools
] ]
++ (lib.optional (libgcrypt != null) libgcrypt) ++ (lib.optional (libgcrypt != null) libgcrypt)
++ (lib.optional (libsodium != null) libsodium); ++ (lib.optional (libsodium != null) libsodium)
++ (lib.optionals withGui [ qtbase qtsvg qttools ]);
configureFlags = [ configureFlags = [
"--with-bundled-catch" "--with-bundled-catch"
"--with-bundled-pegtl" "--with-bundled-pegtl"
"--with-dbus" "--with-dbus"
"--with-gui-qt=qt5"
"--with-polkit" "--with-polkit"
] ]
++ (lib.optional (libgcrypt != null) "--with-crypto-library=gcrypt") ++ (lib.optional (libgcrypt != null) "--with-crypto-library=gcrypt")
++ (lib.optional (libsodium != null) "--with-crypto-library=sodium"); ++ (lib.optional (libsodium != null) "--with-crypto-library=sodium")
++ (lib.optional withGui "--with-gui-qt=qt5");
enableParallelBuilding = true; enableParallelBuilding = true;

4
pkgs/top-level/all-packages.nix
View File

@ -16413,6 +16413,10 @@ in
libgcrypt = null; libgcrypt = null;
}; };
usbguard-nox = usbguard.override {
withGui = false;
};
usbutils = callPackage ../os-specific/linux/usbutils { }; usbutils = callPackage ../os-specific/linux/usbutils { };
usermount = callPackage ../os-specific/linux/usermount { }; usermount = callPackage ../os-specific/linux/usermount { };