usbguard-nox: init at 0.7.4

This is just usbguard without the Qt GUI that brings in Qt dependencies.

Remove pandoc to reduce closure size. The usbguard build appears to
use it only for spell checking.

Remove asciidoctor because 0.7.1 switched to asciidoc. But don't add
a dependency on asciidoc, because that causes the build fails on
external DTDs.

nixos/modules/services/security/usbguard.nix

@@ -39,6 +39,16 @@ in {
     services.usbguard = {
       enable = mkEnableOption "USBGuard daemon";
 
+      package = mkOption {
+        type = types.package;
+        default = pkgs.usbguard;
+        defaultText = "pkgs.usbguard";
+        description = ''
+          The usbguard package to use. If you do not need the Qt GUI, use
+          <literal>pkgs.usbguard-nox</literal> to save disk space.
+        '';
+      };
+
       ruleFile = mkOption {
         type = types.path;
         default = "/var/lib/usbguard/rules.conf";
@@ -179,7 +189,7 @@ in {
 
   config = mkIf cfg.enable {
 
-    environment.systemPackages = [ pkgs.usbguard ];
+    environment.systemPackages = [ cfg.package ];
 
     systemd.services.usbguard = {
       description = "USBGuard daemon";
@@ -195,7 +205,7 @@ in {
 
       serviceConfig = {
         Type = "simple";
-        ExecStart = ''${pkgs.usbguard}/bin/usbguard-daemon -P -k -c ${daemonConfFile}'';
+        ExecStart = ''${cfg.package}/bin/usbguard-daemon -P -k -c ${daemonConfFile}'';
         Restart = "on-failure";
       };
     };

pkgs/os-specific/linux/usbguard/default.nix

@@ -1,8 +1,11 @@
 {
   stdenv, fetchurl, lib,
-  libxslt, pandoc, asciidoctor, pkgconfig,
+  pkgconfig, libxml2, libxslt,
-  dbus-glib, libcap_ng, libqb, libseccomp, polkit, protobuf, qtbase, qttools, qtsvg,
+  dbus-glib, libcap_ng, libqb, libseccomp, polkit, protobuf, audit,
-  audit,
+  withGui ? true,
+  qtbase ? null,
+  qttools ? null,
+  qtsvg ? null,
   libgcrypt ? null,
   libsodium ? null
 }:
@@ -23,10 +26,9 @@ stdenv.mkDerivation rec {
   };
 
   nativeBuildInputs = [
-    libxslt
-    asciidoctor
-    pandoc # for rendering documentation
     pkgconfig
+    libxslt # xsltproc
+    libxml2 # xmllint
   ];
 
   buildInputs = [
@@ -37,23 +39,20 @@ stdenv.mkDerivation rec {
     polkit
     protobuf
     audit
-
-    qtbase
-    qtsvg
-    qttools
   ]
   ++ (lib.optional (libgcrypt != null) libgcrypt)
-  ++ (lib.optional (libsodium != null) libsodium);
+  ++ (lib.optional (libsodium != null) libsodium)
+  ++ (lib.optionals withGui [ qtbase qtsvg qttools ]);
 
   configureFlags = [
     "--with-bundled-catch"
     "--with-bundled-pegtl"
     "--with-dbus"
-    "--with-gui-qt=qt5"
     "--with-polkit"
   ]
   ++ (lib.optional (libgcrypt != null) "--with-crypto-library=gcrypt")
-  ++ (lib.optional (libsodium != null) "--with-crypto-library=sodium");
+  ++ (lib.optional (libsodium != null) "--with-crypto-library=sodium")
+  ++ (lib.optional withGui "--with-gui-qt=qt5");
 
   enableParallelBuilding = true;
 

pkgs/top-level/all-packages.nix

@@ -16057,6 +16057,10 @@ in
     libgcrypt = null;
   };
 
+  usbguard-nox = usbguard.override {
+    withGui = false;
+  };
+
   usbutils = callPackage ../os-specific/linux/usbutils { };
 
   usermount = callPackage ../os-specific/linux/usermount { };