wg-netmanager: init at 0.3.6 (#155149)

Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
2 years ago · cb648f080d
parent fa286ff843
commit cb648f080d
5 changed files with 83 additions and 0 deletions
--- a/maintainers/maintainer-list.nix
+++ b/maintainers/maintainer-list.nix
@ -4396,6 +4396,12 @@
    githubId = 27668;
    name = "Tobias Pflug";
  };
+  gin66 = {
+    email = "jochen@kiemes.de";
+    github = "gin66";
+    githubId = 5549373;
+    name = "Jochen Kiemes";
+  };
  giogadi = {
    email = "lgtorres42@gmail.com";
    github = "giogadi";
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@ -914,6 +914,7 @@
  ./services/networking/vsftpd.nix
  ./services/networking/wasabibackend.nix
  ./services/networking/websockify.nix
+  ./services/networking/wg-netmanager.nix
  ./services/networking/wg-quick.nix
  ./services/networking/wireguard.nix
  ./services/networking/wpa_supplicant.nix
--- a/nixos/modules/services/networking/wg-netmanager.nix
+++ b/nixos/modules/services/networking/wg-netmanager.nix
@ -0,0 +1,42 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.services.wg-netmanager;
+in
+{
+
+  options = {
+    services.wg-netmanager = {
+      enable = mkEnableOption "Wireguard network manager";
+    };
+  };
+
+  ###### implementation
+  config = mkIf cfg.enable {
+    # NOTE: wg-netmanager runs as root
+    systemd.services.wg-netmanager = {
+      description = "Wireguard network manager";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
+      path = with pkgs; [ wireguard-tools iproute2 wireguard-go ];
+      serviceConfig = {
+        Type = "simple";
+        Restart = "on-failure";
+        ExecStart = "${pkgs.wg-netmanager}/bin/wg_netmanager";
+        ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
+        ExecStop = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
+
+        ReadWritePaths = [
+          "/tmp"  # wg-netmanager creates files in /tmp before deleting them after use
+        ];
+      };
+      unitConfig =  {
+        ConditionPathExists = ["/etc/wg_netmanager/network.yaml" "/etc/wg_netmanager/peer.yaml"];
+      };
+    };
+  };
+
+  meta.maintainers = with maintainers; [ gin66 ];
+}
--- a/pkgs/tools/networking/wg-netmanager/default.nix
+++ b/pkgs/tools/networking/wg-netmanager/default.nix
@ -0,0 +1,30 @@
+{ lib, stdenv, fetchFromGitHub, rustPlatform, darwin, wireguard-go, Security }:
+
+rustPlatform.buildRustPackage rec {
+  pname = "wg-netmanager";
+  version = "0.4.1";
+
+  src = fetchFromGitHub {
+    owner = "gin66";
+    repo = "wg_netmanager";
+    rev = "wg_netmanager-v${version}";
+    sha256 = "AAtSSBz2zGLIEpcEMbe1mfYZikiaYEI+6KeSL5n54PE=";
+  };
+
+  cargoSha256 = "17k83QkQDq5uRCRADRLD2Q7pv7yES20lpms/N/UK+BM=";
+
+  buildInputs = lib.optional stdenv.isDarwin Security;
+
+  # Test 01 tries to create a wireguard interface, which requires sudo.
+  doCheck = true;
+  checkFlags = "--skip device";
+
+  meta = with lib; {
+    description = "Wireguard network manager";
+    longDescription = "Wireguard network manager, written in rust, simplifies the setup of wireguard nodes, identifies short connections between nodes residing in the same subnet, identifies unreachable aka dead nodes and maintains the routes between all nodes automatically. To achieve this, wireguard network manager needs to be running on each node.";
+    homepage = "https://github.com/gin66/wg_netmanager";
+    license = with licenses; [ mit asl20 bsd3 mpl20 ];
+    maintainers = with maintainers; [ gin66 ];
+    platforms = platforms.linux;
+  };
+}
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@ -10937,6 +10937,10 @@ with pkgs;

  wg-friendly-peer-names = callPackage ../tools/networking/wg-friendly-peer-names { };

+  wg-netmanager = callPackage ../tools/networking/wg-netmanager {
+    inherit (darwin.apple_sdk.frameworks) Security;
+  };
+
  woff2 = callPackage ../development/web/woff2 { };

  woof = callPackage ../tools/misc/woof { };