Merge pull request #63539 from ivan/usbguard-nox

usbguard-nox: init at 0.7.4
2019-08-23 16:25:13 +02:00 · 2019-08-23 16:25:13 +02:00 · 3a64303a20
commit 3a64303a20
parent 79c2ed6b60 f2ea454617
3 changed files with 28 additions and 15 deletions
--- a/nixos/modules/services/security/usbguard.nix
+++ b/nixos/modules/services/security/usbguard.nix
@ -39,6 +39,16 @@ in {
    services.usbguard = {
      enable = mkEnableOption "USBGuard daemon";

+      package = mkOption {
+        type = types.package;
+        default = pkgs.usbguard;
+        defaultText = "pkgs.usbguard";
+        description = ''
+          The usbguard package to use. If you do not need the Qt GUI, use
+          <literal>pkgs.usbguard-nox</literal> to save disk space.
+        '';
+      };
+
      ruleFile = mkOption {
        type = types.path;
        default = "/var/lib/usbguard/rules.conf";
@ -179,7 +189,7 @@ in {

  config = mkIf cfg.enable {

-    environment.systemPackages = [ pkgs.usbguard ];
+    environment.systemPackages = [ cfg.package ];

    systemd.services.usbguard = {
      description = "USBGuard daemon";
@ -195,7 +205,7 @@ in {

      serviceConfig = {
        Type = "simple";
-        ExecStart = ''${pkgs.usbguard}/bin/usbguard-daemon -P -k -c ${daemonConfFile}'';
+        ExecStart = ''${cfg.package}/bin/usbguard-daemon -P -k -c ${daemonConfFile}'';
        Restart = "on-failure";
      };
    };
--- a/pkgs/os-specific/linux/usbguard/default.nix
+++ b/pkgs/os-specific/linux/usbguard/default.nix
@ -1,8 +1,11 @@
 {
  stdenv, fetchurl, lib,
-  libxslt, pandoc, asciidoctor, pkgconfig,
-  dbus-glib, libcap_ng, libqb, libseccomp, polkit, protobuf, qtbase, qttools, qtsvg,
-  audit,
+  pkgconfig, libxml2, libxslt,
+  dbus-glib, libcap_ng, libqb, libseccomp, polkit, protobuf, audit,
+  withGui ? true,
+  qtbase ? null,
+  qttools ? null,
+  qtsvg ? null,
  libgcrypt ? null,
  libsodium ? null
 }:
@ -23,10 +26,9 @@ stdenv.mkDerivation rec {
  };

  nativeBuildInputs = [
-    libxslt
-    asciidoctor
-    pandoc # for rendering documentation
    pkgconfig
+    libxslt # xsltproc
+    libxml2 # xmllint
  ];

  buildInputs = [
@ -37,23 +39,20 @@ stdenv.mkDerivation rec {
    polkit
    protobuf
    audit
-
-    qtbase
-    qtsvg
-    qttools
  ]
  ++ (lib.optional (libgcrypt != null) libgcrypt)
-  ++ (lib.optional (libsodium != null) libsodium);
+  ++ (lib.optional (libsodium != null) libsodium)
+  ++ (lib.optionals withGui [ qtbase qtsvg qttools ]);

  configureFlags = [
    "--with-bundled-catch"
    "--with-bundled-pegtl"
    "--with-dbus"
-    "--with-gui-qt=qt5"
    "--with-polkit"
  ]
  ++ (lib.optional (libgcrypt != null) "--with-crypto-library=gcrypt")
-  ++ (lib.optional (libsodium != null) "--with-crypto-library=sodium");
+  ++ (lib.optional (libsodium != null) "--with-crypto-library=sodium")
+  ++ (lib.optional withGui "--with-gui-qt=qt5");

  enableParallelBuilding = true;

--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@ -16413,6 +16413,10 @@ in
    libgcrypt = null;
  };

+  usbguard-nox = usbguard.override {
+    withGui = false;
+  };
+
  usbutils = callPackage ../os-specific/linux/usbutils { };

  usermount = callPackage ../os-specific/linux/usermount { };