summaryrefslogtreecommitdiff
path: root/pkgs/sentinel
diff options
context:
space:
mode:
authorKarel Kočí <cynerd@email.cz>2022-04-09 10:17:34 +0200
committerKarel Kočí <cynerd@email.cz>2022-04-09 10:17:34 +0200
commitbd9812fab0daea5f0911047a70494dc25089ac79 (patch)
treea96d9955b6aee8c5dcc435c551a5c2c724dd945e /pkgs/sentinel
downloadnixsentinel-bd9812fab0daea5f0911047a70494dc25089ac79.tar.gz
nixsentinel-bd9812fab0daea5f0911047a70494dc25089ac79.tar.bz2
nixsentinel-bd9812fab0daea5f0911047a70494dc25089ac79.zip
Initial versionHEADmaster
This was taken from nixturris.
Diffstat (limited to 'pkgs/sentinel')
-rw-r--r--pkgs/sentinel/certgen/default.nix25
-rw-r--r--pkgs/sentinel/dynfw-client/default.nix26
-rw-r--r--pkgs/sentinel/faillogs/default.nix29
-rw-r--r--pkgs/sentinel/fwlogs/default.nix30
-rw-r--r--pkgs/sentinel/minipot/default.nix29
-rw-r--r--pkgs/sentinel/proxy/default.nix31
6 files changed, 170 insertions, 0 deletions
diff --git a/pkgs/sentinel/certgen/default.nix b/pkgs/sentinel/certgen/default.nix
new file mode 100644
index 0000000..3818b9b
--- /dev/null
+++ b/pkgs/sentinel/certgen/default.nix
@@ -0,0 +1,25 @@
+{ buildPythonApplication, lib, fetchgit
+, python3
+, crypto-wrapper
+}:
+
+buildPythonApplication rec {
+ pname = "sentinel-certgen";
+ version = "6.2";
+ meta = with lib; {
+ homepage = "https://gitlab.nic.cz/turris/sentinel/certgen";
+ description = "Sentinel automated passwords and certificates retrieval";
+ license = licenses.gpl3;
+ };
+
+ src = fetchgit {
+ url = "https://gitlab.nic.cz/turris/sentinel/certgen.git";
+ rev = "v" + version;
+ sha256 = "10ii3j3wqdib7m2fc0w599981mv9q3ahj96q4kyrn5sh18v2c7nb";
+ };
+
+ propagatedBuildInputs = with python3.pkgs; [
+ crypto-wrapper
+ six requests cryptography
+ ];
+}
diff --git a/pkgs/sentinel/dynfw-client/default.nix b/pkgs/sentinel/dynfw-client/default.nix
new file mode 100644
index 0000000..b059b6d
--- /dev/null
+++ b/pkgs/sentinel/dynfw-client/default.nix
@@ -0,0 +1,26 @@
+{ buildPythonApplication, lib, fetchgit
+, ipset
+}:
+
+buildPythonApplication rec {
+ pname = "sentinel-dynfw-client";
+ version = "1.4.0";
+ meta = with lib; {
+ homepage = "https://gitlab.nic.cz/turris/sentinel/dynfw-client";
+ description = "Dynamic firewall client";
+ platforms = platforms.linux;
+ license = licenses.gpl3;
+ };
+
+ src = fetchgit {
+ url = "https://gitlab.nic.cz/turris/sentinel/dynfw-client.git";
+ rev = "v" + version;
+ sha256 = "1g0wbhsjzifvdfvig6922cl3yfj1f96yvg11s4vgiaxca9yspcmp";
+ };
+
+ buildInputs = [ipset];
+ preConfigure = ''
+ ls
+ find -type f | xargs sed -i 's#/usr/sbin/ipset#${ipset}#g'
+ '';
+}
diff --git a/pkgs/sentinel/faillogs/default.nix b/pkgs/sentinel/faillogs/default.nix
new file mode 100644
index 0000000..4b3a2d3
--- /dev/null
+++ b/pkgs/sentinel/faillogs/default.nix
@@ -0,0 +1,29 @@
+{ stdenv, lib, fetchgit
+, bootstrapHook, pkg-config, gperf
+, logc, logc-libs, libevent, czmq, msgpack, libconfig
+, check
+}:
+
+stdenv.mkDerivation rec {
+ pname = "sentinel-faillogs";
+ version = "0.1.0";
+ meta = with lib; {
+ homepage = "https://gitlab.nic.cz/turris/sentinel/faillogs";
+ description = "Failed login attempt logs collector";
+ license = licenses.gpl3;
+ };
+
+ src = fetchgit {
+ url = "https://gitlab.nic.cz/turris/sentinel/faillogs.git";
+ rev = "99ec41baed19cc1ca70490b2b8cd81784e7748d2";
+ sha256 = "1pp93z78qwg7arca5z70gdp5ja2jldk1rzig8r29a2fhjakd0hb2";
+ };
+
+ buildInputs = [logc logc-libs libevent czmq msgpack libconfig];
+ nativeBuildInputs = [bootstrapHook pkg-config gperf];
+ depsBuildBuild = [check];
+
+ doCheck = true;
+ doInstallCheck = true;
+ configureFlags = lib.optional (stdenv.hostPlatform == stdenv.buildPlatform) "--enable-tests";
+}
diff --git a/pkgs/sentinel/fwlogs/default.nix b/pkgs/sentinel/fwlogs/default.nix
new file mode 100644
index 0000000..6c9d529
--- /dev/null
+++ b/pkgs/sentinel/fwlogs/default.nix
@@ -0,0 +1,30 @@
+{ stdenv, lib, fetchgit
+, bootstrapHook, pkg-config
+, czmq, msgpack, logc-0_1, logc-libs, libconfig, libnetfilter_log
+, check
+}:
+
+stdenv.mkDerivation rec {
+ pname = "sentinel-proxy";
+ version = "0.2.0";
+ meta = with lib; {
+ homepage = "https://gitlab.nic.cz/turris/sentinel/fwlogs";
+ description = "Firewall logs collector";
+ platforms = platforms.linux;
+ license = licenses.gpl3;
+ };
+
+ src = fetchgit {
+ url = "https://gitlab.nic.cz/turris/sentinel/fwlogs.git";
+ rev = "v" + version;
+ sha256 = "04rlm3mlri2wz33z6jh2yh0p81lnrfpfmmfjrn4sfjwh1g21ins7";
+ };
+
+ buildInputs = [czmq msgpack logc-0_1 logc-libs libconfig libnetfilter_log];
+ nativeBuildInputs = [bootstrapHook pkg-config];
+ depsBuildBuild = [check];
+
+ doCheck = true;
+ doInstallCheck = true;
+ configureFlags = lib.optional (stdenv.hostPlatform == stdenv.buildPlatform) "--enable-tests";
+}
diff --git a/pkgs/sentinel/minipot/default.nix b/pkgs/sentinel/minipot/default.nix
new file mode 100644
index 0000000..1f26074
--- /dev/null
+++ b/pkgs/sentinel/minipot/default.nix
@@ -0,0 +1,29 @@
+{ stdenv, lib, fetchgit
+, bootstrapHook, pkg-config, gperf
+, czmq, msgpack, libevent, base64c, logc-0_1, logc-libs
+, check
+}:
+
+stdenv.mkDerivation rec {
+ pname = "sentinel-minipot";
+ version = "2.2";
+ meta = with lib; {
+ homepage = "https://gitlab.nic.cz/turris/sentinel/minipot";
+ description = "Firewall logs collector";
+ license = licenses.gpl3;
+ };
+
+ src = fetchgit {
+ url = "https://gitlab.nic.cz/turris/sentinel/minipot.git";
+ rev = "v" + version;
+ sha256 = "05p2q9mj8bhjapfphlrs45l691dmkpiia6ir1nnpa1pa5jy045p9";
+ };
+
+ buildInputs = [czmq msgpack libevent base64c logc-0_1 logc-libs];
+ nativeBuildInputs = [bootstrapHook pkg-config gperf];
+ depsBuildBuild = [check];
+
+ doCheck = true;
+ doInstallCheck = true;
+ configureFlags = lib.optional (stdenv.hostPlatform == stdenv.buildPlatform) "--enable-tests";
+}
diff --git a/pkgs/sentinel/proxy/default.nix b/pkgs/sentinel/proxy/default.nix
new file mode 100644
index 0000000..a3b6bf2
--- /dev/null
+++ b/pkgs/sentinel/proxy/default.nix
@@ -0,0 +1,31 @@
+{ stdenv, lib, fetchgit
+, bootstrapHook, pkg-config, gperf
+, openssl, zlib, czmq, libconfig, msgpack, paho-mqtt-c
+, check
+}:
+
+stdenv.mkDerivation rec {
+ pname = "sentinel-proxy";
+ version = "1.4";
+ meta = with lib; {
+ homepage = "https://gitlab.nic.cz/turris/sentinel/proxy";
+ description = "Main MQTT Sentinel client. Proxy that lives on the router and relays messages received from ZMQ to uplink server over MQTT channel.";
+ license = licenses.gpl3;
+ };
+
+ src = fetchgit {
+ url = "https://gitlab.nic.cz/turris/sentinel/proxy.git";
+ rev = "v" + version;
+ sha256 = "11s538yf4ydlzlx1vs9fc6hh9igf40s3v853mlcki8a28bni6xwb";
+ };
+
+ buildInputs = [openssl zlib czmq libconfig msgpack paho-mqtt-c];
+ nativeBuildInputs = [bootstrapHook pkg-config gperf];
+ depsBuildBuild = [check];
+
+ preConfigure = "./bootstrap";
+
+ doCheck = true;
+ doInstallCheck = true;
+ configureFlags = lib.optional (stdenv.hostPlatform == stdenv.buildPlatform) "--enable-tests";
+}