6 files changed, 170 insertions, 0 deletions

diff --git a/pkgs/sentinel/certgen/default.nix b/pkgs/sentinel/certgen/default.nix
new file mode 100644
index 0000000..3818b9b
--- /dev/null
+++ b/pkgs/sentinel/certgen/default.nix
@@ -0,0 +1,25 @@
+{ buildPythonApplication, lib, fetchgit
+, python3
+, crypto-wrapper
+}:
+
+buildPythonApplication rec {
+  pname = "sentinel-certgen";
+  version = "6.2";
+  meta = with lib; {
+    homepage = "https://gitlab.nic.cz/turris/sentinel/certgen";
+    description = "Sentinel automated passwords and certificates retrieval";
+    license = licenses.gpl3;
+  };
+
+  src = fetchgit {
+    url = "https://gitlab.nic.cz/turris/sentinel/certgen.git";
+    rev = "v" + version;
+    sha256 = "10ii3j3wqdib7m2fc0w599981mv9q3ahj96q4kyrn5sh18v2c7nb";
+  };
+
+  propagatedBuildInputs = with python3.pkgs; [
+    crypto-wrapper
+    six requests cryptography
+  ];
+}
diff --git a/pkgs/sentinel/dynfw-client/default.nix b/pkgs/sentinel/dynfw-client/default.nix
new file mode 100644
index 0000000..b059b6d
--- /dev/null
+++ b/pkgs/sentinel/dynfw-client/default.nix
@@ -0,0 +1,26 @@
+{ buildPythonApplication, lib, fetchgit
+, ipset
+}:
+
+buildPythonApplication rec {
+  pname = "sentinel-dynfw-client";
+  version = "1.4.0";
+  meta = with lib; {
+    homepage = "https://gitlab.nic.cz/turris/sentinel/dynfw-client";
+    description = "Dynamic firewall client";
+    platforms = platforms.linux;
+    license = licenses.gpl3;
+  };
+
+  src = fetchgit {
+    url = "https://gitlab.nic.cz/turris/sentinel/dynfw-client.git";
+    rev = "v" + version;
+    sha256 = "1g0wbhsjzifvdfvig6922cl3yfj1f96yvg11s4vgiaxca9yspcmp";
+  };
+
+  buildInputs = [ipset];
+  preConfigure = ''
+    ls
+    find -type f | xargs sed -i 's#/usr/sbin/ipset#${ipset}#g' 
+    '';
+}
diff --git a/pkgs/sentinel/faillogs/default.nix b/pkgs/sentinel/faillogs/default.nix
new file mode 100644
index 0000000..4b3a2d3
--- /dev/null
+++ b/pkgs/sentinel/faillogs/default.nix
@@ -0,0 +1,29 @@
+{ stdenv, lib, fetchgit
+, bootstrapHook, pkg-config, gperf
+, logc, logc-libs, libevent, czmq, msgpack, libconfig
+, check
+}:
+
+stdenv.mkDerivation rec {
+  pname = "sentinel-faillogs";
+  version = "0.1.0";
+  meta = with lib; {
+    homepage = "https://gitlab.nic.cz/turris/sentinel/faillogs";
+    description = "Failed login attempt logs collector";
+    license = licenses.gpl3;
+  };
+
+  src = fetchgit {
+    url = "https://gitlab.nic.cz/turris/sentinel/faillogs.git";
+    rev = "99ec41baed19cc1ca70490b2b8cd81784e7748d2";
+    sha256 = "1pp93z78qwg7arca5z70gdp5ja2jldk1rzig8r29a2fhjakd0hb2";
+  };
+
+  buildInputs = [logc logc-libs libevent czmq msgpack libconfig];
+  nativeBuildInputs = [bootstrapHook pkg-config gperf];
+  depsBuildBuild = [check];
+
+  doCheck = true;
+  doInstallCheck = true;
+  configureFlags = lib.optional (stdenv.hostPlatform == stdenv.buildPlatform) "--enable-tests";
+}
diff --git a/pkgs/sentinel/fwlogs/default.nix b/pkgs/sentinel/fwlogs/default.nix
new file mode 100644
index 0000000..6c9d529
--- /dev/null
+++ b/pkgs/sentinel/fwlogs/default.nix
@@ -0,0 +1,30 @@
+{ stdenv, lib, fetchgit
+, bootstrapHook, pkg-config
+, czmq, msgpack, logc-0_1, logc-libs, libconfig, libnetfilter_log
+, check
+}:
+
+stdenv.mkDerivation rec {
+  pname = "sentinel-proxy";
+  version = "0.2.0";
+  meta = with lib; {
+    homepage = "https://gitlab.nic.cz/turris/sentinel/fwlogs";
+    description = "Firewall logs collector";
+    platforms = platforms.linux;
+    license = licenses.gpl3;
+  };
+
+  src = fetchgit {
+    url = "https://gitlab.nic.cz/turris/sentinel/fwlogs.git";
+    rev = "v" + version;
+    sha256 = "04rlm3mlri2wz33z6jh2yh0p81lnrfpfmmfjrn4sfjwh1g21ins7";
+  };
+
+  buildInputs = [czmq msgpack logc-0_1 logc-libs libconfig libnetfilter_log];
+  nativeBuildInputs = [bootstrapHook pkg-config];
+  depsBuildBuild = [check];
+
+  doCheck = true;
+  doInstallCheck = true;
+  configureFlags = lib.optional (stdenv.hostPlatform == stdenv.buildPlatform) "--enable-tests";
+}
diff --git a/pkgs/sentinel/minipot/default.nix b/pkgs/sentinel/minipot/default.nix
new file mode 100644
index 0000000..1f26074
--- /dev/null
+++ b/pkgs/sentinel/minipot/default.nix
@@ -0,0 +1,29 @@
+{ stdenv, lib, fetchgit
+, bootstrapHook, pkg-config, gperf
+, czmq, msgpack, libevent, base64c, logc-0_1, logc-libs
+, check
+}:
+
+stdenv.mkDerivation rec {
+  pname = "sentinel-minipot";
+  version = "2.2";
+  meta = with lib; {
+    homepage = "https://gitlab.nic.cz/turris/sentinel/minipot";
+    description = "Firewall logs collector";
+    license = licenses.gpl3;
+  };
+
+  src = fetchgit {
+    url = "https://gitlab.nic.cz/turris/sentinel/minipot.git";
+    rev = "v" + version;
+    sha256 = "05p2q9mj8bhjapfphlrs45l691dmkpiia6ir1nnpa1pa5jy045p9";
+  };
+
+  buildInputs = [czmq msgpack libevent base64c logc-0_1 logc-libs];
+  nativeBuildInputs = [bootstrapHook pkg-config gperf];
+  depsBuildBuild = [check];
+
+  doCheck = true;
+  doInstallCheck = true;
+  configureFlags = lib.optional (stdenv.hostPlatform == stdenv.buildPlatform) "--enable-tests";
+}
diff --git a/pkgs/sentinel/proxy/default.nix b/pkgs/sentinel/proxy/default.nix
new file mode 100644
index 0000000..a3b6bf2
--- /dev/null
+++ b/pkgs/sentinel/proxy/default.nix
@@ -0,0 +1,31 @@
+{ stdenv, lib, fetchgit
+, bootstrapHook, pkg-config, gperf
+, openssl, zlib, czmq, libconfig, msgpack, paho-mqtt-c
+, check
+}:
+
+stdenv.mkDerivation rec {
+  pname = "sentinel-proxy";
+  version = "1.4";
+  meta = with lib; {
+    homepage = "https://gitlab.nic.cz/turris/sentinel/proxy";
+    description = "Main MQTT Sentinel client. Proxy that lives on the router and relays messages received from ZMQ to uplink server over MQTT channel.";
+    license = licenses.gpl3;
+  };
+
+  src = fetchgit {
+    url = "https://gitlab.nic.cz/turris/sentinel/proxy.git";
+    rev = "v" + version;
+    sha256 = "11s538yf4ydlzlx1vs9fc6hh9igf40s3v853mlcki8a28bni6xwb";
+  };
+
+  buildInputs = [openssl zlib czmq libconfig msgpack paho-mqtt-c];
+  nativeBuildInputs = [bootstrapHook pkg-config gperf];
+  depsBuildBuild = [check];
+
+  preConfigure = "./bootstrap";
+
+  doCheck = true;
+  doInstallCheck = true;
+  configureFlags = lib.optional (stdenv.hostPlatform == stdenv.buildPlatform) "--enable-tests";
+}