cato: init at 5.2.1.1

NixOS · Sep 20, 2024 · 9817415 · 9817415
1 parent 8d18fff
commit 9817415
Show file tree

Hide file tree

Showing 3 changed files with 116 additions and 0 deletions.
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
@@ -988,6 +988,7 @@
   ./services/networking/bitlbee.nix
   ./services/networking/blockbook-frontend.nix
   ./services/networking/blocky.nix
+  ./services/networking/cato-client.nix
   ./services/networking/centrifugo.nix
   ./services/networking/cgit.nix
   ./services/networking/charybdis.nix

diff --git a/nixos/modules/services/networking/cato-client.nix b/nixos/modules/services/networking/cato-client.nix
@@ -0,0 +1,48 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+let
+  inherit (lib) mkIf mkEnableOption mkPackageOption;
+
+  cfg = config.services.cato-client;
+in
+{
+  options.services.cato-client = {
+    enable = mkEnableOption "cato-client service";
+    package = mkPackageOption pkgs "cato-client" { };
+  };
+
+  config = mkIf cfg.enable {
+    #users.users = {
+    #  cato-client = {
+    #    isSystemUser = true;
+    #    group = "cato-client";
+    #    description = "Cato Client daemon user";
+    #  };
+    #};
+    users.groups = {
+      cato-client = { };
+    };
+
+    systemd.services.cato-client = {
+      enable = true;
+      description = "Cato Networks Linux client - connects tunnel to Cato cloud";
+      after = [ "network.target" ];
+
+      serviceConfig = {
+        Type = "simple";
+        #User = "cato-client";
+        User = "root";
+        Group = "cato-client";
+        ExecStart = "${cfg.package}/bin/cato-clientd systemd";
+        WorkingDirectory = "${cfg.package}";
+        Restart = "always";
+      };
+
+      wantedBy = [ "multi-user.target" ];
+    };
+  };
+}
diff --git a/pkgs/by-name/ca/cato-client/package.nix b/pkgs/by-name/ca/cato-client/package.nix
@@ -0,0 +1,67 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+with pkgs;
+stdenv.mkDerivation rec {
+  pname = "cato-client";
+  version = "5.2.1.1";
+
+  src = fetchurl {
+    url = "https://clients.catonetworks.com/linux/${version}/cato-client-install.deb";
+    sha256 = "sha256-0hUchaxaiKJth2ByQMFfjsCLi/4kl+SrNSQ33Y6r3WA=";
+  };
+
+  passthru.updateScript = writeScript "update-cato-client" ''
+    #!/usr/bin/env nix-shell
+    #!nix-shell -i bash -p curl pcre2 common-updater-scripts
+
+    set -eu -o pipefail
+
+    version="$(curl -sI https://clientdownload.catonetworks.com/public/clients/cato-client-install.deb | grep -Fi 'Location:' | pcre2grep -o1 '/(([0-9]\.?)+)/')"
+    update-source-version cato-client "$version"
+  '';
+
+  dontConfigure = true;
+
+  nativeBuildInputs = [
+    autoPatchelfHook
+    dpkg
+  ];
+
+  buildInputs = [
+    libz
+    stdenv.cc.cc
+  ];
+
+  unpackPhase = ''
+    runHook preUnpack
+    dpkg -x $src source
+    cd source
+    runHook postUnpack
+  '';
+
+  installPhase = ''
+    runHook preInstall
+    mkdir $out
+
+    mv usr/lib $out/lib
+
+    mkdir -p $out/bin
+    mv usr/sbin/* $out/bin
+    mv usr/bin/* $out/bin
+
+    runHook postInstall
+  '';
+
+  meta = {
+    description = "Cato Client is a lightweight agent that provides secure zero-trust access to resources everywhere";
+    homepage = "https://www.catonetworks.com/platform/cato-client/";
+    mainProgram = "cato-sdp";
+    license = lib.licenses.unfree;
+    maintainers = with maintainers; [ yarekt ];
+    platforms = [ "x86_64-linux" ];
+  };
+}