diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index 141f114898cab57..7caee78f6b4534d 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -22773,6 +22773,12 @@ githubId = 15948162; name = "Yanni Papandreou"; }; + yarekt = { + name = "Yarek T"; + email = "yarekt+nixpkgs@gmail.com"; + github = "yarektyshchenko"; + githubId = 185304; + }; yarny = { github = "Yarny0"; githubId = 41838844; diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 5e7d7b203e95d0c..a36fdcfa5f6229a 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -988,6 +988,7 @@ ./services/networking/bitlbee.nix ./services/networking/blockbook-frontend.nix ./services/networking/blocky.nix + ./services/networking/cato-client.nix ./services/networking/centrifugo.nix ./services/networking/cgit.nix ./services/networking/charybdis.nix diff --git a/nixos/modules/services/networking/cato-client.nix b/nixos/modules/services/networking/cato-client.nix new file mode 100644 index 000000000000000..3d17a0172b1723a --- /dev/null +++ b/nixos/modules/services/networking/cato-client.nix @@ -0,0 +1,48 @@ +{ + config, + pkgs, + lib, + ... +}: +let + inherit (lib) mkIf mkEnableOption mkPackageOption; + + cfg = config.services.cato-client; +in +{ + options.services.cato-client = { + enable = mkEnableOption "cato-client service"; + package = mkPackageOption pkgs "cato-client" { }; + }; + + config = mkIf cfg.enable { + #users.users = { + # cato-client = { + # isSystemUser = true; + # group = "cato-client"; + # description = "Cato Client daemon user"; + # }; + #}; + users.groups = { + cato-client = { }; + }; + + systemd.services.cato-client = { + enable = true; + description = "Cato Networks Linux client - connects tunnel to Cato cloud"; + after = [ "network.target" ]; + + serviceConfig = { + Type = "simple"; + #User = "cato-client"; + User = "root"; + Group = "cato-client"; + ExecStart = "${cfg.package}/bin/cato-clientd systemd"; + WorkingDirectory = "${cfg.package}"; + Restart = "always"; + }; + + wantedBy = [ "multi-user.target" ]; + }; + }; +} diff --git a/pkgs/by-name/ca/cato-client/package.nix b/pkgs/by-name/ca/cato-client/package.nix new file mode 100644 index 000000000000000..665139293ae6b4a --- /dev/null +++ b/pkgs/by-name/ca/cato-client/package.nix @@ -0,0 +1,67 @@ +{ + config, + pkgs, + lib, + ... +}: +with pkgs; +stdenv.mkDerivation rec { + pname = "cato-client"; + version = "5.2.1.1"; + + src = fetchurl { + url = "https://clients.catonetworks.com/linux/${version}/cato-client-install.deb"; + sha256 = "sha256-0hUchaxaiKJth2ByQMFfjsCLi/4kl+SrNSQ33Y6r3WA="; + }; + + passthru.updateScript = writeScript "update-cato-client" '' + #!/usr/bin/env nix-shell + #!nix-shell -i bash -p curl pcre2 common-updater-scripts + + set -eu -o pipefail + + version="$(curl -sI https://clientdownload.catonetworks.com/public/clients/cato-client-install.deb | grep -Fi 'Location:' | pcre2grep -o1 '/(([0-9]\.?)+)/')" + update-source-version cato-client "$version" + ''; + + dontConfigure = true; + + nativeBuildInputs = [ + autoPatchelfHook + dpkg + ]; + + buildInputs = [ + libz + stdenv.cc.cc + ]; + + unpackPhase = '' + runHook preUnpack + dpkg -x $src source + cd source + runHook postUnpack + ''; + + installPhase = '' + runHook preInstall + mkdir $out + + mv usr/lib $out/lib + + mkdir -p $out/bin + mv usr/sbin/* $out/bin + mv usr/bin/* $out/bin + + runHook postInstall + ''; + + meta = { + description = "Cato Client is a lightweight agent that provides secure zero-trust access to resources everywhere"; + homepage = "https://www.catonetworks.com/platform/cato-client/"; + mainProgram = "cato-sdp"; + license = lib.licenses.unfree; + maintainers = with maintainers; [ yarekt ]; + platforms = [ "x86_64-linux" ]; + }; +}