diff options
Diffstat (limited to 'nixpkgs/pkgs/servers/freeradius/default.nix')
-rw-r--r-- | nixpkgs/pkgs/servers/freeradius/default.nix | 110 |
1 files changed, 110 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/servers/freeradius/default.nix b/nixpkgs/pkgs/servers/freeradius/default.nix new file mode 100644 index 000000000000..9c80b7e7db39 --- /dev/null +++ b/nixpkgs/pkgs/servers/freeradius/default.nix @@ -0,0 +1,110 @@ +{ stdenv, fetchurl, fetchpatch, autoreconfHook, talloc, finger_bsd, perl +, openssl +, linkOpenssl? true +, openldap +, withLdap ? true +, sqlite +, withSqlite ? true +, libpcap +, withPcap ? true +, libcap +, withCap ? true +, libmemcached +, withMemcached ? false +, hiredis +, withRedis ? false +, libmysqlclient +, withMysql ? false +, json_c +, withJson ? false +, libyubikey +, withYubikey ? false +, collectd +, withCollectd ? false +, curl +, withRest ? false +}: + +assert withSqlite -> sqlite != null; +assert withLdap -> openldap != null; +assert withPcap -> libpcap != null; +assert withCap -> libcap != null; +assert withMemcached -> libmemcached != null; +assert withRedis -> hiredis != null; +assert withMysql -> libmysqlclient != null; +assert withYubikey -> libyubikey != null; +assert withCollectd -> collectd != null; +assert withRest -> curl != null && withJson; + +## TODO: include windbind optionally (via samba?) +## TODO: include oracle optionally +## TODO: include ykclient optionally + +with stdenv.lib; +stdenv.mkDerivation rec { + pname = "freeradius"; + version = "3.0.20"; + + src = fetchurl { + url = "ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-${version}.tar.gz"; + sha256 = "0zrnlpril8lcnyd6zz0wy45wj5i2k2krcf42dwa0rldjsjh6nazp"; + }; + + nativeBuildInputs = [ autoreconfHook ]; + + buildInputs = [ openssl talloc finger_bsd perl ] + ++ optional withLdap openldap + ++ optional withSqlite sqlite + ++ optional withPcap libpcap + ++ optional withCap libcap + ++ optional withMemcached libmemcached + ++ optional withRedis hiredis + ++ optional withMysql libmysqlclient + ++ optional withJson json_c + ++ optional withYubikey libyubikey + ++ optional withCollectd collectd + ++ optional withRest curl; + + + configureFlags = [ + "--sysconfdir=/etc" + "--localstatedir=/var" + ] ++ optional (!linkOpenssl) "--with-openssl=no"; + + patches = stdenv.lib.optional withRest (fetchpatch { + # Fix HTTP/2 in rest + url = "https://github.com/FreeRADIUS/freeradius-server/commit/6286520698a3cc4053b4d49eb0a61d9ba77632aa.patch"; + sha256 = "1ycvr3ql1mfkvzydnn4aiygnidicv2hgllppv37nb1p2pk02159g"; + }); + + postPatch = '' + substituteInPlace src/main/checkrad.in --replace "/usr/bin/finger" "${finger_bsd}/bin/finger" + ''; + + # By default, freeradius will generate Diffie-Hellman parameters and + # self-signed TLS certificates during installation. We don't want + # this, for several reasons: + # - reproducibility (random generation) + # - we don't want _anybody_ to use a cert where the private key is on our public binary cache! + # - we don't want the certs to change each time the package is rebuilt + # So let's avoid anything getting into our output. + makeFlags = [ "LOCAL_CERT_FILES=" ]; + + installFlags = [ + "sysconfdir=\${out}/etc" + "localstatedir=\${TMPDIR}" + "INSTALL_CERT_FILES=" # see comment at makeFlags + ]; + + outputs = [ "out" "dev" "man" "doc" ]; + + meta = with stdenv.lib; { + homepage = "https://freeradius.org/"; + description = "A modular, high performance free RADIUS suite"; + license = licenses.gpl2; + maintainers = with maintainers; [ sheenobu willibutz fpletz lheckemann elseym ]; + platforms = with platforms; linux; + }; + +} + |