vula: re-init at unstable-2024-05-17

Co-authored-by: Adrien Faure <adrien.faure@protonmail.com>
Co-authored-by: Ali Jamadi <jamadi1377@gmail.com>
Co-authored-by: GetPsyched <priyanshu@getpsyched.dev>
Co-authored-by: Robert James Hernandez <rob@sarcasticadmin.com>
Co-authored-by: Shahar "Dawn" Or <mightyiampresence@gmail.com>
Co-authored-by: Yifei Sun <ysun@hey.com>
Co-authored-by: yakampe <yanis.kampe.cv@gmail.com>

pkgs/by-name/highctidh/package.nix

@@ -2,39 +2,33 @@
   lib,
   python3,
   fetchgit,
-}:
-with builtins; let
-  python = python3;
+}: let
+  inherit (lib) licenses maintainers;
+
+  version = "1.0.2024060500";
+  src = fetchgit {
+    url = "https://codeberg.org/vula/highctidh";
+    rev = "v${version}";
+    hash = "sha256-TyD5KzUz89RBxsSZeJYOkIzD29DF0BjizpMnsTpFOHI=";
+  };
 in
-  python.pkgs.buildPythonApplication rec {
+  python3.pkgs.buildPythonPackage {
     pname = "highctidh";
-    version = "1.0.2023121800";
-    format = "pyproject";
-
-    src = fetchgit {
-      url = "https://codeberg.org/vula/highctidh";
-      rev = "v${version}";
-      hash = "sha256-83zTz5iBF/ApJV2hnsT2DfN/T36f73MrXmhLDJa5Z8I=";
-    };
+    inherit version src;
+    pyproject = true;
 
-    postPatch = ''
-      patchShebangs test.sh
-      mkdir -p build/tmp
-    '';
+    sourceRoot = "${src.name}/src";
 
-    propagatedBuildInputs = with python.pkgs; [
+    nativeBuildInputs = with python3.pkgs; [
       setuptools
-      build
     ];
 
-    nativeBuildInputs = propagatedBuildInputs;
-
-    doCheck = true;
+    nativeCheckInputs = with python3.pkgs; [pytestCheckHook];
 
-    meta = with lib; {
-      description = "Fork of high-ctidh as as a portable shared library with Python bindings.";
+    meta = {
+      description = "Fork of high-ctidh as as a portable shared library with Python bindings";
       homepage = "https://codeberg.org/vula/highctidh";
       license = licenses.publicDomain;
-      maintainers = with maintainers; [lorenzleutgeb];
+      maintainers = with maintainers; [lorenzleutgeb mightyiam];
     };
   }

pkgs/by-name/vula/package.nix

@@ -3,64 +3,55 @@
   python3,
   fetchgit,
   highctidh,
-  coreutils,
-}:
-with builtins; let
-  python = python3;
+  wrapGAppsHook,
+}: let
+  inherit
+    (lib)
+    licenses
+    maintainers
+    ;
 in
-  python.pkgs.buildPythonApplication rec {
+  python3.pkgs.buildPythonApplication {
     pname = "vula";
-    version = "0.2.2023112801";
-    format = "pyproject";
+    version = "unstable-2024-05-17";
 
     src = fetchgit {
       url = "https://codeberg.org/vula/vula";
-      rev = "v${version}";
-      hash = "sha256-hBB6jKCLwgfPsgINuvGuLgihrr9zhG46V6/G0SXdCSc=";
+      rev = "b82933c2d45496afb91727e7ce3dff61ae262473";
+      hash = "sha256-DVjEg28GFmA3fOgXZ8MQ7rwfZtt6WkK1qHnyTnYbKcY=";
     };
 
+    # without removing `pyproject.toml` we don't end up with an executable.
     postPatch = ''
-      substituteInPlace configs/systemd/* \
-        --replace 'ExecStart=vula' "ExecStart=$out/bin/vula"
-
-      substituteInPlace configs/dbus/* \
-        --replace 'Exec=/bin/false' "Exec=${coreutils}/bin/false"
+      rm pyproject.toml
     '';
 
-    propagatedBuildInputs = with python.pkgs;
-      [
-        setuptools
-        pyaudio
-        pyroute2
-        hkdf
-        pynacl
+    propagatedBuildInputs =
+      (with python3.pkgs; [
         click
+        cryptography
+        hkdf
         packaging
-        pyyaml
-        pystray
-        qrcode
         pillow
         pydbus
-        zeroconf
+        pynacl
+        pyroute2
+        pyyaml
+        qrcode
         schema
-        cryptography
         tkinter
-      ]
+        zeroconf
+      ])
       ++ [highctidh];
 
-    postInstall = ''
-      mkdir -p $out/{lib/systemd/system,/share/dbus-1/system-services}
-      cp configs/systemd/* $out/lib/systemd/system/
-      cp configs/dbus/* $out/share/dbus-1/system-services/
-    '';
-
-    doCheck = true;
+    nativeBuildInputs = [wrapGAppsHook];
+    nativeCheckInputs = with python3.pkgs; [pytestCheckHook];
 
-    meta = with lib; {
+    meta = {
       description = "Automatic local network encryption";
       homepage = "https://vula.link/";
       license = licenses.gpl3Only;
-      maintainers = with maintainers; [lorenzleutgeb];
+      maintainers = with maintainers; [lorenzleutgeb mightyiam stepbrobd];
       mainProgram = "vula";
     };
   }

projects/Vula/dbus.conf.nix

@@ -0,0 +1,60 @@
+{
+  userPrefix,
+  operatorsGroup,
+}: ''
+  <?xml version="1.0" encoding="UTF-8"?>
+  <!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+  "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+  <busconfig>
+    <type>system</type>
+
+    <policy user="${userPrefix}-organize">
+      <allow own="local.vula.organize"/>
+      <allow
+         send_destination="local.vula.discover"
+         send_interface="local.vula.discover1.Listen"
+         send_type="method_call"
+      />
+      <allow
+         send_destination="local.vula.publish"
+         send_interface="local.vula.publish1.Listen"
+         send_type="method_call"
+      />
+    </policy>
+
+    <policy user="${userPrefix}-publish">
+      <allow own="local.vula.publish"/>
+    </policy>
+
+    <policy user="${userPrefix}-discover">
+      <allow own="local.vula.discover"/>
+      <allow
+         send_destination="local.vula.organize"
+         send_interface="local.vula.organize1.ProcessDescriptor"
+         send_type="method_call"
+      />
+    </policy>
+
+    <policy group="${operatorsGroup}">
+      <allow send_destination="local.vula.organize" />
+    </policy>
+
+    <policy context="default">
+      <allow
+         send_destination="local.vula.organize"
+         send_interface="org.freedesktop.DBus.Introspectable"
+         send_type="method_call"
+      />
+      <allow
+         send_destination="local.vula.publish"
+         send_interface="org.freedesktop.DBus.Introspectable"
+         send_type="method_call"
+      />
+      <allow
+         send_destination="local.vula.discover"
+         send_interface="org.freedesktop.DBus.Introspectable"
+         send_type="method_call"
+      />
+    </policy>
+  </busconfig>
+''

projects/Vula/default.nix

@@ -1,11 +1,13 @@
-{
-  pkgs,
-  lib,
-  sources,
-} @ args: {
+{pkgs, ...} @ args: {
   packages = {inherit (pkgs) vula;};
-  nixos = {
-    modules.services.vula = ./service.nix;
-    tests.vula = import ./test.nix args;
+  nixos.modules.services.vula = ./service.nix;
+  nixos.tests.test = import ./test.nix args;
+  nixos.examples.simple = {
+    path = ./example-simple.nix;
+    description = ''
+      Simple configuration for Vula. Vula nodes will automatically discover each other on networks that support [multicast DNS](https://en.wikipedia.org/wiki/Multicast_DNS) (mDNS).
+
+      Add users to the group defined in `config.services.vula.adminGroup` to grant them permissions to manage Vula through the `vula` command.
+    '';
   };
 }

projects/Vula/example-simple.nix

@@ -0,0 +1,4 @@
+{
+  services.vula.enable = true;
+  services.vula.openFirewall = true;
+}

projects/Vula/nss-altfiles.nix

@@ -0,0 +1,32 @@
+# not exposed because vula uses specific non-release rev and some build flags
+{
+  stdenv,
+  fetchFromGitHub,
+  lib,
+}: let
+  inherit (lib) licenses maintainers;
+in
+  stdenv.mkDerivation {
+    pname = "nss-altfiles";
+    version = "unstable-2020-09-25";
+
+    src = fetchFromGitHub {
+      owner = "flatcar";
+      repo = "nss-altfiles";
+      rev = "9078c543ba7d2bc5011737675b3dddb882673ce7";
+      sha256 = "sha256-mkZtuUsahHcwcmXvdH2thhDP7ctT5/wDpd0YUSSfd5w=";
+    };
+
+    configureFlags = [
+      "--with-types=hosts"
+      "--with-module-name='vula'"
+      "--datadir=/var/lib/vula-organize/"
+    ];
+
+    meta = {
+      description = "NSS module for relocating default file locations, tailored for Flatcar Container Linux";
+      homepage = "https://github.com/flatcar/nss-altfiles";
+      license = licenses.lgpl21Only;
+      maintainers = with maintainers; [mightyiam];
+    };
+  }