basic nixos module in flake, rename binaries

Author: sechmann

.gitignore

@@ -24,3 +24,4 @@ packaging/windows/naisdevice.key
 *.db
 operational/scripts/data/
 .direnv
+result

.nix/module.nix

@@ -0,0 +1,33 @@
+naisdevice:
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  inherit (lib) types mkOption;
+  cfg = config.services.naisdevice;
+  pkg = cfg.package;
+in
+{
+  options.services.naisdevice = {
+    enable = lib.mkEnableOption "naisdevice-helper service";
+    package = mkOption {
+      type = types.package;
+      default = pkgs.naisdevice;
+      description = lib.mdDoc ''
+        The naisdevice package to use.
+      '';
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    systemd.services.naisdevice-helper = {
+      description = "naisdevice-helper service";
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig.ExecStart = "${pkg}/bin/helper";
+      serviceConfig.Restart = "Always";
+    };
+  };
+}

Makefile

@@ -37,28 +37,28 @@ controlplane:
 # Run by GitHub actions on linux
 linux-client:
 	mkdir -p ./bin/linux-client
-	GOOS=linux GOARCH=amd64 go build -o bin/linux-client/naisdevice-systray --tags "$(GOTAGS)" -ldflags "-s $(LDFLAGS)" ./cmd/systray
-	GOOS=linux GOARCH=amd64 go build -o bin/linux-client/naisdevice-agent --tags "$(GOTAGS)" -ldflags "-s $(LDFLAGS)" ./cmd/device-agent
-	GOOS=linux GOARCH=amd64 go build -o bin/linux-client/naisdevice-helper --tags "$(GOTAGS)" -ldflags "-s $(LDFLAGS)" ./cmd/helper
+	GOOS=linux GOARCH=amd64 go build -o bin/linux-client/naisdevice-systray --tags "$(GOTAGS)" -ldflags "-s $(LDFLAGS)" ./cmd/naisdevice-systray
+	GOOS=linux GOARCH=amd64 go build -o bin/linux-client/naisdevice-agent --tags "$(GOTAGS)" -ldflags "-s $(LDFLAGS)" ./cmd/naisdevice-agent
+	GOOS=linux GOARCH=amd64 go build -o bin/linux-client/naisdevice-helper --tags "$(GOTAGS)" -ldflags "-s $(LDFLAGS)" ./cmd/naisdevice-helper
 
 # Run by GitHub actions on macos
 macos-client:
 	mkdir -p ./bin/macos-client
-	GOOS=darwin GOARCH=amd64 go build -o bin/macos-client/naisdevice-agent --tags "$(GOTAGS)" -ldflags "-s $(LDFLAGS)" ./cmd/device-agent
-	GOOS=darwin GOARCH=amd64 go build -o bin/macos-client/naisdevice-systray --tags "$(GOTAGS)" -ldflags "-s $(LDFLAGS)" ./cmd/systray
-	GOOS=darwin GOARCH=amd64 go build -o bin/macos-client/naisdevice-helper --tags "$(GOTAGS)" -ldflags "-s $(LDFLAGS)" ./cmd/helper
+	GOOS=darwin GOARCH=amd64 go build -o bin/macos-client/naisdevice-agent --tags "$(GOTAGS)" -ldflags "-s $(LDFLAGS)" ./cmd/naisdevice-agent
+	GOOS=darwin GOARCH=amd64 go build -o bin/macos-client/naisdevice-systray --tags "$(GOTAGS)" -ldflags "-s $(LDFLAGS)" ./cmd/naisdevice-systray
+	GOOS=darwin GOARCH=amd64 go build -o bin/macos-client/naisdevice-helper --tags "$(GOTAGS)" -ldflags "-s $(LDFLAGS)" ./cmd/naisdevice-helper
 
 # Run by GitHub actions on linux
 windows-client:
 	mkdir -p ./bin/windows-client
 
-	go run github.com/akavel/rsrc -arch amd64 -manifest ./packaging/windows/admin_manifest.xml -ico assets/nais-logo-blue.ico -o ./cmd/helper/main_windows.syso
-	go run github.com/akavel/rsrc -ico assets/nais-logo-blue.ico -o ./cmd/device-agent/main_windows.syso
-	GOOS=windows GOARCH=amd64 go build -o bin/windows-client/naisdevice-systray.exe --tags "$(GOTAGS)" -ldflags "-s $(LDFLAGS) -H=windowsgui" ./cmd/systray
+	go run github.com/akavel/rsrc -arch amd64 -manifest ./packaging/windows/admin_manifest.xml -ico assets/nais-logo-blue.ico -o ./cmd/naisdevice-helper/main_windows.syso
+	go run github.com/akavel/rsrc -ico assets/nais-logo-blue.ico -o ./cmd/naisdevice-agent/main_windows.syso
+	GOOS=windows GOARCH=amd64 go build -o bin/windows-client/naisdevice-systray.exe --tags "$(GOTAGS)" -ldflags "-s $(LDFLAGS) -H=windowsgui" ./cmd/naisdevice-systray
 	./packaging/windows/sign-exe bin/windows-client/naisdevice-systray.exe ./packaging/windows/naisdevice.crt ./packaging/windows/naisdevice.key
-	GOOS=windows GOARCH=amd64 go build -o bin/windows-client/naisdevice-agent.exe --tags "$(GOTAGS)" -ldflags "-s $(LDFLAGS) -H=windowsgui" ./cmd/device-agent
+	GOOS=windows GOARCH=amd64 go build -o bin/windows-client/naisdevice-agent.exe --tags "$(GOTAGS)" -ldflags "-s $(LDFLAGS) -H=windowsgui" ./cmd/naisdevice-agent
 	./packaging/windows/sign-exe bin/windows-client/naisdevice-agent.exe ./packaging/windows/naisdevice.crt ./packaging/windows/naisdevice.key
-	GOOS=windows GOARCH=amd64 go build -o bin/windows-client/naisdevice-helper.exe --tags "$(GOTAGS)" -ldflags "-s $(LDFLAGS)" ./cmd/helper
+	GOOS=windows GOARCH=amd64 go build -o bin/windows-client/naisdevice-helper.exe --tags "$(GOTAGS)" -ldflags "-s $(LDFLAGS)" ./cmd/naisdevice-helper
 	./packaging/windows/sign-exe bin/windows-client/naisdevice-helper.exe ./packaging/windows/naisdevice.crt ./packaging/windows/naisdevice.key
 
 local:
@@ -67,9 +67,9 @@ local:
 	go build -o bin/local/gateway-agent --tags "$(GOTAGS)" -ldflags "-s $(LDFLAGS)" ./cmd/gateway-agent
 	go build -o bin/local/prometheus-agent --tags "$(GOTAGS)" -ldflags "-s $(LDFLAGS)" ./cmd/prometheus-agent
 	go build -o bin/local/controlplane-cli --tags "$(GOTAGS)" -ldflags "-s $(LDFLAGS)" ./cmd/controlplane-cli
-	go build -o bin/local/naisdevice-agent --tags "$(GOTAGS)" -ldflags "-s $(LDFLAGS)" ./cmd/device-agent
-	go build -o bin/local/naisdevice-systray --tags "$(GOTAGS)" -ldflags "-s $(LDFLAGS)" ./cmd/systray
-	go build -o bin/local/naisdevice-helper --tags "$(GOTAGS)" -ldflags "-s $(LDFLAGS)" ./cmd/helper
+	go build -o bin/local/naisdevice-agent --tags "$(GOTAGS)" -ldflags "-s $(LDFLAGS)" ./cmd/naisdevice-agent
+	go build -o bin/local/naisdevice-systray --tags "$(GOTAGS)" -ldflags "-s $(LDFLAGS)" ./cmd/naisdevice-systray
+	go build -o bin/local/naisdevice-helper --tags "$(GOTAGS)" -ldflags "-s $(LDFLAGS)" ./cmd/naisdevice-helper
 
 linux-icon: packaging/linux/icons/*/apps/naisdevice.png
 packaging/linux/icons/*/apps/naisdevice.png: assets/svg/blue.svg

cmd/device-agent/main.go cmd/naisdevice-agent/main.go

@@ -20,7 +20,12 @@
       forAllSystems = nixpkgs.lib.genAttrs supportedSystems;
 
       # Nixpkgs instantiated for supported system types.
-      nixpkgsFor = forAllSystems (system: import nixpkgs { inherit system; });
+      nixpkgsFor = forAllSystems (system: import nixpkgs { inherit system overlays; });
+
+      overlays = [
+        goOverlay
+        naisdeviceOverlay
+      ];
 
       goVersion = "1.22.3";
       goOverlay = final: prev: {
@@ -32,42 +37,74 @@
           };
         });
       };
+
+      buildNaisdevice =
+        pkgs: vendorHash:
+        pkgs.buildGoModule {
+          pname = "naisdevice";
+          subPackages = [
+            "cmd/naisdevice-helper"
+            "cmd/naisdevice-systray"
+            "cmd/naisdevice-agent"
+          ];
+          inherit version;
+          src = ./.;
+          vendorHash = vendorHash;
+
+          meta = with pkgs.lib; {
+            description = "naisdevice - next gen vpn";
+            homepage = "https://github.com/nais/device";
+            license = licenses.mit;
+          };
+        };
+      naisdeviceOverlay = final: prev: {
+        naisdevice = buildNaisdevice prev.pkgs "sha256-+Wgx4/usjAivatYC4jcwjpssGS8U22nimcvVmLfsvfA=";
+      };
     in
     {
-      # Provide some binary packages for selected system types.
-      packages = forAllSystems (
-        system:
+      package = nixpkgsFor.x86_64-linux.naisdevice;
+      nixosModules.naisdevice =
+        {
+          config,
+          lib,
+          pkgs,
+          ...
+        }:
         let
-          pkgs = (nixpkgsFor.${system}.extend goOverlay);
+          inherit (lib) types mkOption;
+          cfg = config.services.naisdevice;
         in
         {
-          device-agent = pkgs.buildGoModule {
-            pname = "device-agent";
-            inherit version;
-            # In 'nix develop', we don't need a copy of the source tree
-            # in the Nix store.
-            src = ./.;
-
-            # This hash locks the dependencies of this package. It is
-            # necessary because of how Go requires network access to resolve
-            # VCS.  See https://www.tweag.io/blog/2021-03-04-gomod2nix/ for
-            # details. Normally one can build with a fake hash and rely on native Go
-            # mechanisms to tell you what the hash should be or determine what
-            # it should be "out-of-band" with other tooling (eg. gomod2nix).
-            # To begin with it is recommended to set this, but one must
-            # remember to bump this hash when your dependencies change.
-            # vendorHash = pkgs.lib.fakeHash;
+          options.services.naisdevice = {
+            enable = lib.mkEnableOption "naisdevice-helper service";
+            package = mkOption {
+              type = types.package;
+              default = nixpkgsFor.x86_64-linux.naisdevice;
+              description = lib.mdDoc ''
+                The naisdevice package to use.
+              '';
+            };
+          };
 
-            vendorHash = "sha256-AgRQO3h7Atq4lnieTBohzrwrw0lRcbQi2cvpeol3owM=";
+          config = lib.mkIf cfg.enable {
+            environment.systemPackages = [ pkgs.wireguard-tools ];
+            systemd.services.naisdevice-helper = {
+              description = "naisdevice-helper service";
+              wantedBy = [ "multi-user.target" ];
+              path = [
+                pkgs.wireguard-tools
+                pkgs.iproute2
+              ];
+              serviceConfig.ExecStart = "${cfg.package}/bin/naisdevice-helper";
+              serviceConfig.Restart = "always";
+            };
           };
-        }
-      );
+        };
 
-      # Add dependencies that are only needed for development
       devShells = forAllSystems (
         system:
         let
-          pkgs = (nixpkgsFor.${system}.extend goOverlay);
+          pkgs = nixpkgsFor.${system};
         in
         {
           default = pkgs.mkShell {
@@ -84,10 +121,6 @@
         }
       );
 
-      # The default package for 'nix build'. This makes sense if the
-      # flake provides only one package or there is a clear "main"
-      # package.
-      defaultPackage = forAllSystems (system: self.packages.${system}.device-agent);
       formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt-rfc-style;
     };
 }