usbguard-nox: init at 0.7.4

This is just usbguard without the Qt GUI that brings in Qt dependencies. Remove pandoc to reduce closure size. The usbguard build appears to use it only for spell checking. Remove asciidoctor because 0.7.1 switched to asciidoc. But don't add a dependency on asciidoc, because that causes the build fails on external DTDs.
2019-06-19 20:29:46 +00:00 · 2019-06-19 20:29:46 +00:00 · f2ea454617
parent f399f890dd
commit f2ea454617
3 changed files with 28 additions and 15 deletions
--- a/nixos/modules/services/security/usbguard.nix
+++ b/nixos/modules/services/security/usbguard.nix
@ -39,6 +39,16 @@ in {
    services.usbguard = {
      enable = mkEnableOption "USBGuard daemon";

+      package = mkOption {
+        type = types.package;
+        default = pkgs.usbguard;
+        defaultText = "pkgs.usbguard";
+        description = ''
+          The usbguard package to use. If you do not need the Qt GUI, use
+          <literal>pkgs.usbguard-nox</literal> to save disk space.
+        '';
+      };
+
      ruleFile = mkOption {
        type = types.path;
        default = "/var/lib/usbguard/rules.conf";
@ -179,7 +189,7 @@ in {

  config = mkIf cfg.enable {

-    environment.systemPackages = [ pkgs.usbguard ];
+    environment.systemPackages = [ cfg.package ];

    systemd.services.usbguard = {
      description = "USBGuard daemon";
@ -195,7 +205,7 @@ in {

      serviceConfig = {
        Type = "simple";
-        ExecStart = ''${pkgs.usbguard}/bin/usbguard-daemon -P -k -c ${daemonConfFile}'';
+        ExecStart = ''${cfg.package}/bin/usbguard-daemon -P -k -c ${daemonConfFile}'';
        Restart = "on-failure";
      };
    };
--- a/pkgs/os-specific/linux/usbguard/default.nix
+++ b/pkgs/os-specific/linux/usbguard/default.nix
@ -1,8 +1,11 @@
 {
  stdenv, fetchurl, lib,
-  libxslt, pandoc, asciidoctor, pkgconfig,
-  dbus-glib, libcap_ng, libqb, libseccomp, polkit, protobuf, qtbase, qttools, qtsvg,
-  audit,
+  pkgconfig, libxml2, libxslt,
+  dbus-glib, libcap_ng, libqb, libseccomp, polkit, protobuf, audit,
+  withGui ? true,
+  qtbase ? null,
+  qttools ? null,
+  qtsvg ? null,
  libgcrypt ? null,
  libsodium ? null
 }:
@ -23,10 +26,9 @@ stdenv.mkDerivation rec {
  };

  nativeBuildInputs = [
-    libxslt
-    asciidoctor
-    pandoc # for rendering documentation
    pkgconfig
+    libxslt # xsltproc
+    libxml2 # xmllint
  ];

  buildInputs = [
@ -37,23 +39,20 @@ stdenv.mkDerivation rec {
    polkit
    protobuf
    audit
-
-    qtbase
-    qtsvg
-    qttools
  ]
  ++ (lib.optional (libgcrypt != null) libgcrypt)
-  ++ (lib.optional (libsodium != null) libsodium);
+  ++ (lib.optional (libsodium != null) libsodium)
+  ++ (lib.optionals withGui [ qtbase qtsvg qttools ]);

  configureFlags = [
    "--with-bundled-catch"
    "--with-bundled-pegtl"
    "--with-dbus"
-    "--with-gui-qt=qt5"
    "--with-polkit"
  ]
  ++ (lib.optional (libgcrypt != null) "--with-crypto-library=gcrypt")
-  ++ (lib.optional (libsodium != null) "--with-crypto-library=sodium");
+  ++ (lib.optional (libsodium != null) "--with-crypto-library=sodium")
+  ++ (lib.optional withGui "--with-gui-qt=qt5");

  enableParallelBuilding = true;

--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@ -16057,6 +16057,10 @@ in
    libgcrypt = null;
  };

+  usbguard-nox = usbguard.override {
+    withGui = false;
+  };
+
  usbutils = callPackage ../os-specific/linux/usbutils { };

  usermount = callPackage ../os-specific/linux/usermount { };