wireguard: Enable tools on other platforms

Wireguard is now split into two pretty much independent packages:
`wireguard` (Linux-specific kernel module) and `wireguard-tools`,
which is cross-platform.

4 files changed, 71 insertions, 57 deletions

diff --git a/nixos/modules/services/networking/wireguard.nix b/nixos/modules/services/networking/wireguard.nix
index 0591917c742..acb4778d848 100644
--- a/nixos/modules/services/networking/wireguard.nix
+++ b/nixos/modules/services/networking/wireguard.nix
@@ -193,7 +193,7 @@ let
         after = [ "network.target" ];
         wantedBy = [ "multi-user.target" ];
         environment.DEVICE = name;
-        path = with pkgs; [ kmod iproute wireguard ];
+        path = with pkgs; [ kmod iproute wireguard-tools ];
 
         serviceConfig = {
           Type = "oneshot";
@@ -279,7 +279,7 @@ in
   config = mkIf (cfg.interfaces != {}) {
 
     boot.extraModulePackages = [ kernel.wireguard ];
-    environment.systemPackages = [ pkgs.wireguard ];
+    environment.systemPackages = [ pkgs.wireguard-tools ];
 
     systemd.services = mapAttrs' generateUnit cfg.interfaces;
 
diff --git a/pkgs/os-specific/linux/wireguard/default.nix b/pkgs/os-specific/linux/wireguard/default.nix
index c5daaabd5be..c82831782e9 100644
--- a/pkgs/os-specific/linux/wireguard/default.nix
+++ b/pkgs/os-specific/linux/wireguard/default.nix
@@ -1,11 +1,10 @@
-{ stdenv, fetchurl, libmnl, kernel ? null }:
+{ stdenv, fetchurl, kernel }:
 
 # module requires Linux >= 3.10 https://www.wireguard.io/install/#kernel-requirements
-assert kernel != null -> stdenv.lib.versionAtLeast kernel.version "3.10";
+assert stdenv.lib.versionAtLeast kernel.version "3.10";
 
-let
+stdenv.mkDerivation rec {
   name = "wireguard-${version}";
-
   version = "0.0.20180514";
 
   src = fetchurl {
@@ -13,61 +12,28 @@ let
     sha256 = "1nk6yj1gdmpar99zzw39n1v795m6fxsrilg37d02jm780rgbd5g8";
   };
 
-  meta = with stdenv.lib; {
-    homepage     = https://www.wireguard.com/;
-    downloadPage = https://git.zx2c4.com/WireGuard/refs/;
-    description  = "A prerelease of an experimental VPN tunnel which is not to be depended upon for security";
-    maintainers  = with maintainers; [ ericsagnes mic92 zx2c4 ];
-    license      = licenses.gpl2;
-    platforms    = platforms.linux;
-  };
-
-  module = stdenv.mkDerivation {
-    inherit src meta name;
-
-    preConfigure = ''
-      cd src
-      sed -i '/depmod/,+1d' Makefile
-    '';
-
-    hardeningDisable = [ "pic" ];
-
-    KERNELDIR = "${kernel.dev}/lib/modules/${kernel.modDirVersion}/build";
-    INSTALL_MOD_PATH = "\${out}";
-
-    NIX_CFLAGS = ["-Wno-error=cpp"];
-
-    nativeBuildInputs = kernel.moduleBuildDependencies;
-
-    buildPhase = "make module";
-  };
-
-  tools = stdenv.mkDerivation {
-    inherit src meta name;
+  preConfigure = ''
+    cd src
+    sed -i '/depmod/,+1d' Makefile
+  '';
 
-    preConfigure = "cd src";
+  hardeningDisable = [ "pic" ];
 
-    buildInputs = [ libmnl ];
+  KERNELDIR = "${kernel.dev}/lib/modules/${kernel.modDirVersion}/build";
+  INSTALL_MOD_PATH = "\${out}";
 
-    enableParallelBuilding = true;
+  NIX_CFLAGS = ["-Wno-error=cpp"];
 
-    makeFlags = [
-      "WITH_BASHCOMPLETION=yes"
-      "WITH_WGQUICK=yes"
-      "WITH_SYSTEMDUNITS=yes"
-      "DESTDIR=$(out)"
-      "PREFIX=/"
-      "-C" "tools"
-    ];
+  nativeBuildInputs = kernel.moduleBuildDependencies;
 
-    buildPhase = "make tools";
+  buildPhase = "make module";
 
-    postInstall = ''
-      substituteInPlace $out/lib/systemd/system/wg-quick@.service \
-        --replace /usr/bin $out/bin
-    '';
+  meta = with stdenv.lib; {
+    homepage     = https://www.wireguard.com/;
+    downloadPage = https://git.zx2c4.com/WireGuard/refs/;
+    description  = " Tools for the WireGuard secure network tunnel";
+    maintainers  = with maintainers; [ ericsagnes mic92 zx2c4 ];
+    license      = licenses.gpl2;
+    platforms    = platforms.linux;
   };
-
-in if kernel == null
-   then tools
-   else module
+}
diff --git a/pkgs/tools/networking/wireguard-tools/default.nix b/pkgs/tools/networking/wireguard-tools/default.nix
new file mode 100644
index 00000000000..8f983082a80
--- /dev/null
+++ b/pkgs/tools/networking/wireguard-tools/default.nix
@@ -0,0 +1,46 @@
+{ stdenv, lib, fetchurl, libmnl, useSystemd ? stdenv.isLinux }:
+
+let
+  inherit (lib) optional optionalString;
+in
+
+stdenv.mkDerivation rec {
+  name = "wireguard-tools-${version}";
+  version = "0.0.20180514";
+
+  src = fetchurl {
+    url    = "https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${version}.tar.xz";
+    sha256 = "1nk6yj1gdmpar99zzw39n1v795m6fxsrilg37d02jm780rgbd5g8";
+  };
+
+  preConfigure = "cd src";
+
+  buildInputs = optional stdenv.isLinux libmnl;
+
+  enableParallelBuilding = true;
+
+  makeFlags = [
+    "WITH_BASHCOMPLETION=yes"
+    "WITH_WGQUICK=yes"
+    "WITH_SYSTEMDUNITS=${if useSystemd then "yes" else "no"}"
+    "DESTDIR=$(out)"
+    "PREFIX=/"
+    "-C" "tools"
+  ];
+
+  buildPhase = "make tools";
+
+  postInstall = optionalString useSystemd ''
+    substituteInPlace $out/lib/systemd/system/wg-quick@.service \
+      --replace /usr/bin $out/bin
+  '';
+
+  meta = with stdenv.lib; {
+    homepage     = https://www.wireguard.com/;
+    downloadPage = https://git.zx2c4.com/WireGuard/refs/;
+    description  = " Tools for the WireGuard secure network tunnel";
+    maintainers  = with maintainers; [ ericsagnes mic92 zx2c4 ];
+    license      = licenses.gpl2;
+    platforms    = platforms.unix;
+  };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 7290f39927d..3faf3c346e7 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -5500,6 +5500,8 @@ with pkgs;
 
   whois = callPackage ../tools/networking/whois { };
 
+  wireguard-tools = callPackage ../tools/networking/wireguard-tools { };
+
   woff2 = callPackage ../development/web/woff2 { };
 
   woof = callPackage ../tools/misc/woof { };