diff options
-rw-r--r-- | nixos/modules/services/security/usbguard.nix | 14 | ||||
-rw-r--r-- | pkgs/os-specific/linux/usbguard/default.nix | 25 | ||||
-rw-r--r-- | pkgs/top-level/all-packages.nix | 4 |
3 files changed, 28 insertions, 15 deletions
diff --git a/nixos/modules/services/security/usbguard.nix b/nixos/modules/services/security/usbguard.nix index 88d2f69db57..20d5e3b28eb 100644 --- a/nixos/modules/services/security/usbguard.nix +++ b/nixos/modules/services/security/usbguard.nix @@ -39,6 +39,16 @@ in { services.usbguard = { enable = mkEnableOption "USBGuard daemon"; + package = mkOption { + type = types.package; + default = pkgs.usbguard; + defaultText = "pkgs.usbguard"; + description = '' + The usbguard package to use. If you do not need the Qt GUI, use + <literal>pkgs.usbguard-nox</literal> to save disk space. + ''; + }; + ruleFile = mkOption { type = types.path; default = "/var/lib/usbguard/rules.conf"; @@ -179,7 +189,7 @@ in { config = mkIf cfg.enable { - environment.systemPackages = [ pkgs.usbguard ]; + environment.systemPackages = [ cfg.package ]; systemd.services.usbguard = { description = "USBGuard daemon"; @@ -195,7 +205,7 @@ in { serviceConfig = { Type = "simple"; - ExecStart = ''${pkgs.usbguard}/bin/usbguard-daemon -P -k -c ${daemonConfFile}''; + ExecStart = ''${cfg.package}/bin/usbguard-daemon -P -k -c ${daemonConfFile}''; Restart = "on-failure"; }; }; diff --git a/pkgs/os-specific/linux/usbguard/default.nix b/pkgs/os-specific/linux/usbguard/default.nix index 3df0023bd67..1c5678b81e0 100644 --- a/pkgs/os-specific/linux/usbguard/default.nix +++ b/pkgs/os-specific/linux/usbguard/default.nix @@ -1,8 +1,11 @@ { stdenv, fetchurl, lib, - libxslt, pandoc, asciidoctor, pkgconfig, - dbus-glib, libcap_ng, libqb, libseccomp, polkit, protobuf, qtbase, qttools, qtsvg, - audit, + pkgconfig, libxml2, libxslt, + dbus-glib, libcap_ng, libqb, libseccomp, polkit, protobuf, audit, + withGui ? true, + qtbase ? null, + qttools ? null, + qtsvg ? null, libgcrypt ? null, libsodium ? null }: @@ -23,10 +26,9 @@ stdenv.mkDerivation rec { }; nativeBuildInputs = [ - libxslt - asciidoctor - pandoc # for rendering documentation pkgconfig + libxslt # xsltproc + libxml2 # xmllint ]; buildInputs = [ @@ -37,23 +39,20 @@ stdenv.mkDerivation rec { polkit protobuf audit - - qtbase - qtsvg - qttools ] ++ (lib.optional (libgcrypt != null) libgcrypt) - ++ (lib.optional (libsodium != null) libsodium); + ++ (lib.optional (libsodium != null) libsodium) + ++ (lib.optionals withGui [ qtbase qtsvg qttools ]); configureFlags = [ "--with-bundled-catch" "--with-bundled-pegtl" "--with-dbus" - "--with-gui-qt=qt5" "--with-polkit" ] ++ (lib.optional (libgcrypt != null) "--with-crypto-library=gcrypt") - ++ (lib.optional (libsodium != null) "--with-crypto-library=sodium"); + ++ (lib.optional (libsodium != null) "--with-crypto-library=sodium") + ++ (lib.optional withGui "--with-gui-qt=qt5"); enableParallelBuilding = true; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 55d194263ab..e11781e91e9 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -16057,6 +16057,10 @@ in libgcrypt = null; }; + usbguard-nox = usbguard.override { + withGui = false; + }; + usbutils = callPackage ../os-specific/linux/usbutils { }; usermount = callPackage ../os-specific/linux/usermount { }; |