nixpkgs/pkgs/servers/freeradius/default.nix

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

87 lines
2.5 KiB
Nix
Raw Normal View History

{ lib
, stdenv
, fetchurl
, fetchpatch
, autoreconfHook
, bsd-finger
, perl
, talloc
, linkOpenssl? true, openssl
, withCap ? true, libcap
, withCollectd ? false, collectd
, withJson ? false, json_c
, withLdap ? true, openldap
, withMemcached ? false, libmemcached
, withMysql ? false, libmysqlclient
, withPcap ? true, libpcap
, withRedis ? false, hiredis
, withRest ? false, curl
, withSqlite ? true, sqlite
, withYubikey ? false, libyubikey
}:
2016-03-13 08:22:27 +01:00
assert withRest -> withJson;
2016-03-13 08:22:27 +01:00
stdenv.mkDerivation rec {
pname = "freeradius";
2023-06-02 13:34:25 +02:00
version = "3.2.3";
2016-03-13 08:22:27 +01:00
2017-01-26 03:00:26 +01:00
src = fetchurl {
url = "ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-${version}.tar.gz";
2023-06-02 13:34:25 +02:00
hash = "sha256-S94EcSLliMY/4tWZpz96uahjgG+ecW6Io9dwgLSCxXc=";
2017-01-26 03:00:26 +01:00
};
nativeBuildInputs = [ autoreconfHook ];
buildInputs = [ openssl talloc bsd-finger perl ]
++ lib.optional withCap libcap
++ lib.optional withCollectd collectd
++ lib.optional withJson json_c
++ lib.optional withLdap openldap
++ lib.optional withMemcached libmemcached
++ lib.optional withMysql libmysqlclient
++ lib.optional withPcap libpcap
++ lib.optional withRedis hiredis
++ lib.optional withRest curl
++ lib.optional withSqlite sqlite
++ lib.optional withYubikey libyubikey;
2016-03-13 08:22:27 +01:00
configureFlags = [
"--sysconfdir=/etc"
"--localstatedir=/var"
] ++ lib.optional (!linkOpenssl) "--with-openssl=no";
2016-03-13 08:22:27 +01:00
postPatch = ''
substituteInPlace src/main/checkrad.in \
--replace "/usr/bin/finger" "${bsd-finger}/bin/finger"
'';
2020-02-28 10:50:43 +01:00
# By default, freeradius will generate Diffie-Hellman parameters and
# self-signed TLS certificates during installation. We don't want
# this, for several reasons:
# - reproducibility (random generation)
# - we don't want _anybody_ to use a cert where the private key is on our public binary cache!
# - we don't want the certs to change each time the package is rebuilt
# So let's avoid anything getting into our output.
makeFlags = [ "LOCAL_CERT_FILES=" ];
2016-03-13 08:22:27 +01:00
installFlags = [
"sysconfdir=\${out}/etc"
"localstatedir=\${TMPDIR}"
2020-02-28 10:50:43 +01:00
"INSTALL_CERT_FILES=" # see comment at makeFlags
];
2016-03-13 08:22:27 +01:00
outputs = [ "out" "dev" "man" "doc" ];
meta = with lib; {
homepage = "https://freeradius.org/";
2016-03-13 08:22:27 +01:00
description = "A modular, high performance free RADIUS suite";
2017-09-02 01:08:07 +02:00
license = licenses.gpl2;
maintainers = with maintainers; [ sheenobu willibutz lheckemann ];
platforms = with platforms; linux;
2016-03-13 08:22:27 +01:00
};
}
## TODO: include windbind optionally (via samba?)
## TODO: include oracle optionally
## TODO: include ykclient optionally