Merge pull request #130954 from mayflower/meshcentral
meshcentral: init package and module
This commit is contained in:
commit
947c6589c5
10 changed files with 15632 additions and 0 deletions
|
@ -140,6 +140,15 @@
|
|||
<link linkend="opt-services.mx-puppet-discord.enable">services.mx-puppet-discord</link>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<link xlink:href="https://www.meshcommander.com/meshcentral2/overview">MeshCentral</link>,
|
||||
a remote administration service (<quote>TeamViewer but
|
||||
self-hosted and with more features</quote>) is now available
|
||||
with a package and a module:
|
||||
<link linkend="opt-services.meshcentral.enable">services.meshcentral.enable</link>
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
<section xml:id="sec-release-21.11-incompatibilities">
|
||||
|
|
|
@ -43,6 +43,8 @@ pt-services.clipcat.enable).
|
|||
|
||||
- [mx-puppet-discord](https://github.com/matrix-discord/mx-puppet-discord), a discord puppeting bridge for matrix. Available as [services.mx-puppet-discord](#opt-services.mx-puppet-discord.enable).
|
||||
|
||||
- [MeshCentral](https://www.meshcommander.com/meshcentral2/overview), a remote administration service ("TeamViewer but self-hosted and with more features") is now available with a package and a module: [services.meshcentral.enable](#opt-services.meshcentral.enable)
|
||||
|
||||
## Backward Incompatibilities {#sec-release-21.11-incompatibilities}
|
||||
|
||||
- The `staticjinja` package has been upgraded from 1.0.4 to 3.0.1
|
||||
|
|
|
@ -236,6 +236,7 @@
|
|||
./security/doas.nix
|
||||
./security/systemd-confinement.nix
|
||||
./security/tpm2.nix
|
||||
./services/admin/meshcentral.nix
|
||||
./services/admin/oxidized.nix
|
||||
./services/admin/salt/master.nix
|
||||
./services/admin/salt/minion.nix
|
||||
|
|
53
nixos/modules/services/admin/meshcentral.nix
Normal file
53
nixos/modules/services/admin/meshcentral.nix
Normal file
|
@ -0,0 +1,53 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
let
|
||||
cfg = config.services.meshcentral;
|
||||
configFormat = pkgs.formats.json {};
|
||||
configFile = configFormat.generate "meshcentral-config.json" cfg.settings;
|
||||
in with lib; {
|
||||
options.services.meshcentral = with types; {
|
||||
enable = mkEnableOption "MeshCentral computer management server";
|
||||
package = mkOption {
|
||||
description = "MeshCentral package to use. Replacing this may be necessary to add dependencies for extra functionality.";
|
||||
type = types.package;
|
||||
default = pkgs.meshcentral;
|
||||
defaultText = "pkgs.meshcentral";
|
||||
};
|
||||
settings = mkOption {
|
||||
description = ''
|
||||
Settings for MeshCentral. Refer to upstream documentation for details:
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para><link xlink:href="https://github.com/Ylianst/MeshCentral/blob/master/meshcentral-config-schema.json">JSON Schema definition</link></para></listitem>
|
||||
<listitem><para><link xlink:href="https://github.com/Ylianst/MeshCentral/blob/master/sample-config.json">simple sample configuration</link></para></listitem>
|
||||
<listitem><para><link xlink:href="https://github.com/Ylianst/MeshCentral/blob/master/sample-config-advanced.json">complex sample configuration</link></para></listitem>
|
||||
<listitem><para><link xlink:href="https://www.meshcommander.com/meshcentral2">Old homepage) with documentation link</link></para></listitem>
|
||||
</itemizedlist>
|
||||
'';
|
||||
type = types.submodule {
|
||||
freeformType = configFormat.type;
|
||||
};
|
||||
example = {
|
||||
settings = {
|
||||
WANonly = true;
|
||||
Cert = "meshcentral.example.com";
|
||||
TlsOffload = "10.0.0.2,fd42::2";
|
||||
Port = 4430;
|
||||
};
|
||||
domains."".certUrl = "https://meshcentral.example.com/";
|
||||
};
|
||||
};
|
||||
};
|
||||
config = mkIf cfg.enable {
|
||||
services.meshcentral.settings.settings.autoBackup.backupPath = lib.mkDefault "/var/lib/meshcentral/backups";
|
||||
systemd.services.meshcentral = {
|
||||
wantedBy = ["multi-user.target"];
|
||||
serviceConfig = {
|
||||
ExecStart = "${cfg.package}/bin/meshcentral --datapath /var/lib/meshcentral --configfile ${configFile}";
|
||||
DynamicUser = true;
|
||||
StateDirectory = "meshcentral";
|
||||
CacheDirectory = "meshcentral";
|
||||
};
|
||||
};
|
||||
};
|
||||
meta.maintainers = [ maintainers.lheckemann ];
|
||||
}
|
36
pkgs/tools/admin/meshcentral/default.nix
Normal file
36
pkgs/tools/admin/meshcentral/default.nix
Normal file
|
@ -0,0 +1,36 @@
|
|||
{ lib, fetchpatch, fetchzip, yarn2nix-moretea, nodejs, jq, dos2unix }:
|
||||
yarn2nix-moretea.mkYarnPackage rec {
|
||||
version = "0.8.87";
|
||||
|
||||
src = fetchzip {
|
||||
url = "https://registry.npmjs.org/meshcentral/-/meshcentral-0.8.87.tgz";
|
||||
sha256 = "1jb65pvbld83mdjdb4f4z2brqsdh3b1mvnjdhbllcsn35m705cp5";
|
||||
};
|
||||
|
||||
packageJSON = ./package.json;
|
||||
yarnLock = ./yarn.lock;
|
||||
yarnNix = ./yarn.nix;
|
||||
|
||||
# Tarball has CRLF line endings. This makes patching difficult, so let's convert them.
|
||||
nativeBuildInputs = [ dos2unix ];
|
||||
prePatch = ''
|
||||
find . -name '*.js' -exec dos2unix {} +
|
||||
ln -snf meshcentral.js bin/meshcentral
|
||||
'';
|
||||
|
||||
preFixup = ''
|
||||
mkdir -p $out/bin
|
||||
chmod a+x $out/libexec/meshcentral/deps/meshcentral/meshcentral.js
|
||||
sed -i '1i#!${nodejs}/bin/node' $out/libexec/meshcentral/deps/meshcentral/meshcentral.js
|
||||
ln -s $out/libexec/meshcentral/deps/meshcentral/meshcentral.js $out/bin/meshcentral
|
||||
'';
|
||||
|
||||
publishBinsFor = [ ];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Computer management web app";
|
||||
homepage = "https://meshcentral.com/info/";
|
||||
maintainers = [ maintainers.lheckemann ];
|
||||
license = licenses.asl20;
|
||||
};
|
||||
}
|
123
pkgs/tools/admin/meshcentral/package.json
Normal file
123
pkgs/tools/admin/meshcentral/package.json
Normal file
|
@ -0,0 +1,123 @@
|
|||
{
|
||||
"name": "meshcentral",
|
||||
"version": "0.8.87",
|
||||
"keywords": [
|
||||
"Remote Device Management",
|
||||
"Remote Device Monitoring",
|
||||
"Remote Desktop",
|
||||
"Remote Terminal",
|
||||
"Remote File Access",
|
||||
"KVM",
|
||||
"2FA",
|
||||
"Two-Factor Authentication",
|
||||
"Intel Active Management Technology",
|
||||
"Intel AMT"
|
||||
],
|
||||
"homepage": "https://meshcentral.com",
|
||||
"description": "Web based remote computer management server",
|
||||
"author": "Ylian Saint-Hilaire <ylianst@gmail.com>",
|
||||
"main": "meshcentral.js",
|
||||
"bin": {
|
||||
"meshcentral": "bin/meshcentral"
|
||||
},
|
||||
"license": "Apache-2.0",
|
||||
"files": [
|
||||
"*.js",
|
||||
"amt",
|
||||
"bin",
|
||||
"views",
|
||||
"emails",
|
||||
"agents",
|
||||
"public",
|
||||
"translate",
|
||||
"readme.txt",
|
||||
"license.txt",
|
||||
"sample-config.json",
|
||||
"sample-config-advanced.json"
|
||||
],
|
||||
"dependencies": {
|
||||
"body-parser": "^1.19.0",
|
||||
"cbor": "~5.2.0",
|
||||
"compression": "^1.7.4",
|
||||
"cookie-session": "^2.0.0-beta.3",
|
||||
"express": "^4.17.0",
|
||||
"express-handlebars": "^3.1.0",
|
||||
"express-ws": "^4.0.0",
|
||||
"ipcheck": "^0.1.0",
|
||||
"minimist": "^1.2.0",
|
||||
"multiparty": "^4.2.1",
|
||||
"nedb": "^1.8.0",
|
||||
"node-forge": "^0.10.0",
|
||||
"ws": "^5.2.3",
|
||||
"xmldom": "^0.5.0",
|
||||
"yauzl": "^2.10.0"
|
||||
},
|
||||
"repository": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/Ylianst/MeshCentral.git"
|
||||
},
|
||||
"readme": "readme.txt",
|
||||
"optionalDependencies": {
|
||||
"passport": "*",
|
||||
"passport-twitter": "*",
|
||||
"passport-google-oauth20": "*",
|
||||
"passport-github2": "*",
|
||||
"passport-reddit": "*",
|
||||
"passport-azure-oauth2": "*",
|
||||
"jwt-simple": "*",
|
||||
"passport-saml": "*",
|
||||
"ws": "5.2.3",
|
||||
"cbor": "5.2.0",
|
||||
"nedb": "*",
|
||||
"https": "*",
|
||||
"yauzl": "*",
|
||||
"xmldom": "*",
|
||||
"ipcheck": "*",
|
||||
"express": "*",
|
||||
"archiver": "4.0.2",
|
||||
"multiparty": "*",
|
||||
"node-forge": "*",
|
||||
"express-ws": "4.0.0",
|
||||
"compression": "*",
|
||||
"body-parser": "*",
|
||||
"cookie-session": "*",
|
||||
"express-handlebars": "*",
|
||||
"node-windows": "*",
|
||||
"loadavg-windows": "*",
|
||||
"node-sspi": "*",
|
||||
"ldapauth-fork": "*",
|
||||
"node-rdpjs-2": "*",
|
||||
"ssh2": "*",
|
||||
"image-size": "*",
|
||||
"acme-client": "*",
|
||||
"aedes": "0.39.0",
|
||||
"mysql": "*",
|
||||
"@mysql/xdevapi": "*",
|
||||
"mongodb": "*",
|
||||
"saslprep": "*",
|
||||
"mariadb": "*",
|
||||
"node-vault": "*",
|
||||
"semver": "*",
|
||||
"https-proxy-agent": "*",
|
||||
"mongojs": "*",
|
||||
"nodemailer": "*",
|
||||
"@sendgrid/mail": "*",
|
||||
"jsdom": "*",
|
||||
"esprima": "*",
|
||||
"minify-js": "*",
|
||||
"html-minifier": "*",
|
||||
"archiver-zip-encrypted": "*",
|
||||
"googleapis": "*",
|
||||
"webdav": "*",
|
||||
"wildleek": "2.0.0",
|
||||
"yubikeyotp": "*",
|
||||
"otplib": "10.2.3",
|
||||
"twilio": "*",
|
||||
"plivo": "*",
|
||||
"web-push": "*",
|
||||
"node-xcs": "*",
|
||||
"modern-syslog": "*",
|
||||
"syslog": "*",
|
||||
"heapdump": "*"
|
||||
}
|
||||
}
|
50
pkgs/tools/admin/meshcentral/update.sh
Executable file
50
pkgs/tools/admin/meshcentral/update.sh
Executable file
|
@ -0,0 +1,50 @@
|
|||
#!/usr/bin/env nix-shell
|
||||
#! nix-shell -i bash -p nodejs yarn yarn2nix jq rsync common-updater-scripts moreutils
|
||||
|
||||
set -exuo pipefail
|
||||
|
||||
expr_dir=$(cd "$(dirname "$0")"; pwd)
|
||||
tmp=$(mktemp -dt update-meshcentral.XXXXXX)
|
||||
|
||||
npm show --json meshcentral > "$tmp/npm.json"
|
||||
version=$(<"$tmp/npm.json" jq -r .version)
|
||||
tarball=$(<"$tmp/npm.json" jq -r .dist.tarball)
|
||||
|
||||
prefetch=$(nix-prefetch-url --unpack --print-path "$tarball" | tr '\n' ' ')
|
||||
read -r hash storePath <<<"$prefetch"
|
||||
cd "$tmp"
|
||||
rsync -r --chmod=u=rwX "$storePath/" package/
|
||||
cd package
|
||||
|
||||
# Very crude way of discovering optional dependencies. These are
|
||||
# fetched at runtime by stock upstream, but we don't allow that kind
|
||||
# of thing in nix :)
|
||||
awk <meshcentral.js "
|
||||
BEGIN { RS=\"[\n;]\" }
|
||||
match(\$0, /(modules|passport) = (\[.*\])$/, a) { print a[2] }
|
||||
match(\$0, /(modules|passport).push\(('[^']+')\)/, a) { print a[2] }
|
||||
" |
|
||||
tr \' \" |
|
||||
jq --slurp '[if type == "array" then .[] else . end] | flatten' |
|
||||
# And an equally crude way of adding them to package.json. We
|
||||
# can't use yarn add here, because that will blow up on
|
||||
# dependencies which don't support the current platform. Even with
|
||||
# --optional.
|
||||
jq --slurpfile package package.json \
|
||||
'(. | map(. | capture("(?<name>@?[^@]+)(@(?<version>.+))?") | { key: .name, value: (.version // "*")}) | from_entries) as $optionalDependencies | $package | .[] | .optionalDependencies |= . + $optionalDependencies' |
|
||||
sponge package.json
|
||||
|
||||
# Fetch all the optional dependencies, so we have them available in
|
||||
# yarn.lock/yarn.nix
|
||||
yarn install --ignore-scripts
|
||||
|
||||
cp package.json "$expr_dir"
|
||||
cp yarn.lock "$expr_dir/yarn.lock"
|
||||
yarn2nix > "$expr_dir/yarn.nix"
|
||||
|
||||
cd "$expr_dir/../../../.."
|
||||
update-source-version meshcentral "$version" "$hash" "$tarball"
|
||||
|
||||
# Only clean up if everything worked
|
||||
cd /
|
||||
rm -rf "$tmp"
|
7351
pkgs/tools/admin/meshcentral/yarn.lock
Normal file
7351
pkgs/tools/admin/meshcentral/yarn.lock
Normal file
File diff suppressed because it is too large
Load diff
8005
pkgs/tools/admin/meshcentral/yarn.nix
Normal file
8005
pkgs/tools/admin/meshcentral/yarn.nix
Normal file
File diff suppressed because it is too large
Load diff
|
@ -25740,6 +25740,8 @@ in
|
|||
|
||||
merkaartor = libsForQt5.callPackage ../applications/misc/merkaartor { };
|
||||
|
||||
meshcentral = callPackage ../tools/admin/meshcentral { };
|
||||
|
||||
meshlab = libsForQt5.callPackage ../applications/graphics/meshlab { };
|
||||
|
||||
metadata-cleaner = callPackage ../applications/misc/metadata-cleaner { };
|
||||
|
|
Loading…
Reference in a new issue