wg-netmanager: init at 0.3.6 (#155149)

Co-authored-by: Sandro <sandro.jaeckel@gmail.com>

maintainers/maintainer-list.nix

@@ -4396,6 +4396,12 @@
     githubId = 27668;
     name = "Tobias Pflug";
   };
+  gin66 = {
+    email = "jochen@kiemes.de";
+    github = "gin66";
+    githubId = 5549373;
+    name = "Jochen Kiemes";
+  };
   giogadi = {
     email = "lgtorres42@gmail.com";
     github = "giogadi";

nixos/modules/module-list.nix

@@ -914,6 +914,7 @@
   ./services/networking/vsftpd.nix
   ./services/networking/wasabibackend.nix
   ./services/networking/websockify.nix
+  ./services/networking/wg-netmanager.nix
   ./services/networking/wg-quick.nix
   ./services/networking/wireguard.nix
   ./services/networking/wpa_supplicant.nix

nixos/modules/services/networking/wg-netmanager.nix

@@ -0,0 +1,42 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.services.wg-netmanager;
+in
+{
+
+  options = {
+    services.wg-netmanager = {
+      enable = mkEnableOption "Wireguard network manager";
+    };
+  };
+
+  ###### implementation
+  config = mkIf cfg.enable {
+    # NOTE: wg-netmanager runs as root
+    systemd.services.wg-netmanager = {
+      description = "Wireguard network manager";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
+      path = with pkgs; [ wireguard-tools iproute2 wireguard-go ];
+      serviceConfig = {
+        Type = "simple";
+        Restart = "on-failure";
+        ExecStart = "${pkgs.wg-netmanager}/bin/wg_netmanager";
+        ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
+        ExecStop = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
+
+        ReadWritePaths = [
+          "/tmp"  # wg-netmanager creates files in /tmp before deleting them after use
+        ];
+      };
+      unitConfig =  {
+        ConditionPathExists = ["/etc/wg_netmanager/network.yaml" "/etc/wg_netmanager/peer.yaml"];
+      };
+    };
+  };
+
+  meta.maintainers = with maintainers; [ gin66 ];
+}

pkgs/tools/networking/wg-netmanager/default.nix

@@ -0,0 +1,30 @@
+{ lib, stdenv, fetchFromGitHub, rustPlatform, darwin, wireguard-go, Security }:
+
+rustPlatform.buildRustPackage rec {
+  pname = "wg-netmanager";
+  version = "0.4.1";
+
+  src = fetchFromGitHub {
+    owner = "gin66";
+    repo = "wg_netmanager";
+    rev = "wg_netmanager-v${version}";
+    sha256 = "AAtSSBz2zGLIEpcEMbe1mfYZikiaYEI+6KeSL5n54PE=";
+  };
+
+  cargoSha256 = "17k83QkQDq5uRCRADRLD2Q7pv7yES20lpms/N/UK+BM=";
+
+  buildInputs = lib.optional stdenv.isDarwin Security;
+
+  # Test 01 tries to create a wireguard interface, which requires sudo.
+  doCheck = true;
+  checkFlags = "--skip device";
+
+  meta = with lib; {
+    description = "Wireguard network manager";
+    longDescription = "Wireguard network manager, written in rust, simplifies the setup of wireguard nodes, identifies short connections between nodes residing in the same subnet, identifies unreachable aka dead nodes and maintains the routes between all nodes automatically. To achieve this, wireguard network manager needs to be running on each node.";
+    homepage = "https://github.com/gin66/wg_netmanager";
+    license = with licenses; [ mit asl20 bsd3 mpl20 ];
+    maintainers = with maintainers; [ gin66 ];
+    platforms = platforms.linux;
+  };
+}

pkgs/top-level/all-packages.nix

@@ -10937,6 +10937,10 @@ with pkgs;
 
   wg-friendly-peer-names = callPackage ../tools/networking/wg-friendly-peer-names { };
 
+  wg-netmanager = callPackage ../tools/networking/wg-netmanager {
+    inherit (darwin.apple_sdk.frameworks) Security;
+  };
+
   woff2 = callPackage ../development/web/woff2 { };
 
   woof = callPackage ../tools/misc/woof { };