dragnpkgs/modules/ghidra-server/default.nix

93 lines
3.6 KiB
Nix
Raw Normal View History

2024-04-07 22:14:00 +00:00
{ config, lib, pkgs, ... }:
with lib;
2024-04-09 20:38:40 +00:00
let
cfg = config.services.ghidra-server;
2024-04-09 20:51:29 +00:00
adminCli = pkgs.callPackage ./cli.nix {
2024-04-09 20:38:40 +00:00
inherit (cfg) package jdkPackage directory;
};
in {
2024-04-07 22:14:00 +00:00
options.services.ghidra-server = {
enable = mkEnableOption "ghidra-server";
enableAdminCli = mkEnableOption "ghidra-svrAdmin" // { default = true; };
2024-04-10 16:29:18 +00:00
package = mkPackageOption pkgs "ghidra_headless" { };
jdkPackage = mkPackageOption pkgs "openjdk21_headless" { };
2024-04-07 22:14:00 +00:00
host = mkOption {
default = null;
defaultText = literalExpression "null";
example = literalExpression "\"myserver.lol\"";
description = "Ghidra server hostname or IP.";
type = types.str;
};
basePort = mkOption {
default = 13100;
2024-04-15 23:34:36 +00:00
description = "Ghidra server base port - the server will use 3 consecutive TCP ports starting from the provided port number.";
2024-04-07 22:14:00 +00:00
type = types.port;
};
directory = mkOption {
2024-04-23 19:22:28 +00:00
default = "ghidra-server";
description = ''
Directory for Ghidra server data, under `/var/lib` (for systemd `StateDirectory`)
'';
2024-04-07 22:14:00 +00:00
type = types.str;
};
user = mkOption {
type = types.str;
default = "ghidra";
2024-04-15 23:34:36 +00:00
description = "User account under which ghidra server runs.";
2024-04-07 22:14:00 +00:00
};
group = mkOption {
type = types.str;
default = "ghidra";
2024-04-15 23:34:36 +00:00
description = "Group account under which ghidra server runs.";
2024-04-07 22:14:00 +00:00
};
};
config = mkIf cfg.enable {
users.users."${cfg.user}" = {
isSystemUser = true;
2024-04-23 19:30:21 +00:00
home = "/var/lib/${cfg.directory}";
2024-04-15 22:08:20 +00:00
inherit (cfg) group;
2024-04-07 22:14:00 +00:00
packages = [ cfg.package cfg.jdkPackage ];
};
users.groups."${cfg.group}" = {};
systemd.services."ghidra-server" =
let
ghidra_log4j_config = ./custom.log4j.xml;
ghidra_java_opt = "-Dlog4j.configurationFile=${ghidra_log4j_config} -Djava.net.preferIPv4Stack=true -Djava.io.tmpdir=/tmp -Djna.tmpdir=/tmp -Dghidra.tls.server.protocols=TLSv1.2;TLSv1.3 -Ddb.buffers.DataBuffer.compressedOutput=true -Xms396m -Xmx768m";
ghidra_home = "${cfg.package}/lib/ghidra";
ghidra_classpath = with builtins; let
input = lib.readFile "${ghidra_home}/Ghidra/Features/GhidraServer/data/classpath.frag";
inputSplit = split "[^\n]*ghidra_home.([^\n]*)\n" input;
paths = map head (filter isList inputSplit);
in ghidra_home + (concatStringsSep (":" + ghidra_home) paths);
ghidra_mainclass = "ghidra.server.remote.GhidraServer";
2024-04-23 19:30:21 +00:00
ghidra_args = "-a0 -u -p${toString cfg.basePort} -ip ${cfg.host} /var/lib/${cfg.directory}/repositories";
2024-04-07 22:14:00 +00:00
in {
description = "Ghidra server";
after = ["network.target"];
serviceConfig = {
ExecStart = "${cfg.jdkPackage}/bin/java ${ghidra_java_opt} -classpath ${ghidra_classpath} ${ghidra_mainclass} ${ghidra_args}";
2024-04-23 19:30:21 +00:00
WorkingDirectory = "/var/lib/${cfg.directory}";
2024-04-07 22:14:00 +00:00
Environment = "GHIDRA_HOME=${ghidra_home}";
User = cfg.user;
Group = cfg.group;
SuccessExitStatus = 143;
# use StateDirectory to create home dir and additional needed dirs with overridden
# permissions when the unit starts
# this is needed because we'd like the group (ghidra) to have write access to the
# directories here, particularly ~admin
StateDirectory = "${cfg.directory} ${cfg.directory}/repositories ${cfg.directory}/repositories/~admin";
StateDirectoryMode = "0770";
2024-04-07 22:14:00 +00:00
PrivateTmp = true;
NoNewPrivileges = true;
};
wantedBy = ["multi-user.target"];
};
2024-04-09 20:38:40 +00:00
environment.systemPackages = optionals cfg.enableAdminCli [ adminCli ];
2024-04-07 22:14:00 +00:00
};
}