summaryrefslogtreecommitdiff
path: root/net-vpn/derper
diff options
context:
space:
mode:
Diffstat (limited to 'net-vpn/derper')
-rw-r--r--net-vpn/derper/Manifest9
-rw-r--r--net-vpn/derper/derper-1.80.3.ebuild64
-rw-r--r--net-vpn/derper/files/derper-pre.sh59
-rw-r--r--net-vpn/derper/files/derper.defaults48
-rw-r--r--net-vpn/derper/files/derper.initd34
-rw-r--r--net-vpn/derper/files/derper.service15
-rw-r--r--net-vpn/derper/files/derper.service.conf3
-rw-r--r--net-vpn/derper/metadata.xml11
8 files changed, 243 insertions, 0 deletions
diff --git a/net-vpn/derper/Manifest b/net-vpn/derper/Manifest
new file mode 100644
index 000000000000..3c51a3541e42
--- /dev/null
+++ b/net-vpn/derper/Manifest
@@ -0,0 +1,9 @@
+AUX derper-pre.sh 1269 BLAKE2B 86100763fefaf3c8f2430ba27851fd481c906f57b11e6302fc988be436cc6d672f2266bd29ccafc149360b4e8af669b086dadf8fae27f99b36044dfda4af8dac SHA512 f1f597222407eb93f5680865205985ef6b4b666ad7ce352f389446f399a41b8eb215ee56a9391262647b4118cbd378f34bdf8684560a7cb193827015aa518b9c
+AUX derper.defaults 1420 BLAKE2B 4dbfc96d2a7d510edbed97892b4549d288d85077d8e2b65d4afe79f2381d442ccb71a2b4b76904de6d98298bb4a8a8088869604968bc018579b184b1b86fb4be SHA512 bd0a868cdf48ce114175c72df1c815b0866e8155a9599ca48f33329262b579f1a9425af661db79aefcf2bfdf01971af91c8de5febd9e5b24d403b45e2d41e0c5
+AUX derper.initd 767 BLAKE2B 5bcefb21b354265a31f70f37151d1eda68c9f73aa568124a24954d55e3daff7e6c3f3b0ea2a20ded819975c9c2b223600507e751214cba9f9465d67f7ea571ca SHA512 711474f4d980f45550924b38be900945de60643f97dd247191e00ba5c47b19d816cba201b57a0b53b3f92229dde5764266b919471b0be82a14b2c6f916ae5fcb
+AUX derper.service 547 BLAKE2B ed431d7256279f2a8affc1c6faff483d93ddababd7a16233edbf475b1de0a9f56bb1c2acbd65c427bebbed9d834b2919d0c59211cd5b10a0f25d780d83d547ff SHA512 e7a7f03a4810626c4d1b03191fc03b3e1625e9896dedf3538419beb1a9b41db43973be69d197802ab83354701ab27bd450a12241fb3a88da57f6deddfb75b420
+AUX derper.service.conf 35 BLAKE2B 36f1b3354a1e7782e2ed0a79a55c26673621503cd39646a80b74c7127d3db9d2c8ce7f64e9d61ebb6dd84dbdda3683e4f6a03b74454f14865ed3395cec4c57e5 SHA512 90e0c91749d8c8f29735895cf6451a7774fbbb20c80eb346e1297a5d4bc6a9ca8093628c5b7ea5773cb01bb7d1a9012fc7081414f70f05998ec918e1905beb05
+DIST tailscale-1.80.3-deps.tar.xz 259571740 BLAKE2B 5e9c3cd9d57f416acd008a910760fcf130b32f9d81935c5c7f32822d37cd703ba07f58720bae0c67cbf85a87e93f06002edbce13efd7376eaf40bcd68fb38ba1 SHA512 f8484e9bb3329891b46282ef7e2879bf73cd3485925729ed319e76f1aca32946a56519fffaf644d504b1df4ec01ab8ee7a7a6cb30d3126b20ee5506fe65cf51a
+DIST tailscale-1.80.3.tar.gz 3528273 BLAKE2B 3f9450a24a370146dc0e32f715ffa4eba8e6a7b31c65f20b1e9b40f4bf45fb1f0f27392d2c36870fa2bf2984fb556d72347057a010f18bda2d649242d058b5b2 SHA512 2553642e9ec8adf7754cf869ec986399de22af01b66c1a4d20bff3c1305f62e175e39e70eb2a6e9723e8352421d9ad6590bbcfa42e78a4c88838bd8bb8aa6e80
+EBUILD derper-1.80.3.ebuild 1578 BLAKE2B b98307a1dca773cc44f475a37d33c1503c98d56bc3cefb1289d06244ef91f18c3c75ae0d7d33ce0c2b0356aca05b2b2bc88ab7cf62e8715cdefc315c6bf24ee5 SHA512 cbc727caf72a2a559b34a7ac600a88d6bd0a0c50bc5397386e8ad917e896ed5e33bb84ba47157ba2735c895cdebba67fe22d1b49fa7751538e31542b4e8de004
+MISC metadata.xml 325 BLAKE2B 8fc538ce81a3dcb0eed84d6b4c1706cec2bd69844a925f5ba1606518a4893a341a13d61873e5d54a348bbd4f7205363d6589fd3cabd0205bbab67777d58dacba SHA512 4e0becbc73ce5182776d3459bf9ffba3568b1f6443055731ce657d97efafa124114cf2858a9e153d121e8d067e58cca51ce0eec4624c5b27720af8769c32e2a2
diff --git a/net-vpn/derper/derper-1.80.3.ebuild b/net-vpn/derper/derper-1.80.3.ebuild
new file mode 100644
index 000000000000..7251c2aa7855
--- /dev/null
+++ b/net-vpn/derper/derper-1.80.3.ebuild
@@ -0,0 +1,64 @@
+# Copyright 2020-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+inherit go-module linux-info systemd
+
+# share same source with net-vpn/tailscale
+VERSION_MINOR="80"
+VERSION_SHORT="1.80.3"
+VERSION_LONG="1.80.3-tbd762b827"
+VERSION_GIT_HASH="bd762b8274a957fe11c4416c6278ba0682124931"
+
+MY_P="tailscale-${PV}"
+DESCRIPTION="DERP server for tailscale network"
+HOMEPAGE="https://tailscale.com"
+SRC_URI="https://github.com/tailscale/tailscale/archive/v${PV}.tar.gz -> ${MY_P}.tar.gz"
+SRC_URI+=" https://dev.gentoo.org/~williamh/dist/${MY_P}-deps.tar.xz"
+S="${WORKDIR}/${MY_P}"
+
+LICENSE="MIT"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86"
+
+CONFIG_CHECK="~TUN"
+
+BDEPEND="
+ acct-group/derper
+ acct-user/derper
+ >=dev-lang/go-1.22
+"
+
+RESTRICT="test"
+
+# This translates the build command from upstream's build_dist.sh to an
+# ebuild equivalent.
+build_dist() {
+ ego build -tags xversion -ldflags "
+ -X tailscale.com/version.longStamp=${VERSION_LONG}
+ -X tailscale.com/version.shortStamp=${VERSION_SHORT}
+ -X tailscale.com/version.gitCommitStamp=${VERSION_GIT_HASH}" "$@"
+}
+
+src_compile() {
+ build_dist ./cmd/derper
+ build_dist ./cmd/derpprobe
+}
+
+src_install() {
+ dobin derper
+ dobin derpprobe
+
+ insinto /etc/default
+ newins "${FILESDIR}"/derper.defaults derper
+ systemd_dounit "${FILESDIR}"/derper.service
+ systemd_install_serviced "${FILESDIR}"/derper.service.conf derper
+
+ newinitd "${FILESDIR}"/derper.initd derper
+
+ keepdir /var/lib/${PN}
+ fperms 0750 /var/lib/${PN}
+
+ exeinto /usr/libexec
+ doexe "${FILESDIR}"/derper-pre.sh
+}
diff --git a/net-vpn/derper/files/derper-pre.sh b/net-vpn/derper/files/derper-pre.sh
new file mode 100644
index 000000000000..ba5b224109be
--- /dev/null
+++ b/net-vpn/derper/files/derper-pre.sh
@@ -0,0 +1,59 @@
+#!/usr/bin/env bash
+#
+
+set -e
+
+. /etc/default/derper
+
+if [[ -z ${DERPER_USER} ]]; then
+ echo "DERPER_USER is not set via /etc/default/derper" >&2
+ exit 1
+fi
+
+if [[ -z ${CERTDIR} ]]; then
+ eval "CERTDIR=~${_user}/.cache/tailscale/derper-certs"
+ echo "CERTDIR is not set, fallback to default '${CERTDIR}' directory" >&2
+fi
+
+if [[ ! -e ${CERTDIR} ]]; then
+ mkdir -m 750 -p ${CERTDIR}
+ chown ${DERPER_USER}${DERPER_GROUP:+:}${DERPER_GROUP} ${CERTDIR}
+fi
+
+# according to: https://github.com/tailscale/tailscale/blob/651e0d8aad1e97df71ac09ee25274377995133dd/cmd/derper/cert.go#L63
+parse_hostname() {
+ local hn="${1}"
+ while [[ ${hn} =~ (.*)[^a-zA-Z0-9\.-]+(.*) ]]; do
+ hn=${BASH_REMATCH[1]}${BASH_REMATCH[2]}
+ done
+ echo -n ${hn}
+}
+
+cp_cert() {
+ local suffix=".crt" mode=640 var="CERTFILE"
+ if [[ ${FUNCNAME[1]} == cp_key ]]; then
+ suffix=".key"
+ mode=600
+ var="KEYFILE"
+ fi
+
+ if [[ -z ${HOSTNAME} ]]; then
+ echo "${var} is set while HOSTNAME is not, ignore ${var}" >&2
+ else
+ local file="${CERTDIR%/}/$(parse_hostname ${HOSTNAME})${suffix}"
+ cp -f -L ${!var} ${file}
+ chown ${DERPER_USER}${DERPER_GROUP:+:}${DERPER_GROUP} ${file}
+ chmod ${mode} ${file}
+ fi
+}
+
+cp_key() {
+ cp_cert
+}
+
+if [[ -n ${CERTFILE} ]]; then
+ cp_cert
+fi
+if [[ -n ${KEYFILE} ]]; then
+ cp_key
+fi
diff --git a/net-vpn/derper/files/derper.defaults b/net-vpn/derper/files/derper.defaults
new file mode 100644
index 000000000000..98fed53cf4a0
--- /dev/null
+++ b/net-vpn/derper/files/derper.defaults
@@ -0,0 +1,48 @@
+# executing user
+DERPER_USER=derper
+
+# executing group
+DERPER_GROUP=derper
+
+# Home dir for derper
+HOMEDIR=/var/lib/derper
+
+# server HTTPS listen address, in form ":port", "ip:port", or for IPv6 "[ip]:port".
+# If the IP is omitted, it defaults to all interfaces.
+# If you want to listen to 443 or other well-known port
+# you should set the executing user to the 'root'
+ADDR=":9781"
+
+# The port on which to serve HTTP.
+# -1 means disabled
+HTTP_PORT="-1"
+
+# servername for TLS cert
+HOSTNAME="derp.example.com"
+
+# mode for getting a cert.
+# If you want to change to the 'letsencrypt' mode,
+# the DERP server should be listened on 443 port, and
+# the http port 80 should be listened also at the first time
+CERTMODE="manual"
+# cert dir
+# when in the 'manual' mode, the default cert file and private key
+# will be read via path:
+# CERTDIR/HOSTNAME.crt
+# CERTDIR/HOSTNAME.key
+# and all non [a-zA-Z0-9\.-] characters will be removed
+# from the HOSTNAME
+CERTDIR="/var/lib/derper/certs"
+# The custom cert and key file path,
+# simplify the certificate deployment process in manual mode,
+# the two files will overwrite the default cert and key files
+# everytime when derper service starts.
+#CERTFILE=
+#KEYFILE=
+
+# extra arguments passed to the derper
+# run derper --help to get help
+# -verify-clients
+# verify clients to this DERP server through a local tailscaled instance.
+FLAGS="-verify-clients"
+
diff --git a/net-vpn/derper/files/derper.initd b/net-vpn/derper/files/derper.initd
new file mode 100644
index 000000000000..ef76ad085ed0
--- /dev/null
+++ b/net-vpn/derper/files/derper.initd
@@ -0,0 +1,34 @@
+#!/sbin/openrc-run
+# Copyright 2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+. /etc/default/derper
+
+name="derper"
+description="Tailscale DERP server"
+command="/usr/bin/derper"
+command_args=" \
+ -certdir ${CERTDIR} \
+ -certmode ${CERTMODE} \
+ -hostname ${HOSTNAME} \
+ -a ${ADDR} \
+ -http-port ${HTTP_PORT} \
+ -c '${HOMEDIR}'/derper.key \
+ ${FLAGS}
+"
+command_user="${DERPER_USER}:${DERPER_GROUP}"
+command_background=true
+pidfile="/run/derper.pid"
+directory="${HOMEDIR}"
+output_log="/var/log/derper/derper.log"
+error_log="/var/log/derper/derper.error"
+
+depend() {
+ need net
+}
+
+start_pre() {
+ checkpath -d -m 700 -o ${command_user} /var/log/derper
+ checkpath -d -m 750 -o ${command_user} ${HOMEDIR}
+ /usr/libexec/derper-pre.sh
+}
diff --git a/net-vpn/derper/files/derper.service b/net-vpn/derper/files/derper.service
new file mode 100644
index 000000000000..44c093af85a5
--- /dev/null
+++ b/net-vpn/derper/files/derper.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=Tailscale DERP server
+Documentation=https://tailscale.com/kb/1118/custom-derp-servers
+Wants=network-pre.target
+After=network-pre.target NetworkManager.service systemd-resolved.service
+
+[Service]
+EnvironmentFile=/etc/default/derper
+ExecStartPre=+/usr/libexec/derper-pre.sh
+ExecStart=/usr/sbin/derper -certdir ${CERTDIR} -certmode ${CERTMODE} -hostname ${HOSTNAME} -a ${ADDR} -http-port ${HTTP_PORT} -c "${HOMEDIR}"/derper.key ${FLAGS}
+ReadWritePaths=${HOMEDIR} ${CERTDIR}
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
diff --git a/net-vpn/derper/files/derper.service.conf b/net-vpn/derper/files/derper.service.conf
new file mode 100644
index 000000000000..0640c936cca6
--- /dev/null
+++ b/net-vpn/derper/files/derper.service.conf
@@ -0,0 +1,3 @@
+[Service]
+User=derper
+Group=derper
diff --git a/net-vpn/derper/metadata.xml b/net-vpn/derper/metadata.xml
new file mode 100644
index 000000000000..8799a931f9d4
--- /dev/null
+++ b/net-vpn/derper/metadata.xml
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer type="person">
+ <email>dlan@gentoo.org</email>
+ <name>Yixun Lan</name>
+ </maintainer>
+ <upstream>
+ <remote-id type="github">tailscale/tailscale</remote-id>
+ </upstream>
+</pkgmetadata>
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-28 19:02:57 +0000