Izorkin
/
selfprivacy-nixos-config
forked from SelfPrivacy/selfprivacy-nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

pkgs: init libmodsecurity at v3.0.6

nginx-add-modsecurity
Izorkin 2021-12-18 22:11:24 +02:00
parent 36e7cb8c5e
commit ced421eff4
4 changed files with 81 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
configuration.nix
View File

@ -9,6 +9,7 @@ in
./generic/api/api.nix
./generic/modules/api.nix
./generic/modules/userdata.nix
./generic/overlays/default.nix
./generic/services/backup/restic.nix
./generic/services/cloud/nextcloud.nix
./generic/services/git/gitea.nix

6
generic/overlays/default.nix Normal file
View File

@ -0,0 +1,6 @@
{ lib, pkgs, ... }:
{
nixpkgs.config.packageOverrides = pkgs: rec {
spdev = import ./../pkgs { inherit pkgs; };
};
}

4
generic/pkgs/default.nix Normal file
View File

@ -0,0 +1,4 @@
{ pkgs ? import <nixpkgs> { } }:
rec {
libmodsecurity = pkgs.callPackage ./libmodsecurity { };
}

70
generic/pkgs/libmodsecurity/default.nix Normal file
View File

@ -0,0 +1,70 @@
{ lib, stdenv, fetchFromGitHub
, autoreconfHook, bison, flex, pkg-config
, curl, geoip, libmaxminddb, libxml2, lmdb, lua, pcre
, ssdeep, valgrind, yajl
}:
stdenv.mkDerivation rec {
pname = "libmodsecurity";
version = "3.0.6";
src = fetchFromGitHub {
owner = "SpiderLabs";
repo = "ModSecurity";
rev = "v${version}";
sha256 = "sha256-V+NBT2YN8qO3Px8zEzSA2ZsjSf1pv8+VlLxYlrpqfGg=";
fetchSubmodules = true;
};
nativeBuildInputs = [ autoreconfHook bison flex pkg-config ];
buildInputs = [ curl geoip libmaxminddb libxml2 lmdb lua pcre ssdeep valgrind yajl ];
outputs = [ "out" "dev" ];
configureFlags = [
"--enable-parser-generation"
"--with-curl=${curl.dev}"
"--with-libxml=${libxml2.dev}"
"--with-lmdb=${lmdb.out}"
"--with-maxmind=${libmaxminddb}"
"--with-pcre=${pcre.dev}"
"--with-ssdeep=${ssdeep}"
];
postPatch = ''
substituteInPlace build/lmdb.m4 \
--replace "\''${path}/include/lmdb.h" "${lmdb.dev}/include/lmdb.h" \
--replace "lmdb_inc_path=\"\''${path}/include\"" "lmdb_inc_path=\"${lmdb.dev}/include\""
substituteInPlace build/ssdeep.m4 \
--replace "/usr/local/libfuzzy" "${ssdeep}/lib" \
--replace "\''${path}/include/fuzzy.h" "${ssdeep}/include/fuzzy.h" \
--replace "ssdeep_inc_path=\"\''${path}/include\"" "ssdeep_inc_path=\"${ssdeep}/include\""
substituteInPlace modsecurity.conf-recommended \
--replace "SecUnicodeMapFile unicode.mapping 20127" "SecUnicodeMapFile $out/share/modsecurity/unicode.mapping 20127"
'';
postInstall = ''
mkdir -p $out/share/modsecurity
cp ${src}/{AUTHORS,CHANGES,LICENSE,README.md,modsecurity.conf-recommended,unicode.mapping} $out/share/modsecurity
'';
enableParallelBuilding = true;
meta = with lib; {
homepage = "https://github.com/SpiderLabs/ModSecurity";
description = ''
ModSecurity v3 library component.
'';
longDescription = ''
Libmodsecurity is one component of the ModSecurity v3 project. The
library codebase serves as an interface to ModSecurity Connectors taking
in web traffic and applying traditional ModSecurity processing. In
general, it provides the capability to load/interpret rules written in
the ModSecurity SecRules format and apply them to HTTP content provided
by your application via Connectors.
'';
license = licenses.asl20;
platforms = platforms.all;
maintainers = with maintainers; [ izorkin ];
};
}