From d76e1e352cef1ad7337f9f4b15d5ea4665ab7a32 Mon Sep 17 00:00:00 2001
From: Martin Milata <martin@martinmilata.cz>
Date: Tue, 19 May 2020 00:06:13 +0200
Subject: [PATCH 1/5] openconnect: 8.05 -> 8.10

Also update vpnc script.

Fixes:
- https://nvd.nist.gov/vuln/detail/CVE-2019-16239
- https://nvd.nist.gov/vuln/detail/CVE-2020-12105
- https://nvd.nist.gov/vuln/detail/CVE-2020-12823
---
 pkgs/tools/networking/openconnect/default.nix | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/pkgs/tools/networking/openconnect/default.nix b/pkgs/tools/networking/openconnect/default.nix
index 101346d31b1e..11f9fdc0fd8c 100644
--- a/pkgs/tools/networking/openconnect/default.nix
+++ b/pkgs/tools/networking/openconnect/default.nix
@@ -4,19 +4,19 @@ assert (openssl != null) == (gnutls == null);
 
 let vpnc = fetchgit {
   url = "git://git.infradead.org/users/dwmw2/vpnc-scripts.git";
-  rev = "c84fb8e5a523a647a01a1229a9104db934e19f00";
-  sha256 = "01xdclx0y3x66mpbdr77n4ilapwzjz475h32q88ml9gnq6phjxrs";
+  rev = "c0122e891f7e033f35f047dad963702199d5cb9e";
+  sha256 = "11b1ls012mb704jphqxjmqrfbbhkdjb64j2q4k8wb5jmja8jnd14";
 };
 
 in stdenv.mkDerivation rec {
   pname = "openconnect";
-  version = "8.05";
+  version = "8.10";
 
   src = fetchurl {
     urls = [
       "ftp://ftp.infradead.org/pub/openconnect/${pname}-${version}.tar.gz"
     ];
-    sha256 = "14i9q727c2zc9xhzp1a9hz3gzb5lwgsslbhircm84dnbs192jp1k";
+    sha256 = "1cdsx4nsrwawbsisfkldfc9i4qn60g03vxb13nzppr2br9p4rrih";
   };
 
   outputs = [ "out" "dev" ];

From e04964d52822e2472cab3be61aa91f2be5befa24 Mon Sep 17 00:00:00 2001
From: Marek Mahut <marek.mahut@gmail.com>
Date: Sun, 24 May 2020 20:38:54 +0200
Subject: [PATCH 2/5] ergo: init at 3.2.4

---
 .../applications/blockchains/ergo/default.nix | 27 +++++++++++++++++++
 pkgs/top-level/all-packages.nix               |  2 ++
 2 files changed, 29 insertions(+)
 create mode 100644 pkgs/applications/blockchains/ergo/default.nix

diff --git a/pkgs/applications/blockchains/ergo/default.nix b/pkgs/applications/blockchains/ergo/default.nix
new file mode 100644
index 000000000000..4a5d51613266
--- /dev/null
+++ b/pkgs/applications/blockchains/ergo/default.nix
@@ -0,0 +1,27 @@
+{ stdenv, fetchurl, makeWrapper, jre }:
+
+stdenv.mkDerivation rec {
+  pname = "ergo";
+  version = "3.2.4";
+
+  src = fetchurl {
+    url = "https://github.com/ergoplatform/ergo/releases/download/v${version}/ergo-${version}.jar";
+    sha256 = "1xk52b5davd7mz2l35d8vhgff5l8kw6ba0gbnwzkxc8nxmvvsp8b";
+  };
+
+  nativeBuildInputs = [ makeWrapper ];
+
+  dontUnpack = true;
+
+  installPhase = ''
+    makeWrapper ${jre}/bin/java $out/bin/ergo --add-flags "-jar $src"
+  '';
+
+  meta = with stdenv.lib; {
+    description = "Open protocol that implements modern scientific ideas in the blockchain area";
+    homepage    = "https://ergoplatform.org/en/";
+    license     = licenses.cc0;
+    platforms   = platforms.all;
+    maintainers = with maintainers; [ mmahut ];
+  };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 1da0e2df115b..bcaa5c14f1fc 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -23206,6 +23206,8 @@ in
   dogecoin  = callPackage ../applications/blockchains/dogecoin.nix { boost = boost165; withGui = true; };
   dogecoind = callPackage ../applications/blockchains/dogecoin.nix { boost = boost165; withGui = false; };
 
+  ergo = callPackage ../applications/blockchains/ergo { };
+
   exodus = callPackage ../applications/blockchains/exodus { };
 
   freicoin = callPackage ../applications/blockchains/freicoin.nix { boost = boost155; };

From fdc48e5c7eecc804ca47e275f9e2f9cfd490e285 Mon Sep 17 00:00:00 2001
From: Marek Mahut <marek.mahut@gmail.com>
Date: Sun, 24 May 2020 20:39:10 +0200
Subject: [PATCH 3/5] nixos/ergo: init

---
 nixos/modules/module-list.nix              |   1 +
 nixos/modules/services/networking/ergo.nix | 141 +++++++++++++++++++++
 2 files changed, 142 insertions(+)
 create mode 100644 nixos/modules/services/networking/ergo.nix

diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index 89677970dd9a..aac2e81b103b 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -605,6 +605,7 @@
   ./services/networking/dnsmasq.nix
   ./services/networking/ejabberd.nix
   ./services/networking/epmd.nix
+  ./services/networking/ergo.nix
   ./services/networking/eternal-terminal.nix
   ./services/networking/fakeroute.nix
   ./services/networking/ferm.nix
diff --git a/nixos/modules/services/networking/ergo.nix b/nixos/modules/services/networking/ergo.nix
new file mode 100644
index 000000000000..c52de30dc361
--- /dev/null
+++ b/nixos/modules/services/networking/ergo.nix
@@ -0,0 +1,141 @@
+{ config, lib, pkgs, ... }:
+
+let
+  cfg = config.services.ergo;
+
+  inherit (lib) mkEnableOption mkIf mkOption optionalString types;
+
+  configFile = pkgs.writeText "ergo.conf" (''
+ergo {
+  directory = "${cfg.dataDir}"
+  node {
+    mining = false
+  }
+  wallet.secretStorage.secretDir = "${cfg.dataDir}/wallet/keystore"
+}
+
+scorex {
+  network {
+    bindAddress = "${cfg.listen.ip}:${toString cfg.listen.port}"
+  }
+'' + optionalString (cfg.api.keyHash != null) ''
+ restApi {
+    apiKeyHash = "${cfg.api.keyHash}"
+    bindAddress = "${cfg.api.listen.ip}:${toString cfg.api.listen.port}"
+ }
+'' + ''
+}
+'');
+
+in {
+
+  options = {
+
+    services.ergo = {
+      enable = mkEnableOption "Ergo service";
+
+      dataDir = mkOption {
+        type = types.path;
+        default = "/var/lib/ergo";
+        description = "The data directory for the Ergo node.";
+      };
+
+      listen = {
+        ip = mkOption {
+          type = types.str;
+          default = "0.0.0.0";
+          description = "IP address on which the Ergo node should listen.";
+        };
+
+        port = mkOption {
+          type = types.port;
+          default = 9006;
+          description = "Listen port for the Ergo node.";
+        };
+      };
+
+      api = {
+       keyHash = mkOption {
+        type = types.nullOr types.str;
+        default = null;
+        example = "324dcf027dd4a30a932c441f365a25e86b173defa4b8e58948253471b81b72cf";
+        description = "Hex-encoded Blake2b256 hash of an API key as a 64-chars long Base16 string.";
+       };
+
+       listen = {
+        ip = mkOption {
+          type = types.str;
+          default = "0.0.0.0";
+          description = "IP address that the Ergo node API should listen on if <option>api.keyHash</option> is defined.";
+          };
+
+        port = mkOption {
+          type = types.port;
+          default = 9052;
+          description = "Listen port for the API endpoint if <option>api.keyHash</option> is defined.";
+        };
+       };
+      };
+
+      testnet = mkOption {
+         type = types.bool;
+         default = false;
+         description = "Connect to testnet network instead of the default mainnet.";
+      };
+
+      user = mkOption {
+        type = types.str;
+        default = "ergo";
+        description = "The user as which to run the Ergo node.";
+      };
+
+      group = mkOption {
+        type = types.str;
+        default = cfg.user;
+        description = "The group as which to run the Ergo node.";
+      };
+
+      openFirewall = mkOption {
+        type = types.bool;
+        default = false;
+        description = "Open ports in the firewall for the Ergo node as well as the API.";
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+
+    systemd.tmpfiles.rules = [
+      "d '${cfg.dataDir}' 0770 '${cfg.user}' '${cfg.group}' - -"
+    ];
+
+    systemd.services.ergo = {
+      description = "ergo server";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network-online.target" ];
+      serviceConfig = {
+        User = cfg.user;
+        Group = cfg.group;
+        ExecStart = ''${pkgs.ergo}/bin/ergo \
+                      ${optionalString (!cfg.testnet)
+                      "--mainnet"} \
+                      -c ${configFile}'';
+      };
+    };
+
+    networking.firewall = mkIf cfg.openFirewall {
+      allowedTCPPorts = [ cfg.listen.port ] ++ [ cfg.api.listen.port ];
+    };
+
+    users.users.${cfg.user} = {
+      name = cfg.user;
+      group = cfg.group;
+      description = "Ergo daemon user";
+      home = cfg.dataDir;
+      isSystemUser = true;
+    };
+
+    users.groups.${cfg.group} = {};
+
+  };
+}

From cd5f6265443ae882dab85e58aec99a4283542116 Mon Sep 17 00:00:00 2001
From: Marek Mahut <marek.mahut@gmail.com>
Date: Sun, 24 May 2020 20:39:23 +0200
Subject: [PATCH 4/5] tests/ergo: init

---
 nixos/tests/all-tests.nix |  1 +
 nixos/tests/ergo.nix      | 18 ++++++++++++++++++
 2 files changed, 19 insertions(+)
 create mode 100644 nixos/tests/ergo.nix

diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix
index 0acded892c7a..b490a6fe8df7 100644
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@@ -88,6 +88,7 @@ in
   elk = handleTestOn ["x86_64-linux"] ./elk.nix {};
   enlightenment = handleTest ./enlightenment.nix {};
   env = handleTest ./env.nix {};
+  ergo = handleTest ./ergo.nix {};
   etcd = handleTestOn ["x86_64-linux"] ./etcd.nix {};
   etcd-cluster = handleTestOn ["x86_64-linux"] ./etcd-cluster.nix {};
   fancontrol = handleTest ./fancontrol.nix {};
diff --git a/nixos/tests/ergo.nix b/nixos/tests/ergo.nix
new file mode 100644
index 000000000000..8cdbbf62a956
--- /dev/null
+++ b/nixos/tests/ergo.nix
@@ -0,0 +1,18 @@
+import ./make-test-python.nix ({ pkgs, ... }: {
+  name = "ergo";
+  meta = with pkgs.stdenv.lib.maintainers; {
+    maintainers = [ mmahut ];
+  };
+
+  nodes = {
+    machine = { ... }: {
+      services.ergo.enable = true;
+      services.ergo.api.keyHash = "324dcf027dd4a30a932c441f365a25e86b173defa4b8e58948253471b81b72cf";
+    };
+  };
+
+  testScript = ''
+    start_all()
+    machine.wait_for_unit("ergo.service")
+  '';
+})

From ffd6460df94b4c945055423de53c6546bc3a43ae Mon Sep 17 00:00:00 2001
From: Marek Mahut <marek.mahut@gmail.com>
Date: Tue, 26 May 2020 17:16:47 +0200
Subject: [PATCH 5/5] ergo: 3.2.4 -> 3.2.5

---
 pkgs/applications/blockchains/ergo/default.nix | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/pkgs/applications/blockchains/ergo/default.nix b/pkgs/applications/blockchains/ergo/default.nix
index 4a5d51613266..bae7326c2554 100644
--- a/pkgs/applications/blockchains/ergo/default.nix
+++ b/pkgs/applications/blockchains/ergo/default.nix
@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   pname = "ergo";
-  version = "3.2.4";
+  version = "3.2.5";
 
   src = fetchurl {
     url = "https://github.com/ergoplatform/ergo/releases/download/v${version}/ergo-${version}.jar";
-    sha256 = "1xk52b5davd7mz2l35d8vhgff5l8kw6ba0gbnwzkxc8nxmvvsp8b";
+    sha256 = "0vaq6cqz03ps0fg3rvk298jnbf8mazvmyfcj7zsf1cgw41xdjjcf";
   };
 
   nativeBuildInputs = [ makeWrapper ];
@@ -19,9 +19,9 @@ stdenv.mkDerivation rec {
 
   meta = with stdenv.lib; {
     description = "Open protocol that implements modern scientific ideas in the blockchain area";
-    homepage    = "https://ergoplatform.org/en/";
-    license     = licenses.cc0;
-    platforms   = platforms.all;
+    homepage = "https://ergoplatform.org/en/";
+    license = licenses.cc0;
+    platforms = platforms.all;
     maintainers = with maintainers; [ mmahut ];
   };
 }