(define-module (battering packages opensnitch)
  #:use-module (guix packages)
  #:use-module (guix git-download)
  #:use-module (guix gexp)
  #:use-module (guix utils)
  #:use-module (guix build-system go)
  #:use-module (guix build-system python)
  #:use-module (guix build-system gnu)
  #:use-module (gnu packages algebra)
  #:use-module (gnu packages base)
  #:use-module (gnu packages bison)
  #:use-module (gnu packages compression)
  #:use-module (gnu packages elf)
  #:use-module (gnu packages flex)
  #:use-module (gnu packages golang)
  #:use-module (gnu packages golang-build)
  #:use-module (gnu packages golang-web)
  #:use-module (gnu packages golang-xyz)
  #:use-module (gnu packages linux)
  #:use-module (gnu packages llvm)
  #:use-module (gnu packages qt)
  #:use-module (gnu packages rpc)
  #:use-module (gnu packages tls)
  #:use-module (gnu packages pkg-config)
  #:use-module (gnu packages protobuf)
  #:use-module (gnu packages python-build)
  #:use-module (gnu packages python-web)
  #:use-module (gnu packages python-xyz)
  #:use-module (battering packages golang-xyz)
  #:use-module (battering packages python-xyz)
  #:use-module ((guix licenses)
                #:prefix license:))

(define-public opensnitch
  (package
    (name "opensnitch")
    (version "1.6.7")
    (source (origin
              (method git-fetch)
              (uri (git-reference
                    (url "https://github.com/evilsocket/opensnitch/")
                    (commit (string-append "v" version))))
              (file-name (git-file-name name version))
              (sha256
               (base32 "0990hdc3vn50axyz21v11gwkc2svlwf9wlnf03lwxgnm2q4ha76q"))))
    (build-system python-build-system)
    (arguments
     (list
      #:phases #~(modify-phases %standard-phases
                   (add-after 'unpack 'make-proto-definitions
                     (lambda _
                       (with-directory-excursion "proto/"
                         (invoke "make" "../ui/opensnitch/ui_pb2.py"))))
                   (add-after 'make-proto-definitions 'chdir
                     (lambda _
                       (chdir "ui")))
                   (add-after 'chdir 'patch-setup.py
                     (lambda _
                       (substitute* "setup.py"
                         (("/usr/") ""))))
                   (add-after 'chdir 'generate-resources
                     (lambda _
                       ;; Patch resource script
                       (substitute* "i18n/generate_i18n.sh"
                         (("/bin/sh")
                          (which "sh")))
                       ;; Remove calls to pip in Makefile
                       (substitute* "Makefile"
                         (("@pip3.*$") ""))
                       (invoke "make" "opensnitch/resources_rc.py"))))))
    (inputs (list python-grpcio-tools
                  python-pyinotify
                  python-slugify
                  python-pyqt
                  python-protobuf
                  python-notify2
                  python-qt-material))
    (native-inputs (list python-setuptools qttools-5))
    (home-page "https://github.com/evilsocket/opensnitch/")
    (synopsis "GNU/Linux application firewall.")
    (description "OpenSnitch is an interactive GNU/Linux application firewall inspired by Little Snitch.")
    (license license:gpl3+)))

(define linux-libre-headers-opensnitch
  (package
    (inherit linux-libre-headers)
    (name "linux-libre-headers-opensnitch")
    (native-inputs (modify-inputs (package-native-inputs linux-libre-headers)
                     (append openssl bc elfutils)))
    (arguments
     (substitute-keyword-arguments (package-arguments linux-libre-headers-latest)
       ((#:phases p)
        #~(modify-phases #$p
            (replace 'build
              (lambda _
                (invoke "make" "defconfig")
                (invoke "make" "prepare")))
            (replace 'install
              (lambda _
                (begin
                  (copy-recursively "." #$output))))))
       ((#:allowed-references _) #f)))))

(define-public opensnitch-ebpf-module
  (package
    (name "opensnitch-ebpf-module")
    (version "1.6.7")
    (source (origin
              (method git-fetch)
              (uri (git-reference
                    (url "https://github.com/evilsocket/opensnitch/")
                    (commit (string-append "v" version))))
              (file-name (git-file-name name version))
              (sha256
               (base32 "0990hdc3vn50axyz21v11gwkc2svlwf9wlnf03lwxgnm2q4ha76q"))))
    (build-system gnu-build-system)
    (inputs (list linux-libre linux-libre-headers))
    (native-inputs (list clang tar zstd flex bison))
    (arguments
     (list
      ;; TODO: make it buildable against any kernel?
      #:make-flags #~(list (format #f "KERNEL_DIR=~a" #$linux-libre-headers-opensnitch))
      #:tests? #f
      #:phases #~(modify-phases %standard-phases
                   (add-after 'unpack 'chdir
                     (lambda _
                       (chdir "ebpf_prog/")))
                   (delete 'configure)
                   (replace 'install
                     (lambda _
                       (let ((lib (string-append #$output "/lib")))
                         (install-file "opensnitch-dns.o" lib)
                         (install-file "opensnitch-procs.o" lib)
                         (install-file "opensnitch.o" lib)))))))
    (home-page "https://github.com/evilsocket/opensnitch/")
    (synopsis "eBPF module for Opensnitch")
    (description "This package provides an additional module that allows
Opensnitch to monitor traffic via eBPF rules.")
    (license license:gpl3+)))