VPN: wireguard-gui integration to ghaf control panel

* Removing wireguard-gui icon
* Bump: ghaf-ctrl-panel new version
* Adding wireguard-gui launcher button to ghaf control panel GUI

Signed-off-by: Enes Öztürk <enes.ozturk@unikie.com>

Author: enesoztrk

REUSE.toml

@@ -22,7 +22,8 @@ path = [
   "modules/development/audio_test/test_file1.mp3",
   "modules/hardware/x86_64-generic/kernel/configs/ghaf_host_hardened_baseline-x86",
   "modules/reference/hardware/jetpack/ghaf_host_hardened_baseline-jetson-orin",
-  "modules/microvm/sysvms/idsvm/mitmproxy/mitmproxy-ca/*"
+  "modules/microvm/sysvms/idsvm/mitmproxy/mitmproxy-ca/*",
+  "modules/reference/hardware/jetpack/0001-ARM-SMMU-drivers-return-always-true-for-IOMMU_CAP_CA.patch"
 ]
 
 [[annotations]]

docs/src/scs/pki.md

@@ -48,4 +48,3 @@ In a three-tier CA, an intermediate CA is placed between the Root CA and the Sub
 The following diagram describes the proposed CA for the SCS. The three-tier CA is chosen based on the high-security level and the potential need to scale it to several projects, later on, keeping the main control under the same Root CA.
 
 ![Proposed CA](../img/ca_implementation.drawio.png "CA Implementation Proposal")
-

docs/src/scs/scs.md

@@ -23,4 +23,4 @@ The software artifact, SBOM, and provenance are signed by the build machinery at
 - [SLSA Framework](../scs/slsa-framework.md)
 - [SBOM](../scs/sbom.md)
 - [Public Key Infrastructure](../scs/pki.md)
-- [Security Fix Automation](../scs/ghaf-security-fix-automation.md)
+- [Security Fix Automation](../scs/ghaf-security-fix-automation.md)

flake.lock

@@ -145,7 +145,7 @@
     };
 
     ctrl-panel = {
-      url = "github:tiiuae/ghaf-ctrl-panel/555a414a5d50eed7f17e7f45221eba0261c40dc6";
+      url = "github:tiiuae/ghaf-ctrl-panel/c598cf55ed9cc9be29f88d78bf2495393292335c";
       inputs = {
         nixpkgs.follows = "nixpkgs";
         flake-utils.follows = "flake-utils";

flake.nix

@@ -132,15 +132,7 @@
           icon = "losslesscut";
           command = "losslesscut --enable-features=UseOzonePlatform --ozone-platform=wayland";
         }
-      ]
-      ++ (lib.optionals config.ghaf.reference.services.wireguard-gui [
-        {
-          name = "Wireguard BusinessVM";
-          description = "WireGuard VPN configuration tool";
-          icon = "airvpn";
-          command = "wireguard-gui-launcher";
-        }
-      ]);
+      ];
     extraModules = [
 
       {

modules/reference/appvms/business.nix

@@ -68,14 +68,6 @@
             ];
           }
         )
-      ])
-      ++ (lib.optionals config.ghaf.reference.services.wireguard-gui [
-        {
-          name = "Wireguard ChromeVM";
-          description = "WireGuard VPN configuration tool for app-vms";
-          icon = "airvpn";
-          command = "wireguard-gui-launcher";
-        }
       ]);
     extraModules = [
       {

modules/reference/appvms/google-chrome.nix

@@ -13,13 +13,22 @@ let
 
   appVms = lib.attrByPath [ "ghaf" "virtualization" "microvm" "appvm" "vms" ] { } config;
   wireguardGuiEnabledVms = lib.lists.map (app: app.vmName) (
-    lib.lists.filter (app: app.command == "wireguard-gui-launcher") (
-      lib.lists.concatMap (vm: map (app: app // { vmName = "${vm.name}-vm"; }) vm.applications) (
-        lib.attrsets.mapAttrsToList (name: vm: { inherit name; } // vm) (
-          lib.filterAttrs (_: vm: vm.enable) appVms
+    lib.lists.filter
+      (
+        app:
+        let
+          services = lib.attrByPath [ "ghaf" "reference" "services" ] { } app;
+          serviceNames = builtins.attrNames services;
+        in
+        lib.elem "wireguard-gui" serviceNames
+      )
+      (
+        lib.lists.concatMap (vm: map (app: (app // { vmName = "${vm.name}-vm"; })) vm.extraModules) (
+          lib.attrsets.mapAttrsToList (name: vm: { inherit name; } // vm) (
+            lib.filterAttrs (_: vm: vm.enable) appVms
+          )
         )
       )
-    )
   );
 in
 {

modules/reference/services/default.nix

@@ -35,10 +35,16 @@ in
         #  files = [ "/etc/wireguard/wg0.conf" ];
       };
 
+    ghaf.givc.appvm.applications = [
+      {
+        name = "wireguard-gui";
+        command = "${config.ghaf.givc.appPrefix}/run-waypipe ${wireguard-gui-launcher}/bin/wireguard-gui-launcher";
+      }
+    ];
+
     environment.systemPackages = [
       pkgs.polkit
       pkgs.wireguard-tools
-      wireguard-gui-launcher
     ];
 
     security.polkit = {