pyrox.dev
Merge pull request #106465 from jerith666/globalprotect-vpn
+1
nixos/modules/module-list.nix
+1
nixos/modules/module-list.nix
+43
nixos/modules/services/networking/globalprotect-vpn.nix
+43
nixos/modules/services/networking/globalprotect-vpn.nix
···
···
1
+
{ config, lib, pkgs, ... }:
2
+
3
+
with lib;
4
+
5
+
let
6
+
cfg = config.services.globalprotect;
7
+
8
+
execStart = if cfg.csdWrapper == null then
9
+
"${pkgs.globalprotect-openconnect}/bin/gpservice"
10
+
else
11
+
"${pkgs.globalprotect-openconnect}/bin/gpservice --csd-wrapper=${cfg.csdWrapper}";
12
+
in
13
+
14
+
{
15
+
options.services.globalprotect = {
16
+
enable = mkEnableOption "globalprotect";
17
+
18
+
csdWrapper = mkOption {
19
+
description = ''
20
+
A script that will produce a Host Integrity Protection (HIP) report,
21
+
as described at <link xlink:href="https://www.infradead.org/openconnect/hip.html" />
22
+
'';
23
+
default = null;
24
+
example = literalExample "\${pkgs.openconnect}/libexec/openconnect/hipreport.sh";
25
+
type = types.nullOr types.path;
26
+
};
27
+
};
28
+
29
+
config = {
30
+
services.dbus.packages = [ pkgs.globalprotect-openconnect ];
31
+
32
+
systemd.services.gpservice = {
33
+
description = "GlobalProtect openconnect DBus service";
34
+
serviceConfig = {
35
+
Type="dbus";
36
+
BusName="com.yuezk.qt.GPService";
37
+
ExecStart=execStart;
38
+
};
39
+
wantedBy = [ "multi-user.target" ];
40
+
after = [ "network.target" ];
41
+
};
42
+
};
43
+
}
+43
pkgs/tools/networking/globalprotect-openconnect/default.nix
+43
pkgs/tools/networking/globalprotect-openconnect/default.nix
···
···
1
+
{ stdenv, lib, fetchFromGitHub
2
+
, qmake, qtwebsockets, qtwebengine, wrapQtAppsHook, openconnect
3
+
}:
4
+
5
+
stdenv.mkDerivation rec {
6
+
pname = "globalprotect-openconnect";
7
+
version = "1.2.6";
8
+
9
+
src = fetchFromGitHub {
10
+
owner = "yuezk";
11
+
repo = "GlobalProtect-openconnect";
12
+
rev = "c14a6ad1d2b62f8d297bc4cfbcb1dcea4d99112f";
13
+
fetchSubmodules = true;
14
+
sha256 = "1zkc3vk1j31n2zs5ammzv23dah7x163gfrzz222ynbkvsccrhzrk";
15
+
};
16
+
17
+
nativeBuildInputs = [ qmake wrapQtAppsHook ];
18
+
19
+
buildInputs = [ openconnect qtwebsockets qtwebengine ];
20
+
21
+
patchPhase = ''
22
+
for f in GPClient/GPClient.pro \
23
+
GPClient/com.yuezk.qt.gpclient.desktop \
24
+
GPService/GPService.pro \
25
+
GPService/dbus/com.yuezk.qt.GPService.service \
26
+
GPService/systemd/gpservice.service; do
27
+
substituteInPlace $f \
28
+
--replace /usr $out \
29
+
--replace /etc $out/lib;
30
+
done;
31
+
32
+
substituteInPlace GPService/gpservice.h \
33
+
--replace /usr/local/bin/openconnect ${openconnect}/bin/openconnect;
34
+
'';
35
+
36
+
meta = with lib; {
37
+
description = "GlobalProtect VPN client (GUI) for Linux based on OpenConnect that supports SAML auth mode";
38
+
homepage = "https://github.com/yuezk/GlobalProtect-openconnect";
39
+
license = licenses.gpl3Only;
40
+
maintainers = [ maintainers.jerith666 ];
41
+
platforms = platforms.linux;
42
+
};
43
+
}
+6
-12
pkgs/tools/networking/openconnect/default.nix
+6
-12
pkgs/tools/networking/openconnect/default.nix
···
8
, libxml2
9
, stoken
10
, zlib
11
-
, fetchgit
12
-
, darwin
13
, head ? false
14
, fetchFromGitLab
15
, autoreconfHook
···
17
18
assert (openssl != null) == (gnutls == null);
19
20
-
let vpnc = fetchgit {
21
-
url = "git://git.infradead.org/users/dwmw2/vpnc-scripts.git";
22
-
rev = "c0122e891f7e033f35f047dad963702199d5cb9e";
23
-
sha256 = "11b1ls012mb704jphqxjmqrfbbhkdjb64j2q4k8wb5jmja8jnd14";
24
-
};
25
-
26
-
in stdenv.mkDerivation rec {
27
pname = "openconnect${lib.optionalString head "-head"}";
28
version = if head then "2021-05-05" else "8.10";
29
···
42
outputs = [ "out" "dev" ];
43
44
configureFlags = [
45
-
"--with-vpnc-script=${vpnc}/vpnc-script"
46
"--disable-nls"
47
"--without-openssl-version-check"
48
];
49
50
buildInputs = [ openssl gnutls gmp libxml2 stoken zlib ]
51
-
++ lib.optional stdenv.isDarwin darwin.apple_sdk.frameworks.PCSC;
52
nativeBuildInputs = [ pkg-config ]
53
++ lib.optional head autoreconfHook;
54
55
meta = with lib; {
56
description = "VPN Client for Cisco's AnyConnect SSL VPN";
57
-
homepage = "http://www.infradead.org/openconnect/";
58
license = licenses.lgpl21Only;
59
maintainers = with maintainers; [ pradeepchhetri tricktron ];
60
platforms = lib.platforms.linux ++ lib.platforms.darwin;
···
8
, libxml2
9
, stoken
10
, zlib
11
+
, vpnc-scripts
12
+
, PCSC
13
, head ? false
14
, fetchFromGitLab
15
, autoreconfHook
···
17
18
assert (openssl != null) == (gnutls == null);
19
20
+
stdenv.mkDerivation rec {
21
pname = "openconnect${lib.optionalString head "-head"}";
22
version = if head then "2021-05-05" else "8.10";
23
···
36
outputs = [ "out" "dev" ];
37
38
configureFlags = [
39
+
"--with-vpnc-script=${vpnc-scripts}/bin/vpnc-script"
40
"--disable-nls"
41
"--without-openssl-version-check"
42
];
43
44
buildInputs = [ openssl gnutls gmp libxml2 stoken zlib ]
45
+
++ lib.optional stdenv.isDarwin PCSC;
46
nativeBuildInputs = [ pkg-config ]
47
++ lib.optional head autoreconfHook;
48
49
meta = with lib; {
50
description = "VPN Client for Cisco's AnyConnect SSL VPN";
51
+
homepage = "https://www.infradead.org/openconnect/";
52
license = licenses.lgpl21Only;
53
maintainers = with maintainers; [ pradeepchhetri tricktron ];
54
platforms = lib.platforms.linux ++ lib.platforms.darwin;
+41
pkgs/tools/networking/vpnc-scripts/default.nix
+41
pkgs/tools/networking/vpnc-scripts/default.nix
···
···
1
+
{ lib, stdenv, fetchgit
2
+
, makeWrapper
3
+
, nettools, gawk, systemd, openresolv, coreutils, gnugrep
4
+
}:
5
+
6
+
stdenv.mkDerivation {
7
+
pname = "vpnc-scripts";
8
+
version = "unstable-2021-03-21";
9
+
src = fetchgit {
10
+
url = "git://git.infradead.org/users/dwmw2/vpnc-scripts.git";
11
+
rev = "8fff06090ed193c4a7285e9a10b42e6679e8ecf3";
12
+
sha256 = "14bzzpwz7kdmlbx825h6s4jjdml9q6ziyrq8311lp8caql68qdq1";
13
+
};
14
+
15
+
nativeBuildInputs = [ makeWrapper ];
16
+
17
+
installPhase = ''
18
+
mkdir -p $out/bin
19
+
cp vpnc-script $out/bin
20
+
'';
21
+
22
+
preFixup = ''
23
+
substituteInPlace $out/bin/vpnc-script \
24
+
--replace "which" "type -P"
25
+
'' + lib.optionalString stdenv.isLinux ''
26
+
substituteInPlace $out/bin/vpnc-script \
27
+
--replace "/sbin/resolvconf" "${openresolv}/bin/resolvconf" \
28
+
--replace "/usr/bin/resolvectl" "${systemd}/bin/resolvectl"
29
+
'' + ''
30
+
wrapProgram $out/bin/vpnc-script \
31
+
--prefix PATH : "${lib.makeBinPath ([ nettools gawk coreutils gnugrep ] ++ lib.optionals stdenv.isLinux [ openresolv ])}"
32
+
'';
33
+
34
+
meta = with lib; {
35
+
description = "script for vpnc to configure the network routing and name service";
36
+
homepage = "https://www.infradead.org/openconnect/";
37
+
license = licenses.gpl2Only;
38
+
maintainers = with maintainers; [ jerith666 ];
39
+
platforms = platforms.linux ++ platforms.darwin;
40
+
};
41
+
}
+7
pkgs/top-level/all-packages.nix
+7
pkgs/top-level/all-packages.nix
···
9515
9516
vpnc = callPackage ../tools/networking/vpnc { };
9517
9518
vpn-slice = python3Packages.callPackage ../tools/networking/vpn-slice { };
9519
9520
vp = callPackage ../applications/misc/vp {
···
9527
openconnect = openconnect_gnutls;
9528
9529
openconnect_openssl = callPackage ../tools/networking/openconnect {
9530
gnutls = null;
9531
};
9532
9533
openconnect_gnutls = callPackage ../tools/networking/openconnect {
9534
openssl = null;
9535
};
9536
9537
openconnect_head = callPackage ../tools/networking/openconnect {
9538
head = true;
9539
openssl = null;
9540
};
9541
9542
ding-libs = callPackage ../tools/misc/ding-libs { };
9543
···
9515
9516
vpnc = callPackage ../tools/networking/vpnc { };
9517
9518
+
vpnc-scripts = callPackage ../tools/networking/vpnc-scripts { };
9519
+
9520
vpn-slice = python3Packages.callPackage ../tools/networking/vpn-slice { };
9521
9522
vp = callPackage ../applications/misc/vp {
···
9529
openconnect = openconnect_gnutls;
9530
9531
openconnect_openssl = callPackage ../tools/networking/openconnect {
9532
+
inherit (darwin.apple_sdk.frameworks) PCSC;
9533
gnutls = null;
9534
};
9535
9536
openconnect_gnutls = callPackage ../tools/networking/openconnect {
9537
+
inherit (darwin.apple_sdk.frameworks) PCSC;
9538
openssl = null;
9539
};
9540
9541
openconnect_head = callPackage ../tools/networking/openconnect {
9542
+
inherit (darwin.apple_sdk.frameworks) PCSC;
9543
head = true;
9544
openssl = null;
9545
};
9546
+
9547
+
globalprotect-openconnect = libsForQt5.callPackage ../tools/networking/globalprotect-openconnect { };
9548
9549
ding-libs = callPackage ../tools/misc/ding-libs { };
9550