Merge pull request #177577 from jmbaur/globalprotect-openconnect_config

nixos/globalprotect: add settings option for service configuration
2024-11-19 16:45:49 +01:00 · 2022-08-15 14:43:13 +02:00 · 2022-08-15 14:43:13 +02:00 · 0884cb0ba2
commit 0884cb0ba2
parent e76b7b6885 f880ea69ba
2 changed files with 23 additions and 8 deletions
--- a/nixos/modules/services/networking/globalprotect-vpn.nix
+++ b/nixos/modules/services/networking/globalprotect-vpn.nix
@ -5,7 +5,8 @@ with lib;
 let
  cfg = config.services.globalprotect;

-  execStart = if cfg.csdWrapper == null then
+  execStart =
+    if cfg.csdWrapper == null then
      "${pkgs.globalprotect-openconnect}/bin/gpservice"
    else
      "${pkgs.globalprotect-openconnect}/bin/gpservice --csd-wrapper=${cfg.csdWrapper}";
@ -15,6 +16,22 @@ in
  options.services.globalprotect = {
    enable = mkEnableOption "globalprotect";

+    settings = mkOption {
+      description = ''
+        GlobalProtect-openconnect configuration. For more information, visit
+        <link
+        xlink:href="https://github.com/yuezk/GlobalProtect-openconnect/wiki/Configuration"
+        />.
+      '';
+      default = { };
+      example = {
+        "vpn1.company.com" = {
+          openconnect-args = "--script=/path/to/vpnc-script";
+        };
+      };
+      type = types.attrs;
+    };
+
    csdWrapper = mkOption {
      description = lib.mdDoc ''
        A script that will produce a Host Integrity Protection (HIP) report,
@ -29,12 +46,14 @@ in
  config = mkIf cfg.enable {
    services.dbus.packages = [ pkgs.globalprotect-openconnect ];

+    environment.etc."gpservice/gp.conf".text = lib.generators.toINI { } cfg.settings;
+
    systemd.services.gpservice = {
      description = "GlobalProtect openconnect DBus service";
      serviceConfig = {
-        Type="dbus";
-        BusName="com.yuezk.qt.GPService";
-        ExecStart=execStart;
+        Type = "dbus";
+        BusName = "com.yuezk.qt.GPService";
+        ExecStart = execStart;
      };
      wantedBy = [ "multi-user.target" ];
      after = [ "network.target" ];
--- a/pkgs/tools/networking/globalprotect-openconnect/default.nix
+++ b/pkgs/tools/networking/globalprotect-openconnect/default.nix
@ -21,10 +21,6 @@ stdenv.mkDerivation rec {
  patchPhase = ''
    substituteInPlace GPService/gpservice.h \
      --replace /usr/local/bin/openconnect ${openconnect}/bin/openconnect;
-    substituteInPlace GPClient/settingsdialog.ui \
-      --replace /etc/gpservice/gp.conf $out/etc/gpservice/gp.conf;
-    substituteInPlace GPService/gpservice.cpp \
-      --replace /etc/gpservice/gp.conf $out/etc/gpservice/gp.conf;
    substituteInPlace GPService/CMakeLists.txt \
      --replace /etc/gpservice $out/etc/gpservice;
  '';