globalprotect-openconnect: add core logic and packages for 2.x releases (#316526)

4 files changed, 7 insertions, 58 deletions

diff --git a/nixos/doc/manual/release-notes/rl-2411.section.md b/nixos/doc/manual/release-notes/rl-2411.section.md
index 6600679ad168f..12372c0a3a587 100644
--- a/nixos/doc/manual/release-notes/rl-2411.section.md
+++ b/nixos/doc/manual/release-notes/rl-2411.section.md
@@ -472,6 +472,12 @@
 
 - The `isync` package has been updated to version `1.5.0`, which introduces some breaking changes. See the [compatibility concerns](https://sourceforge.net/projects/isync/files/isync/1.5.0/) for more details.
 
+- Legacy package `globalprotect-openconnect` 1.x and related module
+  `globalprotect-vpn` were dropped. Two new packages `gpauth` and `gpclient`
+  from the 2.x version of the GlobalProtect-openconnect project are added in its
+  place. The GUI components related to the project are non-free and not
+  packaged.
+
 ## Other Notable Changes {#sec-release-24.11-notable-changes}
 
 <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index 97ea85cfb89ac..a70bee9f60830 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -1045,7 +1045,6 @@
   ./services/networking/gdomap.nix
   ./services/networking/ghostunnel.nix
   ./services/networking/git-daemon.nix
-  ./services/networking/globalprotect-vpn.nix
   ./services/networking/gns3-server.nix
   ./services/networking/gnunet.nix
   ./services/networking/go-autoconfig.nix
diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix
index 7e37114983839..122ef63913a5f 100644
--- a/nixos/modules/rename.nix
+++ b/nixos/modules/rename.nix
@@ -74,6 +74,7 @@ in
     (mkRemovedOptionModule [ "services" "fourStoreEndpoint" ] "The fourStoreEndpoint module has been removed")
     (mkRemovedOptionModule [ "services" "fprot" ] "The corresponding package was removed from nixpkgs.")
     (mkRemovedOptionModule [ "services" "frab" ] "The frab module has been removed")
+    (mkRemovedOptionModule [ "services" "globalprotect"] "The corresponding package was removed from nixpkgs.")
     (mkRemovedOptionModule [ "services" "homeassistant-satellite"] "The `services.homeassistant-satellite` module has been replaced by `services.wyoming-satellite`.")
     (mkRemovedOptionModule [ "services" "hydron" ] "The `services.hydron` module has been removed as the project has been archived upstream since 2022 and is affected by a severe remote code execution vulnerability.")
     (mkRemovedOptionModule [ "services" "ihatemoney" ] "The ihatemoney module has been removed for lack of downstream maintainer")
diff --git a/nixos/modules/services/networking/globalprotect-vpn.nix b/nixos/modules/services/networking/globalprotect-vpn.nix
deleted file mode 100644
index 87ce8a5e142f7..0000000000000
--- a/nixos/modules/services/networking/globalprotect-vpn.nix
+++ /dev/null
@@ -1,57 +0,0 @@
-{ config, lib, pkgs, ... }:
-let
-  cfg = config.services.globalprotect;
-
-  execStart =
-    if cfg.csdWrapper == null then
-      "${pkgs.globalprotect-openconnect}/bin/gpservice"
-    else
-      "${pkgs.globalprotect-openconnect}/bin/gpservice --csd-wrapper=${cfg.csdWrapper}";
-in
-
-{
-  options.services.globalprotect = {
-    enable = lib.mkEnableOption "globalprotect";
-
-    settings = lib.mkOption {
-      description = ''
-        GlobalProtect-openconnect configuration. For more information, visit
-        <https://github.com/yuezk/GlobalProtect-openconnect/wiki/Configuration>.
-      '';
-      default = { };
-      example = {
-        "vpn1.company.com" = {
-          openconnect-args = "--script=/path/to/vpnc-script";
-        };
-      };
-      type = lib.types.attrs;
-    };
-
-    csdWrapper = lib.mkOption {
-      description = ''
-        A script that will produce a Host Integrity Protection (HIP) report,
-        as described at <https://www.infradead.org/openconnect/hip.html>
-      '';
-      default = null;
-      example = lib.literalExpression ''"''${pkgs.openconnect}/libexec/openconnect/hipreport.sh"'';
-      type = lib.types.nullOr lib.types.path;
-    };
-  };
-
-  config = lib.mkIf cfg.enable {
-    services.dbus.packages = [ pkgs.globalprotect-openconnect ];
-
-    environment.etc."gpservice/gp.conf".text = lib.generators.toINI { } cfg.settings;
-
-    systemd.services.gpservice = {
-      description = "GlobalProtect openconnect DBus service";
-      serviceConfig = {
-        Type = "dbus";
-        BusName = "com.yuezk.qt.GPService";
-        ExecStart = execStart;
-      };
-      wantedBy = [ "multi-user.target" ];
-      after = [ "network.target" ];
-    };
-  };
-}