diff options
author | Weijia Wang <9713184+wegank@users.noreply.github.com> | 2024-09-22 12:07:33 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-09-22 12:07:33 +0200 |
commit | 84cd38f77826dfed3273b37397eb3bb16f3898d5 (patch) | |
tree | fd61ff2b8af5452744d2a8a0c037b49c05b5cfe0 /nixos | |
parent | aae6a077a9b72a1b3d12d986a5db43917c198ffe (diff) | |
parent | 2b0ff836a9e36fa16b192fcbad250fb699708d19 (diff) |
globalprotect-openconnect: add core logic and packages for 2.x releases (#316526)
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/doc/manual/release-notes/rl-2411.section.md | 6 | ||||
-rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
-rw-r--r-- | nixos/modules/rename.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/networking/globalprotect-vpn.nix | 57 |
4 files changed, 7 insertions, 58 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2411.section.md b/nixos/doc/manual/release-notes/rl-2411.section.md index 6600679ad168f..12372c0a3a587 100644 --- a/nixos/doc/manual/release-notes/rl-2411.section.md +++ b/nixos/doc/manual/release-notes/rl-2411.section.md @@ -472,6 +472,12 @@ - The `isync` package has been updated to version `1.5.0`, which introduces some breaking changes. See the [compatibility concerns](https://sourceforge.net/projects/isync/files/isync/1.5.0/) for more details. +- Legacy package `globalprotect-openconnect` 1.x and related module + `globalprotect-vpn` were dropped. Two new packages `gpauth` and `gpclient` + from the 2.x version of the GlobalProtect-openconnect project are added in its + place. The GUI components related to the project are non-free and not + packaged. + ## Other Notable Changes {#sec-release-24.11-notable-changes} <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. --> diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 97ea85cfb89ac..a70bee9f60830 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -1045,7 +1045,6 @@ ./services/networking/gdomap.nix ./services/networking/ghostunnel.nix ./services/networking/git-daemon.nix - ./services/networking/globalprotect-vpn.nix ./services/networking/gns3-server.nix ./services/networking/gnunet.nix ./services/networking/go-autoconfig.nix diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index 7e37114983839..122ef63913a5f 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -74,6 +74,7 @@ in (mkRemovedOptionModule [ "services" "fourStoreEndpoint" ] "The fourStoreEndpoint module has been removed") (mkRemovedOptionModule [ "services" "fprot" ] "The corresponding package was removed from nixpkgs.") (mkRemovedOptionModule [ "services" "frab" ] "The frab module has been removed") + (mkRemovedOptionModule [ "services" "globalprotect"] "The corresponding package was removed from nixpkgs.") (mkRemovedOptionModule [ "services" "homeassistant-satellite"] "The `services.homeassistant-satellite` module has been replaced by `services.wyoming-satellite`.") (mkRemovedOptionModule [ "services" "hydron" ] "The `services.hydron` module has been removed as the project has been archived upstream since 2022 and is affected by a severe remote code execution vulnerability.") (mkRemovedOptionModule [ "services" "ihatemoney" ] "The ihatemoney module has been removed for lack of downstream maintainer") diff --git a/nixos/modules/services/networking/globalprotect-vpn.nix b/nixos/modules/services/networking/globalprotect-vpn.nix deleted file mode 100644 index 87ce8a5e142f7..0000000000000 --- a/nixos/modules/services/networking/globalprotect-vpn.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ config, lib, pkgs, ... }: -let - cfg = config.services.globalprotect; - - execStart = - if cfg.csdWrapper == null then - "${pkgs.globalprotect-openconnect}/bin/gpservice" - else - "${pkgs.globalprotect-openconnect}/bin/gpservice --csd-wrapper=${cfg.csdWrapper}"; -in - -{ - options.services.globalprotect = { - enable = lib.mkEnableOption "globalprotect"; - - settings = lib.mkOption { - description = '' - GlobalProtect-openconnect configuration. For more information, visit - <https://github.com/yuezk/GlobalProtect-openconnect/wiki/Configuration>. - ''; - default = { }; - example = { - "vpn1.company.com" = { - openconnect-args = "--script=/path/to/vpnc-script"; - }; - }; - type = lib.types.attrs; - }; - - csdWrapper = lib.mkOption { - description = '' - A script that will produce a Host Integrity Protection (HIP) report, - as described at <https://www.infradead.org/openconnect/hip.html> - ''; - default = null; - example = lib.literalExpression ''"''${pkgs.openconnect}/libexec/openconnect/hipreport.sh"''; - type = lib.types.nullOr lib.types.path; - }; - }; - - config = lib.mkIf cfg.enable { - services.dbus.packages = [ pkgs.globalprotect-openconnect ]; - - environment.etc."gpservice/gp.conf".text = lib.generators.toINI { } cfg.settings; - - systemd.services.gpservice = { - description = "GlobalProtect openconnect DBus service"; - serviceConfig = { - Type = "dbus"; - BusName = "com.yuezk.qt.GPService"; - ExecStart = execStart; - }; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - }; - }; -} |