Sometimes it's required to modify some parts of the Citrix build on
their own which is why `{pre,post}Install` hooks can be quite helpful.
Additionally some corporate clients use their own certificates that
aren't stored as trusted ones in the `cacert` package with all of the
trusted certs by Mozilla.
Now it's possible to add custom certs like this:
``` nix
with import <nixpkgs> { config.allowUnfree = true; };
let path = ../../Downloads/custom-corporate-cert.pem; in
citrix_receiver.override {
extraCerts = [ path ];
}
```
`ocserv` is a VPN server which follows the openconnect protocol
(https://github.com/openconnect/protocol). The packaging is slightly
inspired by the AUR version
(https://aur.archlinux.org/packages/ocserv/).
This patch initializes the package written in C, the man pages and a
module for a simple systemd unit to run the VPN server. The package
supports the following authentication methods for the server:
* `plain` (mostly username/password)
* `pam`
The third method (`radius`) is currently not supported since `nixpkgs`
misses a packaged client.
The module can be used like this:
``` nix
{
services.ocserv = {
enable = true;
config = ''
...
'';
};
}
```
The option `services.ocserv.config` is required on purpose to
ensure that nobody just enables the service and experiences unexpected
side-effects on the system. For a full reference, please refer to the
man pages, the online docs or the example value.
The docs recommend to simply use `nobody` as user, so no extra user has
been added to the internal user list. Instead a configuration like
this can be used:
```
run-as-user = nobody
run-as-group = nogroup
```
/cc @tenten8401
Fixes#42594
Until now it's impossible to override the attrs of the actual build
instruction for the `termite` package like this:
```
termite.overrideAttrs (_: {
# ...
})
```
This issue occurs since the `termite/default.nix` expressions returns
the `symlinkJoin` expression when I override termite (e.g. to provide a
config file).
I recently patched termite and wanted to apply this patch to my local
termite installation in my system config which is impossible this, so
splitting the wrapper and the build instruction into their own files
makes this way easier to maintian.