3
0
Fork 0
forked from mirrors/nixpkgs
nixpkgs/pkgs/tools/networking/ocserv/default.nix
Maximilian Bosch cd5e01edd9 ocserv: init at 0.12.1 (#42871)
`ocserv` is a VPN server which follows the openconnect protocol
(https://github.com/openconnect/protocol). The packaging is slightly
inspired by the AUR version
(https://aur.archlinux.org/packages/ocserv/).

This patch initializes the package written in C, the man pages and a
module for a simple systemd unit to run the VPN server. The package
supports the following authentication methods for the server:

* `plain` (mostly username/password)
* `pam`

The third method (`radius`) is currently not supported since `nixpkgs`
misses a packaged client.

The module can be used like this:

``` nix
{
  services.ocserv = {
    enable = true;
    config = ''
      ...
    '';
  };
}
```

The option `services.ocserv.config` is required on purpose to
ensure that nobody just enables the service and experiences unexpected
side-effects on the system. For a full reference, please refer to the
man pages, the online docs or the example value.

The docs recommend to simply use `nobody` as user, so no extra user has
been added to the internal user list. Instead a configuration like
this can be used:

```
run-as-user = nobody
run-as-group = nogroup
```

/cc @tenten8401
Fixes #42594
2018-08-01 21:39:09 +02:00

27 lines
917 B
Nix

{ stdenv, fetchFromGitLab, autoreconfHook, pkgconfig, nettle, gnutls
, libev, protobufc, guile, geoip, libseccomp, gperf, readline
, lz4, libgssglue, ronn, coreutils, pam
}:
stdenv.mkDerivation rec {
name = "ocserv-${version}";
version = "0.12.1";
src = fetchFromGitLab {
owner = "openconnect";
repo = "ocserv";
rev = "ocserv_${stdenv.lib.replaceStrings [ "." ] [ "_" ] version}";
sha256 = "0jn91a50r3ryj1ph9fzxwy2va877b0b37ahargxzn7biccd8nh0y";
};
nativeBuildInputs = [ autoreconfHook pkgconfig ];
buildInputs = [ nettle gnutls libev protobufc guile geoip libseccomp gperf readline lz4 libgssglue ronn pam ];
meta = with stdenv.lib; {
homepage = https://gitlab.com/openconnect/ocserv;
license = licenses.gpl2;
description = "This program is openconnect VPN server (ocserv), a server for the openconnect VPN client.";
maintainers = with maintainers; [ ma27 ];
};
}