From cd5e01edd9c18405eef429590f4b72d283db9e74 Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Wed, 1 Aug 2018 21:39:09 +0200 Subject: ocserv: init at 0.12.1 (#42871) `ocserv` is a VPN server which follows the openconnect protocol (https://github.com/openconnect/protocol). The packaging is slightly inspired by the AUR version (https://aur.archlinux.org/packages/ocserv/). This patch initializes the package written in C, the man pages and a module for a simple systemd unit to run the VPN server. The package supports the following authentication methods for the server: * `plain` (mostly username/password) * `pam` The third method (`radius`) is currently not supported since `nixpkgs` misses a packaged client. The module can be used like this: ``` nix { services.ocserv = { enable = true; config = '' ... ''; }; } ``` The option `services.ocserv.config` is required on purpose to ensure that nobody just enables the service and experiences unexpected side-effects on the system. For a full reference, please refer to the man pages, the online docs or the example value. The docs recommend to simply use `nobody` as user, so no extra user has been added to the internal user list. Instead a configuration like this can be used: ``` run-as-user = nobody run-as-group = nogroup ``` /cc @tenten8401 Fixes #42594 --- nixos/modules/module-list.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'nixos/modules/module-list.nix') diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index e5dce84d6ee6..f5d94baf173c 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -543,6 +543,7 @@ ./services/networking/ntopng.nix ./services/networking/ntpd.nix ./services/networking/nylon.nix + ./services/networking/ocserv.nix ./services/networking/oidentd.nix ./services/networking/openfire.nix ./services/networking/openntpd.nix -- cgit 1.4.1