`ocserv` is a VPN server which follows the openconnect protocol
(https://github.com/openconnect/protocol). The packaging is slightly
inspired by the AUR version
(https://aur.archlinux.org/packages/ocserv/).
This patch initializes the package written in C, the man pages and a
module for a simple systemd unit to run the VPN server. The package
supports the following authentication methods for the server:
* `plain` (mostly username/password)
* `pam`
The third method (`radius`) is currently not supported since `nixpkgs`
misses a packaged client.
The module can be used like this:
``` nix
{
services.ocserv = {
enable = true;
config = ''
...
'';
};
}
```
The option `services.ocserv.config` is required on purpose to
ensure that nobody just enables the service and experiences unexpected
side-effects on the system. For a full reference, please refer to the
man pages, the online docs or the example value.
The docs recommend to simply use `nobody` as user, so no extra user has
been added to the internal user list. Instead a configuration like
this can be used:
```
run-as-user = nobody
run-as-group = nogroup
```
/cc @tenten8401
Fixes#42594
The default session might be found in `extraSessionFilePackages`, but it's not
viable to detect at evaluation time, so emit a warning.
In LightDM instead of checking `defaultSessionName` against
`displayManager.session.names` we rely on the assertions in
`desktopManager` and `windowMananger` and just check that there's at least one
default set. The second assertion could never actually be triggered.
This makes it easier to support a wider variety of .desktop session files. In
particular this makes it possible to use both the «legacy» sessions and upstream
session files.
We separate `xsession` into two parts, `xsessionWrapper` and `xsession`.
`xsessionWrapper` sets up the correct environment and then lauches the session's
Exec command (from the .desktop file), falling back to launching the default
window/desktopManager through the `xsession` script (required by at least some
nixos tests).
`xsession` then _only_ handles launching desktop-managers/window-managers defined
through `services.xserver.desktopManager.session`.
TryExec needs absolute path too, otherwise the desktop file will be ignored
unless gnome-session is in PATH, in which case, we would not need to patch
Exec.
Pass gnome-session to extraSessionFilePackages, remove unnecessary environment variables, move the rest out of old session option, and then drop the option.
GPaste GNOME Shell extension uses GPaste library generated via introspection. Previously, we added the gpaste package to services.xserver.desktopManager.gnome3.sessionPath option, which
added its typelib directory to GI_TYPELIB_PATH environment variable globally, in order for GNOME Shell to be able to find it. This is not very Nix-y, though, so we have decided to patch the code to
append the path to the GI repository search path.
Additionally, the code relies on GPaste’s GSettings schemas, so we had to hard-code the paths to them as well. We ignored the GNOME Shell’s schemas, since they will already be available for the
extension inside GNOME Shell program.
Previously, the mkDesktops function produced a flat package containing
session files in the top level. As a preparation for introduction of
Wayland sessions, the files will now be placed to $out/share/xsessions.
Until now it's impossible to override the attrs of the actual build
instruction for the `termite` package like this:
```
termite.overrideAttrs (_: {
# ...
})
```
This issue occurs since the `termite/default.nix` expressions returns
the `symlinkJoin` expression when I override termite (e.g. to provide a
config file).
I recently patched termite and wanted to apply this patch to my local
termite installation in my system config which is impossible this, so
splitting the wrapper and the build instruction into their own files
makes this way easier to maintian.
When creating a new mobile broadband connection
with the plasma network manager connection editor,
it tries to find a file containing provider
information somewhere in /usr/share/... .
The build recipe contains a patch to fix the lookup path
such that it finds the file in the corresponding package,
probably added due to
https://github.com/NixOS/nixpkgs/issues/9389 .
The actual lookup path is injected into
the patch file with substituteAll.
With commit a31d98f312 ,
the variable name used in subsituteAll changed from
mobile_broadband_provider_info to mobile-broadband-provider-info
(underscores in package names turned into dashes).
Apparently, substituteAll can't handle dashes in variable names.
Consequently, the variable name was no longer resolved.
plasma-nm failed to create new mobile broadband connections;
the connection creator silently exited and logged the error
> plasma-nm: Error opening providers file "@mobile-broadband-provider-info@/share/mobile-broadband-provider-info/serviceproviders.xml"
This commit keeps the dashes in package names, but it
restores the underscores in the variable used by substituteAll,
thereby ensuring the variable gets resolved properly.
