I’ve recently started using the nix package manager as a single user install (non-daemon).
I’m wondering how to configure openconnect and preferably with vpn-slice, a vpnc-script replacement for easy and secure split-tunnelling.
I can see the default nix packages configuration for openconnect. I assume I’d want to use something like either an override and/or an overlay. (I’m not clear on the distinction between these two as yet and when you’d use one over the other.)
Nevertheless, naturally the steps I’m trying to figure out how to configure with nix are these:
Ideally integrating oath-toolkit would be great. e.g., oathtool --totp -b <secret>
One good option I found was to create a nix shell file.
For example vpn-wrapper.nix:
with import <nixpkgs> {};
with pkgs.python37Packages;
let
python = python37;
openconnect = pkgs.openconnect.overrideAttrs (oldAttrs: rec {
buildInputs = oldAttrs.buildInputs ++ [ libproxy ];
configureFlags = oldAttrs.configureFlags ++ [ "--with-libproxy" ];
});
vpn-slice = buildPythonPackage rec {
name = "vpn-slice";
version = "v0.13";
src = pkgs.fetchFromGitHub {
owner = "dlenski";
repo = "${name}";
rev = "${version}";
sha256 = "1ibrwal80z27c2mh9hx85idmzilx6cpcmgc15z3lyz57bz0krigb";
};
propagatedBuildInputs = [ setproctitle ];
meta = {
homepage = "https://github.com/dlenski/vpn-slice";
description = "vpnc-script replacement for easy and secure split-tunnel VPN setup";
license = stdenv.lib.licenses.gpl3Plus;
maintainers = with maintainers; [ dlenski ];
};
};
in mkShell {
name = "vpn-env";
buildInputs = [ vpn-slice openconnect libproxy ];
shellHook = ''
echo "Ready to slice your vpn!"
'';
}
Then you can execute openconnect via a script:
#!/usr/bin/env nix-shell
#! nix-shell vpn-wrapper.nix -i bash
OPENCONNECT=$(which openconnect)
VPNSLICE=$(which vpn-slice)
USERNAME=$1
$OPENCONNECT --libproxy --passwd-on-stdin --user=“$USERNAME” -s $VPNSCLICE ...
A more extended example (a wip) can be found here.