1 files changed, 83 insertions, 0 deletions
diff --git a/modules/common/openconnect.nix b/modules/common/openconnect.nix
new file mode 100644
index 0000000..780f93f
--- /dev/null
+++ b/modules/common/openconnect.nix
@@ -0,0 +1,83 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.nixfiles.modules.openconnect;
+in {
+  options.nixfiles.modules.openconnect.enable =
+    mkEnableOption "OpenConnect VPN";
+
+  config = mkIf.enable {
+    assertions = [
+      {
+        assertion = config.networking.networkmanager.enable;
+        message = "NetworkManager is required";
+      }
+    ];
+
+    # Spent three days trying to make this work but still getting "No SSO
+    # handler" even on the HEAD version that 100% has SSO support baked in.
+    # It's all so tiresome[1]... aaand KDE is not supported[2].
+    #
+    # I fucking hate AnyConnect, truly an example of how shit is is non-free
+    # software. SAML also sucks balls. I also hate my company for using this
+    # shit, guess I have no other choice but to use the absolute dogshit laptop
+    # they gave me.
+    #
+    # [1]: https://gitlab.gnome.org/GNOME/NetworkManager-openconnect
+    # [1]: https://gitlab.com/openconnect/openconnect/-/issues/424
+    # [2]: https://groups.google.com/g/linux.debian.bugs.dist/c/lK8u-LMY7n4
+    # [2]: https://bugs.kde.org/show_bug.cgi?id=448153
+
+    networking.networkmanager.plugins = with pkgs; [
+      ((networkmanager-openconnect.override {
+          withGnome = false;
+          openconnect = openconnect.overrideAttrs (_: super: {
+            version = "unstable-2022-10-23";
+            src = fetchFromGitLab {
+              owner = "openconnect";
+              repo = "openconnect";
+              rev = "acdfc753f7885b2a539f99036ac41ba1b78cc7ae";
+              hash = "sha256-ub+Z4WFD77h5YMQTb+TLc7EyY2KjBWglF1QVTirCHJM=";
+            };
+          });
+        })
+        .overrideAttrs (_: super: {
+          version = "unstable-2022-09-10";
+          src = fetchFromGitLab {
+            domain = "gitlab.gnome.org";
+            owner = "GNOME";
+            repo = "NetworkManager-openconnect";
+            rev = "3c1590786518e9acca33c250660ad21cae565acd";
+            hash = "sha256-YTUN46QHsHkXPAhImPG/MMLMqjlSRknapVO8u43nnWk=";
+          };
+          buildInputs =
+            super.buildInputs
+            ++ [
+              (webkitgtk_4_1.override {
+                inherit (gnome) libsoup;
+              })
+            ];
+          nativeBuildInputs =
+            super.nativeBuildInputs
+            ++ [
+              autoreconfHook
+            ];
+          postPatch = ''
+            substituteInPlace configure.ac \
+              --replace "PKG_CHECK_MODULES(LIBSECRET, libsecret-1 >= 0.18)" ""
+          '';
+          preAutoreconf = ''
+            autoupdate
+          '';
+          preConfigure = ''
+            NOCONFIGURE=x ./autogen.sh
+            touch gtk4/nm-openconnect-dialog.ui
+          '';
+        }))
+    ];
+  };
+}