1 files changed, 23 insertions, 4 deletions

diff --git a/nixos/modules/services/networking/globalprotect-vpn.nix b/nixos/modules/services/networking/globalprotect-vpn.nix
index 976fdf2b962..2ae8495f018 100644
--- a/nixos/modules/services/networking/globalprotect-vpn.nix
+++ b/nixos/modules/services/networking/globalprotect-vpn.nix
@@ -5,7 +5,8 @@ with lib;
 let
   cfg = config.services.globalprotect;
 
-  execStart = if cfg.csdWrapper == null then
+  execStart =
+    if cfg.csdWrapper == null then
       "${pkgs.globalprotect-openconnect}/bin/gpservice"
     else
       "${pkgs.globalprotect-openconnect}/bin/gpservice --csd-wrapper=${cfg.csdWrapper}";
@@ -15,6 +16,22 @@ in
   options.services.globalprotect = {
     enable = mkEnableOption "globalprotect";
 
+    settings = mkOption {
+      description = ''
+        GlobalProtect-openconnect configuration. For more information, visit
+        <link
+        xlink:href="https://github.com/yuezk/GlobalProtect-openconnect/wiki/Configuration"
+        />.
+      '';
+      default = { };
+      example = {
+        "vpn1.company.com" = {
+          openconnect-args = "--script=/path/to/vpnc-script";
+        };
+      };
+      type = types.attrs;
+    };
+
     csdWrapper = mkOption {
       description = ''
         A script that will produce a Host Integrity Protection (HIP) report,
@@ -29,12 +46,14 @@ in
   config = mkIf cfg.enable {
     services.dbus.packages = [ pkgs.globalprotect-openconnect ];
 
+    environment.etc."gpservice/gp.conf".text = lib.generators.toINI { } cfg.settings;
+
     systemd.services.gpservice = {
       description = "GlobalProtect openconnect DBus service";
       serviceConfig = {
-        Type="dbus";
-        BusName="com.yuezk.qt.GPService";
-        ExecStart=execStart;
+        Type = "dbus";
+        BusName = "com.yuezk.qt.GPService";
+        ExecStart = execStart;
       };
       wantedBy = [ "multi-user.target" ];
       after = [ "network.target" ];