1 files changed, 100 insertions, 4 deletions
diff --git a/topics/deploy/uthsc-vpn.scm b/topics/deploy/uthsc-vpn.scm
index 82f67f5..f204cdf 100644
--- a/topics/deploy/uthsc-vpn.scm
+++ b/topics/deploy/uthsc-vpn.scm
@@ -1,15 +1,30 @@
-(use-modules ((gnu packages python-web) #:select (python-requests python-urllib3))
+(use-modules ((gnu packages check)
+              #:select (python-pytest python-pytest-asyncio python-pytest-httpserver))
+             ((gnu packages freedesktop) #:select (python-pyxdg))
+             ((gnu packages python-build) #:select (python-poetry-core python-toml))
+             ((gnu packages python-crypto)
+              #:select (python-keyring python-pyotp))
+             ((gnu packages python-web) #:select (python-requests python-urllib3))
+             ((gnu packages python-xyz)
+              #:select (python-attrs python-charset-normalizer
+                                     python-colorama python-prompt-toolkit python-pysocks
+                                     python-structlog))
              ((gnu packages guile-xyz) #:select (guile-ini guile-lib guile-smc))
-             ((gnu packages vpn) #:select (openconnect-sso vpn-slice))
+             ((gnu packages qt) #:select (python-pyqt-6 python-pyqtwebengine-6))
+             ((gnu packages vpn) #:select (openconnect vpn-slice))
+             ((gnu packages xml) #:select (python-lxml-4.9))
+             (guix build-system pyproject)
              (guix build-system python)
              (guix download)
              (guix gexp)
+             (guix git-download)
+             ((guix licenses) #:prefix license:)
              (guix packages))
 
 ;; Put in the hosts you are interested in here.
 (define %hosts
   (list "octopus01"
-        "spacex.uthsc.edu"))
+        "spacex"))
 
 (define (ini-file name scm)
   "Return a file-like object representing INI file with @var{name} and
@@ -36,6 +51,22 @@
          "01dkqv0rsjqyw4wrp6yj8h3bcnl7c678qkj845596vs7p4bqff4a"))))
     (build-system python-build-system)))
 
+(define python-charset-normalizer-2.10
+  (package
+    (inherit python-charset-normalizer)
+    (version "2.1.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "charset-normalizer" version))
+       (sha256
+        (base32 "04zlajr77f6c7ai59l46as1idi0jjgbvj72lh4v5wfpz2s070pjp"))))
+    (build-system python-build-system)
+    (arguments (list))
+    (native-inputs
+     (modify-inputs (package-native-inputs python-charset-normalizer)
+       (delete "python-setuptools")))))
+
 (define python-requests-2.28
   (package
     (inherit python-requests)
@@ -52,13 +83,78 @@
     (native-inputs (list))
     (propagated-inputs
      (modify-inputs (package-propagated-inputs python-requests)
+       (replace "python-charset-normalizer" python-charset-normalizer-2.10)
        (replace "python-urllib3" python-urllib3-1.26)))))
 
+(define-public openconnect-sso
+  (package
+    (name "openconnect-sso")
+    ;; 0.8.0 was released in 2021, the latest update on master HEAD is from
+    ;; 2023.
+    (properties '((commit . "94128073ef49acb3bad84a2ae19fdef926ab7bdf")
+                  (revision . "0")))
+    (version (git-version "0.8.0"
+                          (assoc-ref properties 'revision)
+                          (assoc-ref properties 'commit)))
+    (source
+      (origin
+        (method git-fetch)
+        (uri (git-reference
+               (url "https://github.com/vlaci/openconnect-sso")
+              (commit (assoc-ref properties 'commit))))
+        (file-name (git-file-name name version))
+        (sha256
+         (base32 "08cqd40p9vld1liyl6qrsdrilzc709scyfghfzmmja3m1m7nym94"))))
+    (build-system pyproject-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+          (add-after 'unpack 'use-poetry-core
+            (lambda _
+              ;; Patch to use the core poetry API.
+              (substitute* "pyproject.toml"
+                (("poetry.masonry.api")
+                 "poetry.core.masonry.api"))))
+         (add-after 'unpack 'patch-openconnect
+           (lambda* (#:key inputs #:allow-other-keys)
+             (substitute* "openconnect_sso/app.py"
+               (("\"openconnect\"")
+                (string-append "\""
+                               (search-input-file inputs "/sbin/openconnect")
+                               "\""))))))))
+    (inputs
+     (list openconnect
+           python-attrs
+           python-colorama
+           python-keyring
+           python-lxml-4.9
+           python-prompt-toolkit
+           python-pyotp
+           python-pyqt-6
+           python-pyqtwebengine-6
+           python-pysocks
+           python-pyxdg
+           python-requests
+           python-structlog
+           python-toml))
+    (native-inputs
+     (list python-poetry-core
+           python-pytest
+           python-pytest-asyncio
+           python-pytest-httpserver))
+    (home-page "https://github.com/vlaci/openconnect-sso")
+    (synopsis "OpenConnect wrapper script supporting Azure AD (SAMLv2)")
+    (description
+     "This package provides a wrapper script for OpenConnect supporting Azure AD
+(SAMLv2) authentication to Cisco SSL-VPNs.")
+    (license license:gpl3)))
+
 ;; Login to the UTHSC VPN fails with an SSLV3_ALERT_HANDSHAKE_FAILURE
 ;; on newer python-requests.
 (define openconnect-sso-uthsc
   (package
     (inherit openconnect-sso)
+    (name "openconnect-sso-uthsc")
     (inputs
      (modify-inputs (package-inputs openconnect-sso)
        (replace "python-requests" python-requests-2.28)))))
@@ -81,7 +177,7 @@
         (setenv "REQUESTS_CA_BUNDLE"
                 #$(local-file "uthsc-certificate.pem"))
         (invoke #$(file-append openconnect-sso-uthsc "/bin/openconnect-sso")
-                "--server" "uthscvpn1.uthsc.edu"
+                "--server" "$vpn-server" ; ask us for end-point or see UT docs
                 "--authgroup" "UTHSC"
                 "--"
                 "--script" (string-join (cons #$(file-append vpn-slice "/bin/vpn-slice")