From 3deee92686a334b79c9fab56056af1b0a7a51076 Mon Sep 17 00:00:00 2001
From: Yongun Seong <nevivurn@nevi.dev>
Date: Sat, 18 Nov 2023 02:10:24 +0900
Subject: [PATCH 1/2] openvpn: 2.5.8 -> 2.6.8

---
 pkgs/tools/networking/openvpn/default.nix | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/pkgs/tools/networking/openvpn/default.nix b/pkgs/tools/networking/openvpn/default.nix
index 87cbd6881e27..343d05976595 100644
--- a/pkgs/tools/networking/openvpn/default.nix
+++ b/pkgs/tools/networking/openvpn/default.nix
@@ -3,6 +3,9 @@
 , fetchurl
 , pkg-config
 , iproute2
+, libcap_ng
+, libnl
+, lz4
 , lzo
 , openssl
 , pam
@@ -16,7 +19,7 @@
 let
   inherit (lib) versionOlder optional optionals optionalString;
 
-  generic = { version, sha256, extraBuildInputs ? [] }:
+  generic = { version, sha256, extraBuildInputs ? [ ] }:
     let
       withIpRoute = stdenv.isLinux && (versionOlder version "2.5.4");
     in
@@ -32,8 +35,8 @@ let
 
         nativeBuildInputs = [ pkg-config ];
 
-        buildInputs = [ lzo ]
-          ++ optional stdenv.isLinux pam
+        buildInputs = [ lz4 lzo ]
+          ++ optionals stdenv.isLinux [ libcap_ng libnl pam ]
           ++ optional withIpRoute iproute2
           ++ optional useSystemd systemd
           ++ optional pkcs11Support pkcs11helper
@@ -73,8 +76,8 @@ let
 in
 {
   openvpn = generic {
-    version = "2.5.8";
-    sha256 = "1cixqm4gn2d1v8qkbww75j30fzvxz13gc7whcmz54i0x4fvibwx6";
+    version = "2.6.8";
+    sha256 = "sha256-Xt4VZcim2IAQD38jUxen7p7qg9UFLbVUfxOp52r3gF0=";
     extraBuildInputs = [ openssl ];
   };
 }

From 52bdb3481c4fe25501b4eea1bdff9e3edabaf562 Mon Sep 17 00:00:00 2001
From: Yongun Seong <nevivurn@nevi.dev>
Date: Wed, 20 Dec 2023 18:23:08 +0900
Subject: [PATCH 2/2] openvpn: fix tests and add to passthru.tests

---
 nixos/tests/all-tests.nix                      |  4 ++--
 nixos/tests/initrd-network-openvpn/default.nix | 15 ++++++++-------
 pkgs/tools/networking/openvpn/default.nix      | 10 ++++++++--
 3 files changed, 18 insertions(+), 11 deletions(-)

diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix
index df3acdf4566b..a202dd6b5b24 100644
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@@ -406,7 +406,7 @@ in {
   incus = pkgs.recurseIntoAttrs (handleTest ./incus { inherit handleTestOn; });
   influxdb = handleTest ./influxdb.nix {};
   influxdb2 = handleTest ./influxdb2.nix {};
-  initrd-network-openvpn = handleTest ./initrd-network-openvpn {};
+  initrd-network-openvpn = handleTestOn [ "x86_64-linux" "i686-linux" ] ./initrd-network-openvpn {};
   initrd-network-ssh = handleTest ./initrd-network-ssh {};
   initrd-luks-empty-passphrase = handleTest ./initrd-luks-empty-passphrase.nix {};
   initrdNetwork = handleTest ./initrd-network.nix {};
@@ -830,7 +830,7 @@ in {
   systemd-initrd-vconsole = handleTest ./systemd-initrd-vconsole.nix {};
   systemd-initrd-networkd = handleTest ./systemd-initrd-networkd.nix {};
   systemd-initrd-networkd-ssh = handleTest ./systemd-initrd-networkd-ssh.nix {};
-  systemd-initrd-networkd-openvpn = handleTest ./initrd-network-openvpn { systemdStage1 = true; };
+  systemd-initrd-networkd-openvpn = handleTestOn [ "x86_64-linux" "i686-linux" ] ./initrd-network-openvpn { systemdStage1 = true; };
   systemd-initrd-vlan = handleTest ./systemd-initrd-vlan.nix {};
   systemd-journal = handleTest ./systemd-journal.nix {};
   systemd-machinectl = handleTest ./systemd-machinectl.nix {};
diff --git a/nixos/tests/initrd-network-openvpn/default.nix b/nixos/tests/initrd-network-openvpn/default.nix
index 769049905eb8..69db7dd1037f 100644
--- a/nixos/tests/initrd-network-openvpn/default.nix
+++ b/nixos/tests/initrd-network-openvpn/default.nix
@@ -59,18 +59,19 @@ import ../make-test-python.nix ({ lib, ...}:
 
             # This command does not fork to keep the VM in the state where
             # only the initramfs is loaded
-            preLVMCommands =
-            ''
-              /bin/nc -p 1234 -lke /bin/echo TESTVALUE
-            '';
+            preLVMCommands = lib.mkIf (!systemdStage1)
+              ''
+                /bin/nc -p 1234 -lke /bin/echo TESTVALUE
+              '';
 
             network = {
               enable = true;
 
               # Work around udhcpc only getting a lease on eth0
-              postCommands = ''
-                /bin/ip addr add 192.168.1.2/24 dev eth1
-              '';
+              postCommands = lib.mkIf (!systemdStage1)
+                ''
+                  /bin/ip addr add 192.168.1.2/24 dev eth1
+                '';
 
               # Example configuration for OpenVPN
               # This is the main reason for this test
diff --git a/pkgs/tools/networking/openvpn/default.nix b/pkgs/tools/networking/openvpn/default.nix
index 343d05976595..6aedcbbcbb3e 100644
--- a/pkgs/tools/networking/openvpn/default.nix
+++ b/pkgs/tools/networking/openvpn/default.nix
@@ -14,6 +14,7 @@
 , update-systemd-resolved
 , pkcs11Support ? false
 , pkcs11helper
+, nixosTests
 }:
 
 let
@@ -75,9 +76,14 @@ let
 
 in
 {
-  openvpn = generic {
+  openvpn = (generic {
     version = "2.6.8";
     sha256 = "sha256-Xt4VZcim2IAQD38jUxen7p7qg9UFLbVUfxOp52r3gF0=";
     extraBuildInputs = [ openssl ];
-  };
+  }).overrideAttrs
+    (_: {
+      passthru.tests = {
+        inherit (nixosTests) initrd-network-openvpn systemd-initrd-networkd-openvpn;
+      };
+    });
 }