configs/hu-berlin.nix

{ config, pkgs, lib, ... }:
let
  inherit (lib.strings) fileContents;
  inherit (import <niveum/lib>) sshPort;
  eduroam = {
    identity = fileContents <secrets/eduroam/identity>;
    password = fileContents <secrets/eduroam/password>;
  };
  hu-berlin-cifs-options = [
    "uid=${toString config.users.users.me.uid}"
    "gid=${toString config.users.groups.users.gid}"
    "sec=ntlmv2"
    "workgroup=german"
    "username=meinhaki"
    "password=${lib.strings.fileContents <secrets/mail/meinhaki>}"
    "noauto"
    "x-systemd.requires=openvpn-hu-berlin.service"
    "x-systemd.automount"
    "x-systemd.device-timeout=1"
    "x-systemd.idle-timeout=1min"
  ];
in {
  fileSystems."/media/hu-berlin/germpro2" = {
    device = "//hugerm31c.user.hu-berlin.de/germpro2/ling";
    fsType = "cifs";
    options = hu-berlin-cifs-options;
  };

  fileSystems."/media/hu-berlin/germhome" = {
    device = "//hugerm31c.user.hu-berlin.de/germhome/ling/meinhaki";
    fsType = "cifs";
    options = hu-berlin-cifs-options;
  };


  home-manager.users.me.programs.ssh = {
    matchBlocks = {
      "alew.hu-berlin.de" = {
        user = "centos";
        hostname = "141.20.187.219";
      };
    };
  };

  environment.systemPackages = [
    (pkgs.writers.writeDashBin "hu-ip" ''
      ${pkgs.w3m}/bin/w3m -dump meineip.hu-berlin.de | head --lines=-4 | tail --lines=+3
    '')
    (pkgs.writers.writePython3Bin "hu-eduroam-install"
      {
        libraries = with pkgs.python3Packages; [ distro pyopenssl dbus-python ];
        flakeIgnore = [ "E501" "E123" "W504" "E722" "F821" "E226" "E126" "E265" "W291" ];
      }
      (builtins.readFile (builtins.fetchurl {
        url = "https://www.cms.hu-berlin.de/de/dl/netze/wlan/config/eduroam/linux-installer/eduroam-linux-hub.py";
        sha256 = "19x2kvwxx13265b2hj5fjf53g0liw6dw7xf9j9cav67cswmz60kf";
      }))
    )
  ];

  systemd.services.hu-vpn = {
    enable = true;
    wants = [ "network-online.target" ];
    conflicts = [ "openvpn-hu-berlin.service" ];
    script = ''
      ${pkgs.openfortivpn}/bin/openfortivpn -c ${pkgs.writeText "hu-berlin.config" ''
        host = forti-ssl.vpn.hu-berlin.de
        port = 443
        trusted-cert = 42193a913d276d9eb86217612956e1e6464d6f07bed5393a4787c87adc4bd359
        username = ${eduroam.identity}
        password = ${eduroam.password}
      ''}
    '';
  };

  systemd.services.openvpn-hu-berlin.conflicts = [ "hu-vpn.service" ];

  services.openvpn.servers.hu-berlin = {
    autoStart = false;
    authUserPass = {
      username = eduroam.identity;
      password = eduroam.password;
    };
    config = fileContents (pkgs.fetchurl {
      url =
        "https://www.cms.hu-berlin.de/de/dl/netze/vpn/openvpn/hu-berlin.ovpn";
      sha256 = "15b55aibik5460svjq2gwxrcyh6ay4k8savd6cd5lncgndmd8p8h";
    });
  };
}
feat: run moodle-dl on toum, sshfs from wilde 2020-10-31 20:52:10 +01:00			`{ config, pkgs, lib, ... }:`
Factor out HU 2019-01-08 18:22:54 +01:00			`let`
fix: openvpn 2020-01-18 08:02:02 +01:00			`inherit (lib.strings) fileContents;`
feat: run moodle-dl on toum, sshfs from wilde 2020-10-31 20:52:10 +01:00			`inherit (import <niveum/lib>) sshPort;`
eduroam, traadfri: use shared secrets 2019-06-18 09:23:20 +02:00			`eduroam = {`
chore: reorganize secrets 2020-09-24 19:25:47 +02:00			`identity = fileContents <secrets/eduroam/identity>;`
			`password = fileContents <secrets/eduroam/password>;`
eduroam, traadfri: use shared secrets 2019-06-18 09:23:20 +02:00			`};`
feat(hu-berlin): add network filesystems 2020-12-18 10:27:34 +01:00			`hu-berlin-cifs-options = [`
			`"uid=${toString config.users.users.me.uid}"`
			`"gid=${toString config.users.groups.users.gid}"`
			`"sec=ntlmv2"`
			`"workgroup=german"`
			`"username=meinhaki"`
			`"password=${lib.strings.fileContents <secrets/mail/meinhaki>}"`
			`"noauto"`
fix(hu-berlin): make cifs mounts depend on openvpn instead of fortinet 2021-04-09 08:21:47 +02:00			`"x-systemd.requires=openvpn-hu-berlin.service"`
feat(hu-berlin): add network filesystems 2020-12-18 10:27:34 +01:00			`"x-systemd.automount"`
			`"x-systemd.device-timeout=1"`
			`"x-systemd.idle-timeout=1min"`
			`];`
Factor out HU 2019-01-08 18:22:54 +01:00			`in {`
feat(hu-berlin): add network filesystems 2020-12-18 10:27:34 +01:00			`fileSystems."/media/hu-berlin/germpro2" = {`
			`device = "//hugerm31c.user.hu-berlin.de/germpro2/ling";`
			`fsType = "cifs";`
			`options = hu-berlin-cifs-options;`
			`};`

			`fileSystems."/media/hu-berlin/germhome" = {`
			`device = "//hugerm31c.user.hu-berlin.de/germhome/ling/meinhaki";`
			`fsType = "cifs";`
			`options = hu-berlin-cifs-options;`
			`};`
feat: run moodle-dl on toum, sshfs from wilde 2020-10-31 20:52:10 +01:00
feat(ssh): add alew machine 2021-12-02 14:19:14 +01:00
			`home-manager.users.me.programs.ssh = {`
			`matchBlocks = {`
			`"alew.hu-berlin.de" = {`
			`user = "centos";`
			`hostname = "141.20.187.219";`
			`};`
			`};`
			`};`

feat(hu-berlin): hu-ip script 2020-12-28 19:50:34 +01:00			`environment.systemPackages = [`
			`(pkgs.writers.writeDashBin "hu-ip" ''`
			`${pkgs.w3m}/bin/w3m -dump meineip.hu-berlin.de \| head --lines=-4 \| tail --lines=+3`
			`'')`
feat(wifi): networkmanager for wilde, wpa_supplicant for others 2021-09-17 11:12:23 +02:00			`(pkgs.writers.writePython3Bin "hu-eduroam-install"`
			`{`
			`libraries = with pkgs.python3Packages; [ distro pyopenssl dbus-python ];`
			`flakeIgnore = [ "E501" "E123" "W504" "E722" "F821" "E226" "E126" "E265" "W291" ];`
			`}`
			`(builtins.readFile (builtins.fetchurl {`
			`url = "https://www.cms.hu-berlin.de/de/dl/netze/wlan/config/eduroam/linux-installer/eduroam-linux-hub.py";`
			`sha256 = "19x2kvwxx13265b2hj5fjf53g0liw6dw7xf9j9cav67cswmz60kf";`
			`}))`
			`)`
feat(hu-berlin): hu-ip script 2020-12-28 19:50:34 +01:00			`];`

feat(hu-berlin): add network filesystems 2020-12-18 10:27:34 +01:00			`systemd.services.hu-vpn = {`
feat(hu-berlin): reenable forti vpn 2021-12-13 11:57:27 +01:00			`enable = true;`
feat(hu-berlin): add network filesystems 2020-12-18 10:27:34 +01:00			`wants = [ "network-online.target" ];`
feat(hu-berlin): update vpn certs and make vpns contradict each other 2021-02-06 11:17:13 +01:00			`conflicts = [ "openvpn-hu-berlin.service" ];`
feat(hu-berlin): add network filesystems 2020-12-18 10:27:34 +01:00			`script = ''`
			`${pkgs.openfortivpn}/bin/openfortivpn -c ${pkgs.writeText "hu-berlin.config" ''`
feat(hu-berlin): add alternate vpn 2020-09-03 19:16:27 +02:00			`host = forti-ssl.vpn.hu-berlin.de`
			`port = 443`
feat(hu-berlin): update vpn certs and make vpns contradict each other 2021-02-06 11:17:13 +01:00			`trusted-cert = 42193a913d276d9eb86217612956e1e6464d6f07bed5393a4787c87adc4bd359`
feat(hu-berlin): add alternate vpn 2020-09-03 19:16:27 +02:00			`username = ${eduroam.identity}`
feat(hu-berlin): add network filesystems 2020-12-18 10:27:34 +01:00			`password = ${eduroam.password}`
feat(hu-berlin): add alternate vpn 2020-09-03 19:16:27 +02:00			`''}`
feat(hu-berlin): add network filesystems 2020-12-18 10:27:34 +01:00			`'';`
			`};`
feat(hu-berlin): add alternate vpn 2020-09-03 19:16:27 +02:00
feat(hu-berlin): update vpn certs and make vpns contradict each other 2021-02-06 11:17:13 +01:00			`systemd.services.openvpn-hu-berlin.conflicts = [ "hu-vpn.service" ];`

fix: openvpn 2020-01-18 08:02:02 +01:00			`services.openvpn.servers.hu-berlin = {`
			`autoStart = false;`
			`authUserPass = {`
			`username = eduroam.identity;`
			`password = eduroam.password;`
Factor out HU 2019-01-08 18:22:54 +01:00			`};`
fix: openvpn 2020-01-18 08:02:02 +01:00			`config = fileContents (pkgs.fetchurl {`
chore: nixfmt 2020-06-10 17:37:25 +02:00			`url =`
			`"https://www.cms.hu-berlin.de/de/dl/netze/vpn/openvpn/hu-berlin.ovpn";`
fix: openvpn 2020-01-18 08:02:02 +01:00			`sha256 = "15b55aibik5460svjq2gwxrcyh6ay4k8savd6cd5lncgndmd8p8h";`
			`});`
Factor out HU 2019-01-08 18:22:54 +01:00			`};`
			`}`