configs/uni.nix

{
  config,
  pkgs,
  lib,
  ...
}:
let
  username = "meinhak99";
  fu-defaults =
    let
      mailhost = "mail.zedat.fu-berlin.de";
    in
    {
      imap.host = mailhost;
      imap.port = 993;
      imap.tls.enable = true;
      smtp.host = mailhost;
      smtp.port = 465;
      smtp.tls.enable = true;
      folders.drafts = "Entwürfe";
      folders.sent = "Gesendet";
      folders.trash = "Papierkorb";
    };
in
{
  home-manager.users.me = {
    programs.ssh = {
      matchBlocks = {
        fu-berlin = {
          user = username;
          hostname = "login.zedat.fu-berlin.de";
          setEnv.TERM = "xterm";
        };
      };
    };
    accounts.email.accounts = {
      letos = lib.recursiveUpdate pkgs.lib.niveum.email.defaults {
        userName = "slfletos";
        address = "letos.sprachlit@hu-berlin.de";
        passwordCommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.email-password-letos.path}";
        imap.host = "mailbox.cms.hu-berlin.de";
        imap.port = 993;
        smtp.host = "mailhost.cms.hu-berlin.de";
        smtp.port = 25;
        smtp.tls.useStartTls = true;
      };
      fu = lib.recursiveUpdate pkgs.lib.niveum.email.defaults (
        lib.recursiveUpdate fu-defaults (
          let
            userName = "meinhak99";
          in
          {
            userName = userName;
            address = "kieran.meinhardt@fu-berlin.de";
            aliases = [ "${userName}@fu-berlin.de" ];
            passwordCommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.email-password-meinhak99.path}";
            himalaya = {
              enable = true;
            };
          }
        )
      );
    };
  };

  age.secrets = {
    email-password-meinhak99 = {
      file = ../secrets/email-password-meinhak99.age;
      owner = config.users.users.me.name;
      group = config.users.users.me.group;
      mode = "400";
    };
    email-password-letos = {
      file = ../secrets/email-password-letos.age;
      owner = config.users.users.me.name;
      group = config.users.users.me.group;
      mode = "400";
    };
    fu-sftp-key = {
      file = ../secrets/fu-sftp-key.age;
      owner = "root";
      group = "root";
      mode = "400";
    };
  };

  # if it fails with "connection reset by peer" run `sudo sshfs ... ... -o ...` manually
  # it needs to say 'yes' to the server's fingerprint
  system.fsPackages = [ pkgs.sshfs ];

  # https://www.zedat.fu-berlin.de/tip4u_157.pdf
  fileSystems =
    let
      fu-berlin-cifs-options = [
        "uid=${toString config.users.users.me.uid}"
        "gid=${toString config.users.groups.users.gid}"
        "rw"
        "nounix"
        "domain=fu-berlin"
        "noauto"
        "x-systemd.automount"
        "x-systemd.device-timeout=1"
        "x-systemd.idle-timeout=1min"
      ];

      firstCharacter = lib.strings.substring 0 1;

      home-directory-mount = user: {
        "${pkgs.lib.niveum.remoteDir}/fu/${user}/home" = {
          device = "${user}@login.zedat.fu-berlin.de:/home/${firstCharacter user}/${user}";
          fsType = "sshfs";
          options = [
            "allow_other"
            "_netdev"
            "x-systemd.automount"
            "reconnect"
            "ServerAliveInterval=15"
            "IdentityFile=${config.age.secrets.fu-sftp-key.path}"
          ];
        };
      };
    in
    home-directory-mount "meinhak99";

  environment.systemPackages = [
    (pkgs.writers.writeDashBin "hu-vpn-split" ''
      ${pkgs.openfortivpn}/bin/openfortivpn \
        --password="$(cat "${config.age.secrets.email-password-letos.path}")" \
        --config=${pkgs.writeText "hu-berlin-split.config" ''
          host = forti-ssl.vpn.hu-berlin.de
          port = 443
          username = slfletos@split_tunnel
        ''}
    '')
    (pkgs.writers.writeDashBin "hu-vpn-full" ''
      ${pkgs.openfortivpn}/bin/openfortivpn \
        --password="$(cat "${config.age.secrets.email-password-letos.path}")" \
        --config=${pkgs.writeText "hu-berlin-full.config" ''
          host = forti-ssl.vpn.hu-berlin.de
          port = 443
          username = slfletos@tunnel_all
        ''}
    '')
    (pkgs.writers.writeDashBin "fu-vpn" ''
      if ${pkgs.wirelesstools}/bin/iwgetid | ${pkgs.gnugrep}/bin/grep --invert-match eduroam
      then
        # root firefox will not open login window unless root owns Xauthority
        sudo cp $XAUTHORITY /root/.Xauthority
        sudo chown root: /root/.Xauthority
        XAUTHORITY=/root/.Xauthority sudo ${pkgs.openconnect}/bin/openconnect vpn.fu-berlin.de --useragent=AnyConnect
      fi
    '')
  ];
}
feat: hello, FU! 2023-08-04 16:03:51 +02:00			`{`
			`config,`
			`pkgs,`
feat: move email/ssh to fysi/hu-berlin/fu-berlin 2023-08-06 21:18:42 +02:00			`lib,`
feat: hello, FU! 2023-08-04 16:03:51 +02:00			`...`
format 2025-12-27 22:22:54 +01:00			`}:`
			`let`
feat: hello, FU! 2023-08-04 16:03:51 +02:00			`username = "meinhak99";`
format 2025-12-27 22:22:54 +01:00			`fu-defaults =`
			`let`
			`mailhost = "mail.zedat.fu-berlin.de";`
			`in`
			`{`
			`imap.host = mailhost;`
			`imap.port = 993;`
			`imap.tls.enable = true;`
			`smtp.host = mailhost;`
			`smtp.port = 465;`
			`smtp.tls.enable = true;`
			`folders.drafts = "Entwürfe";`
			`folders.sent = "Gesendet";`
			`folders.trash = "Papierkorb";`
			`};`
			`in`
			`{`
feat: hello, FU! 2023-08-04 16:03:51 +02:00			`home-manager.users.me = {`
			`programs.ssh = {`
			`matchBlocks = {`
			`fu-berlin = {`
			`user = username;`
			`hostname = "login.zedat.fu-berlin.de";`
			`setEnv.TERM = "xterm";`
			`};`
			`};`
			`};`
feat: move email/ssh to fysi/hu-berlin/fu-berlin 2023-08-06 21:18:42 +02:00			`accounts.email.accounts = {`
format 2025-12-27 22:22:54 +01:00			`letos = lib.recursiveUpdate pkgs.lib.niveum.email.defaults {`
			`userName = "slfletos";`
			`address = "letos.sprachlit@hu-berlin.de";`
			`passwordCommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.email-password-letos.path}";`
			`imap.host = "mailbox.cms.hu-berlin.de";`
			`imap.port = 993;`
			`smtp.host = "mailhost.cms.hu-berlin.de";`
			`smtp.port = 25;`
			`smtp.tls.useStartTls = true;`
			`};`
			`fu = lib.recursiveUpdate pkgs.lib.niveum.email.defaults (`
			`lib.recursiveUpdate fu-defaults (`
			`let`
			`userName = "meinhak99";`
			`in`
			`{`
remove rec 2025-12-25 08:33:18 +01:00			`userName = userName;`
feat: move email/ssh to fysi/hu-berlin/fu-berlin 2023-08-06 21:18:42 +02:00			`address = "kieran.meinhardt@fu-berlin.de";`
format 2025-12-27 22:22:54 +01:00			`aliases = [ "${userName}@fu-berlin.de" ];`
feat: move email/ssh to fysi/hu-berlin/fu-berlin 2023-08-06 21:18:42 +02:00			`passwordCommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.email-password-meinhak99.path}";`
feat: configure himalaya email (and add to dashboard) 2024-03-14 22:31:55 +01:00			`himalaya = {`
			`enable = true;`
			`};`
format 2025-12-27 22:22:54 +01:00			`}`
			`)`
			`);`
feat: move email/ssh to fysi/hu-berlin/fu-berlin 2023-08-06 21:18:42 +02:00			`};`
feat: hello, FU! 2023-08-04 16:03:51 +02:00			`};`

			`age.secrets = {`
			`email-password-meinhak99 = {`
			`file = ../secrets/email-password-meinhak99.age;`
			`owner = config.users.users.me.name;`
			`group = config.users.users.me.group;`
			`mode = "400";`
			`};`
reinstate hu vpn, remove fu signature 2025-10-21 15:18:54 +02:00			`email-password-letos = {`
			`file = ../secrets/email-password-letos.age;`
			`owner = config.users.users.me.name;`
			`group = config.users.users.me.group;`
			`mode = "400";`
			`};`
feat(fu-berlin): mount home directories via sshfs 2024-04-09 19:41:24 +02:00			`fu-sftp-key = {`
			`file = ../secrets/fu-sftp-key.age;`
			`owner = "root";`
			`group = "root";`
			`mode = "400";`
			`};`
feat: hello, FU! 2023-08-04 16:03:51 +02:00			`};`

feat(fu-berlin): add comment for home dir mount 2024-04-15 22:23:01 +02:00			# if it fails with "connection reset by peer" run `sudo sshfs ... ... -o ...` manually
			`# it needs to say 'yes' to the server's fingerprint`
feat(fu-berlin): mount home directories via sshfs 2024-04-09 19:41:24 +02:00			`system.fsPackages = [ pkgs.sshfs ];`

feat(fu-berlin): mount zodiac cifs 2023-09-18 12:04:56 +02:00			`# https://www.zedat.fu-berlin.de/tip4u_157.pdf`
format 2025-12-27 22:22:54 +01:00			`fileSystems =`
			`let`
			`fu-berlin-cifs-options = [`
			`"uid=${toString config.users.users.me.uid}"`
			`"gid=${toString config.users.groups.users.gid}"`
			`"rw"`
			`"nounix"`
			`"domain=fu-berlin"`
			`"noauto"`
			`"x-systemd.automount"`
			`"x-systemd.device-timeout=1"`
			`"x-systemd.idle-timeout=1min"`
			`];`
chore: refactor home directory mounts 2024-04-12 09:23:39 +02:00
format 2025-12-27 22:22:54 +01:00			`firstCharacter = lib.strings.substring 0 1;`
chore: refactor home directory mounts 2024-04-12 09:23:39 +02:00
format 2025-12-27 22:22:54 +01:00			`home-directory-mount = user: {`
			`"${pkgs.lib.niveum.remoteDir}/fu/${user}/home" = {`
			`device = "${user}@login.zedat.fu-berlin.de:/home/${firstCharacter user}/${user}";`
			`fsType = "sshfs";`
			`options = [`
			`"allow_other"`
			`"_netdev"`
			`"x-systemd.automount"`
			`"reconnect"`
			`"ServerAliveInterval=15"`
			`"IdentityFile=${config.age.secrets.fu-sftp-key.path}"`
			`];`
			`};`
chore: refactor home directory mounts 2024-04-12 09:23:39 +02:00			`};`
format 2025-12-27 22:22:54 +01:00			`in`
			`home-directory-mount "meinhak99";`
feat(fu-berlin): mount zodiac cifs 2023-09-18 12:04:56 +02:00
fu-berlin: they changed their vpn 2024-10-23 07:53:53 +02:00			`environment.systemPackages = [`
reinstate hu vpn, remove fu signature 2025-10-21 15:18:54 +02:00			`(pkgs.writers.writeDashBin "hu-vpn-split" ''`
			`${pkgs.openfortivpn}/bin/openfortivpn \`
			`--password="$(cat "${config.age.secrets.email-password-letos.path}")" \`
format 2025-12-27 22:22:54 +01:00			`--config=${pkgs.writeText "hu-berlin-split.config" ''`
reinstate hu vpn, remove fu signature 2025-10-21 15:18:54 +02:00			`host = forti-ssl.vpn.hu-berlin.de`
			`port = 443`
			`username = slfletos@split_tunnel`
format 2025-12-27 22:22:54 +01:00			`''}`
reinstate hu vpn, remove fu signature 2025-10-21 15:18:54 +02:00			`'')`
			`(pkgs.writers.writeDashBin "hu-vpn-full" ''`
			`${pkgs.openfortivpn}/bin/openfortivpn \`
			`--password="$(cat "${config.age.secrets.email-password-letos.path}")" \`
format 2025-12-27 22:22:54 +01:00			`--config=${pkgs.writeText "hu-berlin-full.config" ''`
reinstate hu vpn, remove fu signature 2025-10-21 15:18:54 +02:00			`host = forti-ssl.vpn.hu-berlin.de`
			`port = 443`
			`username = slfletos@tunnel_all`
format 2025-12-27 22:22:54 +01:00			`''}`
reinstate hu vpn, remove fu signature 2025-10-21 15:18:54 +02:00			`'')`
fu-berlin: they changed their vpn 2024-10-23 07:53:53 +02:00			`(pkgs.writers.writeDashBin "fu-vpn" ''`
			`if ${pkgs.wirelesstools}/bin/iwgetid \| ${pkgs.gnugrep}/bin/grep --invert-match eduroam`
			`then`
fu-vpn: include xauthority setup 2025-05-21 10:50:36 +02:00			`# root firefox will not open login window unless root owns Xauthority`
			`sudo cp $XAUTHORITY /root/.Xauthority`
			`sudo chown root: /root/.Xauthority`
			`XAUTHORITY=/root/.Xauthority sudo ${pkgs.openconnect}/bin/openconnect vpn.fu-berlin.de --useragent=AnyConnect`
fu-berlin: they changed their vpn 2024-10-23 07:53:53 +02:00			`fi`
			`'')`
			`];`
feat: hello, FU! 2023-08-04 16:03:51 +02:00			`}`