2019-01-08 18:22:54 +01:00
|
|
|
{ pkgs, ... }:
|
|
|
|
|
let
|
2019-04-11 07:43:08 +02:00
|
|
|
eduroam = (import <dot/secrets.nix>).eduroam;
|
2019-05-14 07:18:04 +02:00
|
|
|
eduroamAuth = ''
|
|
|
|
|
key_mgmt=WPA-EAP
|
|
|
|
|
eap=TTLS
|
|
|
|
|
proto=RSN
|
|
|
|
|
identity="${eduroam.identity}"
|
|
|
|
|
anonymous_identity="anonymous@wlan.hu-berlin.de"
|
|
|
|
|
altsubject_match="DNS:srv1-radius.cms.hu-berlin.de;DNS:srv2-radius.cms.hu-berlin.de"
|
|
|
|
|
password="${eduroam.password}"
|
|
|
|
|
ca_cert="${pkgs.fetchurl {
|
|
|
|
|
url = https://www.cms.hu-berlin.de/de/dl/netze/wlan/config/eduroam/t-telesec_globalroot_class_2.pem;
|
|
|
|
|
sha256 = "b30989fd9e45c74bf417df74d1da639d1f04d4fd0900be813a2d6a031a56c845";
|
|
|
|
|
}}"
|
|
|
|
|
phase2="auth=PAP"
|
|
|
|
|
'';
|
2019-01-08 18:22:54 +01:00
|
|
|
in {
|
|
|
|
|
networking.wireless.networks = {
|
2019-05-14 07:18:04 +02:00
|
|
|
eduroam_5GHz.auth = eduroamAuth;
|
|
|
|
|
eduroam.auth = eduroamAuth;
|
2019-01-08 18:22:54 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
services.openvpn.servers = {
|
|
|
|
|
hu-berlin = {
|
2019-05-14 07:18:04 +02:00
|
|
|
config = ''
|
|
|
|
|
config ${pkgs.fetchurl {
|
2019-01-08 18:22:54 +01:00
|
|
|
url = https://www.cms.hu-berlin.de/de/dl/netze/vpn/openvpn/hu-berlin.ovpn;
|
2019-03-15 07:10:20 +01:00
|
|
|
sha256 = "15b55aibik5460svjq2gwxrcyh6ay4k8savd6cd5lncgndmd8p8h";
|
2019-01-08 18:22:54 +01:00
|
|
|
}}
|
|
|
|
|
# route-nopull
|
2019-05-14 07:18:04 +02:00
|
|
|
# route 141.20.0.0 255.255.0.0
|
|
|
|
|
'';
|
2019-01-08 18:22:54 +01:00
|
|
|
authUserPass = {
|
|
|
|
|
username = eduroam.identity;
|
|
|
|
|
password = eduroam.password;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
}
|
