From 10224de58a4c95aea623a84898c4ea4be55bbe8e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kier=C3=A1n=20Meinhardt?= <kmein@posteo.de>
Date: Fri, 18 Dec 2020 10:27:34 +0100
Subject: [PATCH] feat(hu-berlin): add network filesystems

---
 configs/default.nix   |  1 +
 configs/hu-berlin.nix | 38 ++++++++++++++++++++++++++++++++------
 2 files changed, 33 insertions(+), 6 deletions(-)

diff --git a/configs/default.nix b/configs/default.nix
index 491327c..3b12c4e 100644
--- a/configs/default.nix
+++ b/configs/default.nix
@@ -70,6 +70,7 @@ in {
         hashedPassword =
           "$6$w9hXyGFl/.IZBXk$5OiWzS1G.5hImhh1YQmZiCXYNAJhi3X6Y3uSLupJNYYXPLMsQpx2fwF4Xr2uYzGMV8Foqh8TgUavx1APD9rcb/";
         isNormalUser = true;
+        uid = 1000;
       };
     }
     {
diff --git a/configs/hu-berlin.nix b/configs/hu-berlin.nix
index 0edb61f..187ecb0 100644
--- a/configs/hu-berlin.nix
+++ b/configs/hu-berlin.nix
@@ -23,24 +23,50 @@ let
     }"
     phase2="auth=PAP"
   '';
+  hu-berlin-cifs-options = [
+    "uid=${toString config.users.users.me.uid}"
+    "gid=${toString config.users.groups.users.gid}"
+    "sec=ntlmv2"
+    "workgroup=german"
+    "username=meinhaki"
+    "password=${lib.strings.fileContents <secrets/mail/meinhaki>}"
+    "noauto"
+    "x-systemd.requires=hu-vpn.service"
+    "x-systemd.automount"
+    "x-systemd.device-timeout=1"
+    "x-systemd.idle-timeout=1min"
+  ];
 in {
   networking.wireless.networks = {
     eduroam_5GHz.auth = eduroamAuth;
     eduroam.auth = eduroamAuth;
   };
 
-  environment.systemPackages = [
-    pkgs.sshfsFuse
+  fileSystems."/media/hu-berlin/germpro2" = {
+    device = "//hugerm31c.user.hu-berlin.de/germpro2/ling";
+    fsType = "cifs";
+    options = hu-berlin-cifs-options;
+  };
 
-    (pkgs.writers.writeDashBin "hu-vpn" ''
-      ${pkgs.openfortivpn}/bin/openfortivpn -p "${eduroam.password}" -c ${pkgs.writeText "hu-berlin.config" ''
+  fileSystems."/media/hu-berlin/germhome" = {
+    device = "//hugerm31c.user.hu-berlin.de/germhome/ling/meinhaki";
+    fsType = "cifs";
+    options = hu-berlin-cifs-options;
+  };
+
+  systemd.services.hu-vpn = {
+    enable = true;
+    wants = [ "network-online.target" ];
+    script = ''
+      ${pkgs.openfortivpn}/bin/openfortivpn -c ${pkgs.writeText "hu-berlin.config" ''
         host = forti-ssl.vpn.hu-berlin.de
         port = 443
         trusted-cert = e5a7d56543002ffe1e8962caa5fd6d94053aa702381458247b670877a66f3c6f
         username = ${eduroam.identity}
+        password = ${eduroam.password}
       ''}
-    '')
-  ];
+    '';
+  };
 
   services.openvpn.servers.hu-berlin = {
     autoStart = false;