Factor out HU

2026-03-16 10:11:08 +01:00 · 2019-01-08 18:22:54 +01:00
parent 4cc6335050
commit bad15e0c06
7 changed files with 107 additions and 44 deletions
--- a/configs/hu-berlin.nix
+++ b/configs/hu-berlin.nix
@@ -0,0 +1,40 @@
+{ pkgs, ... }:
+let
+  eduroam = (import ../secrets.nix).eduroam;
+  eduroamConfig = {
+      auth = ''
+        key_mgmt=WPA-EAP
+        eap=TTLS
+        proto=RSN
+        identity="${eduroam.identity}"
+        anonymous_identity="anonymous@wlan.hu-berlin.de"
+        altsubject_match="DNS:srv1-radius.cms.hu-berlin.de;DNS:srv2-radius.cms.hu-berlin.de"
+        password="${eduroam.password}"
+        ca_cert="${pkgs.fetchurl {
+          url = https://www.cms.hu-berlin.de/de/dl/netze/wlan/config/eduroam/t-telesec_globalroot_class_2.pem;
+          sha256 = "b30989fd9e45c74bf417df74d1da639d1f04d4fd0900be813a2d6a031a56c845";
+        }}"
+        phase2="auth=PAP"
+      '';
+    };
+in {
+  networking.wireless.networks = {
+    eduroam_5GHz = eduroamConfig;
+    eduroam = eduroamConfig;
+  };
+
+  services.openvpn.servers = {
+    hu-berlin = {
+      config = ''config ${pkgs.fetchurl {
+          url = https://www.cms.hu-berlin.de/de/dl/netze/vpn/openvpn/hu-berlin.ovpn;
+          sha256 = "d61a644b1e8bd313a8c4bdf1024d8445d56d1fb4a85d2574d597fc020c4901dc";
+        }}
+        # route-nopull
+        # route 141.20.0.0 255.255.0.0'';
+      authUserPass = {
+        username = eduroam.identity;
+        password = eduroam.password;
+      };
+    };
+  };
+}
--- a/configs/networks.nix
+++ b/configs/networks.nix
@@ -1,23 +1,5 @@
 { pkgs, config, ... }:
-let
-  eduroam = (import ../secrets.nix).eduroam;
-  eduroamConfig = {
-      auth = ''
-        key_mgmt=WPA-EAP
-        eap=TTLS
-        proto=RSN
-        identity="${eduroam.identity}"
-        anonymous_identity="anonymous@wlan.hu-berlin.de"
-        altsubject_match="DNS:srv1-radius.cms.hu-berlin.de;DNS:srv2-radius.cms.hu-berlin.de"
-        password="${eduroam.password}"
-        ca_cert="${pkgs.fetchurl {
-          url = https://www.cms.hu-berlin.de/de/dl/netze/wlan/config/eduroam/t-telesec_globalroot_class_2.pem;
-          sha256 = "b30989fd9e45c74bf417df74d1da639d1f04d4fd0900be813a2d6a031a56c845";
-        }}"
-        phase2="auth=PAP"
-      '';
-    };
-in {
+{
  networking.hosts = {
    "192.168.178.27" = [ "printer.local" ];
  };
@@ -27,8 +9,6 @@ in {
    userControlled.enable = true;
    networks = {
      Aether = { pskRaw = "e1b18af54036c5c9a747fe681c6a694636d60a5f8450f7dec0d76bc93e2ec85a"; };
-      eduroam_5GHz = eduroamConfig;
-      eduroam = eduroamConfig;
      "Asoziales Netzwerk" = { pskRaw = "8e234041ec5f0cd1b6a14e9adeee9840ed51b2f18856a52137485523e46b0cb6"; };
      "c-base-public" = {};
    };
@@ -62,19 +42,4 @@ in {
    text = (import ../secrets.nix).retiolum.${config.networking.hostName}.privateKey;
    mode = "400";
  };
-
-  services.openvpn.servers = {
-    hu-berlin = {
-      config = ''config ${pkgs.fetchurl {
-          url = https://www.cms.hu-berlin.de/de/dl/netze/vpn/openvpn/hu-berlin.ovpn;
-          sha256 = "d61a644b1e8bd313a8c4bdf1024d8445d56d1fb4a85d2574d597fc020c4901dc";
-        }}
-        # route-nopull
-        # route 141.20.0.0 255.255.0.0'';
-      authUserPass = {
-        username = eduroam.identity;
-        password = eduroam.password;
-      };
-    };
-  };
 }
--- a/configs/packages.nix
+++ b/configs/packages.nix
@@ -146,9 +146,10 @@ in with pkgs;
  ] ++ [ # media
    audacity
    calibre
-    youtubeDL
-    spotify
    inkscape
+    poppler_utils
+    spotify
+    youtubeDL
  ] ++ [ # cloud
    dropbox-cli
    grive2
--- a/configs/retiolum.nix
+++ b/configs/retiolum.nix
@@ -1,11 +1,8 @@
 { config, pkgs, lib, ... }:
-
 with lib;
-
 let
  netname = "retiolum";
  cfg = config.networking.retiolum;
-
 in {
  options = {
    networking.retiolum.ipv4 = mkOption {
@@ -28,7 +25,6 @@ in {
      '';
    };
  };
-
  config = {
    services.tinc.networks.${netname} = {
      name = cfg.nodename;
@@ -46,7 +42,7 @@ in {
      name = "retiolum.hosts";
      url = "https://lassul.us/retiolum.hosts";
      # FIXME
-      sha256 = "1jdrbj5bilaaw36s9llnq73bhf8dz5r6c01vx7wl3k1ayvw1mlq9";
+      sha256 = "0q8f5gw12hf9dhwcs4fni8jrvb2a1g6jskz28qcbd10p2xlkja58";
    });

    environment.systemPackages = [ config.services.tinc.networks.${netname}.package ];
@@ -60,7 +56,6 @@ in {

    networking.firewall.allowedTCPPorts = [ 655 ];
    networking.firewall.allowedUDPPorts = [ 655 ];
-    # services.netdata.portcheck.checks.tinc.port = 655;

    systemd.network.enable = true;
    systemd.network.networks = {
@@ -73,4 +68,5 @@ in {
      '';
    };
  };
+
 }