reinstate hu vpn, remove fu signature

2026-03-16 10:11:08 +01:00 · 2025-10-21 15:18:54 +02:00
parent 551462f1dd
commit d4aca5b6f1
3 changed files with 43 additions and 63 deletions
--- a/configs/aerc.nix
+++ b/configs/aerc.nix
@@ -20,12 +20,6 @@ in {
      group = config.users.users.me.group;
      mode = "400";
    };
-    email-password-letos = {
-      file = ../secrets/email-password-letos.age;
-      owner = config.users.users.me.name;
-      group = config.users.users.me.group;
-      mode = "400";
-    };
    email-password-posteo = {
      file = ../secrets/email-password-posteo.age;
      owner = config.users.users.me.name;
@@ -111,18 +105,6 @@ in {
          smtp.port = 587;
          smtp.tls.useStartTls = true;
        };
-      letos =
-        lib.recursiveUpdate defaults
-        {
-          userName = "slfletos";
-          address = "letos.sprachlit@hu-berlin.de";
-          passwordCommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.email-password-letos.path}";
-          imap.host = "mailbox.cms.hu-berlin.de";
-          imap.port = 993;
-          smtp.host = "mailhost.cms.hu-berlin.de";
-          smtp.port = 25;
-          smtp.tls.useStartTls = true;
-        };
      posteo =
        lib.recursiveUpdate defaults
        rec {
--- a/configs/default.nix
+++ b/configs/default.nix
@@ -221,7 +221,7 @@ in
    ./git.nix
    ./hledger.nix
    ./htop.nix
-    ./fu-berlin.nix
+    ./uni.nix
    ./i3.nix
    ./i3status-rust.nix
    ./keyboard.nix
--- a/configs/fu-berlin.nix
+++ b/configs/fu-berlin.nix
@@ -30,7 +30,19 @@ in {
      };
    };
    accounts.email.accounts = {
-      fu-student =
+      letos =
+        lib.recursiveUpdate defaults
+        {
+          userName = "slfletos";
+          address = "letos.sprachlit@hu-berlin.de";
+          passwordCommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.email-password-letos.path}";
+          imap.host = "mailbox.cms.hu-berlin.de";
+          imap.port = 993;
+          smtp.host = "mailhost.cms.hu-berlin.de";
+          smtp.port = 25;
+          smtp.tls.useStartTls = true;
+        };
+      fu =
        lib.recursiveUpdate defaults
        (lib.recursiveUpdate fu-defaults
          rec {
@@ -38,21 +50,6 @@ in {
            address = "kieran.meinhardt@fu-berlin.de";
            aliases = ["${userName}@fu-berlin.de"];
            passwordCommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.email-password-meinhak99.path}";
-            aerc.extraAccounts.signature-file = toString (pkgs.writeText "signature" signature.text);
-            signature = {
-              showSignature = "append";
-              text = ''
-                ${defaults.realName}
-                ${pronouns}
-
-                ---
-                Studentische Hilfskraft / ZODIAC
-                Freie Universität Berlin
-
-                Telefon: +49 30 838 58118
-                Arnimallee 10, Raum 106, 14195 Berlin
-              '';
-            };
            himalaya = {
              enable = true;
              settings.backend = "imap";
@@ -68,6 +65,12 @@ in {
      group = config.users.users.me.group;
      mode = "400";
    };
+    email-password-letos = {
+      file = ../secrets/email-password-letos.age;
+      owner = config.users.users.me.name;
+      group = config.users.users.me.group;
+      mode = "400";
+    };
    fu-sftp-key = {
      file = ../secrets/fu-sftp-key.age;
      owner = "root";
@@ -110,24 +113,31 @@ in {
        ];
      };
    };
-  in {
-    "${remoteDir}/fu/zodiac" = {
-      device = "//trove.storage.fu-berlin.de/GESCHKULT";
-      fsType = "cifs";
-      options =
-        fu-berlin-cifs-options
-        ++ [
-          "credentials=${config.age.secrets.cifs-credentials-zodiac.path}"
-        ];
-    };
-  } // home-directory-mount "meinhak99"
-    // home-directory-mount "xm7234fu";
-
-  age.secrets = {
-    cifs-credentials-zodiac.file = ../secrets/cifs-credentials-zodiac.age;
-  };
+  in home-directory-mount "meinhak99";

  environment.systemPackages = [
+    (pkgs.writers.writeDashBin "hu-vpn-split" ''
+      ${pkgs.openfortivpn}/bin/openfortivpn \
+        --password="$(cat "${config.age.secrets.email-password-letos.path}")" \
+        --config=${
+        pkgs.writeText "hu-berlin-split.config" ''
+          host = forti-ssl.vpn.hu-berlin.de
+          port = 443
+          username = slfletos@split_tunnel
+        ''
+      }
+    '')
+    (pkgs.writers.writeDashBin "hu-vpn-full" ''
+      ${pkgs.openfortivpn}/bin/openfortivpn \
+        --password="$(cat "${config.age.secrets.email-password-letos.path}")" \
+        --config=${
+        pkgs.writeText "hu-berlin-full.config" ''
+          host = forti-ssl.vpn.hu-berlin.de
+          port = 443
+          username = slfletos@tunnel_all
+        ''
+      }
+    '')
    (pkgs.writers.writeDashBin "fu-vpn" ''
      if ${pkgs.wirelesstools}/bin/iwgetid | ${pkgs.gnugrep}/bin/grep --invert-match eduroam
      then
@@ -138,16 +148,4 @@ in {
      fi
    '')
  ];
-
-  systemd.services.fu-vpn = {
-    enable = false;
-    wants = ["network-online.target"];
-    serviceConfig.LoadCredential = "password:${config.age.secrets.email-password-meinhak99.path}";
-    script = ''
-      if ${pkgs.wirelesstools}/bin/iwgetid | ${pkgs.gnugrep}/bin/grep --invert-match eduroam
-      then
-        cat "$CREDENTIALS_DIRECTORY/password" | ${pkgs.openconnect}/bin/openconnect vpn.fu-berlin.de --user ${username} --passwd-on-stdin
-      fi
-    '';
-  };
 }