kfm/niveum
1
0
Fork 0
mirror of https://github.com/kmein/niveum synced 2026-03-19 03:21:10 +01:00
Code Releases Activity

reinstate hu vpn, remove fu signature

Browse Source
This commit is contained in:
Kierán Meinhardt
2025-10-21 15:18:54 +02:00
parent 551462f1dd
commit d4aca5b6f1
3 changed files with 43 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
configs/aerc.nix
View File

@@ -20,12 +20,6 @@ in {
group = config.users.users.me.group; group = config.users.users.me.group;
mode = "400"; mode = "400";
}; };
email-password-letos = {
file = ../secrets/email-password-letos.age;
owner = config.users.users.me.name;
group = config.users.users.me.group;
mode = "400";
};
email-password-posteo = { email-password-posteo = {
file = ../secrets/email-password-posteo.age; file = ../secrets/email-password-posteo.age;
owner = config.users.users.me.name; owner = config.users.users.me.name;
@@ -111,18 +105,6 @@ in {
smtp.port = 587; smtp.port = 587;
smtp.tls.useStartTls = true; smtp.tls.useStartTls = true;
}; };
letos =
lib.recursiveUpdate defaults
{
userName = "slfletos";
address = "letos.sprachlit@hu-berlin.de";
passwordCommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.email-password-letos.path}";
imap.host = "mailbox.cms.hu-berlin.de";
imap.port = 993;
smtp.host = "mailhost.cms.hu-berlin.de";
smtp.port = 25;
smtp.tls.useStartTls = true;
};
posteo = posteo =
lib.recursiveUpdate defaults lib.recursiveUpdate defaults
rec { rec {

2
configs/default.nix
View File

@@ -221,7 +221,7 @@ in
./git.nix ./git.nix
./hledger.nix ./hledger.nix
./htop.nix ./htop.nix
./fu-berlin.nix ./uni.nix
./i3.nix ./i3.nix
./i3status-rust.nix ./i3status-rust.nix
./keyboard.nix ./keyboard.nix

86
configs/fu-berlin.nix → configs/uni.nix
View File

@@ -30,7 +30,19 @@ in {
}; };
}; };
accounts.email.accounts = { accounts.email.accounts = {
fu-student = letos =
lib.recursiveUpdate defaults
{
userName = "slfletos";
address = "letos.sprachlit@hu-berlin.de";
passwordCommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.email-password-letos.path}";
imap.host = "mailbox.cms.hu-berlin.de";
imap.port = 993;
smtp.host = "mailhost.cms.hu-berlin.de";
smtp.port = 25;
smtp.tls.useStartTls = true;
};
fu =
lib.recursiveUpdate defaults lib.recursiveUpdate defaults
(lib.recursiveUpdate fu-defaults (lib.recursiveUpdate fu-defaults
rec { rec {
@@ -38,21 +50,6 @@ in {
address = "kieran.meinhardt@fu-berlin.de"; address = "kieran.meinhardt@fu-berlin.de";
aliases = ["${userName}@fu-berlin.de"]; aliases = ["${userName}@fu-berlin.de"];
passwordCommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.email-password-meinhak99.path}"; passwordCommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.email-password-meinhak99.path}";
aerc.extraAccounts.signature-file = toString (pkgs.writeText "signature" signature.text);
signature = {
showSignature = "append";
text = ''
${defaults.realName}
${pronouns}
---
Studentische Hilfskraft / ZODIAC
Freie Universität Berlin
Telefon: +49 30 838 58118
Arnimallee 10, Raum 106, 14195 Berlin
'';
};
himalaya = { himalaya = {
enable = true; enable = true;
settings.backend = "imap"; settings.backend = "imap";
@@ -68,6 +65,12 @@ in {
group = config.users.users.me.group; group = config.users.users.me.group;
mode = "400"; mode = "400";
}; };
email-password-letos = {
file = ../secrets/email-password-letos.age;
owner = config.users.users.me.name;
group = config.users.users.me.group;
mode = "400";
};
fu-sftp-key = { fu-sftp-key = {
file = ../secrets/fu-sftp-key.age; file = ../secrets/fu-sftp-key.age;
owner = "root"; owner = "root";
@@ -110,24 +113,31 @@ in {
]; ];
}; };
}; };
in { in home-directory-mount "meinhak99";
"${remoteDir}/fu/zodiac" = {
device = "//trove.storage.fu-berlin.de/GESCHKULT";
fsType = "cifs";
options =
fu-berlin-cifs-options
++ [
"credentials=${config.age.secrets.cifs-credentials-zodiac.path}"
];
};
} // home-directory-mount "meinhak99"
// home-directory-mount "xm7234fu";
age.secrets = {
cifs-credentials-zodiac.file = ../secrets/cifs-credentials-zodiac.age;
};
environment.systemPackages = [ environment.systemPackages = [
(pkgs.writers.writeDashBin "hu-vpn-split" ''
${pkgs.openfortivpn}/bin/openfortivpn \
--password="$(cat "${config.age.secrets.email-password-letos.path}")" \
--config=${
pkgs.writeText "hu-berlin-split.config" ''
host = forti-ssl.vpn.hu-berlin.de
port = 443
username = slfletos@split_tunnel
''
}
'')
(pkgs.writers.writeDashBin "hu-vpn-full" ''
${pkgs.openfortivpn}/bin/openfortivpn \
--password="$(cat "${config.age.secrets.email-password-letos.path}")" \
--config=${
pkgs.writeText "hu-berlin-full.config" ''
host = forti-ssl.vpn.hu-berlin.de
port = 443
username = slfletos@tunnel_all
''
}
'')
(pkgs.writers.writeDashBin "fu-vpn" '' (pkgs.writers.writeDashBin "fu-vpn" ''
if ${pkgs.wirelesstools}/bin/iwgetid | ${pkgs.gnugrep}/bin/grep --invert-match eduroam if ${pkgs.wirelesstools}/bin/iwgetid | ${pkgs.gnugrep}/bin/grep --invert-match eduroam
then then
@@ -138,16 +148,4 @@ in {
fi fi
'') '')
]; ];
systemd.services.fu-vpn = {
enable = false;
wants = ["network-online.target"];
serviceConfig.LoadCredential = "password:${config.age.secrets.email-password-meinhak99.path}";
script = ''
if ${pkgs.wirelesstools}/bin/iwgetid | ${pkgs.gnugrep}/bin/grep --invert-match eduroam
then
cat "$CREDENTIALS_DIRECTORY/password" | ${pkgs.openconnect}/bin/openconnect vpn.fu-berlin.de --user ${username} --passwd-on-stdin
fi
'';
};
} }