{ config, pkgs, lib, ... }: let username = "meinhak99"; inherit (import ../lib/email.nix) defaults pronouns; inherit (import ../lib) remoteDir; fu-defaults = rec { imap.host = "mail.zedat.fu-berlin.de"; imap.port = 993; imap.tls.enable = true; smtp.host = imap.host; smtp.port = 465; smtp.tls.enable = true; folders.drafts = "Entwürfe"; folders.sent = "Gesendet"; folders.trash = "Papierkorb"; }; in { home-manager.users.me = { programs.ssh = { matchBlocks = { fu-berlin = { user = username; hostname = "login.zedat.fu-berlin.de"; setEnv.TERM = "xterm"; }; }; }; accounts.email.accounts = { fu-student = lib.recursiveUpdate defaults (lib.recursiveUpdate fu-defaults rec { userName = "meinhak99"; address = "kieran.meinhardt@fu-berlin.de"; aliases = ["${userName}@fu-berlin.de"]; passwordCommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.email-password-meinhak99.path}"; aerc.extraAccounts.signature-file = toString (pkgs.writeText "signature" signature.text); signature = { showSignature = "append"; text = '' ${defaults.realName} ${pronouns} --- Studentische Hilfskraft / ZODIAC Freie Universität Berlin Telefon: +49 30 838 58118 Arnimallee 10, Raum 106, 14195 Berlin ''; }; himalaya = { enable = true; settings.backend = "imap"; }; }); }; }; age.secrets = { email-password-meinhak99 = { file = ../secrets/email-password-meinhak99.age; owner = config.users.users.me.name; group = config.users.users.me.group; mode = "400"; }; fu-sftp-key = { file = ../secrets/fu-sftp-key.age; owner = "root"; group = "root"; mode = "400"; }; }; # if it fails with "connection reset by peer" run `sudo sshfs ... ... -o ...` manually # it needs to say 'yes' to the server's fingerprint system.fsPackages = [ pkgs.sshfs ]; # https://www.zedat.fu-berlin.de/tip4u_157.pdf fileSystems = let fu-berlin-cifs-options = [ "uid=${toString config.users.users.me.uid}" "gid=${toString config.users.groups.users.gid}" "rw" "nounix" "domain=fu-berlin" "noauto" "x-systemd.automount" "x-systemd.device-timeout=1" "x-systemd.idle-timeout=1min" ]; firstCharacter = lib.strings.substring 0 1; home-directory-mount = user: { "${remoteDir}/fu/${user}/home" = { device = "${user}@login.zedat.fu-berlin.de:/home/${firstCharacter user}/${user}"; fsType = "sshfs"; options = [ "allow_other" "_netdev" "x-systemd.automount" "reconnect" "ServerAliveInterval=15" "IdentityFile=${config.age.secrets.fu-sftp-key.path}" ]; }; }; in { "${remoteDir}/fu/zodiac" = { device = "//trove.storage.fu-berlin.de/GESCHKULT"; fsType = "cifs"; options = fu-berlin-cifs-options ++ [ "credentials=${config.age.secrets.cifs-credentials-zodiac.path}" ]; }; } // home-directory-mount "meinhak99" // home-directory-mount "xm7234fu"; age.secrets = { cifs-credentials-zodiac.file = ../secrets/cifs-credentials-zodiac.age; }; environment.systemPackages = [ (pkgs.writers.writeDashBin "fu-vpn" '' if ${pkgs.wirelesstools}/bin/iwgetid | ${pkgs.gnugrep}/bin/grep --invert-match eduroam then ${pkgs.openconnect}/bin/openconnect vpn.fu-berlin.de --useragent=AnyConnect fi '') ]; systemd.services.fu-vpn = { enable = false; wants = ["network-online.target"]; serviceConfig.LoadCredential = "password:${config.age.secrets.email-password-meinhak99.path}"; script = '' if ${pkgs.wirelesstools}/bin/iwgetid | ${pkgs.gnugrep}/bin/grep --invert-match eduroam then cat "$CREDENTIALS_DIRECTORY/password" | ${pkgs.openconnect}/bin/openconnect vpn.fu-berlin.de --user ${username} --passwd-on-stdin fi ''; }; }