mirror of
https://github.com/kmein/niveum
synced 2026-03-16 18:21:07 +01:00
Kierán Meinhardt
d03c6bb0de
feat(zaatar): convert to flake feat(tahina, tabula): convert to flake feat(makanek): convert to flake feat(manakish, zaatar): convert to flake feat(ci): build flake systems fix: ci build feat: secrets via submodule foo foo foo
84 lines
2.5 KiB
Nix
84 lines
2.5 KiB
Nix
{
|
|
config,
|
|
pkgs,
|
|
lib,
|
|
...
|
|
}: let
|
|
inherit (lib.strings) fileContents;
|
|
inherit (import ../lib) sshPort;
|
|
eduroam = {
|
|
identity = fileContents <secrets/eduroam/identity>;
|
|
password = fileContents <secrets/eduroam/password>;
|
|
};
|
|
hu-berlin-cifs-options = [
|
|
"uid=${toString config.users.users.me.uid}"
|
|
"gid=${toString config.users.groups.users.gid}"
|
|
"sec=ntlmv2"
|
|
"workgroup=german"
|
|
"credentials=${config.age.secrets.cifs-credentials-hu-berlin.path}"
|
|
"noauto"
|
|
"x-systemd.requires=hu-vpn.service"
|
|
"x-systemd.automount"
|
|
"x-systemd.device-timeout=1"
|
|
"x-systemd.idle-timeout=1min"
|
|
];
|
|
in {
|
|
fileSystems."/media/hu-berlin/germpro2" = {
|
|
device = "//hugerm31c.user.hu-berlin.de/germpro2/ling";
|
|
fsType = "cifs";
|
|
options = hu-berlin-cifs-options;
|
|
};
|
|
|
|
fileSystems."/media/hu-berlin/germhome" = {
|
|
device = "//hugerm31c.user.hu-berlin.de/germhome/ling/meinhaki";
|
|
fsType = "cifs";
|
|
options = hu-berlin-cifs-options;
|
|
};
|
|
|
|
age.secrets.cifs-credentials-hu-berlin.file = ../secrets/cifs-credentials-hu-berlin.age;
|
|
|
|
home-manager.users.me.programs.ssh = {
|
|
matchBlocks = {
|
|
"alew.hu-berlin.de" = {
|
|
user = "centos";
|
|
hostname = "141.20.187.219";
|
|
};
|
|
};
|
|
};
|
|
|
|
environment.systemPackages = [
|
|
(pkgs.writers.writeDashBin "hu-ip" ''
|
|
${pkgs.w3m}/bin/w3m -dump meineip.hu-berlin.de | head --lines=-4 | tail --lines=+3
|
|
'')
|
|
(
|
|
pkgs.writers.writePython3Bin "hu-eduroam-install"
|
|
{
|
|
libraries = with pkgs.python3Packages; [distro pyopenssl dbus-python];
|
|
flakeIgnore = ["E501" "E123" "W504" "E722" "F821" "E226" "E126" "E265" "W291"];
|
|
}
|
|
(builtins.readFile (builtins.fetchurl {
|
|
url = "https://www.cms.hu-berlin.de/de/dl/netze/wlan/config/eduroam/linux-installer/eduroam-linux-hub.py";
|
|
sha256 = "19x2kvwxx13265b2hj5fjf53g0liw6dw7xf9j9cav67cswmz60kf";
|
|
}))
|
|
)
|
|
];
|
|
|
|
systemd.services.hu-vpn = {
|
|
enable = true;
|
|
wants = ["network-online.target"];
|
|
serviceConfig.LoadCredential = "password:${config.age.secrets.email-password-meinhark.path}";
|
|
script = ''
|
|
${pkgs.openfortivpn}/bin/openfortivpn \
|
|
--password="$(cat "$CREDENTIALS_DIRECTORY/password")" \
|
|
--config=${
|
|
pkgs.writeText "hu-berlin.config" ''
|
|
host = forti-ssl.vpn.hu-berlin.de
|
|
port = 443
|
|
username = meinhark
|
|
trusted-cert = 9e5dea8e077970d245900839f437ef7fb9551559501c7defd70af70ea568573d
|
|
''
|
|
}
|
|
'';
|
|
};
|
|
}
|