mirror of
https://github.com/kmein/niveum
synced 2026-03-16 10:11:08 +01:00
90 lines
2.6 KiB
Nix
90 lines
2.6 KiB
Nix
{ config, pkgs, lib, ... }:
|
|
let
|
|
inherit (lib.strings) fileContents;
|
|
inherit (import <niveum/lib>) sshPort;
|
|
eduroam = {
|
|
identity = fileContents <secrets/eduroam/identity>;
|
|
password = fileContents <secrets/eduroam/password>;
|
|
};
|
|
eduroamAuth = ''
|
|
key_mgmt=WPA-EAP
|
|
eap=TTLS
|
|
proto=RSN
|
|
identity="${eduroam.identity}"
|
|
anonymous_identity="anonymous@wlan.hu-berlin.de"
|
|
altsubject_match="DNS:srv1-radius.cms.hu-berlin.de;DNS:srv2-radius.cms.hu-berlin.de"
|
|
password="${eduroam.password}"
|
|
ca_cert="${
|
|
pkgs.fetchurl {
|
|
url =
|
|
"https://www.cms.hu-berlin.de/de/dl/netze/wlan/config/eduroam/t-telesec_globalroot_class_2.pem";
|
|
sha256 = "0if8aqd06sid7a0vw009zpa087wxcgdd2x6z2zs4pis5kvyqj2dk";
|
|
}
|
|
}"
|
|
phase2="auth=PAP"
|
|
'';
|
|
hu-berlin-cifs-options = [
|
|
"uid=${toString config.users.users.me.uid}"
|
|
"gid=${toString config.users.groups.users.gid}"
|
|
"sec=ntlmv2"
|
|
"workgroup=german"
|
|
"username=meinhaki"
|
|
"password=${lib.strings.fileContents <secrets/mail/meinhaki>}"
|
|
"noauto"
|
|
"x-systemd.requires=hu-vpn.service"
|
|
"x-systemd.automount"
|
|
"x-systemd.device-timeout=1"
|
|
"x-systemd.idle-timeout=1min"
|
|
];
|
|
in {
|
|
networking.wireless.networks = {
|
|
eduroam_5GHz.auth = eduroamAuth;
|
|
eduroam.auth = eduroamAuth;
|
|
};
|
|
|
|
fileSystems."/media/hu-berlin/germpro2" = {
|
|
device = "//hugerm31c.user.hu-berlin.de/germpro2/ling";
|
|
fsType = "cifs";
|
|
options = hu-berlin-cifs-options;
|
|
};
|
|
|
|
fileSystems."/media/hu-berlin/germhome" = {
|
|
device = "//hugerm31c.user.hu-berlin.de/germhome/ling/meinhaki";
|
|
fsType = "cifs";
|
|
options = hu-berlin-cifs-options;
|
|
};
|
|
|
|
environment.systemPackages = [
|
|
(pkgs.writers.writeDashBin "hu-ip" ''
|
|
${pkgs.w3m}/bin/w3m -dump meineip.hu-berlin.de | head --lines=-4 | tail --lines=+3
|
|
'')
|
|
];
|
|
|
|
systemd.services.hu-vpn = {
|
|
enable = true;
|
|
wants = [ "network-online.target" ];
|
|
script = ''
|
|
${pkgs.openfortivpn}/bin/openfortivpn -c ${pkgs.writeText "hu-berlin.config" ''
|
|
host = forti-ssl.vpn.hu-berlin.de
|
|
port = 443
|
|
trusted-cert = e5a7d56543002ffe1e8962caa5fd6d94053aa702381458247b670877a66f3c6f
|
|
username = ${eduroam.identity}
|
|
password = ${eduroam.password}
|
|
''}
|
|
'';
|
|
};
|
|
|
|
services.openvpn.servers.hu-berlin = {
|
|
autoStart = false;
|
|
authUserPass = {
|
|
username = eduroam.identity;
|
|
password = eduroam.password;
|
|
};
|
|
config = fileContents (pkgs.fetchurl {
|
|
url =
|
|
"https://www.cms.hu-berlin.de/de/dl/netze/vpn/openvpn/hu-berlin.ovpn";
|
|
sha256 = "15b55aibik5460svjq2gwxrcyh6ay4k8savd6cd5lncgndmd8p8h";
|
|
});
|
|
};
|
|
}
|