nixos-config/hosts/thinkpad/modules/networks/uni.nix

{ config, ... }:
{
  # sops.secrets."uni/zih" = { };
  age.secrets.tud = {
    file = ../../../../secrets/thinkpad/tud.age;
  };
  networking = {
    wireless.networks = {
      eduroam = {
        auth = ''
          eap=TTLS
          anonymous_identity="anonymous@tu-dresden.de"
          ca_cert="/etc/ssl/certs/ca-certificates.crt"
          domain_suffix_match="radius-eduroam.zih.tu-dresden.de"
          identity="rose159e@tu-dresden.de"
          password="@EDUROAM_AUTH@"
          phase2="auth=PAP"
        '';
        extraConfig = ''
          scan_ssid=1
        '';
        authProtocols = [ "WPA-EAP" ];
      };
      agdsn = {
        auth = ''
          eap=TTLS
          anonymous_identity="wifi@agdsn.de"
          ca_cert="/etc/ssl/certs/ca-certificates.crt"
          domain_suffix_match="radius.agdsn.de"
          identity="r5"
          password="@AGDSN_WIFI_AUTH@"
          phase2="auth=PAP"
        '';
        authProtocols = [ "WPA-EAP" ];
      };
      agdsn-office = {
        auth = ''
          eap=TTLS
          anonymous_identity="wifi@agdsn.de"
          ca_cert="/etc/ssl/certs/ca-certificates.crt"
          domain_suffix_match="radius.agdsn.de"
          identity="r5"
          priority=5
          proto=WPA2
          password="@AGDSN_AUTH@"
          phase2="auth=PAP"
        '';
        authProtocols = [ "WPA-EAP" ];
      };
      FSR = {
        psk = "@FSR_PSK@";
        authProtocols = [ "WPA-PSK" ];
      };
      "RoboLab Playground" = {
        psk = "@ROBOLAB_PSK@";
        authProtocols = [ "WPA-PSK" ];
        extraConfig = "disabled=1";
      };
    };
    openconnect.interfaces = {
      TUD-A-Tunnel = {
        # apparently device names have a character limit
        protocol = "anyconnect";
        gateway = "vpn2.zih.tu-dresden.de";
        user = "rose159e@tu-dresden.de";
        passwordFile = config.age.secrets.tud.path;
        autoStart = false;
        extraOptions = {
          authgroup = "A-Tunnel-TU-Networks";
          compression = "stateless";
        };
      };
      TUD-C-Tunnel = {
        protocol = "anyconnect";
        gateway = "vpn2.zih.tu-dresden.de";
        user = "rose159e@tu-dresden.de";
        passwordFile = config.age.secrets.tud.path;
        autoStart = false;
        extraOptions = {
          authgroup = "C-Tunnel-All-Networks";
          compression = "stateless";
        };
      };
    };
  };
}
configured networks vpn isn't configured yet, for cable I don't know 2022-12-29 15:05:26 +01:00			`{ config, ... }:`
			`{`
start replacing sops with agenix 2023-11-16 13:29:18 +01:00			`# sops.secrets."uni/zih" = { };`
			`age.secrets.tud = {`
			`file = ../../../../secrets/thinkpad/tud.age;`
			`};`
added tu vpn 2022-12-29 20:25:07 +01:00			`networking = {`
			`wireless.networks = {`
formatting 2022-12-29 20:50:01 +01:00			`eduroam = {`
added tu vpn 2022-12-29 20:25:07 +01:00			`auth = ''`
eduroam is kinda broken, fixing with pxl hotspot 2023-04-14 11:14:53 +02:00			`eap=TTLS`
added tu vpn 2022-12-29 20:25:07 +01:00			`anonymous_identity="anonymous@tu-dresden.de"`
			`ca_cert="/etc/ssl/certs/ca-certificates.crt"`
			`domain_suffix_match="radius-eduroam.zih.tu-dresden.de"`
			`identity="rose159e@tu-dresden.de"`
			`password="@EDUROAM_AUTH@"`
eduroam is kinda broken, fixing with pxl hotspot 2023-04-14 11:14:53 +02:00			`phase2="auth=PAP"`
			`'';`
			`extraConfig = ''`
			`scan_ssid=1`
added tu vpn 2022-12-29 20:25:07 +01:00			`'';`
			`authProtocols = [ "WPA-EAP" ];`
			`};`
formatting 2022-12-29 20:50:01 +01:00			`agdsn = {`
added tu vpn 2022-12-29 20:25:07 +01:00			`auth = ''`
			`eap=TTLS`
some agdsn related changes 2023-10-08 14:22:52 +02:00			`anonymous_identity="wifi@agdsn.de"`
added tu vpn 2022-12-29 20:25:07 +01:00			`ca_cert="/etc/ssl/certs/ca-certificates.crt"`
			`domain_suffix_match="radius.agdsn.de"`
			`identity="r5"`
wireguard and fail2ban 2023-10-22 15:45:30 +02:00			`password="@AGDSN_WIFI_AUTH@"`
			`phase2="auth=PAP"`
			`'';`
			`authProtocols = [ "WPA-EAP" ];`
			`};`
			`agdsn-office = {`
			`auth = ''`
			`eap=TTLS`
			`anonymous_identity="wifi@agdsn.de"`
			`ca_cert="/etc/ssl/certs/ca-certificates.crt"`
			`domain_suffix_match="radius.agdsn.de"`
			`identity="r5"`
			`priority=5`
			`proto=WPA2`
added tu vpn 2022-12-29 20:25:07 +01:00			`password="@AGDSN_AUTH@"`
			`phase2="auth=PAP"`
			`'';`
			`authProtocols = [ "WPA-EAP" ];`
			`};`
added fsr wifi 2022-12-30 22:44:05 +01:00			`FSR = {`
			`psk = "@FSR_PSK@";`
			`authProtocols = [ "WPA-PSK" ];`
			`};`
robolab setup 2023-03-09 19:15:05 +01:00			`"RoboLab Playground" = {`
			`psk = "@ROBOLAB_PSK@";`
			`authProtocols = [ "WPA-PSK" ];`
end robolab and prepare for c 2023-03-22 10:27:13 +01:00			`extraConfig = "disabled=1";`
robolab setup 2023-03-09 19:15:05 +01:00			`};`
configured networks vpn isn't configured yet, for cable I don't know 2022-12-29 15:05:26 +01:00			`};`
added tu vpn 2022-12-29 20:25:07 +01:00			`openconnect.interfaces = {`
formatting and updates 2023-01-10 11:31:33 +01:00			`TUD-A-Tunnel = {`
			`# apparently device names have a character limit`
added tu vpn 2022-12-29 20:25:07 +01:00			`protocol = "anyconnect";`
			`gateway = "vpn2.zih.tu-dresden.de";`
			`user = "rose159e@tu-dresden.de";`
start replacing sops with agenix 2023-11-16 13:29:18 +01:00			`passwordFile = config.age.secrets.tud.path;`
added tu vpn 2022-12-29 20:25:07 +01:00			`autoStart = false;`
			`extraOptions = {`
			`authgroup = "A-Tunnel-TU-Networks";`
			`compression = "stateless";`
			`};`
			`};`
formatting and updates 2023-01-10 11:31:33 +01:00			`TUD-C-Tunnel = {`
enhanced TUD vpn 2023-01-02 22:46:26 +01:00			`protocol = "anyconnect";`
			`gateway = "vpn2.zih.tu-dresden.de";`
			`user = "rose159e@tu-dresden.de";`
start replacing sops with agenix 2023-11-16 13:29:18 +01:00			`passwordFile = config.age.secrets.tud.path;`
enhanced TUD vpn 2023-01-02 22:46:26 +01:00			`autoStart = false;`
			`extraOptions = {`
			`authgroup = "C-Tunnel-All-Networks";`
			`compression = "stateless";`
			`};`
			`};`
configured networks vpn isn't configured yet, for cable I don't know 2022-12-29 15:05:26 +01:00			`};`
			`};`
			`}`