From 1d50fdc0e2e4c678e6446c4aa6dedfaf04eade6e Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Wed, 19 Feb 2025 15:53:31 +0100 Subject: [PATCH] remove openconnect configurations --- hosts/thinkpad/modules/networks/uni.nix | 40 +------------------------ secrets.nix | 1 - secrets/thinkpad/tud.age | 9 ------ 3 files changed, 1 insertion(+), 49 deletions(-) delete mode 100644 secrets/thinkpad/tud.age diff --git a/hosts/thinkpad/modules/networks/uni.nix b/hosts/thinkpad/modules/networks/uni.nix index dfef8f2..09e8989 100644 --- a/hosts/thinkpad/modules/networks/uni.nix +++ b/hosts/thinkpad/modules/networks/uni.nix @@ -1,13 +1,11 @@ { config, pkgs, lib, ... }: { age.secrets = { - tud.file = ../../../../secrets/thinkpad/tud.age; agdsn.file = ../../../../secrets/thinkpad/agdsn.age; dyport-auth = { file = ../../../../secrets/thinkpad/dyport-auth.age; }; }; - programs.openvpn3.enable = true; networking = { supplicant = { "LAN" = { @@ -100,47 +98,11 @@ extraConfig = "disabled=1"; }; }; - openconnect.interfaces = { - TUD-A-Tunnel = { - # apparently device names have a character limit - protocol = "anyconnect"; - gateway = "vpn2.zih.tu-dresden.de"; - user = "rose159e@tu-dresden.de"; - passwordFile = config.age.secrets.tud.path; - autoStart = false; - extraOptions = { - authgroup = "A-Tunnel-TU-Networks"; - compression = "stateless"; - }; - }; - TUD-C-Tunnel = { - protocol = "anyconnect"; - gateway = "vpn2.zih.tu-dresden.de"; - user = "rose159e@tu-dresden.de"; - passwordFile = config.age.secrets.tud.path; - autoStart = false; - extraOptions = { - authgroup = "C-Tunnel-All-Networks"; - compression = "stateless"; - }; - }; - ZIH = { - protocol = "anyconnect"; - gateway = "vpn2.zih.tu-dresden.de"; - user = "rose159e@zih-ma-vpn"; - passwordFile = config.age.secrets.tud.path; - autoStart = false; - extraOptions = { - authgroup = "A-Tunnel-TU-Networks"; - compression = "stateless"; - }; - }; - }; }; systemd.services = { openfortivpn-agdsn = { description = "AG DSN Fortinet VPN"; - script = "${pkgs.openfortivpn}/bin/openfortivpn vpn.agdsn.de:443 --realm admin-vpn -u r5 -p $(cat $CREDENTIALS_DIRECTORY/password) --trusted-cert 2edda9c8797e09af039bbefeb083a9238c353cbc913210ad8a4f737820c35a91"; + script = "${pkgs.openfortivpn}/bin/openfortivpn vpn.agdsn.de:443 --realm admin-vpn -u r5 -p $(cat $CREDENTIALS_DIRECTORY/password) --trusted-cert 82ed105286f02f4308f3c525a4034caed6cb738c3336f0f1da52421d419c87a9"; requires = [ "network-online.target" ]; after = [ "network.target" "network-online.target" ]; serviceConfig = { diff --git a/secrets.nix b/secrets.nix index d7554e0..156962a 100644 --- a/secrets.nix +++ b/secrets.nix @@ -7,7 +7,6 @@ in { # thinkpad "secrets/thinkpad/wireless.age".publicKeys = [ rouven thinkpad ]; - "secrets/thinkpad/tud.age".publicKeys = [ rouven thinkpad ]; "secrets/thinkpad/agdsn.age".publicKeys = [ rouven thinkpad ]; "secrets/thinkpad/dyport-auth.age".publicKeys = [ rouven thinkpad ]; "secrets/thinkpad/wireguard/dorm/private.age".publicKeys = [ rouven thinkpad ]; diff --git a/secrets/thinkpad/tud.age b/secrets/thinkpad/tud.age deleted file mode 100644 index 5b64041..0000000 --- a/secrets/thinkpad/tud.age +++ /dev/null @@ -1,9 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 uWbAHQ 8qDAQ233j/CRqJRSjx0CIMNyBl5y/D03ujizUlyeDQk -YvxS49YognMr1d9ldJP0R4RKxZMLKxLk4G6juMpufag --> ssh-ed25519 EVzt9Q z5q719PZfij/wMAzL/Co+zn5fItb2d1ixaLETSYBcHc -GHe/BBkAva/H3XE7Es6quxcVetNPhrjQvhqpskHzRuc -->