remove openconnect configurations

2025-02-22 10:30:55 +01:00 · 2025-02-19 15:53:31 +01:00 · 2025-02-19 15:53:31 +01:00 · 1d50fdc0e2
commit 1d50fdc0e2
parent 5d94104678
3 changed files with 1 additions and 49 deletions
--- a/hosts/thinkpad/modules/networks/uni.nix
+++ b/hosts/thinkpad/modules/networks/uni.nix
@ -1,13 +1,11 @@
 { config, pkgs, lib, ... }:
 {
  age.secrets = {
    tud.file = ../../../../secrets/thinkpad/tud.age;
    agdsn.file = ../../../../secrets/thinkpad/agdsn.age;
    dyport-auth = {
      file = ../../../../secrets/thinkpad/dyport-auth.age;
    };
  };
  programs.openvpn3.enable = true;
  networking = {
    supplicant = {
      "LAN" = {
@ -100,47 +98,11 @@
        extraConfig = "disabled=1";
      };
    };
    openconnect.interfaces = {
      TUD-A-Tunnel = {
        # apparently device names have a character limit
        protocol = "anyconnect";
        gateway = "vpn2.zih.tu-dresden.de";
        user = "rose159e@tu-dresden.de";
        passwordFile = config.age.secrets.tud.path;
        autoStart = false;
        extraOptions = {
          authgroup = "A-Tunnel-TU-Networks";
          compression = "stateless";
        };
      };
      TUD-C-Tunnel = {
        protocol = "anyconnect";
        gateway = "vpn2.zih.tu-dresden.de";
        user = "rose159e@tu-dresden.de";
        passwordFile = config.age.secrets.tud.path;
        autoStart = false;
        extraOptions = {
          authgroup = "C-Tunnel-All-Networks";
          compression = "stateless";
        };
      };
      ZIH = {
        protocol = "anyconnect";
        gateway = "vpn2.zih.tu-dresden.de";
        user = "rose159e@zih-ma-vpn";
        passwordFile = config.age.secrets.tud.path;
        autoStart = false;
        extraOptions = {
          authgroup = "A-Tunnel-TU-Networks";
          compression = "stateless";
        };
      };
    };
  };
  systemd.services = {
    openfortivpn-agdsn = {
      description = "AG DSN Fortinet VPN";
-      script = "${pkgs.openfortivpn}/bin/openfortivpn vpn.agdsn.de:443 --realm admin-vpn -u r5 -p $(cat $CREDENTIALS_DIRECTORY/password) --trusted-cert 2edda9c8797e09af039bbefeb083a9238c353cbc913210ad8a4f737820c35a91";
+      script = "${pkgs.openfortivpn}/bin/openfortivpn vpn.agdsn.de:443 --realm admin-vpn -u r5 -p $(cat $CREDENTIALS_DIRECTORY/password) --trusted-cert 82ed105286f02f4308f3c525a4034caed6cb738c3336f0f1da52421d419c87a9";
      requires = [ "network-online.target" ];
      after = [ "network.target" "network-online.target" ];
      serviceConfig = {
--- a/secrets.nix
+++ b/secrets.nix
@ -7,7 +7,6 @@ in
 {
  # thinkpad
  "secrets/thinkpad/wireless.age".publicKeys = [ rouven thinkpad ];
  "secrets/thinkpad/tud.age".publicKeys = [ rouven thinkpad ];
  "secrets/thinkpad/agdsn.age".publicKeys = [ rouven thinkpad ];
  "secrets/thinkpad/dyport-auth.age".publicKeys = [ rouven thinkpad ];
  "secrets/thinkpad/wireguard/dorm/private.age".publicKeys = [ rouven thinkpad ];
--- a/secrets/thinkpad/tud.age
+++ b/secrets/thinkpad/tud.age
@ -1,9 +0,0 @@
 age-encryption.org/v1
 -> ssh-ed25519 uWbAHQ 8qDAQ233j/CRqJRSjx0CIMNyBl5y/D03ujizUlyeDQk
 YvxS49YognMr1d9ldJP0R4RKxZMLKxLk4G6juMpufag
 -> ssh-ed25519 EVzt9Q z5q719PZfij/wMAzL/Co+zn5fItb2d1ixaLETSYBcHc
 GHe/BBkAva/H3XE7Es6quxcVetNPhrjQvhqpskHzRuc
 -> <AuSD0{0-grease D,\j%9Iu l<5 f3evt DjX
 hfGCrRLXCdgz5Ea+9PRFfzWR8Jakr9MayFqQkdZMKeCjBCHH6g
 --- WZqO7QcXXC135yLGJq0UjANeM1StWqscMgS6fQ7rQJE
 Ä¶a-þ5¦É	ñ9q‰6‹†Èt³ö»ùû4’î”b2±t9h›Ð”b4¾o¤Å‘«–cˆ7Q