rouven.seifert/nixos-config
1
1
Fork 0
mirror of https://git.sr.ht/~rouven/nixos-config synced 2025-02-22 02:20:56 +01:00
Code Issues Projects Releases Packages Wiki Activity

remove openconnect configurations

Browse source
This commit is contained in:
Rouven Seifert 2025-02-19 15:53:31 +01:00
parent 5d94104678
commit 1d50fdc0e2
3 changed files with 1 additions and 49 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

40
hosts/thinkpad/modules/networks/uni.nix
View file

@ -1,13 +1,11 @@
{ config, pkgs, lib, ... }:
{
age.secrets = {
tud.file = ../../../../secrets/thinkpad/tud.age;
agdsn.file = ../../../../secrets/thinkpad/agdsn.age;
dyport-auth = {
file = ../../../../secrets/thinkpad/dyport-auth.age;
};
};
programs.openvpn3.enable = true;
networking = {
supplicant = {
"LAN" = {
@ -100,47 +98,11 @@
extraConfig = "disabled=1";
};
};
openconnect.interfaces = {
TUD-A-Tunnel = {
# apparently device names have a character limit
protocol = "anyconnect";
gateway = "vpn2.zih.tu-dresden.de";
user = "rose159e@tu-dresden.de";
passwordFile = config.age.secrets.tud.path;
autoStart = false;
extraOptions = {
authgroup = "A-Tunnel-TU-Networks";
compression = "stateless";
};
};
TUD-C-Tunnel = {
protocol = "anyconnect";
gateway = "vpn2.zih.tu-dresden.de";
user = "rose159e@tu-dresden.de";
passwordFile = config.age.secrets.tud.path;
autoStart = false;
extraOptions = {
authgroup = "C-Tunnel-All-Networks";
compression = "stateless";
};
};
ZIH = {
protocol = "anyconnect";
gateway = "vpn2.zih.tu-dresden.de";
user = "rose159e@zih-ma-vpn";
passwordFile = config.age.secrets.tud.path;
autoStart = false;
extraOptions = {
authgroup = "A-Tunnel-TU-Networks";
compression = "stateless";
};
};
};
};
systemd.services = {
openfortivpn-agdsn = {
description = "AG DSN Fortinet VPN";
script = "${pkgs.openfortivpn}/bin/openfortivpn vpn.agdsn.de:443 --realm admin-vpn -u r5 -p $(cat $CREDENTIALS_DIRECTORY/password) --trusted-cert 2edda9c8797e09af039bbefeb083a9238c353cbc913210ad8a4f737820c35a91";
script = "${pkgs.openfortivpn}/bin/openfortivpn vpn.agdsn.de:443 --realm admin-vpn -u r5 -p $(cat $CREDENTIALS_DIRECTORY/password) --trusted-cert 82ed105286f02f4308f3c525a4034caed6cb738c3336f0f1da52421d419c87a9";
requires = [ "network-online.target" ];
after = [ "network.target" "network-online.target" ];
serviceConfig = {

1
secrets.nix
View file

@ -7,7 +7,6 @@ in
{
# thinkpad
"secrets/thinkpad/wireless.age".publicKeys = [ rouven thinkpad ];
"secrets/thinkpad/tud.age".publicKeys = [ rouven thinkpad ];
"secrets/thinkpad/agdsn.age".publicKeys = [ rouven thinkpad ];
"secrets/thinkpad/dyport-auth.age".publicKeys = [ rouven thinkpad ];
"secrets/thinkpad/wireguard/dorm/private.age".publicKeys = [ rouven thinkpad ];

9
secrets/thinkpad/tud.age
View file

@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 uWbAHQ 8qDAQ233j/CRqJRSjx0CIMNyBl5y/D03ujizUlyeDQk
YvxS49YognMr1d9ldJP0R4RKxZMLKxLk4G6juMpufag
-> ssh-ed25519 EVzt9Q z5q719PZfij/wMAzL/Co+zn5fItb2d1ixaLETSYBcHc
GHe/BBkAva/H3XE7Es6quxcVetNPhrjQvhqpskHzRuc
-> <AuSD0{0-grease D,\j%9Iu l<5 f3evt DjX
hfGCrRLXCdgz5Ea+9PRFfzWR8Jakr9MayFqQkdZMKeCjBCHH6g
--- WZqO7QcXXC135yLGJq0UjANeM1StWqscMgS6fQ7rQJE
Ķa-þ5¦É ñ 9q‰6†Èt³ö»ù­û4î”b2±t9hДb4¾o¤Å«cˆ7Q