From 7e2ec684baeb898163855844e8b3d7725272aa2c Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Thu, 24 Apr 2025 10:02:59 +0200
Subject: [PATCH] thinkpad: remove declarative agdsn vpn

---
 hosts/thinkpad/modules/networks/uni.nix | 23 -----------------------
 secrets.nix                             |  1 -
 secrets/thinkpad/agdsn.age              |  7 -------
 3 files changed, 31 deletions(-)
 delete mode 100644 secrets/thinkpad/agdsn.age

diff --git a/hosts/thinkpad/modules/networks/uni.nix b/hosts/thinkpad/modules/networks/uni.nix
index 6a44542..f8cd5c5 100644
--- a/hosts/thinkpad/modules/networks/uni.nix
+++ b/hosts/thinkpad/modules/networks/uni.nix
@@ -1,7 +1,6 @@
 { config, pkgs, lib, ... }:
 {
   age.secrets = {
-    agdsn.file = ../../../../secrets/thinkpad/agdsn.age;
     dyport-auth = {
       file = ../../../../secrets/thinkpad/dyport-auth.age;
     };
@@ -104,28 +103,6 @@
     };
   };
   systemd.services = {
-    openfortivpn-agdsn = {
-      description = "AG DSN Fortinet VPN";
-      script = "${pkgs.openfortivpn}/bin/openfortivpn vpn.agdsn.de:443 --realm admin-vpn -u r5 -p $(cat $CREDENTIALS_DIRECTORY/password) --trusted-cert 82ed105286f02f4308f3c525a4034caed6cb738c3336f0f1da52421d419c87a9";
-      requires = [ "network-online.target" ];
-      after = [ "network.target" "network-online.target" ];
-      serviceConfig = {
-        Type = "simple";
-        LoadCredential = [
-          "password:${config.age.secrets.agdsn.path}"
-        ];
-        ProtectSystem = true;
-        ProtectKernelLogs = true;
-        ProtectKernelTunables = true;
-        ProtectKernelModules = true;
-
-        ProtectHome = true;
-        ProtectClock = true;
-        PrivateTmp = true;
-
-        LockPersonality = true;
-      };
-    };
     # fix systemd dependencies for supplicant services
     "supplicant-lan@" = {
       wantedBy = lib.mkForce [ ];
diff --git a/secrets.nix b/secrets.nix
index 156962a..fa598a6 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -7,7 +7,6 @@ in
 {
   # thinkpad
   "secrets/thinkpad/wireless.age".publicKeys = [ rouven thinkpad ];
-  "secrets/thinkpad/agdsn.age".publicKeys = [ rouven thinkpad ];
   "secrets/thinkpad/dyport-auth.age".publicKeys = [ rouven thinkpad ];
   "secrets/thinkpad/wireguard/dorm/private.age".publicKeys = [ rouven thinkpad ];
   "secrets/thinkpad/wireguard/dorm/preshared.age".publicKeys = [ rouven thinkpad ];
diff --git a/secrets/thinkpad/agdsn.age b/secrets/thinkpad/agdsn.age
deleted file mode 100644
index 41a2fe0..0000000
--- a/secrets/thinkpad/agdsn.age
+++ /dev/null
@@ -1,7 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 uWbAHQ X/P87D8iMo5RKTEU8pZt+xG9Ebx64cDHAX/n4ks8egA
-9zcpVqoCnDDs27SjbjNW+mJF+o/svGy0v0JNJxDTegU
--> ssh-ed25519 EVzt9Q v6gZYjKb/gisiCyeKKHRA0xlcAO2oFEomu2oRPuf6S8
-uw0LguP73eWbx+NX6DHJK6kzoxj7jIc1OBYPAOBLY0o
---- Zus0cOOXQVwuzHkYRm7IpKVqG1KxgflB9sLOrFP56Ks
-�Ң#��e\>�J$惊{Y翕���,;?����X���%���>ڞ�A�`N�`��z��
\ No newline at end of file