configured networks

vpn isn't configured yet, for cable I don't know
2025-01-19 01:21:39 +01:00 · 2022-12-29 15:05:26 +01:00 · 2022-12-29 15:05:26 +01:00 · 8f8ba0d250
commit 8f8ba0d250
parent f85c5de8b7
6 changed files with 61 additions and 13 deletions
--- a/hosts/thinkpad/default.nix
+++ b/hosts/thinkpad/default.nix
@ -5,6 +5,7 @@
    [
      ./hardware-configuration.nix
      ./modules/autorandr
+      ./modules/networks
      ../../shared/vim.nix
      ../../shared/input.nix
      ../../shared/sops.nix
@ -16,13 +17,6 @@
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

-  networking.hostName = "thinkpad";
-  networking.networkmanager.enable = true;
-  networking.firewall = {
-    allowedUDPPorts = [ 51820 ]; # used for wireguard
-    checkReversePath = false;
-  };
-
  # Set your time zone.
  time.timeZone = "Europe/Berlin";

--- a/hosts/thinkpad/modules/networks/default.nix
+++ b/hosts/thinkpad/modules/networks/default.nix
@ -0,0 +1,28 @@
+{ config, ... }:
+{
+  imports = [ ./uni.nix ];
+
+  sops.secrets."wireless-env" = {};
+  networking = {
+    hostName = "thinkpad";
+    firewall = {
+      allowedUDPPorts = [ 51820 ]; # used for wireguard
+      checkReversePath = false;
+    };
+    wireless = {
+      enable = true;
+      userControlled.enable = true;
+      environmentFile = config.sops.secrets."wireless-env".path;
+      networks = {
+        "@HOME_SSID@" = {
+          psk = "@HOME_PSK@";
+          authProtocols = [ "WPA-PSK" ];
+        };
+        "@DORM_SSID@" = {
+          psk = "@DORM_PSK@";
+          authProtocols = [ "WPA-PSK" ];
+        };
+      };
+    };
+  };
+}
--- a/hosts/thinkpad/modules/networks/uni.nix
+++ b/hosts/thinkpad/modules/networks/uni.nix
@ -0,0 +1,29 @@
+{ config, ... }:
+{
+  networking.wireless.networks = {
+    eduroam ={
+      auth = ''
+        eap=PEAP
+        anonymous_identity="anonymous@tu-dresden.de"
+        ca_cert="/etc/ssl/certs/ca-certificates.crt"
+        domain_suffix_match="radius-eduroam.zih.tu-dresden.de"
+        identity="rose159e@tu-dresden.de"
+        password="@EDUROAM_AUTH@"
+        phase2="auth=mschapv2"
+      '';
+      authProtocols = [ "WPA-EAP" ];
+    };
+    agdsn ={
+      auth = ''
+        eap=TTLS
+        anonymous_identity="anonymous@agdsn.de"
+        ca_cert="/etc/ssl/certs/ca-certificates.crt"
+        domain_suffix_match="radius.agdsn.de"
+        identity="r5"
+        password="@AGDSN_AUTH@"
+        phase2="auth=PAP"
+      '';
+      authProtocols = [ "WPA-EAP" ];
+    };
+  };
+}
--- a/secrets/thinkpad.yaml
+++ b/secrets/thinkpad.yaml
@ -1,4 +1,4 @@
-o: ENC[AES256_GCM,data:OQ==,iv:bxliflmDvVoZkuJXrOGc1kh8/urnWdbt3wFcLmPcDf8=,tag:dk0FgO/KZGou4ujnZTpmOA==,type:str]
+wireless-env: ENC[AES256_GCM,data:ammPuyKddupz2q4zYLNzAH3W0uarrUnD4vu6ta3cboYN5egTrDrKWrgInSFNcebHUJknaS8WV8uqxFISMvi0+6KDXgf1CFpaF2xIaRhDUNr2Cd7eSCS9sbmy4tJ7Vinwt8prgElMm0heAjEgsP/ob9dAPrkFBkWXIk9pRtOZsAngqZ2CBXyPH2EciLCdJBaE+2SiQCvZfcNvsmKM2b9oTpQcP4Yp8HuWkUJthy+qyOHBq2LStiBAIjjXPqRR/PFKofPrXojs7+by,iv:63dNbgQq3fDGitfsHAxtwPzhiSyb4818a6iuc0s+zzo=,tag:edV7fPU5h8N362vonltt9g==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -14,8 +14,8 @@ sops:
            S0NwYWFQcmFtTm5zTEZLVXRtMi91Zk0K3ylHH4OXduJlJxepPz9GxBzVmKGpv9LL
            ApkEQxfPL4Bxrb2XOFLOYqJGv2SwxBv1QNYT7eTXRLTEsIXUHR0MGA==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2022-12-27T16:39:22Z"
-    mac: ENC[AES256_GCM,data:ziliEa5Nqxpgp8fAQ89TjnUvCpSH813aViSpBZGqAq+fO0QSsNOIGiTCVoEskwAhIUK733rheJpBKfhApGk87Z/aZeUV3KYMhA80n8J5TMwqXAMoIqlYVXJv/HkRF40yafkSlDewURgUE+dx/IqKT++XOA5/S6E2lyLvTpsEyDc=,iv:gste7RZyzgrE8FdLYruAvdc6Obq/KCJFx4YPd4NWEjs=,tag:BGwL2z/6rgW6hZTcQ7hFMQ==,type:str]
+    lastmodified: "2022-12-29T13:31:52Z"
+    mac: ENC[AES256_GCM,data:F60xsH+HRhYxx8MNjWeY/tt40rAi2QLNxuZjFxAkP8RUNZyHyZaqR1ZBSUgyaLz4UvFxv9AacRs4+Gwt9a2ndIX9tHl11TE0WRnRvQGKfyND8mK5tc7G3wwxWd5n+ZiiMqSfJ0WXf5EWCh9OBetSUtQZ4yO3IEQRSr+3hv8xTyo=,iv:DN/dTSX3HAUeiT2Ii47vWxISsRw99fLQZ87Ur6VKw00=,tag:fVT4rNDyX03E1ZWJ5ZDH9w==,type:str]
    pgp:
        - created_at: "2022-12-27T16:39:15Z"
          enc: |-
--- a/users/rouven/modules/awesome/rc.lua
+++ b/users/rouven/modules/awesome/rc.lua
@ -21,9 +21,7 @@ local hotkeys_popup = require("awful.hotkeys_popup")
 require("awful.hotkeys_popup.keys")

 -- Autstart some stuff
-awful.spawn.with_shell("nm-applet")
 awful.spawn.with_shell("light-locker --lock-on-lid")
-- awful.spawn.with_shell("nextcloud")

 -- Handle runtime errors after startup
 do
--- a/users/rouven/modules/packages.nix
+++ b/users/rouven/modules/packages.nix
@ -2,7 +2,6 @@
 {
  home.packages = with pkgs; [
    # essentials
-    networkmanagerapplet
    pcmanfm
    xsel
    lightlocker