From dcf91b8d59a1c6d856d27224634af4f24a5a6bc1 Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Thu, 29 Dec 2022 20:25:07 +0100 Subject: [PATCH] added tu vpn --- hosts/thinkpad/modules/networks/default.nix | 3 + hosts/thinkpad/modules/networks/uni.nix | 62 +++++++++++++-------- secrets/thinkpad.yaml | 6 +- 3 files changed, 46 insertions(+), 25 deletions(-) diff --git a/hosts/thinkpad/modules/networks/default.nix b/hosts/thinkpad/modules/networks/default.nix index 87ca123..2c55500 100644 --- a/hosts/thinkpad/modules/networks/default.nix +++ b/hosts/thinkpad/modules/networks/default.nix @@ -21,6 +21,9 @@ "@DORM_SSID@" = { psk = "@DORM_PSK@"; authProtocols = [ "WPA-PSK" ]; + extraConfig = '' + disabled=1 + ''; }; }; }; diff --git a/hosts/thinkpad/modules/networks/uni.nix b/hosts/thinkpad/modules/networks/uni.nix index 7483efe..e0831c6 100644 --- a/hosts/thinkpad/modules/networks/uni.nix +++ b/hosts/thinkpad/modules/networks/uni.nix @@ -1,29 +1,45 @@ { config, ... }: { - networking.wireless.networks = { - eduroam ={ - auth = '' - eap=PEAP - anonymous_identity="anonymous@tu-dresden.de" - ca_cert="/etc/ssl/certs/ca-certificates.crt" - domain_suffix_match="radius-eduroam.zih.tu-dresden.de" - identity="rose159e@tu-dresden.de" - password="@EDUROAM_AUTH@" - phase2="auth=mschapv2" - ''; - authProtocols = [ "WPA-EAP" ]; + sops.secrets."uni/zih" = {}; + networking = { + wireless.networks = { + eduroam ={ + auth = '' + eap=PEAP + anonymous_identity="anonymous@tu-dresden.de" + ca_cert="/etc/ssl/certs/ca-certificates.crt" + domain_suffix_match="radius-eduroam.zih.tu-dresden.de" + identity="rose159e@tu-dresden.de" + password="@EDUROAM_AUTH@" + phase2="auth=mschapv2" + ''; + authProtocols = [ "WPA-EAP" ]; + }; + agdsn ={ + auth = '' + eap=TTLS + anonymous_identity="anonymous@agdsn.de" + ca_cert="/etc/ssl/certs/ca-certificates.crt" + domain_suffix_match="radius.agdsn.de" + identity="r5" + password="@AGDSN_AUTH@" + phase2="auth=PAP" + ''; + authProtocols = [ "WPA-EAP" ]; + }; }; - agdsn ={ - auth = '' - eap=TTLS - anonymous_identity="anonymous@agdsn.de" - ca_cert="/etc/ssl/certs/ca-certificates.crt" - domain_suffix_match="radius.agdsn.de" - identity="r5" - password="@AGDSN_AUTH@" - phase2="auth=PAP" - ''; - authProtocols = [ "WPA-EAP" ]; + openconnect.interfaces = { + TU-Dresden = { + protocol = "anyconnect"; + gateway = "vpn2.zih.tu-dresden.de"; + user = "rose159e@tu-dresden.de"; + passwordFile = config.sops.secrets."uni/zih".path; + autoStart = false; + extraOptions = { + authgroup = "A-Tunnel-TU-Networks"; + compression = "stateless"; + }; + }; }; }; } diff --git a/secrets/thinkpad.yaml b/secrets/thinkpad.yaml index 8570d72..ebc4cc7 100644 --- a/secrets/thinkpad.yaml +++ b/secrets/thinkpad.yaml @@ -1,4 +1,6 @@ wireless-env: ENC[AES256_GCM,data:ammPuyKddupz2q4zYLNzAH3W0uarrUnD4vu6ta3cboYN5egTrDrKWrgInSFNcebHUJknaS8WV8uqxFISMvi0+6KDXgf1CFpaF2xIaRhDUNr2Cd7eSCS9sbmy4tJ7Vinwt8prgElMm0heAjEgsP/ob9dAPrkFBkWXIk9pRtOZsAngqZ2CBXyPH2EciLCdJBaE+2SiQCvZfcNvsmKM2b9oTpQcP4Yp8HuWkUJthy+qyOHBq2LStiBAIjjXPqRR/PFKofPrXojs7+by,iv:63dNbgQq3fDGitfsHAxtwPzhiSyb4818a6iuc0s+zzo=,tag:edV7fPU5h8N362vonltt9g==,type:str] +uni: + zih: ENC[AES256_GCM,data:irxq42t4H+7E3YJjqbmyccw=,iv:f0E84HMBQN9TtR1BN56LTU4FLOkVWPFTUysQvu99nzs=,tag:BkNyAJAj+3tPF3Us4Vqg3w==,type:str] sops: kms: [] gcp_kms: [] @@ -14,8 +16,8 @@ sops: S0NwYWFQcmFtTm5zTEZLVXRtMi91Zk0K3ylHH4OXduJlJxepPz9GxBzVmKGpv9LL ApkEQxfPL4Bxrb2XOFLOYqJGv2SwxBv1QNYT7eTXRLTEsIXUHR0MGA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-12-29T13:31:52Z" - mac: ENC[AES256_GCM,data:F60xsH+HRhYxx8MNjWeY/tt40rAi2QLNxuZjFxAkP8RUNZyHyZaqR1ZBSUgyaLz4UvFxv9AacRs4+Gwt9a2ndIX9tHl11TE0WRnRvQGKfyND8mK5tc7G3wwxWd5n+ZiiMqSfJ0WXf5EWCh9OBetSUtQZ4yO3IEQRSr+3hv8xTyo=,iv:DN/dTSX3HAUeiT2Ii47vWxISsRw99fLQZ87Ur6VKw00=,tag:fVT4rNDyX03E1ZWJ5ZDH9w==,type:str] + lastmodified: "2022-12-29T19:11:37Z" + mac: ENC[AES256_GCM,data:Y+f5llPf+i6KcsH3bkvr9joSguIXRjsEIEp+KmqSFf86P5HAj90uROKFyvpkjiOf0P9/1Z1qeuDKxWG3WTAvMG+eWOVigou3rOLSDzUBnl1q+HT5G8EmPAVZ39aGssFi8Vy+dVHRrSnXmJ2D4oA2514xqjwZLcParqfi5LM61mI=,iv:e58rnR6BfdSBpYhJyNI1aWq51NMILhySEFKHGNaEk4o=,tag:Av3Y+fmoOhr6ddDvPNpK3Q==,type:str] pgp: - created_at: "2022-12-27T16:39:15Z" enc: |-