added tu vpn

hosts/thinkpad/modules/networks/default.nix

@@ -21,6 +21,9 @@
         "@DORM_SSID@" = {
           psk = "@DORM_PSK@";
           authProtocols = [ "WPA-PSK" ];
+          extraConfig = ''
+            disabled=1
+          '';
         };
       };
     };

hosts/thinkpad/modules/networks/uni.nix

@@ -1,29 +1,45 @@
 { config, ... }:
 {
-  networking.wireless.networks = {
+  sops.secrets."uni/zih" = {};
-    eduroam ={
+  networking = {
-      auth = ''
+    wireless.networks = {
-        eap=PEAP
+      eduroam ={
-        anonymous_identity="anonymous@tu-dresden.de"
+        auth = ''
-        ca_cert="/etc/ssl/certs/ca-certificates.crt"
+          eap=PEAP
-        domain_suffix_match="radius-eduroam.zih.tu-dresden.de"
+          anonymous_identity="anonymous@tu-dresden.de"
-        identity="rose159e@tu-dresden.de"
+          ca_cert="/etc/ssl/certs/ca-certificates.crt"
-        password="@EDUROAM_AUTH@"
+          domain_suffix_match="radius-eduroam.zih.tu-dresden.de"
-        phase2="auth=mschapv2"
+          identity="rose159e@tu-dresden.de"
-      '';
+          password="@EDUROAM_AUTH@"
-      authProtocols = [ "WPA-EAP" ];
+          phase2="auth=mschapv2"
+        '';
+        authProtocols = [ "WPA-EAP" ];
+      };
+      agdsn ={
+        auth = ''
+          eap=TTLS
+          anonymous_identity="anonymous@agdsn.de"
+          ca_cert="/etc/ssl/certs/ca-certificates.crt"
+          domain_suffix_match="radius.agdsn.de"
+          identity="r5"
+          password="@AGDSN_AUTH@"
+          phase2="auth=PAP"
+        '';
+        authProtocols = [ "WPA-EAP" ];
+      };
     };
-    agdsn ={
+    openconnect.interfaces = {
-      auth = ''
+      TU-Dresden = {
-        eap=TTLS
+        protocol = "anyconnect";
-        anonymous_identity="anonymous@agdsn.de"
+        gateway = "vpn2.zih.tu-dresden.de";
-        ca_cert="/etc/ssl/certs/ca-certificates.crt"
+        user = "rose159e@tu-dresden.de";
-        domain_suffix_match="radius.agdsn.de"
+        passwordFile = config.sops.secrets."uni/zih".path;
-        identity="r5"
+        autoStart = false;
-        password="@AGDSN_AUTH@"
+        extraOptions = {
-        phase2="auth=PAP"
+          authgroup = "A-Tunnel-TU-Networks";
-      '';
+          compression = "stateless";
-      authProtocols = [ "WPA-EAP" ];
+        };
+      };
     };
   };
 }

secrets/thinkpad.yaml

@@ -1,4 +1,6 @@
 wireless-env: ENC[AES256_GCM,data:ammPuyKddupz2q4zYLNzAH3W0uarrUnD4vu6ta3cboYN5egTrDrKWrgInSFNcebHUJknaS8WV8uqxFISMvi0+6KDXgf1CFpaF2xIaRhDUNr2Cd7eSCS9sbmy4tJ7Vinwt8prgElMm0heAjEgsP/ob9dAPrkFBkWXIk9pRtOZsAngqZ2CBXyPH2EciLCdJBaE+2SiQCvZfcNvsmKM2b9oTpQcP4Yp8HuWkUJthy+qyOHBq2LStiBAIjjXPqRR/PFKofPrXojs7+by,iv:63dNbgQq3fDGitfsHAxtwPzhiSyb4818a6iuc0s+zzo=,tag:edV7fPU5h8N362vonltt9g==,type:str]
+uni:
+    zih: ENC[AES256_GCM,data:irxq42t4H+7E3YJjqbmyccw=,iv:f0E84HMBQN9TtR1BN56LTU4FLOkVWPFTUysQvu99nzs=,tag:BkNyAJAj+3tPF3Us4Vqg3w==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -14,8 +16,8 @@ sops:
             S0NwYWFQcmFtTm5zTEZLVXRtMi91Zk0K3ylHH4OXduJlJxepPz9GxBzVmKGpv9LL
             ApkEQxfPL4Bxrb2XOFLOYqJGv2SwxBv1QNYT7eTXRLTEsIXUHR0MGA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2022-12-29T13:31:52Z"
+    lastmodified: "2022-12-29T19:11:37Z"
-    mac: ENC[AES256_GCM,data:F60xsH+HRhYxx8MNjWeY/tt40rAi2QLNxuZjFxAkP8RUNZyHyZaqR1ZBSUgyaLz4UvFxv9AacRs4+Gwt9a2ndIX9tHl11TE0WRnRvQGKfyND8mK5tc7G3wwxWd5n+ZiiMqSfJ0WXf5EWCh9OBetSUtQZ4yO3IEQRSr+3hv8xTyo=,iv:DN/dTSX3HAUeiT2Ii47vWxISsRw99fLQZ87Ur6VKw00=,tag:fVT4rNDyX03E1ZWJ5ZDH9w==,type:str]
+    mac: ENC[AES256_GCM,data:Y+f5llPf+i6KcsH3bkvr9joSguIXRjsEIEp+KmqSFf86P5HAj90uROKFyvpkjiOf0P9/1Z1qeuDKxWG3WTAvMG+eWOVigou3rOLSDzUBnl1q+HT5G8EmPAVZ39aGssFi8Vy+dVHRrSnXmJ2D4oA2514xqjwZLcParqfi5LM61mI=,iv:e58rnR6BfdSBpYhJyNI1aWq51NMILhySEFKHGNaEk4o=,tag:Av3Y+fmoOhr6ddDvPNpK3Q==,type:str]
     pgp:
         - created_at: "2022-12-27T16:39:15Z"
           enc: |-