rouven.seifert/nixos-config
1
1
Fork 0
mirror of https://git.sr.ht/~rouven/nixos-config synced 2025-04-25 16:08:30 +02:00
Code Issues Projects Releases Packages Wiki Activity

network: add openfortivpn and wifi@db

Browse source
This commit is contained in:
Rouven Seifert 2023-12-17 17:22:12 +01:00
parent cf9dedf17a
commit dd997624a9
Signed by: rouven.seifert
GPG key ID: B95E8FE6B11C4D09
4 changed files with 42 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

31
hosts/thinkpad/modules/networks/uni.nix
View file

@ -1,7 +1,8 @@
{ config, ... }:
{ config, pkgs, ... }:
{
age.secrets.tud = {
file = ../../../../secrets/thinkpad/tud.age;
age.secrets = {
tud.file = ../../../../secrets/thinkpad/tud.age;
agdsn.file = ../../../../secrets/thinkpad/agdsn.age;
};
networking = {
wireless.networks = {
@ -82,4 +83,28 @@
};
};
};
systemd.services = {
openfortivpn-agdsn = {
description = "AG DSN Fortinet VPN";
script = "${pkgs.openfortivpn}/bin/openfortivpn vpn.agdsn.de:443 --realm admin-vpn -u r5 -p $(cat $CREDENTIALS_DIRECTORY/password) --trusted-cert bbbe0df79764c5f1bd4b332e449e43a40e43eec57c983a1e75a1896e6eae4da5";
requires = [ "network-online.target" ];
after = [ "network.target" "network-online.target" ];
serviceConfig = {
Type = "simple";
LoadCredential = [
"password:${config.age.secrets.agdsn.path}"
];
ProtectSystem = true;
ProtectKernelLogs = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectHome = true;
ProtectClock = true;
PrivateTmp = true;
LockPersonality = true;
};
};
};
}