network: add openfortivpn and wifi@db

2025-01-18 17:11:39 +01:00 · 2023-12-17 17:22:12 +01:00 · 2023-12-17 17:22:12 +01:00 · dd997624a9
commit dd997624a9
parent cf9dedf17a
4 changed files with 42 additions and 3 deletions
--- a/hosts/thinkpad/modules/networks/default.nix
+++ b/hosts/thinkpad/modules/networks/default.nix
@ -66,6 +66,9 @@
          psk = "@PIXEL_PSK@";
          authProtocols = [ "WPA-PSK" ];
        };
        "WIFI@DB" = {
          authProtocols = [ "NONE" ];
        };
      };
    };
  };
--- a/hosts/thinkpad/modules/networks/uni.nix
+++ b/hosts/thinkpad/modules/networks/uni.nix
@ -1,7 +1,8 @@
-{ config, ... }:
+{ config, pkgs, ... }:
 {
-  age.secrets.tud = {
+  age.secrets = {
-    file = ../../../../secrets/thinkpad/tud.age;
+    tud.file = ../../../../secrets/thinkpad/tud.age;
    agdsn.file = ../../../../secrets/thinkpad/agdsn.age;
  };
  networking = {
    wireless.networks = {
@ -82,4 +83,28 @@
      };
    };
  };
  systemd.services = {
    openfortivpn-agdsn = {
      description = "AG DSN Fortinet VPN";
      script = "${pkgs.openfortivpn}/bin/openfortivpn vpn.agdsn.de:443 --realm admin-vpn -u r5 -p $(cat $CREDENTIALS_DIRECTORY/password) --trusted-cert bbbe0df79764c5f1bd4b332e449e43a40e43eec57c983a1e75a1896e6eae4da5";
      requires = [ "network-online.target" ];
      after = [ "network.target" "network-online.target" ];
      serviceConfig = {
        Type = "simple";
        LoadCredential = [
          "password:${config.age.secrets.agdsn.path}"
        ];
        ProtectSystem = true;
        ProtectKernelLogs = true;
        ProtectKernelTunables = true;
        ProtectKernelModules = true;
        ProtectHome = true;
        ProtectClock = true;
        PrivateTmp = true;
        LockPersonality = true;
      };
    };
  };
 }
--- a/secrets.nix
+++ b/secrets.nix
@ -8,6 +8,7 @@ in
  # thinkpad
  "secrets/thinkpad/wireless.age".publicKeys = [ rouven thinkpad ];
  "secrets/thinkpad/tud.age".publicKeys = [ rouven thinkpad ];
  "secrets/thinkpad/agdsn.age".publicKeys = [ rouven thinkpad ];
  "secrets/thinkpad/wireguard/dorm/private.age".publicKeys = [ rouven thinkpad ];
  "secrets/thinkpad/wireguard/dorm/preshared.age".publicKeys = [ rouven thinkpad ];
  "secrets/thinkpad/borg/passphrase.age".publicKeys = [ rouven thinkpad ];
--- a/secrets/thinkpad/agdsn.age
+++ b/secrets/thinkpad/agdsn.age
@ -0,0 +1,10 @@
 age-encryption.org/v1
 -> ssh-ed25519 uWbAHQ EGfkKwo45AWNHNFi67C9S4qBuk7/vUcux6p9zwV9nxM
 JdpzKDYUdDyzCUsaNnWxBf3HCFoPOgPT02/gcG7gtyc
 -> ssh-ed25519 EVzt9Q IE+sr7AE1LaPwej6vo1N6i6cSda0hetTiEfJtaodPh0
 ttrgi/C8BIcV20D9tF3rd8TcByzczbqo4Ez4qbpgQ5A
 -> e-grease <e(L>-d 5#8HBk F~8O<n
 LlHHkS6QsTkMnd7x18sJfXPNSpJBA1567JFZx2Ok58um4zR/EAZ7U9YHQ6jFB13X
 Ud938yc5aCceAqKwOS3edHlf6vqUVYVYg1ogQWZnvcA
 --- y6f7wlWYcpgK30XLjVS/lruIwAONt4wECDEd9spBn2A
 ÔÛ,SA€fª®—üÁ;GHÍ†Y›Î\á®TAÅª®	‘Nâ¤ÁßOv®ciZ
drÞ–DÌ›º8xsßÞ