rouven.seifert/nixos-config
1
1
Fork 0
mirror of https://git.sr.ht/~rouven/nixos-config synced 2025-04-25 16:08:30 +02:00
Code Issues Projects Releases Packages Wiki Activity

updates

Browse source
This commit is contained in:
Rouven Seifert 2024-08-07 13:40:02 +02:00
parent 28526d5db2
commit efe00fc184
9 changed files with 55 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

27
hosts/thinkpad/modules/networks/uni.nix
View file

@ -3,15 +3,19 @@
age.secrets = {
tud.file = ../../../../secrets/thinkpad/tud.age;
agdsn.file = ../../../../secrets/thinkpad/agdsn.age;
ifsr-apb-auth = {
file = ../../../../secrets/thinkpad/ifsr-apb-auth.age;
dyport-auth = {
file = ../../../../secrets/thinkpad/dyport-auth.age;
};
};
networking = {
supplicant."enp0s31f6" = {
userControlled.enable = true;
driver = "wired";
configFile.path = config.age.secrets.ifsr-apb-auth.path;
supplicant = rec {
enp0s31f6 = {
userControlled.enable = true;
driver = "wired";
configFile.path = config.age.secrets.dyport-auth.path;
};
# ugly way to add more interfaces
"enp0s13f0u2u1" = enp0s31f6;
};
wireless.networks = {
eduroam = {
@ -90,6 +94,17 @@
compression = "stateless";
};
};
ZIH = {
protocol = "anyconnect";
gateway = "vpn2.zih.tu-dresden.de";
user = "rose159e@zih-ma-vpn";
passwordFile = config.age.secrets.tud.path;
autoStart = false;
extraOptions = {
authgroup = "A-Tunnel-TU-Networks";
compression = "stateless";
};
};
};
};
systemd.services = {

14
hosts/thinkpad/modules/security/default.nix
View file

@ -14,10 +14,9 @@
pam = {
u2f = {
enable = true;
cue = true;
# settings = {
# cue = true;
# };
settings = {
cue = true;
};
};
};
krb5 = {
@ -45,9 +44,10 @@
};
};
};
services = {
fprintd.enable = true; # log in using fingerprint
};
# broken again
# services = {
# fprintd.enable = true; # log in using fingerprint
# };
environment.systemPackages = with pkgs; [
agenix.packages.x86_64-linux.default
tpm2-tools