Add openconnect network config

This commit is contained in:
Felix Suchert 2022-08-08 10:27:16 +02:00
parent 8ad97ce80e
commit a59b7990a9
Signed by: feliix42
GPG key ID: 24363525EA0E8A99
5 changed files with 59 additions and 29 deletions

1
.gitignore vendored
View file

@ -4,5 +4,6 @@ entropy/mail/neomutt/signature.txt
entropy/mail/neomutt/notmuch-hook.sh entropy/mail/neomutt/notmuch-hook.sh
entropy/mail/neomutt/whoami.muttrc entropy/mail/neomutt/whoami.muttrc
entropy/vpn/credentials.txt entropy/vpn/credentials.txt
entropy/vpn/openconnect.txt
**/*.swp **/*.swp

View file

@ -76,11 +76,14 @@ ln -s $PWD/mail/.notmuch-config ~/.notmuch-config
mkdir -p ~/.mail/tu-dresden mkdir -p ~/.mail/tu-dresden
notmuch new notmuch new
# set up openvpn connection # set up vpn connections
printf "\033[33m[info] Configuring OpenVPN\033[39m" printf "\033[33m[info] Configuring OpenVPN\033[39m"
cd vpn cd vpn
pass mail/tud-user | head -1 >> credentials.txt pass mail/tud-user | head -1 >> credentials.txt
pass mail/tud | head -1 >> credentials.txt pass mail/tud | head -1 >> credentials.txt
pass mail/tud | head -1 > openconnect.txt
chmod 600 credentials.txt
chmod 600 openconnect.txt
cd .. cd ..
ln -s $PWD/vpn ~/.config/vpn ln -s $PWD/vpn ~/.config/vpn

View file

@ -18,6 +18,9 @@ in
# Hardware support for Moonlander & U2F # Hardware support for Moonlander & U2F
./modules/hardware.nix ./modules/hardware.nix
# Network & VPN configuration
./modules/networking.nix
./modules/audio.nix ./modules/audio.nix
./modules/video.nix ./modules/video.nix
#./modules/v4l2loopback.nix #./modules/v4l2loopback.nix
@ -49,32 +52,6 @@ in
# ------------ kernel ------------------------------------------------------- # ------------ kernel -------------------------------------------------------
boot.kernelPackages = pkgs.linuxKernel.packages.linux_5_10; boot.kernelPackages = pkgs.linuxKernel.packages.linux_5_10;
# ------------ networking ---------------------------------------------------
networking.hostName = "entropy"; # Define your hostname.
networking.wireless = {
enable = true; # Enables wireless support via wpa_supplicant.
interfaces = [ "wlp0s20f3" ];
};
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour.
networking.useDHCP = false;
networking.interfaces.enp0s31f6.useDHCP = true;
# USB-C dock
networking.interfaces.enp0s20f0u2u1.useDHCP = true;
networking.interfaces.wlp0s20f3.useDHCP = true;
# enable OpenVPN for connecting to the TUD network
services.openvpn.servers.tud = {
config = '' config /home/felix/.config/vpn/TUD.ovpn '';
autoStart = false; #true;
updateResolvConf = true;
};
# for SAMBA file shares
services.gvfs.enable = true;
# ------------ time, location & input --------------------------------------- # ------------ time, location & input ---------------------------------------
# Set your time zone. # Set your time zone.
time.timeZone = "Europe/Berlin"; time.timeZone = "Europe/Berlin";

View file

@ -0,0 +1,49 @@
{ ... }:
{
# ------------ networking ---------------------------------------------------
networking.hostName = "entropy"; # Define your hostname.
networking.wireless = {
enable = true; # Enables wireless support via wpa_supplicant.
interfaces = [ "wlp0s20f3" ];
};
# NOTE(feliix42): This option set was the default prior to 22.05 but is now replaced by the `networking.useDHCP` setting in the hardware config.
## The global useDHCP flag is deprecated, therefore explicitly set to false here.
## Per-interface useDHCP will be mandatory in the future, so this generated config
## replicates the default behaviour.
#networking.useDHCP = false;
#networking.interfaces.enp0s31f6.useDHCP = true;
## USB-C dock
#networking.interfaces.enp0s20f0u2u1.useDHCP = true;
#networking.interfaces.wlp0s20f3.useDHCP = true;
# enable OpenVPN for connecting to the TUD network
services.openvpn.servers.tud = {
config = '' config /home/felix/.config/vpn/TUD.ovpn '';
autoStart = false; #true;
updateResolvConf = true;
};
networking.openconnect.interfaces = {
ccc = {
user = "s6525655@vpn-cfaed-cpb-ma";
protocol = "anyconnect";
gateway = "vpn2.zih.tu-dresden.de";
passwordFile = /home/felix/.config/vpn/openconnect.txt;
extraOptions = {
authgroup = "A-Tunnel-TU-Networks";
compression = "stateless";
no-dtls = true;
no-http-keepalive = true;
pfs = true;
};
autoStart = false;
};
};
# for SAMBA file shares
services.gvfs.enable = true;
}

View file

@ -22,6 +22,6 @@
]; ];
}; };
in in
#[ R-with-my-packages rstudioEnv ]; [ R-with-my-packages rstudioEnv ];
[ R-with-my-packages ]; #[ R-with-my-packages ];
} }