nx2/dotfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HSMW-VPN Working

Browse Source
This commit is contained in:
nx2
2024-03-27 11:05:57 +01:00
parent 9953f8231b
commit 4e3b643d20
4 changed files with 82 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
configuration.nix
View File

@@ -22,10 +22,73 @@
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
boot.loader.grub = { boot.loader.grub = {
enable = true; enable = true;
configurationLimit = 30;
# device = "/dev/nvme0n1p1"; # device = "/dev/nvme0n1p1";
device = "nodev"; device = "nodev";
# useOSProber = true; # useOSProber = true;
efiSupport = true; efiSupport = true;
# theme = "${(pkgs.fetchFromGitea {
# domain = "git.nx2.site";
# owner = "nx2";
# repo = "grub-theme-ascii-diana";
# rev = "0.1.0";
# hash = "sha256-uqhj77CX6EaqF9SBDRKS8dfwSVyR9wb9xG9St4gJmFA=";
# })
# }/out/
# ";
extraEntries = ''
menuentry 'Windows Boot Manager (on /dev/nvme0n1p1)' --class windows --class os $menuentry_id_option 'osprober-efi-0A97-7A2D' {
insmod part_gpt
insmod fat
search --no-floppy --fs-uuid --set=root 0A97-7A2D
chainloader /EFI/Microsoft/Boot/bootmgfw.efi
}
menuentry 'Arch Linux (on /dev/nvme0n1p5)' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'osprober-gnulinux-simple-0c11547f-0294-419b-93d0-45c6d1f1c546' {
insmod part_gpt
insmod ext2
search --no-floppy --fs-uuid --set=root 0c11547f-0294-419b-93d0-45c6d1f1c546
linux /boot/vmlinuz-linux-lts root=UUID=0c11547f-0294-419b-93d0-45c6d1f1c546 rw loglevel=3 quiet splash snd_hda_intel.dmic_detect=0
initrd /boot/intel-ucode.img /boot/initramfs-linux-lts.img
}
submenu 'Advanced options for Arch Linux (on /dev/nvme0n1p5)' $menuentry_id_option 'osprober-gnulinux-advanced-0c11547f-0294-419b-93d0-45c6d1f1c546' {
menuentry 'Arch Linux (on /dev/nvme0n1p5)' --class gnu-linux --class gnu --class os $menuentry_id_option 'osprober-gnulinux-/boot/vmlinuz-linux-lts--0c11547f-0294-419b-93d0-45c6d1f1c546' {
insmod part_gpt
insmod ext2
search --no-floppy --fs-uuid --set=root 0c11547f-0294-419b-93d0-45c6d1f1c546
linux /boot/vmlinuz-linux-lts root=UUID=0c11547f-0294-419b-93d0-45c6d1f1c546 rw loglevel=3 quiet splash snd_hda_intel.dmic_detect=0
initrd /boot/intel-ucode.img /boot/initramfs-linux-lts.img
}
menuentry 'Arch Linux, with Linux linux-lts (on /dev/nvme0n1p5)' --class gnu-linux --class gnu --class os $menuentry_id_option 'osprober-gnulinux-/boot/vmlinuz-linux-lts--0c11547f-0294-419b-93d0-45c6d1f1c546' {
insmod part_gpt
insmod ext2
search --no-floppy --fs-uuid --set=root 0c11547f-0294-419b-93d0-45c6d1f1c546
linux /boot/vmlinuz-linux-lts root=UUID=0c11547f-0294-419b-93d0-45c6d1f1c546 rw loglevel=3 quiet splash snd_hda_intel.dmic_detect=0
initrd /boot/intel-ucode.img /boot/initramfs-linux-lts.img
}
menuentry 'Arch Linux, with Linux linux-lts (fallback initramfs) (on /dev/nvme0n1p5)' --class gnu-linux --class gnu --class os $menuentry_id_option 'osprober-gnulinux-/boot/vmlinuz-linux-lts--0c11547f-0294-419b-93d0-45c6d1f1c546' {
insmod part_gpt
insmod ext2
search --no-floppy --fs-uuid --set=root 0c11547f-0294-419b-93d0-45c6d1f1c546
linux /boot/vmlinuz-linux-lts root=UUID=0c11547f-0294-419b-93d0-45c6d1f1c546 rw loglevel=3 quiet splash snd_hda_intel.dmic_detect=0
initrd /boot/intel-ucode.img /boot/initramfs-linux-lts-fallback.img
}
menuentry 'Arch Linux, with Linux linux (on /dev/nvme0n1p5)' --class gnu-linux --class gnu --class os $menuentry_id_option 'osprober-gnulinux-/boot/vmlinuz-linux--0c11547f-0294-419b-93d0-45c6d1f1c546' {
insmod part_gpt
insmod ext2
search --no-floppy --fs-uuid --set=root 0c11547f-0294-419b-93d0-45c6d1f1c546
linux /boot/vmlinuz-linux root=UUID=0c11547f-0294-419b-93d0-45c6d1f1c546 rw loglevel=3 quiet splash snd_hda_intel.dmic_detect=0
initrd /boot/intel-ucode.img /boot/initramfs-linux.img
}
menuentry 'Arch Linux, with Linux linux (fallback initramfs) (on /dev/nvme0n1p5)' --class gnu-linux --class gnu --class os $menuentry_id_option 'osprober-gnulinux-/boot/vmlinuz-linux--0c11547f-0294-419b-93d0-45c6d1f1c546' {
insmod part_gpt
insmod ext2
search --no-floppy --fs-uuid --set=root 0c11547f-0294-419b-93d0-45c6d1f1c546
linux /boot/vmlinuz-linux root=UUID=0c11547f-0294-419b-93d0-45c6d1f1c546 rw loglevel=3 quiet splash snd_hda_intel.dmic_detect=0
initrd /boot/intel-ucode.img /boot/initramfs-linux-fallback.img
}
}
'';
}; };

18
flake.lock generated
View File

@@ -7,11 +7,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1706981411, "lastModified": 1710888565,
"narHash": "sha256-cLbLPTL1CDmETVh4p0nQtvoF+FSEjsnJTFpTxhXywhQ=", "narHash": "sha256-s9Hi4RHhc6yut4EcYD50sZWRDKsugBJHSbON8KFwoTw=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "652fda4ca6dafeb090943422c34ae9145787af37", "rev": "f33900124c23c4eca5831b9b5eb32ea5894375ce",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -23,11 +23,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1710838473, "lastModified": 1711124224,
"narHash": "sha256-RLvwdQSENKOaLdKhNie8XqHmTXzNm00/M/THj6zplQo=", "narHash": "sha256-l0zlN/3CiodvWDtfBOVxeTwYSRz93muVbXWSpaMjXxM=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "fa9f817df522ac294016af3d40ccff82f5fd3a63", "rev": "56528ee42526794d413d6f244648aaee4a7b56c0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -38,11 +38,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1710806803, "lastModified": 1711163522,
"narHash": "sha256-qrxvLS888pNJFwJdK+hf1wpRCSQcqA6W5+Ox202NDa0=", "narHash": "sha256-YN/Ciidm+A0fmJPWlHBGvVkcarYWSC+s3NTPk/P+q3c=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "b06025f1533a1e07b6db3e75151caa155d1c7eb3", "rev": "44d0940ea560dee511026a53f0e2e2cde489b4d4",
"type": "github" "type": "github"
}, },
"original": { "original": {

4
system-modules/health_reminder.nix
View File

@@ -5,8 +5,8 @@
enable = true; enable = true;
wantedBy = [ "timers.target" ]; wantedBy = [ "timers.target" ];
timerConfig = { timerConfig = {
OnBootSec = "10m"; OnBootSec = "5m";
OnUnitActiveSec = "10m"; OnUnitActiveSec = "5m";
Unit = "health_reminder.service"; Unit = "health_reminder.service";
}; };
}; };

11
system-modules/hsmw.nix
View File

@@ -24,6 +24,8 @@
# ''; # '';
"ipsec.d/hsmw.secrets".text = ''${secrets.email.hsmw.mail} : EAP "${secrets.email.hsmw.password}"''; "ipsec.d/hsmw.secrets".text = ''${secrets.email.hsmw.mail} : EAP "${secrets.email.hsmw.password}"'';
"ipsec.d/USERTrust-ECC.pem".source = ../secrets/vpn-hsmw/USERTrust-ECC-Certification-Authority.pem;
"ipsec.d/USERTrust-RSA.pem".source = ../secrets/vpn-hsmw/USERTrust-RSA-Certification-Authority.pem;
}; };
services.strongswan = { services.strongswan = {
@@ -77,8 +79,11 @@
"resolve" "resolve"
]; ];
secrets = [ "/etc/ipsec.d/hsmw.secrets" ]; secrets = [ "/etc/ipsec.d/hsmw.secrets" ];
# ca = { ca = {
# ??? # https://mynixos.com/nixpkgs/option/services.strongswan.ca hsmw = {
# } auto = "add";
cacert = "/etc/ipsec.d/USERTrust-RSA.pem";
};
};
}; };
} }