nx2/dotfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HSMW VPN Certificate Missing

Browse Source
This commit is contained in:
nx2
2024-03-22 16:17:03 +01:00
parent b2feb47e00
commit 9953f8231b
2 changed files with 63 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
secrets/passwords-and-certificates.nix
View File

Binary file not shown.

70
system-modules/hsmw.nix
View File

@@ -7,22 +7,78 @@
environment.etc = { environment.etc = {
# easyroam HSMW # Easyroam
"ssl/certs/easyroam_client_cert.pem".source = ../secrets/easyroam-hsmw/easyroam_client_cert.pem; "ssl/certs/easyroam_client_cert.pem".source = ../secrets/easyroam-hsmw/easyroam_client_cert.pem;
"ssl/certs/easyroam_root_ca.pem".source = ../secrets/easyroam-hsmw/easyroam_root_ca.pem; "ssl/certs/easyroam_root_ca.pem".source = ../secrets/easyroam-hsmw/easyroam_root_ca.pem;
"ssl/certs/easyroam_client_key.pem".source = ../secrets/easyroam-hsmw/easyroam_client_key.pem; "ssl/certs/easyroam_client_key.pem".source = ../secrets/easyroam-hsmw/easyroam_client_key.pem;
# VPN
"NetworkManager/system-connections/eduroam.nmconnection" = { "NetworkManager/system-connections/eduroam.nmconnection" = {
text = secrets.easyroamHSMW.nmconfig; text = secrets.easyroamHSMW.nmconfig;
mode = "0600"; mode = "0600";
}; };
# VPN
# "strongswan.conf".text = ''
# charon {
# load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-mschapv2 eap-identity updown openssl resolve
# }
# '';
"ipsec.d/hsmw.secrets".text = ''${secrets.email.hsmw.mail} : EAP "${secrets.email.hsmw.password}"'';
}; };
services.strongswan = {
enable = true;
setup = {
cachecrls = "yes";
strictcrlpolicy = "yes";
};
connections = {
hsmw = {
keyexchange = "ikev2";
left = "%defaultroute";
leftid = "%any";
leftauth = "eap";
eap_identity = secrets.email.hsmw.mail;
leftsourceip = "%config";
leftdns = "%config4";
leftfirewall = "no";
right = "141.55.128.84";
rightid = "@vpn4.hs-mittweida.de";
rightsubnet = "0.0.0.0/0";
rightauth = "pubkey";
auto = "add";
};
};
managePlugins = true;
enabledPlugins = [
"curl"
"aes"
"des"
"sha1"
"sha2"
"md5"
"pem"
"pkcs1"
"gmp"
"random"
"nonce"
"x509"
"revocation"
"hmac"
"xcbc"
"stroke"
"kernel-netlink"
"socket-default"
"fips-prf"
"eap-mschapv2"
"eap-identity"
"updown"
"openssl"
"resolve"
];
secrets = [ "/etc/ipsec.d/hsmw.secrets" ];
# ca = {
# ??? # https://mynixos.com/nixpkgs/option/services.strongswan.ca
# }
};
} }