From ae6b0e483fec266a56894810339ee167bced9537 Mon Sep 17 00:00:00 2001
From: "Lennart J. Kurzweg (Nx2)" <git@nx2.site>
Date: Mon, 23 Feb 2026 18:40:35 +0100
Subject: [PATCH] tuda vpn

---
 system-modules/tuda.nix | 22 ++++++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/system-modules/tuda.nix b/system-modules/tuda.nix
index c56591f..97a88fc 100644
--- a/system-modules/tuda.nix
+++ b/system-modules/tuda.nix
@@ -1,5 +1,4 @@
-{ pkgs, ... }@all: with all;
-{
+{ pkgs, ... }@all: with all; {
   environment.etc = {
     "ssl/certs/tuda-eduroam-root.crt".source = "${pkgs.cacert.unbundled}/etc/ssl/certs/T-TeleSec_GlobalRoot_Class_2:1.crt";
   };
@@ -10,4 +9,23 @@
       path = "/etc/NetworkManager/system-connections/eduroam.nmconnection";
     };
   };
+  environment.systemPackages = with pkgs; [
+    openconnect
+    networkmanager-openconnect
+  ];
+  networking.openconnect = {
+    package = pkgs.openconnect;
+    interfaces = {
+      openconnect0 = {
+        autoStart = false;
+        certificate = "/home/nx2/tuda-rootcert.crt";
+        # extraOptions = { compression = "stateless"; no-dtls = true; no-http-keepalive = true; };
+        gateway = "vpn.hrz.tu-darmstadt.de";
+        # passwordFile = "/var/lib/secrets/openconnect-passwd";
+        # privateKey = "/var/lib/secrets/openconnect_private_key.pem";
+        protocol = "anyconnect";
+        user = secrets.email.tuda.tuid;
+      };
+    };
+  };
 }