tuda eduroam (untested)

2024-10-09 23:35:20 +02:00
parent 1e3112b590
commit c6f7d73f89
2 changed files with 40 additions and 16 deletions
--- a/system-modules/networking.nix
+++ b/system-modules/networking.nix
@@ -1,18 +1,41 @@
-
-{ config, pkgs, host, ... }:
-let
-in
+{ config, lib, host, secrets, ... }:
 {
-  networking.nameservers = [
-    "1.1.1.1"
-    "8.8.8.8"
-  ];
-  
-  networking.hostName = host;
-
-  networking.networkmanager = {
-    enable = true;
+  sops.secrets = {
+    "wireless-networking.env" = {};
  };

-  networking.enableIPv6 = false;
+  networking = {
+    nameservers = [
+      "1.1.1.1"
+      "8.8.8.8"
+    ];
+    hostName = host;
+    networking.networkmanager = {
+      enable = true;
+    };
+    enableIPv6 = false;
+    firewall.allowedTCPPorts = [ 
+      80
+      443
+    ];
+    wireless = {
+      enable = true;
+      environmentFile = config.sops.secrets."wireless-networking.env";
+      networks = {
+        eduroam = lib.mkIf (host == "NxXPS") {
+          auth = ''
+            ssid="eduroam"
+            key_mgmt=WPA-EAP
+            eap=PEAP
+            identity=${secrets.email.tuda.tuid}lan01@tu-darmstadt.de
+            password="@NXXPSEDUROAMPW@"
+            domain_suffix_match="radius.hrz.tu-darmstadt.de"
+            anonymous_identity="eduroam@tu-darmstadt.de"
+            phase2="auth=MSCHAPV2"
+            ca_cert="/etc/ssl/certs/ca-bundle.crt"
+          '';
+        };
+      };
+    };
+  };
 }