From f7577278582b3660bec0ba2421e150b7e2a61030 Mon Sep 17 00:00:00 2001
From: "Lennart J. Kurzweg (Nx2)" <git@nx2.site>
Date: Wed, 13 May 2026 23:57:32 +0200
Subject: [PATCH] tuda vpn

---
 home.nix                |  2 +-
 system-modules/tuda.nix | 45 ++++++++++-------------------------------
 2 files changed, 12 insertions(+), 35 deletions(-)

diff --git a/home.nix b/home.nix
index e6e8aab..d1c598a 100644
--- a/home.nix
+++ b/home.nix
@@ -43,7 +43,7 @@
     ./home-modules/pkgs-list/desktop.nix
     ./home-modules/pkgs-list/programs.nix
     ./home-modules/pkgs-list/shell.nix
-    ./home-modules/pnx.nix
+    # ./home-modules/pnx.nix
     ./home-modules/programming.nix
     ./home-modules/qt.nix
     ./home-modules/rclone.nix
diff --git a/system-modules/tuda.nix b/system-modules/tuda.nix
index 3dc73fc..d5ce3c2 100644
--- a/system-modules/tuda.nix
+++ b/system-modules/tuda.nix
@@ -12,41 +12,18 @@
   environment.systemPackages = with pkgs; [
     openconnect
     networkmanager-openconnect
+    (pkgs.writeShellScriptBin "connect_to_tuda" ''
+      sudo $(grep ExecStart /etc/systemd/system/openconnect-tuda.service | cut -c 11-)
+    '')
   ];
-  networking.networkmanager = {
-    plugins = with pkgs; [ networkmanager-openconnect ];
-    ensureProfiles.profiles = {
-      "tuda-vpn" = {
-        connection = {
-          autoconnect = "false";
-          id = "tuda-vpn";
-          type = "vpn";
-        };
-        ipv4.method = "auto";
-        ipv6 = {
-          addr-gen-mode = "stable-privacy";
-          method = "auto";
-        };
-        vpn = {
-          authtype = "password";
-          autoconnect-flags = "0";
-          certsigs-flags = "0";
-          cookie-flags = "2";
-          disable_udp = "no";
-          enable_csd_trojan = "no";
-          gateway = "vpn.hrz.tu-darmstadt.de";
-          gateway-flags = "2";
-          gwcert-flags = "2";
-          lasthost-flags = "0";
-          pem_passphrase_fsid = "no";
-          prevent_invalid_cert = "no";
-          protocol = "anyconnect";
-          resolve-flags = "2";
-          service-type = "org.freedesktop.NetworkManager.openconnect";
-          stoken_source = "disabled";
-          xmlconfig-flags = "0";
-          password-flags = 0;
-        };
+  networking.openconnect = {
+    package = pkgs.openconnect;
+    interfaces = {
+      tuda = {
+        autoStart = false;
+        gateway = "vpn.hrz.tu-darmstadt.de";
+        protocol = "anyconnect";
+        user = secrets.email.tuda.tuid;
       };
     };
   };