nx2/dotfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
085d593ce14ec4171a08e2bb968718963d1fab25
dotfiles/system-modules/networking.nix
Lennart J. Kurzweg (Nx2) d93ae4a78b tuda eduroam
2024-10-17 17:18:07 +02:00

81 lines
2.1 KiB
Nix
Executable File
Raw Blame History

{ pkgs, lib, host, secrets, ... }:
{
# sops.secrets = {
# "wireless-networking.env" = {};
# };
networking = {
nameservers = [
"1.1.1.1"
"8.8.8.8"
];
hostName = host;
networkmanager = {
enable = true;
};
enableIPv6 = false;
firewall.allowedTCPPorts = [
80
443
];
};
# Eduroam
environment.etc = {
"ssl/certs/tuda-eduroam-root.crt".source = "${pkgs.cacert.unbundled}/etc/ssl/certs/T-TeleSec_GlobalRoot_Class_2:1.crt";
# this comment blow is just for people reading my config
# I use sops-nix to place the actual file there (read below).
# identity and password have been replaced with "<...>" in the comment
# There the "email" and the password from the IDM portal of the HRZ should go
# Notice the toda-eduroam-root.crt that I am using (specified above)
# The method im using means that the password for the network is accessable locally as root user
# an even more secure way is for example using something like this https://wiki.archlinux.org/title/NetworkManager#Encrypted_Wi-Fi_passwords
# "NetworkManager/system-connections/eduroam.nmconnection" = {
# text = ''
# [connection]
# id=eduroam
# uuid=09ce7f02-0c1d-4e11-9f69-e91031176d9d
# type=wifi
# permissions=user:nx2:;
# [wifi]
# mode=infrastructure
# ssid=eduroam
# [wifi-security]
# key-mgmt=wpa-eap
# [802-1x]
# anonymous-identity=eduroam@tu-darmstadt.de
# ca-cert=/etc/ssl/certs/tuda-eduroam-root.crt
# domain=radius.hrz.tu-darmstadt.de
# eap=peap;
# identity=<...>@tu-darmstadt.de
# password=<...>
# phase2-auth=mschapv2
# [ipv4]
# method=auto
# [ipv6]
# addr-gen-mode=stable-privacy
# ip6-privacy=2
# method=auto
# '';
# mode = "0600";
# };
};
sops.secrets = {
"eduroam/tuda_nmconnection" = {
mode = "0600";
owner = "root";
path = "/etc/NetworkManager/system-connections/eduroam.nmconnection";
};
};
}
Reference in New Issue View Git Blame Copy Permalink