nx2/dotfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
83cc142b220dcafcad0e0d5fb5a21e8cab7ebe76
dotfiles/system-modules/hsmw.nix
Lennart J. Kurzweg (Nx2) fce5f49e57 Sops-Nix
2024-06-03 16:59:11 +02:00

85 lines
2.1 KiB
Nix
Executable File
Raw Blame History

{ pkgs, lib, host, secrets, ... }:
lib.mkIf (host != "NxACE")
{
environment.systemPackages = [
pkgs.strongswanNM
];
environment.etc = {
# Easyroam
"ssl/certs/easyroam_client_cert.pem".source = ../secrets/easyroam-hsmw/easyroam_client_cert.pem;
"ssl/certs/easyroam_root_ca.pem".source = ../secrets/easyroam-hsmw/easyroam_root_ca.pem;
"ssl/certs/easyroam_client_key.pem".source = ../secrets/easyroam-hsmw/easyroam_client_key.pem;
"NetworkManager/system-connections/eduroam.nmconnection" = {
text = secrets.easyroamHSMW.nmconfig;
mode = "0600";
};
"ipsec.d/hsmw.secrets".text = ''${secrets.email.hsmw.mail} : EAP "${secrets.email.hsmw.password}"'';
"ipsec.d/USERTrust-ECC.pem".source = ../secrets/vpn-hsmw/USERTrust-ECC-Certification-Authority.pem;
"ipsec.d/USERTrust-RSA.pem".source = ../secrets/vpn-hsmw/USERTrust-RSA-Certification-Authority.pem;
};
networking.networkmanager.enableStrongSwan = true;
services.strongswan = {
enable = true;
setup = {
cachecrls = "yes";
strictcrlpolicy = "yes";
};
connections = {
hsmw = {
keyexchange = "ikev2";
left = "%defaultroute";
leftid = "%any";
leftauth = "eap";
eap_identity = secrets.email.hsmw.mail;
leftsourceip = "%config";
leftdns = "%config4";
leftfirewall = "no";
right = "141.55.128.84";
rightid = "@vpn4.hs-mittweida.de";
rightsubnet = "0.0.0.0/0";
rightauth = "pubkey";
auto = "add";
};
};
managePlugins = true;
enabledPlugins = [
"curl"
"aes"
"des"
"sha1"
"sha2"
"md5"
"pem"
"pkcs1"
"gmp"
"random"
"nonce"
"x509"
"revocation"
"hmac"
"xcbc"
"stroke"
"kernel-netlink"
"socket-default"
"fips-prf"
"eap-mschapv2"
"eap-identity"
"updown"
"openssl"
"resolve"
];
secrets = [ "/etc/ipsec.d/hsmw.secrets" ];
ca = {
hsmw = {
auto = "add";
cacert = "/etc/ipsec.d/USERTrust-RSA.pem";
};
};
};
}
Reference in New Issue View Git Blame Copy Permalink