From 7013a0b223e1140a4c63e6341ad87a4e392f4b69 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Moritz=20B=C3=B6hme?= <mail@moritzboeh.me>
Date: Thu, 26 May 2022 13:45:06 +0200
Subject: [PATCH] :rocket: add university vpn

---
 modules/services/default.nix     |   1 +
 modules/services/openconnect.nix |  22 ++++++++++++++++++++++
 secrets/secrets.nix              |   1 +
 secrets/uni-vpn.age              | Bin 0 -> 1339 bytes
 4 files changed, 24 insertions(+)
 create mode 100644 modules/services/openconnect.nix
 create mode 100644 secrets/uni-vpn.age

diff --git a/modules/services/default.nix b/modules/services/default.nix
index 142c6f2..14fa952 100644
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@@ -9,6 +9,7 @@
     ./keyring.nix
     ./openvpn.nix
     ./picom.nix
+    ./openconnect.nix
   ];
 
   services = {
diff --git a/modules/services/openconnect.nix b/modules/services/openconnect.nix
new file mode 100644
index 0000000..b48bea4
--- /dev/null
+++ b/modules/services/openconnect.nix
@@ -0,0 +1,22 @@
+{ config, lib, pkgs, ... }:
+
+{
+  networking.openconnect.interfaces = {
+    university = {
+      gateway = "vpn.uni-leipzig.de";
+      protocol = "anyconnect";
+      user = "mb18cele@uni-leipzig.de";
+      # NOTE file content as follows:
+      # <my_password>
+      # "1-Standard-Uni" or "2-Spezial-Alles"
+      # Explanation:
+      # 1-Standard-Uni = Uni Dienste über VPN (Standard)
+      # 2-Spezial-Alles = Gesamter Datenverkehr über VPN (Spezial)
+      passwordFile = "/run/agenix/uniVPN";
+    };
+  };
+  age.secrets.uniVPN = {
+    file = ../../secrets/uni-vpn.age;
+    owner = "1000";
+  };
+}
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index ff24b3f..cde883f 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -18,4 +18,5 @@ in {
   "home-vpn.age".publicKeys = users ++ hosts;
   "home-vpn-password.age".publicKeys = users ++ hosts;
   "github.age".publicKeys = users ++ hosts;
+  "uni-vpn.age".publicKeys = users ++ hosts;
 }
diff --git a/secrets/uni-vpn.age b/secrets/uni-vpn.age
new file mode 100644
index 0000000000000000000000000000000000000000..990d96c1b435cdcd89b4021adc4c52d3d4b21455
GIT binary patch
literal 1339
zcmZA0Im_e(0LF2xgfwcUD9Brgg5fojW0DNWLXw$ea!ig%GLr;6a^Lqc$;eh~t612G
zBB&sUy_JF>f`!_x$YLwl>j!YR*v2pL{F>+Q#^G&P`Q6eCX<fZucQG`<!0nxzzE5t$
z09mi$%?*={ZA9H%gJ2_LD0S4U*~-+5e75W(m|nJ|AN4~oFWXTJ7~b-W9l#kp$~rE$
z_r|(A>W-7pHd1Ul9}Ak+I2Jt@gZo%QswjS}b-jC&iQNi}0mIzayfTqIUSbBC5&hJz
zk83C*;z6Ab3p(f|tccd$^eT_m5JBlyHU%DHT%x$~ik85r^BM>uX~@M|!CmGELdC;!
z_2~<PtP+K|+FVXS3@HTt;FUoWM~kC$QtUz^dQ6-g$Vj(4bqm`D!ftE|SrZ6SG!BJa
zNkwlns>p*%=BX4vs=mz%9&)ldF4%}2G2nC-kbrgck^!az$hq_sz06MS2F;k+g@CK$
zk}9L8d6%h^oifKdN#|^C!PQi6WGc8GQb7P}j&8GF6490edkERH3{FEvJVr%W!ILjA
zyUo$uUDoJHmjhPQMC>X_m6t%s<ve!e7C_;-0yi#bopV@c35o9&wp5368b(NxWMqA<
z$a9@R2ah#^t-U$Aorr8kmyb$qE7K`}i6<i6JMK<O2(JRw6w|KCu(2kSx~!UmV8~b=
zT2afJGk&f+78jzyA+8Lqxvn;yuRzRNWxF95O1a7ssK_Qp4iA?zRW!H^)~>vnjt(8K
z>#?D>up&(m6(kdEi?lsMLSg{Qj1M$rXdLZOu7Hfw$cYrB72DcW61*+;_T0}Wb<3YK
z#axVBuP}pvXEubXJj%s2Kw8@3Wy}djbq(TUZ98CV`Bb$Mo=Lf3M}B-Q>|SwoNSBXW
zN!#stR8u|M&F6|cZgXHwmQ$%hV;*)CMD`3jNN29FtjXW3CmVN|3!0=^bl^(<@sA%@
zbK!8wj&I5)K{3cy8p>n?8YN0+oKUjK%+*l_cd_gl?A!;F26Gyq!GxoFbkloe8=dd~
z9Z%c3WepgE$AcFh*lgB?#6mO4{J-Yd0pY|qWKU(=pmD~F++vz!gziW;DI&Ru<*CIf
z<g4}EC}pNxdca6L)yJzIKDY-EoLdwF@x8xEY-p)WMPSua%xx}C)uyXQ+8gw68+W1G
zhd^&cSZC1+M&u0M3A`gNzTjEy-fWL&byO@QsMx$NlDQ(5O#yXW6qWmOR*kwUr*#D^
zG-oSQYRZEdtsj=_8)4YSR$}o-3`B>r%~h-O$us8&6UT5zeV^5eB#o2@>JaW`fT97n
zx3@RD4KsqNZ_os(t_Vt)lT{+^WZRICXl=rok%#M=u3+gz0<Y2^ee>lL@BZ@CANSsS
z>mH+g@WVgf{rbZ1?z8>Z&wTsf`wz)K^9bj`C!f3fN&WJJzyJN&zHnc?^V8FRSzp`%
bU;FI--Qd&vFRots?c+C}|NN!5-~aJHl2X6n

literal 0
HcmV?d00001