mirror of
https://forge.katzen.cafe/schrottkatze/nix-configs.git
synced 2024-11-21 12:54:41 +01:00
set up easyroam/eduroam (well, mostly kloenk did it)
Co-authored-by: kloenk <me@kloenk.dev>
This commit is contained in:
parent
b7fe5a0014
commit
92a7e6021d
|
@ -1,6 +1,7 @@
|
||||||
{...}: {
|
{...}: {
|
||||||
imports = [
|
imports = [
|
||||||
./audio.nix
|
./audio.nix
|
||||||
|
./eduroam.nix
|
||||||
./flatpak.nix
|
./flatpak.nix
|
||||||
./home
|
./home
|
||||||
./dm.nix
|
./dm.nix
|
||||||
|
|
56
modules/desktop-environment/eduroam.nix
Normal file
56
modules/desktop-environment/eduroam.nix
Normal file
|
@ -0,0 +1,56 @@
|
||||||
|
# Thanks @ kloenk (@kloenk@catcatnya.com) for making this for me at MRMCD 2024 :33
|
||||||
|
{pkgs, ...}: let
|
||||||
|
caDir = "/var/lib/easyroam";
|
||||||
|
uuid = "821ad781-76a3-447f-a2e8-c7f18a1df3bc";
|
||||||
|
in {
|
||||||
|
systemd.services.easyroam = {
|
||||||
|
requires = ["NetworkManager.service"];
|
||||||
|
after = ["NetworkManager.service"];
|
||||||
|
requiredBy = ["network-online.target"];
|
||||||
|
path = with pkgs; [networkmanager openssl gnused];
|
||||||
|
script = ''
|
||||||
|
set -x
|
||||||
|
openssl pkcs12 -password pass: -in ${caDir}/my_easyroam_cert.p12 -legacy -nokeys | openssl x509 > ${caDir}/easyroam_client_cert.pem
|
||||||
|
cn=$(openssl x509 -noout -subject -in ${caDir}/easyroam_client_cert.pem -legacy | sed 's/.*CN = \(.*\), C.*/\1/')
|
||||||
|
openssl pkcs12 -legacy -password pass: -in ${caDir}/my_easyroam_cert.p12 -nodes -nocerts | openssl rsa -aes256 -passin pass: -passout pass:meow -out ${caDir}/easyroam_client_key.pem
|
||||||
|
openssl pkcs12 -password pass: -in ${caDir}/my_easyroam_cert.p12 -legacy -cacerts -nokeys > ${caDir}/easyroam_root_ca.pem
|
||||||
|
|
||||||
|
nmcli connection modify --temporary uuid ${uuid} 802-1x.identity "$cn"
|
||||||
|
'';
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.networkmanager.ensureProfiles.profiles.eduroam = {
|
||||||
|
"802-1x" = {
|
||||||
|
ca-cert = "${caDir}/easyroam_root_ca.pem";
|
||||||
|
client-cert = "${caDir}/easyroam_client_cert.pem";
|
||||||
|
domain-suffix-match = "easyroam.eduroam.de";
|
||||||
|
eap = "tls;";
|
||||||
|
identity = "meow";
|
||||||
|
private-key = "${caDir}/easyroam_client_key.pem";
|
||||||
|
private-key-password = "meow";
|
||||||
|
};
|
||||||
|
connection = {
|
||||||
|
id = "eduroam";
|
||||||
|
type = "wifi";
|
||||||
|
inherit uuid;
|
||||||
|
};
|
||||||
|
ipv4 = {
|
||||||
|
method = "auto";
|
||||||
|
};
|
||||||
|
ipv6 = {
|
||||||
|
addr-gen-mode = "default";
|
||||||
|
method = "auto";
|
||||||
|
};
|
||||||
|
proxy = {};
|
||||||
|
wifi = {
|
||||||
|
mode = "infrastructure";
|
||||||
|
ssid = "eduroam";
|
||||||
|
};
|
||||||
|
wifi-security = {
|
||||||
|
key-mgmt = "wpa-eap";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in a new issue