diff --git a/flake.lock b/flake.lock index dbd5b946..289260b0 100644 --- a/flake.lock +++ b/flake.lock @@ -22,11 +22,11 @@ }, "emacs-overlay": { "locked": { - "lastModified": 1624127230, - "narHash": "sha256-0Wg07rR5u4F/02/mJU+CjwyYryBHB/zMOz7ArEnMlt8=", + "lastModified": 1624266581, + "narHash": "sha256-HuZxnFRh9czYa++g5g33R4PBIpLBE3nxav/ja+rJoRM=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "e9ced9b4f2e49488a97b20dc43fafea7284715a7", + "rev": "80c0348b6ccff2fa2e1898d57780a6815feb5d12", "type": "github" }, "original": { @@ -58,11 +58,11 @@ ] }, "locked": { - "lastModified": 1623967045, - "narHash": "sha256-D8tZULncqU2Drn4vmG1vgMdhnZ5ONV5aEuHIxaA/kyE=", + "lastModified": 1624214437, + "narHash": "sha256-BtB6k1mQXG/P8MUlNVcuboQqlxlks2H6i5vj2pbGa3Y=", "owner": "nix-community", "repo": "home-manager", - "rev": "2f6d5c90f4497dc3cfc043c0fd1b77272ebaeeaa", + "rev": "cd11c02c286a996ff55010146baecae4c413634f", "type": "github" }, "original": { @@ -74,11 +74,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1624034845, - "narHash": "sha256-FG7TpcrgswilnjCUqv7aWpA9QyJVpd/7PvgzNUlxINc=", + "lastModified": 1624252303, + "narHash": "sha256-ObacANYG/IvQLfcVzNEAmIX1zCw4UVbtiFycUMvDmgo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "4b4f4bf2845c6e2cc21cd30f2e297908c67d8611", + "rev": "7c2d15627a3012c5e5af1d1664a53599687cf1d1", "type": "github" }, "original": { diff --git a/machines/kharbranth/default.nix b/machines/kharbranth/default.nix index 101cb252..dfe154ee 100644 --- a/machines/kharbranth/default.nix +++ b/machines/kharbranth/default.nix @@ -19,6 +19,7 @@ eid.enable = true; git.email = "charlotte.vanpetegem@ugent.be"; sshd.enable = true; + vpn.ugent.enable = true; zfs = { enable = true; encrypted = true; diff --git a/machines/kholinar/default.nix b/machines/kholinar/default.nix index 4c8a2a6e..201a43be 100644 --- a/machines/kholinar/default.nix +++ b/machines/kholinar/default.nix @@ -35,6 +35,7 @@ git.email = "charlotte@vanpetegem.me"; minecraft.client = true; sshd.enable = true; + vpn.ugent.enable = true; zeroad.enable = true; zfs = { enable = true; diff --git a/modules/default.nix b/modules/default.nix index 447e47a7..9efc27f4 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -21,6 +21,7 @@ ./teeworlds.nix ./tetris.nix ./tmux.nix + ./vpn.nix ./zeroad.nix ./zfs.nix ./zotero.nix diff --git a/modules/vpn.nix b/modules/vpn.nix new file mode 100644 index 00000000..18482f4a --- /dev/null +++ b/modules/vpn.nix @@ -0,0 +1,32 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + ./vpn/secret.nix + ]; + + options = { + chvp.vpn.ugent.enable = lib.mkOption { + default = false; + example = true; + }; + }; + + config = lib.mkIf config.chvp.vpn.ugent.enable { + systemd.services = { + ugent-global-vpn.after = [ "network.target" ]; + ugent-local-vpn.after = [ "network.target" ]; + }; + security.polkit.extraConfig = '' + polkit.addRule(function(action, subject) { + if (action.id == "org.freedesktop.systemd1.manage-units" && action.lookup("unit") == "ugent-global-vpn.service") { + return polkit.Result.YES; + } + if (action.id == "org.freedesktop.systemd1.manage-units" && action.lookup("unit") == "ugent-local-vpn.service") { + return polkit.Result.YES; + } + }); + ''; + age.secrets."passwords/ugent-vpn".file = ../secrets/passwords/ugent-vpn.age; + }; +} diff --git a/modules/vpn/secret.nix b/modules/vpn/secret.nix new file mode 100644 index 00000000..58d67171 Binary files /dev/null and b/modules/vpn/secret.nix differ diff --git a/secrets.nix b/secrets.nix index 8373e6d4..79893fcd 100644 --- a/secrets.nix +++ b/secrets.nix @@ -26,6 +26,7 @@ in "secrets/authorized_keys/root.age".publicKeys = hosts ++ users; "secrets/passwords/ugent-mount-credentials.age".publicKeys = [ kholinar ] ++ users; + "secrets/passwords/ugent-vpn.age".publicKeys = [ kholinar ] ++ users; "secrets/passwords/services/accentor.age".publicKeys = [ urithiru ] ++ users; diff --git a/secrets/passwords/ugent-vpn.age b/secrets/passwords/ugent-vpn.age new file mode 100644 index 00000000..0e20f14a Binary files /dev/null and b/secrets/passwords/ugent-vpn.age differ