add openconnect vpn

hosts/yodaTux/configuration.nix

@@ -53,6 +53,7 @@
       ../../modules/ghostwriter.nix
       ../../modules/print-and-scan.nix
       #../../modules/waydroid.nix
+      ../../modules/uni-vpn.nix
 
       ../../modules/games.nix
       ../../modules/dosbox-x.nix

modules/t-telesec.nix

@@ -0,0 +1,27 @@
+{ config, pkgs, ... }:
+let
+  # Define an awk script, that cuts one certificate out of the ca-bundle.crt file.
+  # https://gist.github.com/erictapen/841190c8b7d63b775df21123d55eddcb
+  cert = pkgs.stdenv.mkDerivation rec{
+    name = "telesec-globalroot-class-2.pem";
+    src = builtins.toFile "${name}-awk-helper" ''
+      {
+        if(a > 0) {
+          print
+        }
+      }
+      /-----END CERTIFICATE-----/ {
+        a = 0
+      }
+      /T-TeleSec GlobalRoot Class 2/ {
+        a = 1
+      }
+    '';
+    nativeBuildInputs = with pkgs; [ cacert gawk ];
+    phases = "installPhase";
+    installPhase = "${pkgs.gawk}/bin/awk -f $src ${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt > $out";
+  };
+in
+{
+  environment.etc."t-telesec.pem".source = cert;
+}

modules/uni-vpn.nix

@@ -0,0 +1,17 @@
+{ config, pkgs, ... }:
+{
+  assertions = [{
+    assertion = config.services.xserver.desktopManager.gnome.enable;
+    message = "Only tested with GNOME";
+  }];
+
+  imports = [
+    ./t-telesec.nix
+  ];
+
+  users.users.yoda = {
+    packages = with pkgs; [
+      gnome.networkmanager-openconnect # Openconnect VPN
+    ];
+  };
+}