---
tags:
  - linux
  - networking
references:
  - https://networkmanager.dev/
  - https://ubuntu.com/core/docs/networkmanager/configure-vpn
  - https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_and_managing_networking/assembly_networkmanager-connection-profiles-in-keyfile-format_configuring-and-managing-networking
---
Connection profiles (nm-settings-nmcli(5))
Networkmanager will only read profile files owned by root bc they often contain secrets.
Keyfile format for connection profiles is .INI-like, but makes it possible for example to write a list of arrays in a space-seperated string?


> Configuring secrets for when using OpenVPN together with NetworkManager in NixOS is complete dogshit. Avoid :) 

Manually defining VPN
https://networkmanager.dev/docs/api/latest/nm-settings-nmcli.html
```
nmcli c add connection.id vpntest connection.type vpn \
    vpn.service-type org.freedesktop.NetworkManager.openvpn \
    ipv4.never-default true \
    ipv6.never-default true \
    +vpn.data ca=/sjj:qvar/snap/network-manager/common/creds/server_ca.crt \
    +vpn.data cert=/var/snap/network-manager/common/creds/user.crt \
    +vpn.data cert-pass-flags=0 \
    +vpn.data cipher=AES-128-CBC \
    +vpn.data comp-lzo=adaptive \
    +vpn.data connection-type=tls \
    +vpn.data dev=tun \
    +vpn.data key=/var/snap/network-manager/common/creds/user.key \
    +vpn.data ping=10 \
    +vpn.data ping-restart=60 \
    +vpn.data remote=<server>:<port> \
    +vpn.data remote-cert-tls=server \
    +vpn.data ta=/var/snap/network-manager/common/creds/tls_auth.key \
    +vpn.data ta-dir=1 \
    +vpn.data verify-x509-name=name:access.is
```


Conver nmconnection into Nix
https://github.com/janik-haag/nm2nix