{ config, pkgs, stdenv, ... }:
let
  vpnc = pkgs.writeShellScript "vpnc" ''
    export INTERNAL_IP4_DNS=
    . ${pkgs.vpnc-scripts}/bin/vpnc-script
  '';
in
{
  sops.secrets.wrwks_vpn_key = {};

  networking.openconnect.interfaces = {
    wrwks = {
      gateway = "vpn.wrwks.at";
      passwordFile = config.sops.secrets.wrwks_vpn_key.path;
      protocol = "anyconnect";
      user = "exdpolakovics@wrwks.local";
      extraOptions = {
        script = "${vpnc}";
      };
    };
  };


  systemd.services.openconnect-wrwks-keepalive = {
    serviceConfig.Type = "oneshot";
    path = with pkgs; [ bash ];
    script = ''
      ping -c 2 stage.wsw.at
    '';
  };

  systemd.timers.openconnect-wrwks-keepalive = {
    wantedBy = [ "timers.target" ];
    partOf = [ "openconnect-wrwks-keepalive.service" ];
    timerConfig = {
      OnCalendar = "*:0/1";
      Unit = "openconnect-wrwks-keepalive.service";
    };
  };
}