commit 22a53d57dddf3e38e125f30d23169d34aae8cafe parent 9cae31774e99e293e74e7526aa243ac8f06af7ad Author: Vincent Demeester <vincent@sbr.pm> Date: Fri, 2 Oct 2020 18:38:32 +0200 systems|users: update redhat… - Fix system-connections permissions - Update required packages for redhat-vpn Signed-off-by: Vincent Demeester <vincent@sbr.pm> Diffstat:
M | systems/modules/profiles/redhat.nix | | | 44 | +++++++++++++++++++++++++++++++------------- |
M | users/vincent/default.nix | | | 71 | ++++++++++++++++++++++++++++++++++++++--------------------------------- |
A | users/vincent/redhat/redhat-vpn.desktop | | | 8 | ++++++++ |
3 files changed, 77 insertions(+), 46 deletions(-)
diff --git a/systems/modules/profiles/redhat.nix b/systems/modules/profiles/redhat.nix @@ -12,20 +12,38 @@ in }; config = mkIf cfg.enable { # NetworkManager - environment.etc."NetworkManager/system-connections/1-RHVPN.ovpn".source = pkgs.mkSecret ../../../secrets/etc/NetworkManager/system-connections/1-RHVPN.ovpn; - environment.etc."NetworkManager/system-connections/AMS2.ovpn".source = pkgs.mkSecret ../../../secrets/etc/NetworkManager/system-connections/AMS2.ovpn; - environment.etc."NetworkManager/system-connections/BBRQ.ovpn".source = pkgs.mkSecret ../../../secrets/etc/NetworkManager/system-connections/BRQ.ovpn; - environment.etc."NetworkManager/system-connections/RDU2.ovpn".source = pkgs.mkSecret ../../../secrets/etc/NetworkManager/system-connections/RDU2.ovpn; - environment.etc."NetworkManager/system-connections/PNQ2.ovpn".source = pkgs.mkSecret ../../../secrets/etc/NetworkManager/system-connections/PNQ2.ovpn; - environment.etc."NetworkManager/system-connections/FAB.ovpn".source = pkgs.mkSecret ../../../secrets/etc/NetworkManager/system-connections/FAB.ovpn; + environment.etc."NetworkManager/system-connections/1-RHVPN.ovpn" = { + source = pkgs.mkSecret ../../../secrets/etc/NetworkManager/system-connections/1-RHVPN.ovpn; + mode = "0600"; + }; + environment.etc."NetworkManager/system-connections/AMS2.ovpn" = { + source = pkgs.mkSecret ../../../secrets/etc/NetworkManager/system-connections/AMS2.ovpn; + mode = "0600"; + }; + environment.etc."NetworkManager/system-connections/BBRQ.ovpn" = { + source = pkgs.mkSecret ../../../secrets/etc/NetworkManager/system-connections/BRQ.ovpn; + mode = "0600"; + }; + environment.etc."NetworkManager/system-connections/RDU2.ovpn" = { + source = pkgs.mkSecret ../../../secrets/etc/NetworkManager/system-connections/RDU2.ovpn; + mode = "0600"; + }; + environment.etc."NetworkManager/system-connections/PNQ2.ovpn" = { + source = pkgs.mkSecret ../../../secrets/etc/NetworkManager/system-connections/PNQ2.ovpn; + mode = "0600"; + }; + environment.etc."NetworkManager/system-connections/FAB.ovpn" = { + source = pkgs.mkSecret ../../../secrets/etc/NetworkManager/system-connections/FAB.ovpn; + mode = "0600"; + }; # Certificates environment.etc."ipa/ipa.crt".source = pkgs.mkSecret ../../../secrets/etc/ipa/ipa.crt; - environment.etc."etc/pki/tls/certs/2015-RH-IT-Root-CA.pem".source = pkgs.mkSecret ../../../secrets/etc/pki/tls/certs/2015-RH-IT-Root-CA.pem; - environment.etc."etc/pki/tls/certs/Eng-CA.crt".source = pkgs.mkSecret ../../../secrets/etc/pki/tls/certs/Eng-CA.crt; - environment.etc."etc/pki/tls/certs/newca.crt".source = pkgs.mkSecret ../../../secrets/etc/pki/tls/certs/newca.crt; - environment.etc."etc/pki/tls/certs/oracle_ebs.crt".source = pkgs.mkSecret ../../../secrets/etc/pki/tls/certs/oracle_ebs.crt; - environment.etc."etc/pki/tls/certs/pki-ca-chain.crt".source = pkgs.mkSecret ../../../secrets/etc/pki/tls/certs/pki-ca-chain.crt; - environment.etc."etc/pki/tls/certs/RH_ITW.crt".source = pkgs.mkSecret ../../../secrets/etc/pki/tls/certs/RH_ITW.crt; - environment.etc."etc/pki/tls/certs/win-intermediate-ca.cer".source = pkgs.mkSecret ../../../secrets/etc/pki/tls/certs/win-intermediate-ca.cer; + environment.etc."pki/tls/certs/2015-RH-IT-Root-CA.pem".source = pkgs.mkSecret ../../../secrets/etc/pki/tls/certs/2015-RH-IT-Root-CA.pem; + environment.etc."pki/tls/certs/Eng-CA.crt".source = pkgs.mkSecret ../../../secrets/etc/pki/tls/certs/Eng-CA.crt; + environment.etc."pki/tls/certs/newca.crt".source = pkgs.mkSecret ../../../secrets/etc/pki/tls/certs/newca.crt; + environment.etc."pki/tls/certs/oracle_ebs.crt".source = pkgs.mkSecret ../../../secrets/etc/pki/tls/certs/oracle_ebs.crt; + environment.etc."pki/tls/certs/pki-ca-chain.crt".source = pkgs.mkSecret ../../../secrets/etc/pki/tls/certs/pki-ca-chain.crt; + environment.etc."pki/tls/certs/RH_ITW.crt".source = pkgs.mkSecret ../../../secrets/etc/pki/tls/certs/RH_ITW.crt; + environment.etc."pki/tls/certs/win-intermediate-ca.cer".source = pkgs.mkSecret ../../../secrets/etc/pki/tls/certs/win-intermediate-ca.cer; }; } diff --git a/users/vincent/default.nix b/users/vincent/default.nix @@ -42,37 +42,42 @@ in */ security.pam.services.vincent.fprintAuth = config.services.fprintd.enable; - home-manager.users.vincent = lib.mkMerge ( - [ - (import ./core) - (import ./mails { hostname = config.networking.hostName; pkgs = pkgs; }) - ] - ++ optionals config.profiles.dev.enable [ (import ./dev) ] - ++ optionals config.profiles.desktop.enable [ (import ./desktop) ] - ++ optionals config.services.xserver.desktopManager.gnome3.enable [ (import ./desktop/gnome.nix) ] - ++ optionals (config.networking.hostName == "wakasu") [ - { - home.packages = with pkgs; [ - libosinfo - asciinema - oathToolkit - ]; - } - ] - ++ optionals (config.profiles.laptop.enable && config.profiles.desktop.enable) [ - { - # FIXME move this in its own file - programs.autorandr.enable = true; - } - ] - ++ optionals config.profiles.docker.enable [ - { - home.packages = with pkgs; [ docker docker-compose ]; - } - ] - ++ optionals (isContainersEnabled && config.profiles.dev.enable) [ (import ./containers) ] - ++ optionals config.profiles.kubernetes.enable [ (import ./containers/kubernetes.nix) ] - ++ optionals config.profiles.openshift.enable [ (import ./containers/openshift.nix) ] - ++ optionals config.profiles.tekton.enable [ (import ./containers/tekton.nix) ] - ); + home-manager.users.vincent = lib.mkMerge + ( + [ + (import ./core) + (import ./mails { hostname = config.networking.hostName; pkgs = pkgs; }) + ] + ++ optionals config.profiles.dev.enable [ (import ./dev) ] + ++ optionals config.profiles.desktop.enable [ (import ./desktop) ] + ++ optionals config.services.xserver.desktopManager.gnome3.enable [ (import ./desktop/gnome.nix) ] + ++ optionals (config.networking.hostName == "wakasu") [ + { + home.packages = with pkgs; [ + libosinfo + asciinema + oathToolkit + ]; + } + ] + ++ optionals (config.profiles.laptop.enable && config.profiles.desktop.enable) [ + { + # FIXME move this in its own file + programs.autorandr.enable = true; + } + ] + ++ optionals config.profiles.docker.enable [ + { + home.packages = with pkgs; [ docker docker-compose ]; + } + ] + ++ optionals (isContainersEnabled && config.profiles.dev.enable) [ (import ./containers) ] + ++ optionals config.profiles.kubernetes.enable [ (import ./containers/kubernetes.nix) ] + ++ optionals config.profiles.openshift.enable [ (import ./containers/openshift.nix) ] + ++ optionals config.profiles.tekton.enable [ (import ./containers/tekton.nix) ] + ++ optionals config.profiles.redhat.enable [{ + home.file.".local/share/applications/redhat-vpn.desktop".source = ./redhat/redhat-vpn.desktop; + home.packages = with pkgs; [ gnome3.zenity oathToolkit ]; + }] + ); } diff --git a/users/vincent/redhat/redhat-vpn.desktop b/users/vincent/redhat/redhat-vpn.desktop @@ -0,0 +1,7 @@ +[Desktop Entry] +Name=Red Hat VPN +Exec=redhat-vpn +Type=Application +Terminal=false +Categories=System; +Icon=seahorse;+ \ No newline at end of file