commit 4c24ac4cee6ff85891a8ca972c2c5769ca7fb131
parent 16af81f2d039ae2927b97b4a2259b251db4a4cdc
Author: Vincent Demeester <vincent@sbr.pm>
Date: Fri, 2 Oct 2020 18:16:22 +0200
systems: add a redhat profile…
… for VPN, certificates and other Red Hat only customization.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Diffstat:
3 files changed, 33 insertions(+), 0 deletions(-)
diff --git a/systems/hokkaido.nix b/systems/hokkaido.nix
@@ -57,6 +57,7 @@ in
yubikey.enable = true;
virtualization = { enable = true; nested = true; };
docker.enable = true;
+ redhat.enable = true;
};
environment.systemPackages = with pkgs; [ virtmanager ];
diff --git a/systems/modules/profiles/default.nix b/systems/modules/profiles/default.nix
@@ -19,6 +19,7 @@
./printing.nix
./pulseaudio.nix
./qemu.nix
+ ./redhat.nix
./scanning.nix
./ssh.nix
./syncthing.nix
diff --git a/systems/modules/profiles/redhat.nix b/systems/modules/profiles/redhat.nix
@@ -0,0 +1,31 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+ cfg = config.profiles.redhat;
+in
+{
+ options = {
+ profiles.redhat = {
+ enable = mkEnableOption "Enable the Red Hat profiles (VPN, certs, …)";
+ };
+ };
+ config = mkIf cfg.enable {
+ # NetworkManager
+ environment.etc."NetworkManager/system-connections/1-RHVPN.ovpn".source = pkgs.mkSecret ../../../secrets/etc/NetworkManager/system-connections/1-RHVPN.ovpn;
+ environment.etc."NetworkManager/system-connections/AMS2.ovpn".source = pkgs.mkSecret ../../../secrets/etc/NetworkManager/system-connections/AMS2.ovpn;
+ environment.etc."NetworkManager/system-connections/BBRQ.ovpn".source = pkgs.mkSecret ../../../secrets/etc/NetworkManager/system-connections/BRQ.ovpn;
+ environment.etc."NetworkManager/system-connections/RDU2.ovpn".source = pkgs.mkSecret ../../../secrets/etc/NetworkManager/system-connections/RDU2.ovpn;
+ environment.etc."NetworkManager/system-connections/PNQ2.ovpn".source = pkgs.mkSecret ../../../secrets/etc/NetworkManager/system-connections/PNQ2.ovpn;
+ environment.etc."NetworkManager/system-connections/FAB.ovpn".source = pkgs.mkSecret ../../../secrets/etc/NetworkManager/system-connections/FAB.ovpn;
+ # Certificates
+ environment.etc."ipa/ipa.crt".source = pkgs.mkSecret ../../../secrets/etc/ipa/ipa.crt;
+ environment.etc."etc/pki/tls/certs/2015-RH-IT-Root-CA.pem".source = pkgs.mkSecret ../../../secrets/etc/pki/tls/certs/2015-RH-IT-Root-CA.pem;
+ environment.etc."etc/pki/tls/certs/Eng-CA.crt".source = pkgs.mkSecret ../../../secrets/etc/pki/tls/certs/Eng-CA.crt;
+ environment.etc."etc/pki/tls/certs/newca.crt".source = pkgs.mkSecret ../../../secrets/etc/pki/tls/certs/newca.crt;
+ environment.etc."etc/pki/tls/certs/oracle_ebs.crt".source = pkgs.mkSecret ../../../secrets/etc/pki/tls/certs/oracle_ebs.crt;
+ environment.etc."etc/pki/tls/certs/pki-ca-chain.crt".source = pkgs.mkSecret ../../../secrets/etc/pki/tls/certs/pki-ca-chain.crt;
+ environment.etc."etc/pki/tls/certs/RH_ITW.crt".source = pkgs.mkSecret ../../../secrets/etc/pki/tls/certs/RH_ITW.crt;
+ environment.etc."etc/pki/tls/certs/win-intermediate-ca.cer".source = pkgs.mkSecret ../../../secrets/etc/pki/tls/certs/win-intermediate-ca.cer;
+ };
+}