home

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs | README | LICENSE

commit 4c24ac4cee6ff85891a8ca972c2c5769ca7fb131
parent 16af81f2d039ae2927b97b4a2259b251db4a4cdc
Author: Vincent Demeester <vincent@sbr.pm>
Date:   Fri,  2 Oct 2020 18:16:22 +0200

systems: add a redhat profile…

… for VPN, certificates and other Red Hat only customization.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>

Diffstat:
Msystems/hokkaido.nix | 1+
Msystems/modules/profiles/default.nix | 1+
Asystems/modules/profiles/redhat.nix | 31+++++++++++++++++++++++++++++++
3 files changed, 33 insertions(+), 0 deletions(-)

diff --git a/systems/hokkaido.nix b/systems/hokkaido.nix @@ -57,6 +57,7 @@ in yubikey.enable = true; virtualization = { enable = true; nested = true; }; docker.enable = true; + redhat.enable = true; }; environment.systemPackages = with pkgs; [ virtmanager ]; diff --git a/systems/modules/profiles/default.nix b/systems/modules/profiles/default.nix @@ -19,6 +19,7 @@ ./printing.nix ./pulseaudio.nix ./qemu.nix + ./redhat.nix ./scanning.nix ./ssh.nix ./syncthing.nix diff --git a/systems/modules/profiles/redhat.nix b/systems/modules/profiles/redhat.nix @@ -0,0 +1,31 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + cfg = config.profiles.redhat; +in +{ + options = { + profiles.redhat = { + enable = mkEnableOption "Enable the Red Hat profiles (VPN, certs, …)"; + }; + }; + config = mkIf cfg.enable { + # NetworkManager + environment.etc."NetworkManager/system-connections/1-RHVPN.ovpn".source = pkgs.mkSecret ../../../secrets/etc/NetworkManager/system-connections/1-RHVPN.ovpn; + environment.etc."NetworkManager/system-connections/AMS2.ovpn".source = pkgs.mkSecret ../../../secrets/etc/NetworkManager/system-connections/AMS2.ovpn; + environment.etc."NetworkManager/system-connections/BBRQ.ovpn".source = pkgs.mkSecret ../../../secrets/etc/NetworkManager/system-connections/BRQ.ovpn; + environment.etc."NetworkManager/system-connections/RDU2.ovpn".source = pkgs.mkSecret ../../../secrets/etc/NetworkManager/system-connections/RDU2.ovpn; + environment.etc."NetworkManager/system-connections/PNQ2.ovpn".source = pkgs.mkSecret ../../../secrets/etc/NetworkManager/system-connections/PNQ2.ovpn; + environment.etc."NetworkManager/system-connections/FAB.ovpn".source = pkgs.mkSecret ../../../secrets/etc/NetworkManager/system-connections/FAB.ovpn; + # Certificates + environment.etc."ipa/ipa.crt".source = pkgs.mkSecret ../../../secrets/etc/ipa/ipa.crt; + environment.etc."etc/pki/tls/certs/2015-RH-IT-Root-CA.pem".source = pkgs.mkSecret ../../../secrets/etc/pki/tls/certs/2015-RH-IT-Root-CA.pem; + environment.etc."etc/pki/tls/certs/Eng-CA.crt".source = pkgs.mkSecret ../../../secrets/etc/pki/tls/certs/Eng-CA.crt; + environment.etc."etc/pki/tls/certs/newca.crt".source = pkgs.mkSecret ../../../secrets/etc/pki/tls/certs/newca.crt; + environment.etc."etc/pki/tls/certs/oracle_ebs.crt".source = pkgs.mkSecret ../../../secrets/etc/pki/tls/certs/oracle_ebs.crt; + environment.etc."etc/pki/tls/certs/pki-ca-chain.crt".source = pkgs.mkSecret ../../../secrets/etc/pki/tls/certs/pki-ca-chain.crt; + environment.etc."etc/pki/tls/certs/RH_ITW.crt".source = pkgs.mkSecret ../../../secrets/etc/pki/tls/certs/RH_ITW.crt; + environment.etc."etc/pki/tls/certs/win-intermediate-ca.cer".source = pkgs.mkSecret ../../../secrets/etc/pki/tls/certs/win-intermediate-ca.cer; + }; +}