redhat.nix (2765B)
1 { config, lib, pkgs, ... }: 2 3 with lib; 4 let 5 cfg = config.profiles.redhat; 6 in 7 { 8 options = { 9 profiles.redhat = { 10 enable = mkEnableOption "Enable the Red Hat profiles (VPN, certs, …)"; 11 }; 12 }; 13 config = mkIf cfg.enable { 14 environment.systemPackages = with pkgs; [ 15 krb5 16 (google-chrome.override { 17 commandLineArgs = "--auth-negotiate-delegate-whitelist='*.redhat.com' --auth-server-whitelist=.redhat.com"; 18 }) 19 libnotify 20 ]; 21 environment.etc."krb5.conf" = { 22 source = pkgs.mkSecret ../../../secrets/etc/krb5.conf; 23 }; 24 # NetworkManager 25 environment.etc."NetworkManager/system-connections/1-RHVPN.ovpn" = { 26 source = pkgs.mkSecret ../../../secrets/etc/NetworkManager/system-connections/1-RHVPN.ovpn; 27 mode = "0600"; 28 }; 29 environment.etc."NetworkManager/system-connections/AMS2.ovpn" = { 30 source = pkgs.mkSecret ../../../secrets/etc/NetworkManager/system-connections/AMS2.ovpn; 31 mode = "0600"; 32 }; 33 environment.etc."NetworkManager/system-connections/BBRQ.ovpn" = { 34 source = pkgs.mkSecret ../../../secrets/etc/NetworkManager/system-connections/BRQ.ovpn; 35 mode = "0600"; 36 }; 37 environment.etc."NetworkManager/system-connections/RDU2.ovpn" = { 38 source = pkgs.mkSecret ../../../secrets/etc/NetworkManager/system-connections/RDU2.ovpn; 39 mode = "0600"; 40 }; 41 environment.etc."NetworkManager/system-connections/PNQ2.ovpn" = { 42 source = pkgs.mkSecret ../../../secrets/etc/NetworkManager/system-connections/PNQ2.ovpn; 43 mode = "0600"; 44 }; 45 environment.etc."NetworkManager/system-connections/FAB.ovpn" = { 46 source = pkgs.mkSecret ../../../secrets/etc/NetworkManager/system-connections/FAB.ovpn; 47 mode = "0600"; 48 }; 49 # Certificates 50 environment.etc."ipa/ipa.crt".source = pkgs.mkSecret ../../../secrets/etc/ipa/ipa.crt; 51 environment.etc."pki/tls/certs/2015-RH-IT-Root-CA.pem".source = pkgs.mkSecret ../../../secrets/etc/pki/tls/certs/2015-RH-IT-Root-CA.pem; 52 environment.etc."pki/tls/certs/Eng-CA.crt".source = pkgs.mkSecret ../../../secrets/etc/pki/tls/certs/Eng-CA.crt; 53 environment.etc."pki/tls/certs/newca.crt".source = pkgs.mkSecret ../../../secrets/etc/pki/tls/certs/newca.crt; 54 environment.etc."pki/tls/certs/oracle_ebs.crt".source = pkgs.mkSecret ../../../secrets/etc/pki/tls/certs/oracle_ebs.crt; 55 environment.etc."pki/tls/certs/pki-ca-chain.crt".source = pkgs.mkSecret ../../../secrets/etc/pki/tls/certs/pki-ca-chain.crt; 56 environment.etc."pki/tls/certs/RH_ITW.crt".source = pkgs.mkSecret ../../../secrets/etc/pki/tls/certs/RH_ITW.crt; 57 environment.etc."pki/tls/certs/win-intermediate-ca.cer".source = pkgs.mkSecret ../../../secrets/etc/pki/tls/certs/win-intermediate-ca.cer; 58 }; 59 }