home

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs | README | LICENSE

redhat.nix (2765B)


      1 { config, lib, pkgs, ... }:
      2 
      3 with lib;
      4 let
      5   cfg = config.profiles.redhat;
      6 in
      7 {
      8   options = {
      9     profiles.redhat = {
     10       enable = mkEnableOption "Enable the Red Hat profiles (VPN, certs, …)";
     11     };
     12   };
     13   config = mkIf cfg.enable {
     14     environment.systemPackages = with pkgs; [
     15       krb5
     16       (google-chrome.override {
     17         commandLineArgs = "--auth-negotiate-delegate-whitelist='*.redhat.com' --auth-server-whitelist=.redhat.com";
     18       })
     19       libnotify
     20     ];
     21     environment.etc."krb5.conf" = {
     22       source = pkgs.mkSecret ../../../secrets/etc/krb5.conf;
     23     };
     24     # NetworkManager
     25     environment.etc."NetworkManager/system-connections/1-RHVPN.ovpn" = {
     26       source = pkgs.mkSecret ../../../secrets/etc/NetworkManager/system-connections/1-RHVPN.ovpn;
     27       mode = "0600";
     28     };
     29     environment.etc."NetworkManager/system-connections/AMS2.ovpn" = {
     30       source = pkgs.mkSecret ../../../secrets/etc/NetworkManager/system-connections/AMS2.ovpn;
     31       mode = "0600";
     32     };
     33     environment.etc."NetworkManager/system-connections/BBRQ.ovpn" = {
     34       source = pkgs.mkSecret ../../../secrets/etc/NetworkManager/system-connections/BRQ.ovpn;
     35       mode = "0600";
     36     };
     37     environment.etc."NetworkManager/system-connections/RDU2.ovpn" = {
     38       source = pkgs.mkSecret ../../../secrets/etc/NetworkManager/system-connections/RDU2.ovpn;
     39       mode = "0600";
     40     };
     41     environment.etc."NetworkManager/system-connections/PNQ2.ovpn" = {
     42       source = pkgs.mkSecret ../../../secrets/etc/NetworkManager/system-connections/PNQ2.ovpn;
     43       mode = "0600";
     44     };
     45     environment.etc."NetworkManager/system-connections/FAB.ovpn" = {
     46       source = pkgs.mkSecret ../../../secrets/etc/NetworkManager/system-connections/FAB.ovpn;
     47       mode = "0600";
     48     };
     49     # Certificates
     50     environment.etc."ipa/ipa.crt".source = pkgs.mkSecret ../../../secrets/etc/ipa/ipa.crt;
     51     environment.etc."pki/tls/certs/2015-RH-IT-Root-CA.pem".source = pkgs.mkSecret ../../../secrets/etc/pki/tls/certs/2015-RH-IT-Root-CA.pem;
     52     environment.etc."pki/tls/certs/Eng-CA.crt".source = pkgs.mkSecret ../../../secrets/etc/pki/tls/certs/Eng-CA.crt;
     53     environment.etc."pki/tls/certs/newca.crt".source = pkgs.mkSecret ../../../secrets/etc/pki/tls/certs/newca.crt;
     54     environment.etc."pki/tls/certs/oracle_ebs.crt".source = pkgs.mkSecret ../../../secrets/etc/pki/tls/certs/oracle_ebs.crt;
     55     environment.etc."pki/tls/certs/pki-ca-chain.crt".source = pkgs.mkSecret ../../../secrets/etc/pki/tls/certs/pki-ca-chain.crt;
     56     environment.etc."pki/tls/certs/RH_ITW.crt".source = pkgs.mkSecret ../../../secrets/etc/pki/tls/certs/RH_ITW.crt;
     57     environment.etc."pki/tls/certs/win-intermediate-ca.cer".source = pkgs.mkSecret ../../../secrets/etc/pki/tls/certs/win-intermediate-ca.cer;
     58   };
     59 }