home

My NixOS systems configurations.
Log | Files | Refs | LICENSE

work.nix (3031B)


      1 { config, lib, pkgs, ... }:
      2 
      3 with lib;
      4 let
      5   cfg = config.modules.profiles.work;
      6   common = {
      7     sopsFile = ../../../secrets/desktops/redhat.yaml;
      8     mode = "444";
      9     owner = "root";
     10     group = "root";
     11   };
     12 in
     13 {
     14   options = {
     15     modules.profiles.work = {
     16       redhat = mkEnableOption "Enable the Red Hat profiles (VPN, certs, …)";
     17     };
     18   };
     19   config = mkIf cfg.redhat {
     20     environment.systemPackages = with pkgs; [
     21       krb5
     22       (google-chrome.override {
     23         commandLineArgs = "--auth-negotiate-delegate-whitelist='*.redhat.com' --auth-server-whitelist=.redhat.com --enable-features=UseOzonePlatform --enable-gpu --ozone-platform=wayland";
     24       })
     25       libnotify
     26     ];
     27     sops.secrets."krb5.conf" = {
     28       inherit (common) mode owner group sopsFile;
     29       path = "/etc/krb5.conf";
     30     };
     31     # NetworkManager
     32     sops.secrets."1-RHVPN.ovpn" = {
     33       inherit (common) owner group sopsFile;
     34       path = "/etc/NetworkManager/system-connections/1-RHVPN.ovpn";
     35       mode = "600";
     36     };
     37     sops.secrets."AMS2.ovpn" = {
     38       inherit (common) owner group sopsFile;
     39       path = "/etc/NetworkManager/system-connections/AMS2.ovpn";
     40       mode = "600";
     41     };
     42     sops.secrets."BBRQ.ovpn" = {
     43       inherit (common) owner group sopsFile;
     44       path = "/etc/NetworkManager/system-connections/BBRQ.ovpn";
     45       mode = "600";
     46     };
     47     sops.secrets."RDU2.ovpn" = {
     48       inherit (common) owner group sopsFile;
     49       path = "/etc/NetworkManager/system-connections/RDU2.ovpn";
     50       mode = "600";
     51     };
     52     sops.secrets."PNQ2.ovpn" = {
     53       inherit (common) owner group sopsFile;
     54       path = "/etc/NetworkManager/system-connections/PNQ2.ovpn";
     55       mode = "600";
     56     };
     57     sops.secrets."FAB.ovpn" = {
     58       inherit (common) owner group sopsFile;
     59       path = "/etc/NetworkManager/system-connections/FAB.ovpn";
     60       mode = "600";
     61     };
     62     # Certificates
     63     sops.secrets."ipa.crt" = {
     64       inherit (common) mode owner group sopsFile;
     65       path = "/etc/ipa/ipa.crt";
     66     };
     67     sops.secrets."2015-RH-IT-Root-CA.pem" = {
     68       inherit (common) mode owner group sopsFile;
     69       path = "/etc/pki/tls/certs/2015-RH-IT-Root-CA.pem";
     70     };
     71     sops.secrets."Eng-CA.crt" = {
     72       inherit (common) mode owner group sopsFile;
     73       path = "/etc/pki/tls/certs/Eng-CA.crt";
     74     };
     75     sops.secrets."newca.crt" = {
     76       inherit (common) mode owner group sopsFile;
     77       path = "/etc/pki/tls/certs/newca.crt";
     78     };
     79     sops.secrets."oracle_ebs.crt" = {
     80       inherit (common) mode owner group sopsFile;
     81       path = "/etc/pki/tls/certs/oracle_ebs.crt";
     82     };
     83     sops.secrets."pki-ca-chain.crt" = {
     84       inherit (common) mode owner group sopsFile;
     85       path = "/etc/pki/tls/certs/pki-ca-chain.crt";
     86     };
     87     sops.secrets."RH_ITW.crt" = {
     88       inherit (common) mode owner group sopsFile;
     89       path = "/etc/pki/tls/certs/RH_ITW.crt";
     90     };
     91     sops.secrets."win-intermediate-ca.cer" = {
     92       inherit (common) mode owner group sopsFile;
     93       path = "/etc/pki/tls/certs/win-intermediate-ca.cer";
     94     };
     95   };
     96 
     97 }