work.nix (3031B)
1 { config, lib, pkgs, ... }: 2 3 with lib; 4 let 5 cfg = config.modules.profiles.work; 6 common = { 7 sopsFile = ../../../secrets/desktops/redhat.yaml; 8 mode = "444"; 9 owner = "root"; 10 group = "root"; 11 }; 12 in 13 { 14 options = { 15 modules.profiles.work = { 16 redhat = mkEnableOption "Enable the Red Hat profiles (VPN, certs, …)"; 17 }; 18 }; 19 config = mkIf cfg.redhat { 20 environment.systemPackages = with pkgs; [ 21 krb5 22 (google-chrome.override { 23 commandLineArgs = "--auth-negotiate-delegate-whitelist='*.redhat.com' --auth-server-whitelist=.redhat.com --enable-features=UseOzonePlatform --enable-gpu --ozone-platform=wayland"; 24 }) 25 libnotify 26 ]; 27 sops.secrets."krb5.conf" = { 28 inherit (common) mode owner group sopsFile; 29 path = "/etc/krb5.conf"; 30 }; 31 # NetworkManager 32 sops.secrets."1-RHVPN.ovpn" = { 33 inherit (common) owner group sopsFile; 34 path = "/etc/NetworkManager/system-connections/1-RHVPN.ovpn"; 35 mode = "600"; 36 }; 37 sops.secrets."AMS2.ovpn" = { 38 inherit (common) owner group sopsFile; 39 path = "/etc/NetworkManager/system-connections/AMS2.ovpn"; 40 mode = "600"; 41 }; 42 sops.secrets."BBRQ.ovpn" = { 43 inherit (common) owner group sopsFile; 44 path = "/etc/NetworkManager/system-connections/BBRQ.ovpn"; 45 mode = "600"; 46 }; 47 sops.secrets."RDU2.ovpn" = { 48 inherit (common) owner group sopsFile; 49 path = "/etc/NetworkManager/system-connections/RDU2.ovpn"; 50 mode = "600"; 51 }; 52 sops.secrets."PNQ2.ovpn" = { 53 inherit (common) owner group sopsFile; 54 path = "/etc/NetworkManager/system-connections/PNQ2.ovpn"; 55 mode = "600"; 56 }; 57 sops.secrets."FAB.ovpn" = { 58 inherit (common) owner group sopsFile; 59 path = "/etc/NetworkManager/system-connections/FAB.ovpn"; 60 mode = "600"; 61 }; 62 # Certificates 63 sops.secrets."ipa.crt" = { 64 inherit (common) mode owner group sopsFile; 65 path = "/etc/ipa/ipa.crt"; 66 }; 67 sops.secrets."2015-RH-IT-Root-CA.pem" = { 68 inherit (common) mode owner group sopsFile; 69 path = "/etc/pki/tls/certs/2015-RH-IT-Root-CA.pem"; 70 }; 71 sops.secrets."Eng-CA.crt" = { 72 inherit (common) mode owner group sopsFile; 73 path = "/etc/pki/tls/certs/Eng-CA.crt"; 74 }; 75 sops.secrets."newca.crt" = { 76 inherit (common) mode owner group sopsFile; 77 path = "/etc/pki/tls/certs/newca.crt"; 78 }; 79 sops.secrets."oracle_ebs.crt" = { 80 inherit (common) mode owner group sopsFile; 81 path = "/etc/pki/tls/certs/oracle_ebs.crt"; 82 }; 83 sops.secrets."pki-ca-chain.crt" = { 84 inherit (common) mode owner group sopsFile; 85 path = "/etc/pki/tls/certs/pki-ca-chain.crt"; 86 }; 87 sops.secrets."RH_ITW.crt" = { 88 inherit (common) mode owner group sopsFile; 89 path = "/etc/pki/tls/certs/RH_ITW.crt"; 90 }; 91 sops.secrets."win-intermediate-ca.cer" = { 92 inherit (common) mode owner group sopsFile; 93 path = "/etc/pki/tls/certs/win-intermediate-ca.cer"; 94 }; 95 }; 96 97 }