main
1{ pkgs, ... }:
2{
3 environment.systemPackages = with pkgs; [
4 krb5
5 (google-chrome.override {
6 commandLineArgs = "--auth-negotiate-delegate-whitelist='*.redhat.com' --auth-server-whitelist=.redhat.com --enable-features=UseOzonePlatform --enable-gpu --ozone-platform=wayland";
7 })
8 # FIXME split this into real things
9 oath-toolkit
10 ];
11 # Kerberos
12 age.secrets."krb5.conf" = {
13 file = ../../secrets/redhat/krb5.conf.age;
14 path = "/etc/krb5.conf";
15 mode = "444";
16 group = "wheel";
17 };
18 # NetworkManager
19 age.secrets."RHVPN.ovpn" = {
20 file = ../../secrets/redhat/RHVPN.ovpn.age;
21 path = "/etc/NetworkManager/system-connections/RHVPN.ovpn";
22 mode = "600";
23 };
24 age.secrets."AMS2.ovpn" = {
25 file = ../../secrets/redhat/AMS2.ovpn.age;
26 path = "/etc/NetworkManager/system-connections/AMS2.ovpn";
27 mode = "600";
28 };
29 age.secrets."BBRQ.ovpn" = {
30 file = ../../secrets/redhat/BBRQ.ovpn.age;
31 path = "/etc/NetworkManager/system-connections/BBRQ.ovpn";
32 mode = "600";
33 };
34 age.secrets."RDU2.ovpn" = {
35 file = ../../secrets/redhat/RDU2.ovpn.age;
36 path = "/etc/NetworkManager/system-connections/RDU2.ovpn";
37 mode = "600";
38 };
39 # Certificates
40 age.secrets."ipa.crt" = {
41 file = ../../secrets/redhat/ipa.crt.age;
42 path = "/etc/ipa/ipa.crt";
43 mode = "444";
44 };
45 age.secrets."2022-RH-IT-Root-CA.pem" = {
46 file = ../../secrets/redhat/2022-RH-IT-Root-CA.pem.age;
47 path = "/etc/pki/tls/certs/2022-RH-IT-Root-CA.pem";
48 mode = "444";
49 };
50
51 # security.pki.certificates =[];
52 security.pki.certificateFiles = [
53 "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
54 # "${config.age.secrets."2022-RH-IT-Root-CA.pem".path}"
55 # "/home/vincent/tmp/2022-IT-Root-CA.pem"
56 ../../secrets/redhat/2022-IT-Root-CA.pem
57 ];
58}