Commit 22a53d57dddf
Changed files (3)
systems
modules
profiles
users
vincent
redhat
systems/modules/profiles/redhat.nix
@@ -12,20 +12,38 @@ in
};
config = mkIf cfg.enable {
# NetworkManager
- environment.etc."NetworkManager/system-connections/1-RHVPN.ovpn".source = pkgs.mkSecret ../../../secrets/etc/NetworkManager/system-connections/1-RHVPN.ovpn;
- environment.etc."NetworkManager/system-connections/AMS2.ovpn".source = pkgs.mkSecret ../../../secrets/etc/NetworkManager/system-connections/AMS2.ovpn;
- environment.etc."NetworkManager/system-connections/BBRQ.ovpn".source = pkgs.mkSecret ../../../secrets/etc/NetworkManager/system-connections/BRQ.ovpn;
- environment.etc."NetworkManager/system-connections/RDU2.ovpn".source = pkgs.mkSecret ../../../secrets/etc/NetworkManager/system-connections/RDU2.ovpn;
- environment.etc."NetworkManager/system-connections/PNQ2.ovpn".source = pkgs.mkSecret ../../../secrets/etc/NetworkManager/system-connections/PNQ2.ovpn;
- environment.etc."NetworkManager/system-connections/FAB.ovpn".source = pkgs.mkSecret ../../../secrets/etc/NetworkManager/system-connections/FAB.ovpn;
+ environment.etc."NetworkManager/system-connections/1-RHVPN.ovpn" = {
+ source = pkgs.mkSecret ../../../secrets/etc/NetworkManager/system-connections/1-RHVPN.ovpn;
+ mode = "0600";
+ };
+ environment.etc."NetworkManager/system-connections/AMS2.ovpn" = {
+ source = pkgs.mkSecret ../../../secrets/etc/NetworkManager/system-connections/AMS2.ovpn;
+ mode = "0600";
+ };
+ environment.etc."NetworkManager/system-connections/BBRQ.ovpn" = {
+ source = pkgs.mkSecret ../../../secrets/etc/NetworkManager/system-connections/BRQ.ovpn;
+ mode = "0600";
+ };
+ environment.etc."NetworkManager/system-connections/RDU2.ovpn" = {
+ source = pkgs.mkSecret ../../../secrets/etc/NetworkManager/system-connections/RDU2.ovpn;
+ mode = "0600";
+ };
+ environment.etc."NetworkManager/system-connections/PNQ2.ovpn" = {
+ source = pkgs.mkSecret ../../../secrets/etc/NetworkManager/system-connections/PNQ2.ovpn;
+ mode = "0600";
+ };
+ environment.etc."NetworkManager/system-connections/FAB.ovpn" = {
+ source = pkgs.mkSecret ../../../secrets/etc/NetworkManager/system-connections/FAB.ovpn;
+ mode = "0600";
+ };
# Certificates
environment.etc."ipa/ipa.crt".source = pkgs.mkSecret ../../../secrets/etc/ipa/ipa.crt;
- environment.etc."etc/pki/tls/certs/2015-RH-IT-Root-CA.pem".source = pkgs.mkSecret ../../../secrets/etc/pki/tls/certs/2015-RH-IT-Root-CA.pem;
- environment.etc."etc/pki/tls/certs/Eng-CA.crt".source = pkgs.mkSecret ../../../secrets/etc/pki/tls/certs/Eng-CA.crt;
- environment.etc."etc/pki/tls/certs/newca.crt".source = pkgs.mkSecret ../../../secrets/etc/pki/tls/certs/newca.crt;
- environment.etc."etc/pki/tls/certs/oracle_ebs.crt".source = pkgs.mkSecret ../../../secrets/etc/pki/tls/certs/oracle_ebs.crt;
- environment.etc."etc/pki/tls/certs/pki-ca-chain.crt".source = pkgs.mkSecret ../../../secrets/etc/pki/tls/certs/pki-ca-chain.crt;
- environment.etc."etc/pki/tls/certs/RH_ITW.crt".source = pkgs.mkSecret ../../../secrets/etc/pki/tls/certs/RH_ITW.crt;
- environment.etc."etc/pki/tls/certs/win-intermediate-ca.cer".source = pkgs.mkSecret ../../../secrets/etc/pki/tls/certs/win-intermediate-ca.cer;
+ environment.etc."pki/tls/certs/2015-RH-IT-Root-CA.pem".source = pkgs.mkSecret ../../../secrets/etc/pki/tls/certs/2015-RH-IT-Root-CA.pem;
+ environment.etc."pki/tls/certs/Eng-CA.crt".source = pkgs.mkSecret ../../../secrets/etc/pki/tls/certs/Eng-CA.crt;
+ environment.etc."pki/tls/certs/newca.crt".source = pkgs.mkSecret ../../../secrets/etc/pki/tls/certs/newca.crt;
+ environment.etc."pki/tls/certs/oracle_ebs.crt".source = pkgs.mkSecret ../../../secrets/etc/pki/tls/certs/oracle_ebs.crt;
+ environment.etc."pki/tls/certs/pki-ca-chain.crt".source = pkgs.mkSecret ../../../secrets/etc/pki/tls/certs/pki-ca-chain.crt;
+ environment.etc."pki/tls/certs/RH_ITW.crt".source = pkgs.mkSecret ../../../secrets/etc/pki/tls/certs/RH_ITW.crt;
+ environment.etc."pki/tls/certs/win-intermediate-ca.cer".source = pkgs.mkSecret ../../../secrets/etc/pki/tls/certs/win-intermediate-ca.cer;
};
}
users/vincent/redhat/redhat-vpn.desktop
@@ -0,0 +1,7 @@
+[Desktop Entry]
+Name=Red Hat VPN
+Exec=redhat-vpn
+Type=Application
+Terminal=false
+Categories=System;
+Icon=seahorse;
\ No newline at end of file
users/vincent/default.nix
@@ -42,37 +42,42 @@ in
*/
security.pam.services.vincent.fprintAuth = config.services.fprintd.enable;
- home-manager.users.vincent = lib.mkMerge (
- [
- (import ./core)
- (import ./mails { hostname = config.networking.hostName; pkgs = pkgs; })
- ]
- ++ optionals config.profiles.dev.enable [ (import ./dev) ]
- ++ optionals config.profiles.desktop.enable [ (import ./desktop) ]
- ++ optionals config.services.xserver.desktopManager.gnome3.enable [ (import ./desktop/gnome.nix) ]
- ++ optionals (config.networking.hostName == "wakasu") [
- {
- home.packages = with pkgs; [
- libosinfo
- asciinema
- oathToolkit
- ];
- }
- ]
- ++ optionals (config.profiles.laptop.enable && config.profiles.desktop.enable) [
- {
- # FIXME move this in its own file
- programs.autorandr.enable = true;
- }
- ]
- ++ optionals config.profiles.docker.enable [
- {
- home.packages = with pkgs; [ docker docker-compose ];
- }
- ]
- ++ optionals (isContainersEnabled && config.profiles.dev.enable) [ (import ./containers) ]
- ++ optionals config.profiles.kubernetes.enable [ (import ./containers/kubernetes.nix) ]
- ++ optionals config.profiles.openshift.enable [ (import ./containers/openshift.nix) ]
- ++ optionals config.profiles.tekton.enable [ (import ./containers/tekton.nix) ]
- );
+ home-manager.users.vincent = lib.mkMerge
+ (
+ [
+ (import ./core)
+ (import ./mails { hostname = config.networking.hostName; pkgs = pkgs; })
+ ]
+ ++ optionals config.profiles.dev.enable [ (import ./dev) ]
+ ++ optionals config.profiles.desktop.enable [ (import ./desktop) ]
+ ++ optionals config.services.xserver.desktopManager.gnome3.enable [ (import ./desktop/gnome.nix) ]
+ ++ optionals (config.networking.hostName == "wakasu") [
+ {
+ home.packages = with pkgs; [
+ libosinfo
+ asciinema
+ oathToolkit
+ ];
+ }
+ ]
+ ++ optionals (config.profiles.laptop.enable && config.profiles.desktop.enable) [
+ {
+ # FIXME move this in its own file
+ programs.autorandr.enable = true;
+ }
+ ]
+ ++ optionals config.profiles.docker.enable [
+ {
+ home.packages = with pkgs; [ docker docker-compose ];
+ }
+ ]
+ ++ optionals (isContainersEnabled && config.profiles.dev.enable) [ (import ./containers) ]
+ ++ optionals config.profiles.kubernetes.enable [ (import ./containers/kubernetes.nix) ]
+ ++ optionals config.profiles.openshift.enable [ (import ./containers/openshift.nix) ]
+ ++ optionals config.profiles.tekton.enable [ (import ./containers/tekton.nix) ]
+ ++ optionals config.profiles.redhat.enable [{
+ home.file.".local/share/applications/redhat-vpn.desktop".source = ./redhat/redhat-vpn.desktop;
+ home.packages = with pkgs; [ gnome3.zenity oathToolkit ];
+ }]
+ );
}