Commit fa847466d20a
Changed files (4)
secrets
systems
redhat
secrets/redhat/2022-IT-Root-CA.pem
@@ -0,0 +1,37 @@
+-----BEGIN CERTIFICATE-----
+MIIGcjCCBFqgAwIBAgIFICIEEFwwDQYJKoZIhvcNAQEMBQAwgaMxCzAJBgNVBAYT
+AlVTMRcwFQYDVQQIDA5Ob3J0aCBDYXJvbGluYTEQMA4GA1UEBwwHUmFsZWlnaDEW
+MBQGA1UECgwNUmVkIEhhdCwgSW5jLjETMBEGA1UECwwKUmVkIEhhdCBJVDEZMBcG
+A1UEAwwQSW50ZXJuYWwgUm9vdCBDQTEhMB8GCSqGSIb3DQEJARYSaW5mb3NlY0By
+ZWRoYXQuY29tMCAXDTIzMDQwNTE4MzM0NFoYDzIwNTIwNDAyMTgzMzQ0WjCBozEL
+MAkGA1UEBhMCVVMxFzAVBgNVBAgMDk5vcnRoIENhcm9saW5hMRAwDgYDVQQHDAdS
+YWxlaWdoMRYwFAYDVQQKDA1SZWQgSGF0LCBJbmMuMRMwEQYDVQQLDApSZWQgSGF0
+IElUMRkwFwYDVQQDDBBJbnRlcm5hbCBSb290IENBMSEwHwYJKoZIhvcNAQkBFhJp
+bmZvc2VjQHJlZGhhdC5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
+AQCxuloEVglzWXZ9FFFUOSVdpRIB2jW5YBpwgMem2fPZeWIIvrVQ6PL9XNenDOXu
+BHbShD/PApxi/ujSZyOIjLsNh7WDO+0NqpkfTyB9wUYAhx3GTIGY75RSoyZy1yKb
+ZDTKv+rSfui9IlstAMz6L3OQLZES9zAYK8ICiDUwTeNZ7quA6qf0Kam2LyuBc/bl
+BI7WFLOGGWY135P1OUXJgnJUsMhnYMTgvZQyJ2P7eLQpiR8TOr5ZI6CYapiyG64L
+nkr/rsALjSxoUo09Yai1CVO66VFJ/XgMNt3mzQtLDMPXiKUuwsBsgvo4QvLjkXYI
+ii+/YQyQaypsKctG8mefKkTT1kRDKj4LNdTRRgd5tco+b4+O/4upt8mIsx1+tbdM
+LNGEz3Jqd0sj8Fl4Rzus+W+enzXmMfZH86X6bU5tMvueuFd5LV+M9XzliscaEQMK
+EQ7CC72ldrOK2K12Gjb7bu8dKq+aSlNuWK+Gz1NvbwYpaCBYp0JoryvHEq5jrCLP
+lTkuJQ3HaaAf+4LaBm8no9xK2VbDf6l/7Htb5I5LnAAZi0/5TzH07NhHoIeMSmTE
+Ea07i/i5lbhM2qbx6pfLukg24HLCKTdi4Fo6/JqPWH6/3eI55NsoWSmoDdTiLg4v
+1G/rgUVr2N6F36GTYMGqiITvvd4Qm3i9XOTQvsx8RJx4JQIDAQABo4GoMIGlMB0G
+A1UdDgQWBBS1+o3lCnihCZXbTSGGlWpZT0nIizAfBgNVHSMEGDAWgBS1+o3lCnih
+CZXbTSGGlWpZT0nIizAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAR
+BglghkgBhvhCAQEEBAMCAQYwLwYDVR0fBCgwJjAkoCKgIIYeaHR0cDovL29jc3Au
+cmVkaGF0LmNvbS9jcmwucGVtMA0GCSqGSIb3DQEBDAUAA4ICAQCDLaGTS0g2HmMS
+g0i6Z0RVDC7sSnWFgEk2ZO1WUQj5WkFVS7gWxed/mXCzeL2EV1Pd22YKHM1eU1vo
+6b03cbNRXlRGGFksmQeM9h2sVjbP0hRZxqqfI+UW223N8E+qK3wSa8m6nhOfIJie
+DD9s8CdL1VT6l4qq2gR8mVBW7EZ+Ux5u+AMXpN4WPEkcLer2djbfhXoPsJ4r5CcX
+vh7W5rCZbo+0oBI5hrTlG4Tjhv1atqLhMmssjn8NbRrnhrbGF7w8NxFts69GkKDB
+UIXr1pWZSAuRELlIxmvh5ZSX5YTbFmDuTvmNx8RPPy6OY4W1v1BUKp0HyJTi07s2
+8SN+n9htHPHX9XBZctQmOSFLiqhi15LIqI54tR2tSgwH3Z5moh4sy6MuApXstsu4
+qtkII2KZk3SottI8MOS6zqKrU7jPou6ZE0fznNiu23Q3Ksuuj6mBkLVw3bQe68Vm
+NUTDac1oVzc8d5NMbx5kVb4Lahq+SATVFC8NK9G/Pk1AiwO8WhKffySsLeO5nMib
+4BOVq0qFoAi8YCFuJOl9FlH1dPW/TnqlTQMQNhXpzGjU3HV3lr/Mk+ghNgIYcLcz
+pEBsiGwKOVW4nYKIqPLn/36Ao/kfXeAdJhaAZq1SkTbeqNiwHQm3KNHzNObmjD0f
+56vmq8fwQYIcazjrygWiaOnoep/SMw==
+-----END CERTIFICATE-----
secrets/redhat/2022-RH-IT-Root-CA.pem.age
Binary file
systems/redhat/default.nix
@@ -1,4 +1,10 @@
-{ config, ... }: {
+{ config, pkgs, ... }: {
+ environment.systemPackages = with pkgs; [
+ krb5
+ (google-chrome.override {
+ commandLineArgs = "--auth-negotiate-delegate-whitelist='*.redhat.com' --auth-server-whitelist=.redhat.com --enable-features=UseOzonePlatform --enable-gpu --ozone-platform=wayland";
+ })
+ ];
# Kerberos
age.secrets."krb5.conf" = {
file = ../../secrets/redhat/krb5.conf.age;
@@ -33,4 +39,17 @@
path = "/etc/ipa/ipa.crt";
mode = "444";
};
+ age.secrets."2022-RH-IT-Root-CA.pem" = {
+ file = ../../secrets/redhat/2022-RH-IT-Root-CA.pem.age;
+ path = "/etc/pki/tls/certs/2022-RH-IT-Root-CA.pem";
+ mode = "444";
+ };
+
+ # security.pki.certificates =[];
+ security.pki.certificateFiles = [
+ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
+ # "${config.age.secrets."2022-RH-IT-Root-CA.pem".path}"
+ # "/home/vincent/tmp/2022-IT-Root-CA.pem"
+ ../../secrets/redhat/2022-IT-Root-CA.pem
+ ];
}
secrets.nix
@@ -26,6 +26,7 @@ in
"secrets/redhat/RDU2.ovpn.age".publicKeys = users ++ [ aomi wakasu kyushu ];
"secrets/redhat/BBRQ.ovpn.age".publicKeys = users ++ [ aomi wakasu kyushu ];
"secrets/redhat/ipa.crt.age".publicKeys = users ++ [ aomi wakasu kyushu ];
+ "secrets/redhat/2022-RH-IT-Root-CA.pem.age".publicKeys = users ++ [ aomi wakasu kyushu ];
"secrets/redhat/2015-RH-IT-Root-CA.pem.age".publicKeys = users ++ [ aomi wakasu kyushu ];
"secrets/redhat/Eng-CA.crt.age".publicKeys = users ++ [ aomi wakasu kyushu ];
"secrets/redhat/newca.crt.age".publicKeys = users ++ [ aomi wakasu kyushu ];