pinwheel: Update work module and related files/secrets

hosts/pinwheel/modules/waybar/default.nix

@@ -82,8 +82,11 @@ let
   '';
 
   work-vpn-status = pkgs.writeShellScript "work-vpn-status" ''
-    ON=$(ls /tmp | grep work-vpn-on | wc -l)
-    [ "$ON" -gt 0 ] && echo "WORK-VPN ON"
+    STAGING=$(systemctl is-active openvpn-work-staging.service)
+    [ "$STAGING" == "active" ] && echo "WORK-VPN STAGING ON" && exit 0
+
+    PRODUCTION=$(systemctl is-active openvpn-work-production.service)
+    [ "$PRODUCTION" == "active" ] && echo "WORK-VPN PRODUCTION ON" && exit 0
   '';
 
   toggle-bt-power = pkgs.writeShellScript "toggle-bt-power" ''

hosts/pinwheel/modules/work/default.nix

@@ -1,79 +1,50 @@
-{ pkgs, lib, config, ... }:
+{ lib, config, ... }:
 let
   gitEnabled = config.mod.git.enable;
-  goEnabled = config.mod.go.enable;
   openvpnEnabled = config.mod.openvpn.enable;
-
-  work-vpn = let
-    ovpnconfig = config.age.secrets.work-ovpn.path;
-    userpass = config.age.secrets.work-ovpn-userpass.path;
-  in
-    pkgs.writeShellApplication {
-    name = "work-vpn";
-    text = ''
-        touch /tmp/work-vpn-on; \
-        sudo \
-        ${pkgs.openvpn}/bin/openvpn \
-        --script-security 2 \
-        --up ${pkgs.update-systemd-resolved}/libexec/openvpn/update-systemd-resolved \
-        --up-restart \
-        --down ${pkgs.update-systemd-resolved}/libexec/openvpn/update-systemd-resolved \
-        --down-pre \
-        --config ${ovpnconfig} \
-        --auth-user-pass ${userpass}; \
-        rm /tmp/work-vpn-on
-    '';
-  };
 in
 {
   home-manager.users.alex = {
     programs.git = lib.mkIf gitEnabled {
       includes = [
         {
-          path = ./work-gitconfig;
+          path = config.age.secrets.work-gitconfig.path;
           condition = "gitdir:~/code/work/";
         }
       ];
     };
 
-    programs.go = lib.mkIf goEnabled {
-      goPrivate = [ "gitlab.com/zebware/*" ];
-    };
-
     programs.ssh = {
       enable = true;
+    };
+  };
 
-      matchBlocks = {
-        "gitlab.com" = {
-          hostname = "gitlab.com";
-          identityFile = "/home/alex/.ssh/alex.pinwheel-work";
-        };
-      };
+  services.openvpn.servers = lib.mkIf openvpnEnabled {
+    work-staging = {
+      config = "config ${config.age.secrets.work-staging-ovpn.path}";
+      autoStart = false;
     };
 
-    home.sessionVariables = {
-      ZCENV_HOME = "/home/alex/code/work/zebware/zcenv";
+    work-production = {
+      config = "config ${config.age.secrets.work-production-ovpn.path}";
+      autoStart = false;
     };
-
-    home.packages = lib.mkIf openvpnEnabled [ work-vpn ];
   };
 
   age.secrets = {
-    "alex.pinwheel-work" = {
-       file = ../../../../secrets/pinwheel/alex.pinwheel-work.age;
-       path = "/home/alex/.ssh/alex.pinwheel-work";
-       owner = "alex";
-       group = "users";
-    };
-    "alex.pinwheel-work.pub" = {
-       file = ../../../../secrets/pinwheel/alex.pinwheel-work.pub.age;
-       path = "/home/alex/.ssh/alex.pinwheel-work.pub";
-       owner = "alex";
-       group = "users";
+    "work-gitconfig" = lib.mkIf gitEnabled {
+      file = ../../../../secrets/pinwheel/work-gitconfig.age;
+      path = "/home/alex/code/work/.work-gitconfig";
+      owner = "alex";
+      group = "users";
     };
 
-    "work-ovpn" = lib.mkIf openvpnEnabled {
-      file = ../../../../secrets/pinwheel/work-ovpn.age;
+    "work-staging-ovpn" = lib.mkIf openvpnEnabled {
+      file = ../../../../secrets/pinwheel/work-staging-ovpn.age;
+    };
+
+    "work-production-ovpn" = lib.mkIf openvpnEnabled {
+      file = ../../../../secrets/pinwheel/work-production-ovpn.age;
     };
   };
 }

hosts/pinwheel/modules/work/work-gitconfig

@@ -1,3 +0,0 @@
-[user]
-name = Alexander Heldt
-email = alexander.heldt@zebware.com