pinwheel: Update work module and related files/secrets
This commit is contained in:
Alexander Heldt
@@ -1,79 +1,50 @@
|
||||
{ pkgs, lib, config, ... }:
|
||||
{ lib, config, ... }:
|
||||
let
|
||||
gitEnabled = config.mod.git.enable;
|
||||
goEnabled = config.mod.go.enable;
|
||||
openvpnEnabled = config.mod.openvpn.enable;
|
||||
|
||||
work-vpn = let
|
||||
ovpnconfig = config.age.secrets.work-ovpn.path;
|
||||
userpass = config.age.secrets.work-ovpn-userpass.path;
|
||||
in
|
||||
pkgs.writeShellApplication {
|
||||
name = "work-vpn";
|
||||
text = ''
|
||||
touch /tmp/work-vpn-on; \
|
||||
sudo \
|
||||
${pkgs.openvpn}/bin/openvpn \
|
||||
--script-security 2 \
|
||||
--up ${pkgs.update-systemd-resolved}/libexec/openvpn/update-systemd-resolved \
|
||||
--up-restart \
|
||||
--down ${pkgs.update-systemd-resolved}/libexec/openvpn/update-systemd-resolved \
|
||||
--down-pre \
|
||||
--config ${ovpnconfig} \
|
||||
--auth-user-pass ${userpass}; \
|
||||
rm /tmp/work-vpn-on
|
||||
'';
|
||||
};
|
||||
in
|
||||
{
|
||||
home-manager.users.alex = {
|
||||
programs.git = lib.mkIf gitEnabled {
|
||||
includes = [
|
||||
{
|
||||
path = ./work-gitconfig;
|
||||
path = config.age.secrets.work-gitconfig.path;
|
||||
condition = "gitdir:~/code/work/";
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
programs.go = lib.mkIf goEnabled {
|
||||
goPrivate = [ "gitlab.com/zebware/*" ];
|
||||
};
|
||||
|
||||
programs.ssh = {
|
||||
enable = true;
|
||||
};
|
||||
};
|
||||
|
||||
matchBlocks = {
|
||||
"gitlab.com" = {
|
||||
hostname = "gitlab.com";
|
||||
identityFile = "/home/alex/.ssh/alex.pinwheel-work";
|
||||
};
|
||||
};
|
||||
services.openvpn.servers = lib.mkIf openvpnEnabled {
|
||||
work-staging = {
|
||||
config = "config ${config.age.secrets.work-staging-ovpn.path}";
|
||||
autoStart = false;
|
||||
};
|
||||
|
||||
home.sessionVariables = {
|
||||
ZCENV_HOME = "/home/alex/code/work/zebware/zcenv";
|
||||
work-production = {
|
||||
config = "config ${config.age.secrets.work-production-ovpn.path}";
|
||||
autoStart = false;
|
||||
};
|
||||
|
||||
home.packages = lib.mkIf openvpnEnabled [ work-vpn ];
|
||||
};
|
||||
|
||||
age.secrets = {
|
||||
"alex.pinwheel-work" = {
|
||||
file = ../../../../secrets/pinwheel/alex.pinwheel-work.age;
|
||||
path = "/home/alex/.ssh/alex.pinwheel-work";
|
||||
owner = "alex";
|
||||
group = "users";
|
||||
};
|
||||
"alex.pinwheel-work.pub" = {
|
||||
file = ../../../../secrets/pinwheel/alex.pinwheel-work.pub.age;
|
||||
path = "/home/alex/.ssh/alex.pinwheel-work.pub";
|
||||
owner = "alex";
|
||||
group = "users";
|
||||
"work-gitconfig" = lib.mkIf gitEnabled {
|
||||
file = ../../../../secrets/pinwheel/work-gitconfig.age;
|
||||
path = "/home/alex/code/work/.work-gitconfig";
|
||||
owner = "alex";
|
||||
group = "users";
|
||||
};
|
||||
|
||||
"work-ovpn" = lib.mkIf openvpnEnabled {
|
||||
file = ../../../../secrets/pinwheel/work-ovpn.age;
|
||||
"work-staging-ovpn" = lib.mkIf openvpnEnabled {
|
||||
file = ../../../../secrets/pinwheel/work-staging-ovpn.age;
|
||||
};
|
||||
|
||||
"work-production-ovpn" = lib.mkIf openvpnEnabled {
|
||||
file = ../../../../secrets/pinwheel/work-production-ovpn.age;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user