From f49b40428cfb84ff4de4ec1a9bde82b99d95328b Mon Sep 17 00:00:00 2001
From: Matej Focko <me@mfocko.xyz>
Date: Thu, 28 Nov 2024 09:40:01 +0100
Subject: [PATCH] fix(zsh): fix RH functions

As the previous way of connecting to the VPN and obtaining Kerberos
ticket is not safe (keeping both password and TOTP together), it has not
been used for a long time.

Refactor the aliases to allow for safer, yet somewhat automated way of
connecting and obtaining Kerberos ticket.

Signed-off-by: Matej Focko <me@mfocko.xyz>
---
 roles/shell/zsh/templates/zshrc | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/roles/shell/zsh/templates/zshrc b/roles/shell/zsh/templates/zshrc
index 175783e..751ac61 100644
--- a/roles/shell/zsh/templates/zshrc
+++ b/roles/shell/zsh/templates/zshrc
@@ -143,9 +143,20 @@ function ls_links() {
 }
 
 ### Red Hat ###
-alias rh_vpn='echo "$(bw get password Red\ Hat\ -\ SSO)$(bw get totp Red\ Hat\ -\ SSO)" | nmcli --ask connection up Brno\ \(BRQ\)'
-alias rh_vpn_rdu2='echo "$(bw get password Red\ Hat\ -\ SSO)$(bw get totp Red\ Hat\ -\ SSO)" | nmcli --ask connection up Raleigh\ \(RDU2\)'
-alias rh_wifi='echo -e "\n$(bw get password Red\ Hat\ -\ SSO)$(bw get totp Red\ Hat\ -\ SSO)" | nmcli --ask connection up Red\ Hat'
+function _rh_pass() {
+    local PIN=$(bw get password "Red Hat - SSO")
+    local TOKEN=$(kdialog --password 'Token for Red Hat - SSO')
+    echo "$PIN$TOKEN"
+}
+
+export RH_VPN_ENDPOINT="Brno (BRQ)"
+function rh_vpn() {
+  PASS=$(_rh_pass)
+  echo $PASS | nmcli --ask connection up "$RH_VPN_ENDPOINT"
+}
+function rh_vpn_rdu2() {
+    RH_VPN_ENDPOINT="Raleigh (RDU2)" rh_vpn
+}
 alias rh_ticket='echo "$(bw get password Red\ Hat\ -\ Kerberos)" | kinit mfocko@REDHAT.COM'
 
 ### Fedora ###