From 04bea761208745c0302ab66db5c694ee9c41009c Mon Sep 17 00:00:00 2001 From: Tasia Iso Date: Wed, 7 Aug 2024 16:33:11 +0200 Subject: [PATCH] age secrets wifi --- common/components/networking.nix | 38 +++++++++++++++++++++++++++++++- crypto/nm-secrets.age | 13 +++++++++++ crypto/secrets.nix | 12 ++++++++++ hosts/yaseen/configuration.nix | 20 +++++++++++++++++ secrets.nix | 5 ----- 5 files changed, 82 insertions(+), 6 deletions(-) create mode 100644 crypto/nm-secrets.age create mode 100644 crypto/secrets.nix delete mode 100644 secrets.nix diff --git a/common/components/networking.nix b/common/components/networking.nix index a6a61ff..51b1fd8 100644 --- a/common/components/networking.nix +++ b/common/components/networking.nix @@ -1,4 +1,10 @@ -{ +{config, ...}: { + age.secrets.nm-secrets = { + file = ../../crypto/nm-secrets.age; + owner = "root"; + group = "root"; + }; + networking = { networkmanager = { enable = true; @@ -12,6 +18,36 @@ # unique DUID per connection "ipv6.dhcp-duid" = "stable-uuid"; }; + + ensureProfiles = { + environmentFiles = [ + config.age.secrets.nm-secrets.path + ]; + + profiles = { + Starlink = { + connection = { + id = "Starlink"; + type = "wifi"; + }; + ipv4 = { + method = "auto"; + }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "auto"; + }; + wifi = { + mode = "infrastructure"; + ssid = "Starlink"; + }; + wifi-security = { + key-mgmt = "wpa-psk"; + psk = "$STARLINK_PSK"; + }; + }; + }; + }; }; firewall = { diff --git a/crypto/nm-secrets.age b/crypto/nm-secrets.age new file mode 100644 index 0000000..83170cf --- /dev/null +++ b/crypto/nm-secrets.age @@ -0,0 +1,13 @@ +age-encryption.org/v1 +-> ssh-ed25519 KiRjUQ 9wLMoxLXCO2BS4zXIQmxtJSQg5dR4HmkC29vvD7hyUs +2Hn6HUUu8lTib5b/JYrNkU0/GGq7x4nAqtUMrYTNiVs +-> ssh-ed25519 wZ5Prg WHHhw9N4vWmEXA3foMhueKcf2dcOCkF+mGNrG+WviQ8 +sH/F8N+00hmaUUHPgVmquZFQS2qjx891dftJe1H3oEo +-> ssh-ed25519 VZzOpg rJR1x3ZPl+Y7SWpHDaxHNL4V7Tri+pzoN+WLQzBcmyg +/hwwkcmvasPRSOo5axKuUTUgpEX82uqSmICrPdqwQdM +-> ssh-ed25519 0bzV9g bB44z3/Wh+RmL8zQZPgpvaHAptLGIeiSDUlOgx4Y3z4 +J/+Kf9EilkLF4ifw4y6eybl9zrQTqUwfb7EYHo/vj2Y +-> ssh-ed25519 hV3Kug OQsWDFIABnMppRP5TEmmxJpiTu4bVilp2L8BCPfd11g +7ht5x3yChyKCmgI6fMAEnFLd1PseaTJoA0/Fft7MQvQ +--- uiAthSODq6CzwGnuZ7SiDUhDIvPqhBWRn4k2ZU0c3Mc +låžÅl¯Yv׆š¢ØW¡Å­h$¦({@ØF‰Tê,HnÌànSzë—zBåʯ4â“lþõ[ü' ÈQ \ No newline at end of file diff --git a/crypto/secrets.nix b/crypto/secrets.nix new file mode 100644 index 0000000..052e821 --- /dev/null +++ b/crypto/secrets.nix @@ -0,0 +1,12 @@ +let + sshKeys = import ./ssh-keys.nix; +in { + "wifi.age".publicKeys = [sshKeys.host.yaseen sshKeys.tasia.yaseen]; + "nm-secrets.age".publicKeys = [ + sshKeys.tasia.yaseen + sshKeys.host.enry + sshKeys.host.phoenix + sshKeys.host.stuff + sshKeys.host.yaseen + ]; +} diff --git a/hosts/yaseen/configuration.nix b/hosts/yaseen/configuration.nix index 01dc701..94997e1 100644 --- a/hosts/yaseen/configuration.nix +++ b/hosts/yaseen/configuration.nix @@ -179,6 +179,26 @@ in { relayIP = "100.91.88.2"; }; + # users.users.lol = { + # isNormalUser = true; + # description = "lol"; + # extraGroups = [ + # "networkmanager" + # # "wheel" + # # "syncthing" + # # "tss" + # # "dialout" + # # "vboxusers" + # # "adbusers" + # ]; + # initialPassword = "password123"; + # }; + + # netwobking + # ipvx dns-search = ""; + # wifi mac-address-blacklist = ""; + # wifisec auth-alg = "open"; + # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion system.stateVersion = "23.11"; } diff --git a/secrets.nix b/secrets.nix deleted file mode 100644 index 08f6bfd..0000000 --- a/secrets.nix +++ /dev/null @@ -1,5 +0,0 @@ -let - sshKeys = import ./crypto/ssh-keys.nix; -in { - "crypto/wifi.age".publicKeys = [sshKeys.host.yaseen sshKeys.tasia.yaseen]; -}