age secrets wifi

common/components/networking.nix

@@ -1,4 +1,10 @@
-{
+{config, ...}: {
+  age.secrets.nm-secrets = {
+    file = ../../crypto/nm-secrets.age;
+    owner = "root";
+    group = "root";
+  };
+
   networking = {
     networkmanager = {
       enable = true;
@@ -12,6 +18,36 @@
         # unique DUID per connection
         "ipv6.dhcp-duid" = "stable-uuid";
       };
+
+      ensureProfiles = {
+        environmentFiles = [
+          config.age.secrets.nm-secrets.path
+        ];
+
+        profiles = {
+          Starlink = {
+            connection = {
+              id = "Starlink";
+              type = "wifi";
+            };
+            ipv4 = {
+              method = "auto";
+            };
+            ipv6 = {
+              addr-gen-mode = "stable-privacy";
+              method = "auto";
+            };
+            wifi = {
+              mode = "infrastructure";
+              ssid = "Starlink";
+            };
+            wifi-security = {
+              key-mgmt = "wpa-psk";
+              psk = "$STARLINK_PSK";
+            };
+          };
+        };
+      };
     };
 
     firewall = {

crypto/nm-secrets.age

@@ -0,0 +1,13 @@
+age-encryption.org/v1
+-> ssh-ed25519 KiRjUQ 9wLMoxLXCO2BS4zXIQmxtJSQg5dR4HmkC29vvD7hyUs
+2Hn6HUUu8lTib5b/JYrNkU0/GGq7x4nAqtUMrYTNiVs
+-> ssh-ed25519 wZ5Prg WHHhw9N4vWmEXA3foMhueKcf2dcOCkF+mGNrG+WviQ8
+sH/F8N+00hmaUUHPgVmquZFQS2qjx891dftJe1H3oEo
+-> ssh-ed25519 VZzOpg rJR1x3ZPl+Y7SWpHDaxHNL4V7Tri+pzoN+WLQzBcmyg
+/hwwkcmvasPRSOo5axKuUTUgpEX82uqSmICrPdqwQdM
+-> ssh-ed25519 0bzV9g bB44z3/Wh+RmL8zQZPgpvaHAptLGIeiSDUlOgx4Y3z4
+J/+Kf9EilkLF4ifw4y6eybl9zrQTqUwfb7EYHo/vj2Y
+-> ssh-ed25519 hV3Kug OQsWDFIABnMppRP5TEmmxJpiTu4bVilp2L8BCPfd11g
+7ht5x3yChyKCmgI6fMAEnFLd1PseaTJoA0/Fft7MQvQ
+--- uiAthSODq6CzwGnuZ7SiDUhDIvPqhBWRn4k2ZU0c3Mc
+låžÅl¯Yv׆š¢ØW¡Å­h$¦({@ØF‰Tê,HnÌànSzë—zBåʯ4â“lþõ[ü' ÈQ

crypto/secrets.nix

@@ -0,0 +1,12 @@
+let
+  sshKeys = import ./ssh-keys.nix;
+in {
+  "wifi.age".publicKeys = [sshKeys.host.yaseen sshKeys.tasia.yaseen];
+  "nm-secrets.age".publicKeys = [
+    sshKeys.tasia.yaseen
+    sshKeys.host.enry
+    sshKeys.host.phoenix
+    sshKeys.host.stuff
+    sshKeys.host.yaseen
+  ];
+}

hosts/yaseen/configuration.nix

@@ -179,6 +179,26 @@ in {
     relayIP = "100.91.88.2";
   };
 
+  # users.users.lol = {
+  #   isNormalUser = true;
+  #   description = "lol";
+  #   extraGroups = [
+  #     "networkmanager"
+  #     # "wheel"
+  #     # "syncthing"
+  #     # "tss"
+  #     # "dialout"
+  #     # "vboxusers"
+  #     # "adbusers"
+  #   ];
+  #   initialPassword = "password123";
+  # };
+
+  # netwobking
+  # ipvx dns-search = "";
+  # wifi mac-address-blacklist = "";
+  # wifisec auth-alg = "open";
+
   # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
   system.stateVersion = "23.11";
 }

secrets.nix

@@ -1,5 +0,0 @@
-let
-  sshKeys = import ./crypto/ssh-keys.nix;
-in {
-  "crypto/wifi.age".publicKeys = [sshKeys.host.yaseen sshKeys.tasia.yaseen];
-}