From a85e1b2259ab784f048f3c5f41ce24de961c48ad Mon Sep 17 00:00:00 2001 From: Tasia Iso Date: Sat, 10 Aug 2024 19:23:59 +0200 Subject: [PATCH] move secrets to its own file --- common/components/networking.nix | 38 +-------------------------- common/components/wifi-secrets.nix | 41 ++++++++++++++++++++++++++++++ common/services/autoupgrade.nix | 8 +++--- hosts/enry/configuration.nix | 3 +++ hosts/phoenix/configuration.nix | 4 +++ hosts/stuff/configuration.nix | 4 +++ hosts/yaseen/configuration.nix | 10 +++++--- 7 files changed, 65 insertions(+), 43 deletions(-) create mode 100644 common/components/wifi-secrets.nix diff --git a/common/components/networking.nix b/common/components/networking.nix index 51b1fd8..a6a61ff 100644 --- a/common/components/networking.nix +++ b/common/components/networking.nix @@ -1,10 +1,4 @@ -{config, ...}: { - age.secrets.nm-secrets = { - file = ../../crypto/nm-secrets.age; - owner = "root"; - group = "root"; - }; - +{ networking = { networkmanager = { enable = true; @@ -18,36 +12,6 @@ # unique DUID per connection "ipv6.dhcp-duid" = "stable-uuid"; }; - - ensureProfiles = { - environmentFiles = [ - config.age.secrets.nm-secrets.path - ]; - - profiles = { - Starlink = { - connection = { - id = "Starlink"; - type = "wifi"; - }; - ipv4 = { - method = "auto"; - }; - ipv6 = { - addr-gen-mode = "stable-privacy"; - method = "auto"; - }; - wifi = { - mode = "infrastructure"; - ssid = "Starlink"; - }; - wifi-security = { - key-mgmt = "wpa-psk"; - psk = "$STARLINK_PSK"; - }; - }; - }; - }; }; firewall = { diff --git a/common/components/wifi-secrets.nix b/common/components/wifi-secrets.nix new file mode 100644 index 0000000..ccfe73e --- /dev/null +++ b/common/components/wifi-secrets.nix @@ -0,0 +1,41 @@ +{config, ...}: { + age.secrets.nm-secrets = { + file = ../../crypto/nm-secrets.age; + owner = "root"; + group = "root"; + }; + + networking = { + networkmanager = { + ensureProfiles = { + environmentFiles = [ + config.age.secrets.nm-secrets.path + ]; + + profiles = { + Starlink = { + connection = { + id = "Starlink"; + type = "wifi"; + }; + ipv4 = { + method = "auto"; + }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "auto"; + }; + wifi = { + mode = "infrastructure"; + ssid = "Starlink"; + }; + wifi-security = { + key-mgmt = "wpa-psk"; + psk = "$STARLINK_PSK"; + }; + }; + }; + }; + }; + }; +} diff --git a/common/services/autoupgrade.nix b/common/services/autoupgrade.nix index e04a6a7..1796b5b 100644 --- a/common/services/autoupgrade.nix +++ b/common/services/autoupgrade.nix @@ -1,4 +1,6 @@ {pkgs, ...}: { + # Sets a timer that will pull a new version + # of the flake and rebuild each week. systemd.timers."nix-auto-upgrade" = { enable = true; wantedBy = ["timers.target"]; @@ -14,7 +16,7 @@ systemd.services."nix-auto-upgrade" = { enable = true; - description = "NixOS Upgrade"; + description = "Unattended Upgrade"; restartIfChanged = false; unitConfig.X-StopOnRemoval = false; @@ -34,13 +36,13 @@ xz.bin gzip gitMinimal - # curl + curl ]; script = '' set -eu - ${pkgs.nixos-rebuild}/bin/nixos-rebuild boot -L --flake git+https://gitea.com/tasiaiso/nixos-config --upgrade + ${pkgs.nixos-rebuild}/bin/nixos-rebuild boot -L --flake git+https://gitea.com/tasiaiso/nixos-config ${pkgs.curl}/bin/curl \ -H "Title: NixOS upgrade done" \ diff --git a/hosts/enry/configuration.nix b/hosts/enry/configuration.nix index 56597df..44c835a 100644 --- a/hosts/enry/configuration.nix +++ b/hosts/enry/configuration.nix @@ -14,6 +14,9 @@ in { ../../common/components/enry.nix + inputs.agenix.nixosModules.default + ../../common/components/wifi-secrets.nix + inputs.vedirect-reader.nixosModules.aarch64-linux.default ]; diff --git a/hosts/phoenix/configuration.nix b/hosts/phoenix/configuration.nix index e1c5864..2f29171 100644 --- a/hosts/phoenix/configuration.nix +++ b/hosts/phoenix/configuration.nix @@ -1,6 +1,7 @@ { pkgs, lib, + inputs, ... }: let sshKeys = import ../../crypto/ssh-keys.nix; @@ -19,6 +20,9 @@ in { ../../common/services/syncthing.nix ../../home/tasia-but-old-username/home.nix + + inputs.agenix.nixosModules.default + ../../common/components/wifi-secrets.nix ]; networking = { diff --git a/hosts/stuff/configuration.nix b/hosts/stuff/configuration.nix index cc9caef..757f26c 100644 --- a/hosts/stuff/configuration.nix +++ b/hosts/stuff/configuration.nix @@ -1,6 +1,7 @@ { pkgs, lib, + inputs, ... }: let sshKeys = import ../../crypto/ssh-keys.nix; @@ -24,6 +25,9 @@ in { ../../common/services/nix-gc.nix ../../home/46d1/home.nix + + inputs.agenix.nixosModules.default + ../../common/components/wifi-secrets.nix ]; networking.hostName = "stuff"; diff --git a/hosts/yaseen/configuration.nix b/hosts/yaseen/configuration.nix index 94997e1..e5cc774 100644 --- a/hosts/yaseen/configuration.nix +++ b/hosts/yaseen/configuration.nix @@ -35,10 +35,10 @@ in { ../../common/programs/steam.nix # Services - ../../common/services/auditd.nix + # ../../common/services/auditd.nix ../../common/services/nix-gc.nix ../../common/services/opensnitch.nix - ../../common/services/adguardhome.nix + # ../../common/services/adguardhome.nix ../../common/services/syncthing.nix ../../common/services/usbguard.nix ../../common/services/autoupgrade.nix @@ -46,9 +46,11 @@ in { # Home-manager ../../home/tasia/home.nix + inputs.agenix.nixosModules.default + ../../common/components/wifi-secrets.nix + # Personal modules # ../../modules/nixos/tildefriends.nix - inputs.agenix.nixosModules.default ]; # RGB Keyboard backight @@ -179,6 +181,8 @@ in { relayIP = "100.91.88.2"; }; + # virtualisation.waydroid.enable = true; + # users.users.lol = { # isNormalUser = true; # description = "lol";