tasiaiso/nixos-config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

move secrets to its own file

Browse source
This commit is contained in:
Tasia Iso 2024-08-10 19:23:59 +02:00
parent 04bea76120
commit a85e1b2259
Signed by: tasiaiso
SSH key fingerprint: SHA256:KiRjUay5C9i6objsEOIycygBHn54pDBB3Lj7fyJ0Elw
7 changed files with 65 additions and 43 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
common/components/networking.nix
View file

@ -1,10 +1,4 @@
{config, ...}: { {
age.secrets.nm-secrets = {
file = ../../crypto/nm-secrets.age;
owner = "root";
group = "root";
};
networking = { networking = {
networkmanager = { networkmanager = {
enable = true; enable = true;
@ -18,36 +12,6 @@
# unique DUID per connection # unique DUID per connection
"ipv6.dhcp-duid" = "stable-uuid"; "ipv6.dhcp-duid" = "stable-uuid";
}; };
ensureProfiles = {
environmentFiles = [
config.age.secrets.nm-secrets.path
];
profiles = {
Starlink = {
connection = {
id = "Starlink";
type = "wifi";
};
ipv4 = {
method = "auto";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
wifi = {
mode = "infrastructure";
ssid = "Starlink";
};
wifi-security = {
key-mgmt = "wpa-psk";
psk = "$STARLINK_PSK";
};
};
};
};
}; };
firewall = { firewall = {

41
common/components/wifi-secrets.nix Normal file
View file

@ -0,0 +1,41 @@
{config, ...}: {
age.secrets.nm-secrets = {
file = ../../crypto/nm-secrets.age;
owner = "root";
group = "root";
};
networking = {
networkmanager = {
ensureProfiles = {
environmentFiles = [
config.age.secrets.nm-secrets.path
];
profiles = {
Starlink = {
connection = {
id = "Starlink";
type = "wifi";
};
ipv4 = {
method = "auto";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
wifi = {
mode = "infrastructure";
ssid = "Starlink";
};
wifi-security = {
key-mgmt = "wpa-psk";
psk = "$STARLINK_PSK";
};
};
};
};
};
};
}

8
common/services/autoupgrade.nix
View file

@ -1,4 +1,6 @@
{pkgs, ...}: { {pkgs, ...}: {
# Sets a timer that will pull a new version
# of the flake and rebuild each week.
systemd.timers."nix-auto-upgrade" = { systemd.timers."nix-auto-upgrade" = {
enable = true; enable = true;
wantedBy = ["timers.target"]; wantedBy = ["timers.target"];
@ -14,7 +16,7 @@
systemd.services."nix-auto-upgrade" = { systemd.services."nix-auto-upgrade" = {
enable = true; enable = true;
description = "NixOS Upgrade"; description = "Unattended Upgrade";
restartIfChanged = false; restartIfChanged = false;
unitConfig.X-StopOnRemoval = false; unitConfig.X-StopOnRemoval = false;
@ -34,13 +36,13 @@
xz.bin xz.bin
gzip gzip
gitMinimal gitMinimal
# curl curl
]; ];
script = '' script = ''
set -eu set -eu
${pkgs.nixos-rebuild}/bin/nixos-rebuild boot -L --flake git+https://gitea.com/tasiaiso/nixos-config --upgrade ${pkgs.nixos-rebuild}/bin/nixos-rebuild boot -L --flake git+https://gitea.com/tasiaiso/nixos-config
${pkgs.curl}/bin/curl \ ${pkgs.curl}/bin/curl \
-H "Title: NixOS upgrade done" \ -H "Title: NixOS upgrade done" \

3
hosts/enry/configuration.nix
View file

@ -14,6 +14,9 @@ in {
../../common/components/enry.nix ../../common/components/enry.nix
inputs.agenix.nixosModules.default
../../common/components/wifi-secrets.nix
inputs.vedirect-reader.nixosModules.aarch64-linux.default inputs.vedirect-reader.nixosModules.aarch64-linux.default
]; ];

4
hosts/phoenix/configuration.nix
View file

@ -1,6 +1,7 @@
{ {
pkgs, pkgs,
lib, lib,
inputs,
... ...
}: let }: let
sshKeys = import ../../crypto/ssh-keys.nix; sshKeys = import ../../crypto/ssh-keys.nix;
@ -19,6 +20,9 @@ in {
../../common/services/syncthing.nix ../../common/services/syncthing.nix
../../home/tasia-but-old-username/home.nix ../../home/tasia-but-old-username/home.nix
inputs.agenix.nixosModules.default
../../common/components/wifi-secrets.nix
]; ];
networking = { networking = {

4
hosts/stuff/configuration.nix
View file

@ -1,6 +1,7 @@
{ {
pkgs, pkgs,
lib, lib,
inputs,
... ...
}: let }: let
sshKeys = import ../../crypto/ssh-keys.nix; sshKeys = import ../../crypto/ssh-keys.nix;
@ -24,6 +25,9 @@ in {
../../common/services/nix-gc.nix ../../common/services/nix-gc.nix
../../home/46d1/home.nix ../../home/46d1/home.nix
inputs.agenix.nixosModules.default
../../common/components/wifi-secrets.nix
]; ];
networking.hostName = "stuff"; networking.hostName = "stuff";

10
hosts/yaseen/configuration.nix
View file

@ -35,10 +35,10 @@ in {
../../common/programs/steam.nix ../../common/programs/steam.nix
# Services # Services
../../common/services/auditd.nix # ../../common/services/auditd.nix
../../common/services/nix-gc.nix ../../common/services/nix-gc.nix
../../common/services/opensnitch.nix ../../common/services/opensnitch.nix
../../common/services/adguardhome.nix # ../../common/services/adguardhome.nix
../../common/services/syncthing.nix ../../common/services/syncthing.nix
../../common/services/usbguard.nix ../../common/services/usbguard.nix
../../common/services/autoupgrade.nix ../../common/services/autoupgrade.nix
@ -46,9 +46,11 @@ in {
# Home-manager # Home-manager
../../home/tasia/home.nix ../../home/tasia/home.nix
inputs.agenix.nixosModules.default
../../common/components/wifi-secrets.nix
# Personal modules # Personal modules
# ../../modules/nixos/tildefriends.nix # ../../modules/nixos/tildefriends.nix
inputs.agenix.nixosModules.default
]; ];
# RGB Keyboard backight # RGB Keyboard backight
@ -179,6 +181,8 @@ in {
relayIP = "100.91.88.2"; relayIP = "100.91.88.2";
}; };
# virtualisation.waydroid.enable = true;
# users.users.lol = { # users.users.lol = {
# isNormalUser = true; # isNormalUser = true;
# description = "lol"; # description = "lol";