move secrets to its own file

2024-08-10 19:23:59 +02:00 · 2024-08-10 19:23:59 +02:00 · a85e1b2259
parent 04bea76120
commit a85e1b2259
7 changed files with 65 additions and 43 deletions
--- a/common/components/networking.nix
+++ b/common/components/networking.nix
@ -1,10 +1,4 @@
-{config, ...}: {
-  age.secrets.nm-secrets = {
-    file = ../../crypto/nm-secrets.age;
-    owner = "root";
-    group = "root";
-  };
-
+{
  networking = {
    networkmanager = {
      enable = true;
@ -18,36 +12,6 @@
        # unique DUID per connection
        "ipv6.dhcp-duid" = "stable-uuid";
      };
-
-      ensureProfiles = {
-        environmentFiles = [
-          config.age.secrets.nm-secrets.path
-        ];
-
-        profiles = {
-          Starlink = {
-            connection = {
-              id = "Starlink";
-              type = "wifi";
-            };
-            ipv4 = {
-              method = "auto";
-            };
-            ipv6 = {
-              addr-gen-mode = "stable-privacy";
-              method = "auto";
-            };
-            wifi = {
-              mode = "infrastructure";
-              ssid = "Starlink";
-            };
-            wifi-security = {
-              key-mgmt = "wpa-psk";
-              psk = "$STARLINK_PSK";
-            };
-          };
-        };
-      };
    };

    firewall = {
--- a/common/components/wifi-secrets.nix
+++ b/common/components/wifi-secrets.nix
@ -0,0 +1,41 @@
+{config, ...}: {
+  age.secrets.nm-secrets = {
+    file = ../../crypto/nm-secrets.age;
+    owner = "root";
+    group = "root";
+  };
+
+  networking = {
+    networkmanager = {
+      ensureProfiles = {
+        environmentFiles = [
+          config.age.secrets.nm-secrets.path
+        ];
+
+        profiles = {
+          Starlink = {
+            connection = {
+              id = "Starlink";
+              type = "wifi";
+            };
+            ipv4 = {
+              method = "auto";
+            };
+            ipv6 = {
+              addr-gen-mode = "stable-privacy";
+              method = "auto";
+            };
+            wifi = {
+              mode = "infrastructure";
+              ssid = "Starlink";
+            };
+            wifi-security = {
+              key-mgmt = "wpa-psk";
+              psk = "$STARLINK_PSK";
+            };
+          };
+        };
+      };
+    };
+  };
+}
--- a/common/services/autoupgrade.nix
+++ b/common/services/autoupgrade.nix
@ -1,4 +1,6 @@
 {pkgs, ...}: {
+  # Sets a timer that will pull a new version
+  # of the flake and rebuild each week.
  systemd.timers."nix-auto-upgrade" = {
    enable = true;
    wantedBy = ["timers.target"];
@ -14,7 +16,7 @@
  systemd.services."nix-auto-upgrade" = {
    enable = true;

-    description = "NixOS Upgrade";
+    description = "Unattended Upgrade";

    restartIfChanged = false;
    unitConfig.X-StopOnRemoval = false;
@ -34,13 +36,13 @@
      xz.bin
      gzip
      gitMinimal
-      # curl
+      curl
    ];

    script = ''
      set -eu

-      ${pkgs.nixos-rebuild}/bin/nixos-rebuild boot -L --flake git+https://gitea.com/tasiaiso/nixos-config --upgrade
+      ${pkgs.nixos-rebuild}/bin/nixos-rebuild boot -L --flake git+https://gitea.com/tasiaiso/nixos-config

      ${pkgs.curl}/bin/curl \
        -H "Title: NixOS upgrade done" \
--- a/hosts/enry/configuration.nix
+++ b/hosts/enry/configuration.nix
@ -14,6 +14,9 @@ in {

    ../../common/components/enry.nix

+    inputs.agenix.nixosModules.default
+    ../../common/components/wifi-secrets.nix
+
    inputs.vedirect-reader.nixosModules.aarch64-linux.default
  ];

--- a/hosts/phoenix/configuration.nix
+++ b/hosts/phoenix/configuration.nix
@ -1,6 +1,7 @@
 {
  pkgs,
  lib,
+  inputs,
  ...
 }: let
  sshKeys = import ../../crypto/ssh-keys.nix;
@ -19,6 +20,9 @@ in {
    ../../common/services/syncthing.nix

    ../../home/tasia-but-old-username/home.nix
+
+    inputs.agenix.nixosModules.default
+    ../../common/components/wifi-secrets.nix
  ];

  networking = {
--- a/hosts/stuff/configuration.nix
+++ b/hosts/stuff/configuration.nix
@ -1,6 +1,7 @@
 {
  pkgs,
  lib,
+  inputs,
  ...
 }: let
  sshKeys = import ../../crypto/ssh-keys.nix;
@ -24,6 +25,9 @@ in {
    ../../common/services/nix-gc.nix

    ../../home/46d1/home.nix
+
+    inputs.agenix.nixosModules.default
+    ../../common/components/wifi-secrets.nix
  ];

  networking.hostName = "stuff";
--- a/hosts/yaseen/configuration.nix
+++ b/hosts/yaseen/configuration.nix
@ -35,10 +35,10 @@ in {
    ../../common/programs/steam.nix

    # Services
-    ../../common/services/auditd.nix
+    # ../../common/services/auditd.nix
    ../../common/services/nix-gc.nix
    ../../common/services/opensnitch.nix
-    ../../common/services/adguardhome.nix
+    # ../../common/services/adguardhome.nix
    ../../common/services/syncthing.nix
    ../../common/services/usbguard.nix
    ../../common/services/autoupgrade.nix
@ -46,9 +46,11 @@ in {
    # Home-manager
    ../../home/tasia/home.nix

+    inputs.agenix.nixosModules.default
+    ../../common/components/wifi-secrets.nix
+
    # Personal modules
    # ../../modules/nixos/tildefriends.nix
-    inputs.agenix.nixosModules.default
  ];

  # RGB Keyboard backight
@ -179,6 +181,8 @@ in {
    relayIP = "100.91.88.2";
  };

+  # virtualisation.waydroid.enable = true;
+
  # users.users.lol = {
  #   isNormalUser = true;
  #   description = "lol";