Desktop/NetworkManager: migrate secrets to sops-nix

2025-12-06 03:37:06 +01:00 · 2025-12-06 03:37:06 +01:00 · 8c6fdd5b51
commit 8c6fdd5b51
parent 1d1b76b329
2 changed files with 8 additions and 7 deletions
--- a/flake.lock
+++ b/flake.lock
@ -524,11 +524,11 @@
    "secrets": {
      "flake": false,
      "locked": {
-        "lastModified": 1737970846,
-        "narHash": "sha256-+b44nvv+rKiRdABSHGaTLbp9ysRaHE+s/CuUsA9zNac=",
+        "lastModified": 1764987865,
+        "narHash": "sha256-9gporedK0k0t86x415hVhRdl756RsD9KUinOiuCqK4Y=",
        "ref": "refs/heads/main",
-        "rev": "d8262fb108d0810d21c5e098b54a105e867e72ce",
-        "revCount": 28,
+        "rev": "e945330fd68c693004ffd107e89b3d8f5d5a662e",
+        "revCount": 31,
        "type": "git",
        "url": "ssh://forgejo@git.toast003.xyz:4222/Toast/nix-secrets"
      },
--- a/roles/desktop/services/networkmanager.nix
+++ b/roles/desktop/services/networkmanager.nix
@ -5,8 +5,9 @@
 }: let
  tailscaleName = config.services.tailscale.interfaceName;
 in {
-  age.secrets = {
-    wifiPasswords.file = "${flakeSelf.inputs.secrets}/wifi-passwords.age";
+  sops.secrets.wifiPasswords = {
+    sopsFile = "${flakeSelf.inputs.secrets}/wifi-passwords.env";
+    format = "dotenv";
  };
  networking.networkmanager = {
    enable = true;
@ -14,7 +15,7 @@ in {
      "interface-name:${tailscaleName}"
    ];
    ensureProfiles = {
-      environmentFiles = [config.age.secrets.wifiPasswords.path];
+      environmentFiles = [config.sops.secrets.wifiPasswords.path];
      profiles = {
        "4g-modem" = {
          connection = {