diff --git a/.justfile b/.justfile index 9b4041a..99e2d75 100644 --- a/.justfile +++ b/.justfile @@ -15,8 +15,8 @@ update: nix flake update @edit-secrets: - git clone ssh://forgejo@git.toast003.xyz:4222/Toast/nix-secrets.git /tmp/secrets - sed -i 's\git+ssh://forgejo@git.toast003.xyz:4222/Toast/nix-secrets\/tmp/secrets\g' flake.nix + git clone ssh://forgejo@git.everest.tailscale:4222/Toast/nix-secrets.git /tmp/secrets + sed -i 's\git+ssh://forgejo@git.everest.tailscale:4222/Toast/nix-secrets\/tmp/secrets\g' flake.nix nix flake update secrets echo "{{bold}}All done!" echo "{{normal}}Remember to restore flake.nix" diff --git a/flake.lock b/flake.lock index dcad82e..e622e4e 100644 --- a/flake.lock +++ b/flake.lock @@ -517,18 +517,17 @@ "nixpkgs-raw": "nixpkgs-raw", "nixpkgs-unstable-raw": "nixpkgs-unstable-raw", "plasma-manager": "plasma-manager", - "secrets": "secrets", - "sops-nix": "sops-nix" + "secrets": "secrets" } }, "secrets": { "flake": false, "locked": { - "lastModified": 1764992299, - "narHash": "sha256-6vJ4teDUQus5TsOMfJZEfDOslsjvkhHPELZiOAeOX8s=", + "lastModified": 1737970846, + "narHash": "sha256-+b44nvv+rKiRdABSHGaTLbp9ysRaHE+s/CuUsA9zNac=", "ref": "refs/heads/main", - "rev": "5c3122fc8dd5d6fe855d7da42740272cb2c313d4", - "revCount": 32, + "rev": "d8262fb108d0810d21c5e098b54a105e867e72ce", + "revCount": 28, "type": "git", "url": "ssh://forgejo@git.toast003.xyz:4222/Toast/nix-secrets" }, @@ -537,26 +536,6 @@ "url": "ssh://forgejo@git.toast003.xyz:4222/Toast/nix-secrets" } }, - "sops-nix": { - "inputs": { - "nixpkgs": [ - "nixpkgs-unstable-raw" - ] - }, - "locked": { - "lastModified": 1764483358, - "narHash": "sha256-EyyvCzXoHrbL467YSsQBTWWg4sR96MH1sPpKoSOelB4=", - "owner": "Mic92", - "repo": "sops-nix", - "rev": "5aca6ff67264321d47856a2ed183729271107c9c", - "type": "github" - }, - "original": { - "owner": "Mic92", - "repo": "sops-nix", - "type": "github" - } - }, "systems": { "locked": { "lastModified": 1681028828, diff --git a/flake.nix b/flake.nix index b73ccd4..07875bb 100644 --- a/flake.nix +++ b/flake.nix @@ -16,10 +16,6 @@ darwin.follows = ""; # Not using this on MacOS, so this doesn't pull it's dependencies }; }; - sops-nix = { - url = "github:Mic92/sops-nix"; - inputs.nixpkgs.follows = "nixpkgs-unstable-raw"; - }; home-manager = { url = "github:nix-community/home-manager/release-25.11"; @@ -171,7 +167,6 @@ modules = [ agenix.nixosModules.default - sops-nix.nixosModules.sops ( if stable then home-manager diff --git a/lib/default.nix b/lib/default.nix index b3febf7..400dc18 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -4,6 +4,5 @@ nixpkgs.lib.extend (final: prev: { importLib = file: import file {lib = final;}; in { patches = importLib ./patches.nix; - networkManager = importLib ./networkManager.nix; }; }) diff --git a/lib/networkManager.nix b/lib/networkManager.nix deleted file mode 100644 index 183501b..0000000 --- a/lib/networkManager.nix +++ /dev/null @@ -1,18 +0,0 @@ -{lib}: { - /** - Make a NetworkManager wifi profile, to be used with ensureProfiles - */ - mkWifiProfile = {id, ssid, priority ? 0, wifi-security}: { - connection = { - inherit id; - type = "wifi"; - autoconnect-priority = priority; - }; - ipv4.method = "auto"; - wifi = { - mode = "infrastructure"; - inherit ssid; - }; - inherit wifi-security; - }; -} diff --git a/roles/common/configuration.nix b/roles/common/configuration.nix index d26b350..284565f 100755 --- a/roles/common/configuration.nix +++ b/roles/common/configuration.nix @@ -129,10 +129,7 @@ backupFileExtension = "hm-backup"; useGlobalPkgs = true; verbose = true; - sharedModules = with flakeSelf; [ - inputs.catppuccin.homeModules.catppuccin - inputs.sops-nix.homeManagerModules.sops - ]; + sharedModules = [flakeSelf.inputs.catppuccin.homeModules.catppuccin]; users.toast = {osConfig, ...}: { catppuccin.flavor = osConfig.catppuccin.flavor; catppuccin.accent = osConfig.catppuccin.accent; @@ -159,9 +156,6 @@ "/persist/id_host" ]; }; - sops = { - age.sshKeyPaths = ["/persist/id_host"]; - }; catppuccin.grub.enable = true; diff --git a/roles/desktop/services/networkmanager.nix b/roles/desktop/services/networkmanager.nix index f19610b..a9917e3 100644 --- a/roles/desktop/services/networkmanager.nix +++ b/roles/desktop/services/networkmanager.nix @@ -1,14 +1,12 @@ { config, - lib, flakeSelf, ... }: let tailscaleName = config.services.tailscale.interfaceName; in { - sops.secrets.wifiPasswords = { - sopsFile = "${flakeSelf.inputs.secrets}/wifi-passwords.env"; - format = "dotenv"; + age.secrets = { + wifiPasswords.file = "${flakeSelf.inputs.secrets}/wifi-passwords.age"; }; networking.networkmanager = { enable = true; @@ -16,36 +14,42 @@ in { "interface-name:${tailscaleName}" ]; ensureProfiles = { - environmentFiles = [config.sops.secrets.wifiPasswords.path]; - profiles = with lib.toast.networkManager; { - "4g-modem" = mkWifiProfile { - id = "4G Modem"; - priority = 5; - ssid = "TP-Link_CCB4"; + environmentFiles = [config.age.secrets.wifiPasswords.path]; + profiles = { + "4g-modem" = { + connection = { + id = "4G Modem"; + type = "wifi"; + autoconnect-priority = 5; + }; + ipv4.method = "auto"; + wifi = { + mode = "infrastructure"; + ssid = "TP-Link_CCB4"; + }; wifi-security = { auth-alg = "open"; key-mgmt = "wpa-psk"; psk = "$MODEM"; }; }; - phone = mkWifiProfile { - id = "Phone"; - priority = 5; - ssid = "Redmi Note 10 Pro_5197"; + phone = { + connection = { + id = "Phone"; + type = "wifi"; + autoconnect-priority = 5; + }; + ipv4.method = "auto"; + wifi = { + mode = "infrastructure"; + ssid = "Redmi Note 10 Pro_5197"; + }; wifi-security = { auth-alg = "open"; key-mgmt = "sae"; psk = "$PHONE"; }; }; - home = mkWifiProfile { - id = "Home"; - ssid = "MOVISTAR-WIFI6-DC98"; - wifi-security = { - key-mgmt = "sae"; - psk = "$HOME"; - }; - }; }; }; };