Toast/nix-stuff
1
0
Fork 0
Code Issues Pull requests Projects 1 Wiki Activity

Compare commits

base: Toast:1ea530a2a6e2add56d90a6fb4575f812322e0bbf
Branches Tags
Toast:main
Toast:plasma-refactor
Toast:headscale
Toast:plasma6
Toast:catppuccin
Toast:kde-stuff
Toast:firefox
Toast:upgrade-to-23.05
..
compare: Toast:4361d6e0a98dee6af0d791532b7fe27f7139c59e
Branches Tags
Toast:main
Toast:plasma-refactor
Toast:headscale
Toast:plasma6
Toast:catppuccin
Toast:kde-stuff
Toast:firefox
Toast:upgrade-to-23.05

No commits in common. "1ea530a2a6e2add56d90a6fb4575f812322e0bbf" and "4361d6e0a98dee6af0d791532b7fe27f7139c59e" have entirely different histories.
1ea530a2a6 ... 4361d6e0a9

7 changed files with 34 additions and 81 deletions
Download patch file Download diff file Expand all files Collapse all files

4
.justfile
View file

@ -15,8 +15,8 @@ update:
nix flake update nix flake update
@edit-secrets: @edit-secrets:
git clone ssh://forgejo@git.toast003.xyz:4222/Toast/nix-secrets.git /tmp/secrets git clone ssh://forgejo@git.everest.tailscale:4222/Toast/nix-secrets.git /tmp/secrets
sed -i 's\git+ssh://forgejo@git.toast003.xyz:4222/Toast/nix-secrets\/tmp/secrets\g' flake.nix sed -i 's\git+ssh://forgejo@git.everest.tailscale:4222/Toast/nix-secrets\/tmp/secrets\g' flake.nix
nix flake update secrets nix flake update secrets
echo "{{bold}}All done!" echo "{{bold}}All done!"
echo "{{normal}}Remember to restore flake.nix" echo "{{normal}}Remember to restore flake.nix"

31
flake.lock generated
View file

@ -517,18 +517,17 @@
"nixpkgs-raw": "nixpkgs-raw", "nixpkgs-raw": "nixpkgs-raw",
"nixpkgs-unstable-raw": "nixpkgs-unstable-raw", "nixpkgs-unstable-raw": "nixpkgs-unstable-raw",
"plasma-manager": "plasma-manager", "plasma-manager": "plasma-manager",
"secrets": "secrets", "secrets": "secrets"
"sops-nix": "sops-nix"
} }
}, },
"secrets": { "secrets": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1764992299, "lastModified": 1737970846,
"narHash": "sha256-6vJ4teDUQus5TsOMfJZEfDOslsjvkhHPELZiOAeOX8s=", "narHash": "sha256-+b44nvv+rKiRdABSHGaTLbp9ysRaHE+s/CuUsA9zNac=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "5c3122fc8dd5d6fe855d7da42740272cb2c313d4", "rev": "d8262fb108d0810d21c5e098b54a105e867e72ce",
"revCount": 32, "revCount": 28,
"type": "git", "type": "git",
"url": "ssh://forgejo@git.toast003.xyz:4222/Toast/nix-secrets" "url": "ssh://forgejo@git.toast003.xyz:4222/Toast/nix-secrets"
}, },
@ -537,26 +536,6 @@
"url": "ssh://forgejo@git.toast003.xyz:4222/Toast/nix-secrets" "url": "ssh://forgejo@git.toast003.xyz:4222/Toast/nix-secrets"
} }
}, },
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs-unstable-raw"
]
},
"locked": {
"lastModified": 1764483358,
"narHash": "sha256-EyyvCzXoHrbL467YSsQBTWWg4sR96MH1sPpKoSOelB4=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "5aca6ff67264321d47856a2ed183729271107c9c",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"systems": { "systems": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1681028828,

5
flake.nix
View file

@ -16,10 +16,6 @@
darwin.follows = ""; # Not using this on MacOS, so this doesn't pull it's dependencies darwin.follows = ""; # Not using this on MacOS, so this doesn't pull it's dependencies
}; };
}; };
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs-unstable-raw";
};
home-manager = { home-manager = {
url = "github:nix-community/home-manager/release-25.11"; url = "github:nix-community/home-manager/release-25.11";
@ -171,7 +167,6 @@
modules = modules =
[ [
agenix.nixosModules.default agenix.nixosModules.default
sops-nix.nixosModules.sops
( (
if stable if stable
then home-manager then home-manager

1
lib/default.nix
View file

@ -4,6 +4,5 @@ nixpkgs.lib.extend (final: prev: {
importLib = file: import file {lib = final;}; importLib = file: import file {lib = final;};
in { in {
patches = importLib ./patches.nix; patches = importLib ./patches.nix;
networkManager = importLib ./networkManager.nix;
}; };
}) })

18
lib/networkManager.nix
View file

@ -1,18 +0,0 @@
{lib}: {
/**
Make a NetworkManager wifi profile, to be used with ensureProfiles
*/
mkWifiProfile = {id, ssid, priority ? 0, wifi-security}: {
connection = {
inherit id;
type = "wifi";
autoconnect-priority = priority;
};
ipv4.method = "auto";
wifi = {
mode = "infrastructure";
inherit ssid;
};
inherit wifi-security;
};
}

8
roles/common/configuration.nix
View file

@ -129,10 +129,7 @@
backupFileExtension = "hm-backup"; backupFileExtension = "hm-backup";
useGlobalPkgs = true; useGlobalPkgs = true;
verbose = true; verbose = true;
sharedModules = with flakeSelf; [ sharedModules = [flakeSelf.inputs.catppuccin.homeModules.catppuccin];
inputs.catppuccin.homeModules.catppuccin
inputs.sops-nix.homeManagerModules.sops
];
users.toast = {osConfig, ...}: { users.toast = {osConfig, ...}: {
catppuccin.flavor = osConfig.catppuccin.flavor; catppuccin.flavor = osConfig.catppuccin.flavor;
catppuccin.accent = osConfig.catppuccin.accent; catppuccin.accent = osConfig.catppuccin.accent;
@ -159,9 +156,6 @@
"/persist/id_host" "/persist/id_host"
]; ];
}; };
sops = {
age.sshKeyPaths = ["/persist/id_host"];
};
catppuccin.grub.enable = true; catppuccin.grub.enable = true;

48
roles/desktop/services/networkmanager.nix
View file

@ -1,14 +1,12 @@
{ {
config, config,
lib,
flakeSelf, flakeSelf,
... ...
}: let }: let
tailscaleName = config.services.tailscale.interfaceName; tailscaleName = config.services.tailscale.interfaceName;
in { in {
sops.secrets.wifiPasswords = { age.secrets = {
sopsFile = "${flakeSelf.inputs.secrets}/wifi-passwords.env"; wifiPasswords.file = "${flakeSelf.inputs.secrets}/wifi-passwords.age";
format = "dotenv";
}; };
networking.networkmanager = { networking.networkmanager = {
enable = true; enable = true;
@ -16,36 +14,42 @@ in {
"interface-name:${tailscaleName}" "interface-name:${tailscaleName}"
]; ];
ensureProfiles = { ensureProfiles = {
environmentFiles = [config.sops.secrets.wifiPasswords.path]; environmentFiles = [config.age.secrets.wifiPasswords.path];
profiles = with lib.toast.networkManager; { profiles = {
"4g-modem" = mkWifiProfile { "4g-modem" = {
id = "4G Modem"; connection = {
priority = 5; id = "4G Modem";
ssid = "TP-Link_CCB4"; type = "wifi";
autoconnect-priority = 5;
};
ipv4.method = "auto";
wifi = {
mode = "infrastructure";
ssid = "TP-Link_CCB4";
};
wifi-security = { wifi-security = {
auth-alg = "open"; auth-alg = "open";
key-mgmt = "wpa-psk"; key-mgmt = "wpa-psk";
psk = "$MODEM"; psk = "$MODEM";
}; };
}; };
phone = mkWifiProfile { phone = {
id = "Phone"; connection = {
priority = 5; id = "Phone";
ssid = "Redmi Note 10 Pro_5197"; type = "wifi";
autoconnect-priority = 5;
};
ipv4.method = "auto";
wifi = {
mode = "infrastructure";
ssid = "Redmi Note 10 Pro_5197";
};
wifi-security = { wifi-security = {
auth-alg = "open"; auth-alg = "open";
key-mgmt = "sae"; key-mgmt = "sae";
psk = "$PHONE"; psk = "$PHONE";
}; };
}; };
home = mkWifiProfile {
id = "Home";
ssid = "MOVISTAR-WIFI6-DC98";
wifi-security = {
key-mgmt = "sae";
psk = "$HOME";
};
};
}; };
}; };
}; };