.justfile

@@ -15,8 +15,8 @@ update:
     nix flake update
 
 @edit-secrets:
-    git clone ssh://forgejo@git.toast003.xyz:4222/Toast/nix-secrets.git /tmp/secrets
+    git clone ssh://forgejo@git.everest.tailscale:4222/Toast/nix-secrets.git /tmp/secrets
-    sed -i 's\git+ssh://forgejo@git.toast003.xyz:4222/Toast/nix-secrets\/tmp/secrets\g' flake.nix
+    sed -i 's\git+ssh://forgejo@git.everest.tailscale:4222/Toast/nix-secrets\/tmp/secrets\g' flake.nix
     nix flake update secrets
     echo "{{bold}}All done!"
     echo "{{normal}}Remember to restore flake.nix"

flake.lock

@@ -517,18 +517,17 @@
         "nixpkgs-raw": "nixpkgs-raw",
         "nixpkgs-unstable-raw": "nixpkgs-unstable-raw",
         "plasma-manager": "plasma-manager",
-        "secrets": "secrets",
+        "secrets": "secrets"
-        "sops-nix": "sops-nix"
       }
     },
     "secrets": {
       "flake": false,
       "locked": {
-        "lastModified": 1764992299,
+        "lastModified": 1737970846,
-        "narHash": "sha256-6vJ4teDUQus5TsOMfJZEfDOslsjvkhHPELZiOAeOX8s=",
+        "narHash": "sha256-+b44nvv+rKiRdABSHGaTLbp9ysRaHE+s/CuUsA9zNac=",
         "ref": "refs/heads/main",
-        "rev": "5c3122fc8dd5d6fe855d7da42740272cb2c313d4",
+        "rev": "d8262fb108d0810d21c5e098b54a105e867e72ce",
-        "revCount": 32,
+        "revCount": 28,
         "type": "git",
         "url": "ssh://forgejo@git.toast003.xyz:4222/Toast/nix-secrets"
       },
@@ -537,26 +536,6 @@
         "url": "ssh://forgejo@git.toast003.xyz:4222/Toast/nix-secrets"
       }
     },
-    "sops-nix": {
-      "inputs": {
-        "nixpkgs": [
-          "nixpkgs-unstable-raw"
-        ]
-      },
-      "locked": {
-        "lastModified": 1764483358,
-        "narHash": "sha256-EyyvCzXoHrbL467YSsQBTWWg4sR96MH1sPpKoSOelB4=",
-        "owner": "Mic92",
-        "repo": "sops-nix",
-        "rev": "5aca6ff67264321d47856a2ed183729271107c9c",
-        "type": "github"
-      },
-      "original": {
-        "owner": "Mic92",
-        "repo": "sops-nix",
-        "type": "github"
-      }
-    },
     "systems": {
       "locked": {
         "lastModified": 1681028828,

flake.nix

@@ -16,10 +16,6 @@
         darwin.follows = ""; # Not using this on MacOS, so this doesn't pull it's dependencies
       };
     };
-    sops-nix = {
-      url = "github:Mic92/sops-nix";
-      inputs.nixpkgs.follows = "nixpkgs-unstable-raw";
-    };
 
     home-manager = {
       url = "github:nix-community/home-manager/release-25.11";
@@ -171,7 +167,6 @@
               modules =
                 [
                   agenix.nixosModules.default
-                  sops-nix.nixosModules.sops
                   (
                     if stable
                     then home-manager

lib/default.nix

@@ -4,6 +4,5 @@ nixpkgs.lib.extend (final: prev: {
     importLib = file: import file {lib = final;};
   in {
     patches = importLib ./patches.nix;
-    networkManager = importLib ./networkManager.nix;
   };
 })

lib/networkManager.nix

@@ -1,18 +0,0 @@
-{lib}: {
-	/**
-  Make a NetworkManager wifi profile, to be used with ensureProfiles
-	*/
-	mkWifiProfile = {id, ssid, priority ? 0,  wifi-security}: {
-	  connection = {
-	    inherit id;
-	    type = "wifi";
-	    autoconnect-priority = priority;
-	  };
-	  ipv4.method = "auto";
-	  wifi = {
-	    mode = "infrastructure";
-	    inherit ssid;
-	  };
-	  inherit wifi-security;
-	};
-}

roles/common/configuration.nix

@@ -129,10 +129,7 @@
     backupFileExtension = "hm-backup";
     useGlobalPkgs = true;
     verbose = true;
-    sharedModules = with flakeSelf; [
+    sharedModules = [flakeSelf.inputs.catppuccin.homeModules.catppuccin];
-      inputs.catppuccin.homeModules.catppuccin
-      inputs.sops-nix.homeManagerModules.sops
-    ];
     users.toast = {osConfig, ...}: {
       catppuccin.flavor = osConfig.catppuccin.flavor;
       catppuccin.accent = osConfig.catppuccin.accent;
@@ -159,9 +156,6 @@
       "/persist/id_host"
     ];
   };
-  sops = {
-    age.sshKeyPaths = ["/persist/id_host"];
-  };
 
   catppuccin.grub.enable = true;
 

roles/desktop/services/networkmanager.nix

@@ -1,14 +1,12 @@
 {
   config,
-  lib,
   flakeSelf,
   ...
 }: let
   tailscaleName = config.services.tailscale.interfaceName;
 in {
-  sops.secrets.wifiPasswords = {
+  age.secrets = {
-    sopsFile = "${flakeSelf.inputs.secrets}/wifi-passwords.env";
+    wifiPasswords.file = "${flakeSelf.inputs.secrets}/wifi-passwords.age";
-    format = "dotenv";
   };
   networking.networkmanager = {
     enable = true;
@@ -16,36 +14,42 @@ in {
       "interface-name:${tailscaleName}"
     ];
     ensureProfiles = {
-      environmentFiles = [config.sops.secrets.wifiPasswords.path];
+      environmentFiles = [config.age.secrets.wifiPasswords.path];
-      profiles = with lib.toast.networkManager; {
+      profiles = {
-        "4g-modem" = mkWifiProfile {
+        "4g-modem" = {
-          id = "4G Modem";
+          connection = {
-          priority = 5;
+            id = "4G Modem";
-          ssid = "TP-Link_CCB4";
+            type = "wifi";
+            autoconnect-priority = 5;
+          };
+          ipv4.method = "auto";
+          wifi = {
+            mode = "infrastructure";
+            ssid = "TP-Link_CCB4";
+          };
           wifi-security = {
             auth-alg = "open";
             key-mgmt = "wpa-psk";
             psk = "$MODEM";
           };
         };
-        phone = mkWifiProfile {
+        phone = {
-          id = "Phone";
+          connection = {
-          priority = 5;
+            id = "Phone";
-          ssid = "Redmi Note 10 Pro_5197";
+            type = "wifi";
+            autoconnect-priority = 5;
+          };
+          ipv4.method = "auto";
+          wifi = {
+            mode = "infrastructure";
+            ssid = "Redmi Note 10 Pro_5197";
+          };
           wifi-security = {
             auth-alg = "open";
             key-mgmt = "sae";
             psk = "$PHONE";
           };
         };
-        home = mkWifiProfile {
-          id = "Home";
-          ssid = "MOVISTAR-WIFI6-DC98";
-          wifi-security = {
-            key-mgmt = "sae";
-            psk = "$HOME";
-          };
-        };
       };
     };
   };