Toast/nix-stuff
1
0
Fork 0
Code Issues Pull requests Projects 1 Wiki Activity

Compare commits

base: Toast:4361d6e0a98dee6af0d791532b7fe27f7139c59e
Branches Tags
Toast:main
Toast:plasma-refactor
Toast:headscale
Toast:plasma6
Toast:catppuccin
Toast:kde-stuff
Toast:firefox
Toast:upgrade-to-23.05
..
compare: Toast:1ea530a2a6e2add56d90a6fb4575f812322e0bbf
Branches Tags
Toast:main
Toast:plasma-refactor
Toast:headscale
Toast:plasma6
Toast:catppuccin
Toast:kde-stuff
Toast:firefox
Toast:upgrade-to-23.05

5 commits
4361d6e0a9 ... 1ea530a2a6

Author SHA1 Message Date
Toast
1ea530a2a6 Desktop/networkManager: add home wifi 2025-12-06 04:41:12 +01:00
Toast
7277135a5b Desktop/networkManager: refactor 2025-12-06 04:16:48 +01:00
Toast
8c6fdd5b51 Desktop/NetworkManager: migrate secrets to sops-nix 2025-12-06 03:37:06 +01:00
Toast
1d1b76b329 Flake: add sops-nix 2025-12-06 03:31:56 +01:00
Toast
9ca56553f7 Justfile: update secrets repo url 2025-12-06 02:33:40 +01:00
7 changed files with 81 additions and 34 deletions
Download patch file Download diff file Expand all files Collapse all files

4
.justfile
View file

@ -15,8 +15,8 @@ update:
nix flake update
@edit-secrets:
git clone ssh://forgejo@git.everest.tailscale:4222/Toast/nix-secrets.git /tmp/secrets
sed -i 's\git+ssh://forgejo@git.everest.tailscale:4222/Toast/nix-secrets\/tmp/secrets\g' flake.nix
git clone ssh://forgejo@git.toast003.xyz:4222/Toast/nix-secrets.git /tmp/secrets
sed -i 's\git+ssh://forgejo@git.toast003.xyz:4222/Toast/nix-secrets\/tmp/secrets\g' flake.nix
nix flake update secrets
echo "{{bold}}All done!"
echo "{{normal}}Remember to restore flake.nix"

31
flake.lock generated
View file

@ -517,17 +517,18 @@
"nixpkgs-raw": "nixpkgs-raw",
"nixpkgs-unstable-raw": "nixpkgs-unstable-raw",
"plasma-manager": "plasma-manager",
"secrets": "secrets"
"secrets": "secrets",
"sops-nix": "sops-nix"
}
},
"secrets": {
"flake": false,
"locked": {
"lastModified": 1737970846,
"narHash": "sha256-+b44nvv+rKiRdABSHGaTLbp9ysRaHE+s/CuUsA9zNac=",
"lastModified": 1764992299,
"narHash": "sha256-6vJ4teDUQus5TsOMfJZEfDOslsjvkhHPELZiOAeOX8s=",
"ref": "refs/heads/main",
"rev": "d8262fb108d0810d21c5e098b54a105e867e72ce",
"revCount": 28,
"rev": "5c3122fc8dd5d6fe855d7da42740272cb2c313d4",
"revCount": 32,
"type": "git",
"url": "ssh://forgejo@git.toast003.xyz:4222/Toast/nix-secrets"
},
@ -536,6 +537,26 @@
"url": "ssh://forgejo@git.toast003.xyz:4222/Toast/nix-secrets"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs-unstable-raw"
]
},
"locked": {
"lastModified": 1764483358,
"narHash": "sha256-EyyvCzXoHrbL467YSsQBTWWg4sR96MH1sPpKoSOelB4=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "5aca6ff67264321d47856a2ed183729271107c9c",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,

5
flake.nix
View file

@ -16,6 +16,10 @@
darwin.follows = ""; # Not using this on MacOS, so this doesn't pull it's dependencies
};
};
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs-unstable-raw";
};
home-manager = {
url = "github:nix-community/home-manager/release-25.11";
@ -167,6 +171,7 @@
modules =
[
agenix.nixosModules.default
sops-nix.nixosModules.sops
(
if stable
then home-manager

1
lib/default.nix
View file

@ -4,5 +4,6 @@ nixpkgs.lib.extend (final: prev: {
importLib = file: import file {lib = final;};
in {
patches = importLib ./patches.nix;
networkManager = importLib ./networkManager.nix;
};
})

18
lib/networkManager.nix Normal file
View file

@ -0,0 +1,18 @@
{lib}: {
/**
Make a NetworkManager wifi profile, to be used with ensureProfiles
*/
mkWifiProfile = {id, ssid, priority ? 0, wifi-security}: {
connection = {
inherit id;
type = "wifi";
autoconnect-priority = priority;
};
ipv4.method = "auto";
wifi = {
mode = "infrastructure";
inherit ssid;
};
inherit wifi-security;
};
}

8
roles/common/configuration.nix
View file

@ -129,7 +129,10 @@
backupFileExtension = "hm-backup";
useGlobalPkgs = true;
verbose = true;
sharedModules = [flakeSelf.inputs.catppuccin.homeModules.catppuccin];
sharedModules = with flakeSelf; [
inputs.catppuccin.homeModules.catppuccin
inputs.sops-nix.homeManagerModules.sops
];
users.toast = {osConfig, ...}: {
catppuccin.flavor = osConfig.catppuccin.flavor;
catppuccin.accent = osConfig.catppuccin.accent;
@ -156,6 +159,9 @@
"/persist/id_host"
];
};
sops = {
age.sshKeyPaths = ["/persist/id_host"];
};
catppuccin.grub.enable = true;

48
roles/desktop/services/networkmanager.nix
View file

@ -1,12 +1,14 @@
{
config,
lib,
flakeSelf,
...
}: let
tailscaleName = config.services.tailscale.interfaceName;
in {
age.secrets = {
wifiPasswords.file = "${flakeSelf.inputs.secrets}/wifi-passwords.age";
sops.secrets.wifiPasswords = {
sopsFile = "${flakeSelf.inputs.secrets}/wifi-passwords.env";
format = "dotenv";
};
networking.networkmanager = {
enable = true;
@ -14,42 +16,36 @@ in {
"interface-name:${tailscaleName}"
];
ensureProfiles = {
environmentFiles = [config.age.secrets.wifiPasswords.path];
profiles = {
"4g-modem" = {
connection = {
id = "4G Modem";
type = "wifi";
autoconnect-priority = 5;
};
ipv4.method = "auto";
wifi = {
mode = "infrastructure";
ssid = "TP-Link_CCB4";
};
environmentFiles = [config.sops.secrets.wifiPasswords.path];
profiles = with lib.toast.networkManager; {
"4g-modem" = mkWifiProfile {
id = "4G Modem";
priority = 5;
ssid = "TP-Link_CCB4";
wifi-security = {
auth-alg = "open";
key-mgmt = "wpa-psk";
psk = "$MODEM";
};
};
phone = {
connection = {
id = "Phone";
type = "wifi";
autoconnect-priority = 5;
};
ipv4.method = "auto";
wifi = {
mode = "infrastructure";
ssid = "Redmi Note 10 Pro_5197";
};
phone = mkWifiProfile {
id = "Phone";
priority = 5;
ssid = "Redmi Note 10 Pro_5197";
wifi-security = {
auth-alg = "open";
key-mgmt = "sae";
psk = "$PHONE";
};
};
home = mkWifiProfile {
id = "Home";
ssid = "MOVISTAR-WIFI6-DC98";
wifi-security = {
key-mgmt = "sae";
psk = "$HOME";
};
};
};
};
};