241 current 1970-01-01 01:00:00 24.05.20240316.c75037b 6.6.22 *

This commit is contained in:
Max Känner 2024-03-18 10:22:56 +01:00
parent d9bf9363bb
commit 267616cc4e
3 changed files with 63 additions and 66 deletions

View File

@ -13,6 +13,7 @@
# script for rebuilding nixos # script for rebuilding nixos
../../modules/nixos/rebuild.nix ../../modules/nixos/rebuild.nix
../../modules/nixos/wifi.nix ../../modules/nixos/wifi.nix
../../modules/nixos/sops.nix
# greetd login manager # greetd login manager
../../modules/nixos/greetd.nix ../../modules/nixos/greetd.nix
# sway as window manager # sway as window manager

19
modules/nixos/sops.nix Normal file
View File

@ -0,0 +1,19 @@
{sops, ...}: {
sops = {
age.keyFile = /home/max/.config/sops/age/keys.txt;
secrets = {
"home/ssid" = {
sopsFile = ../../secrets/wifi.yaml;
};
"home/psk" = {
sopsFile = ../../secrets/wifi.yaml;
};
"eduroam/ident" = {
sopsFile = ../../secrets/wifi.yaml;
};
"eduroam/psk" = {
sopsFile = ../../secrets/wifi.yaml;
};
};
};
}

View File

@ -3,20 +3,23 @@
pkgs, pkgs,
... ...
}: { }: {
sops.age.keyFile = /home/max/.config/sops/age/keys.txt; sops.templates = let
sops.secrets."home/ssid" = { placeholder = config.sops.placeholder;
sopsFile = ../../secrets/wifi.yaml; in {
}; "home.nmconnection".content = ''
sops.secrets."home/psk" = { [connection]
sopsFile = ../../secrets/wifi.yaml; id=${placeholder."home/ssid"}
}; type=wifi
sops.secrets."eduroam/ident" = {
sopsFile = ../../secrets/wifi.yaml; [wifi]
}; mode=infrastructure
sops.secrets."eduroam/psk" = { ssid=${placeholder."home/ssid"}
sopsFile = ../../secrets/wifi.yaml;
}; [wifi-security]
sops.templates."eduroam.nmconnection".content = '' key-mgmt=wpa-psk
psk=${placeholder."home/psk"}
'';
"eduroam.nmconnection".content = ''
[connection] [connection]
id=eduroam id=eduroam
type=wifi type=wifi
@ -34,47 +37,21 @@
ca-cert=${./T-TeleSec_GlobalRoot_Class_2.crt} ca-cert=${./T-TeleSec_GlobalRoot_Class_2.crt}
domain-suffix-match=radius-dfn.luis.uni-hannover.de domain-suffix-match=radius-dfn.luis.uni-hannover.de
eap=ttls; eap=ttls;
identity=${config.sops.placeholder."eduroam/ident"} identity=${placeholder."eduroam/ident"}
password=${config.sops.placeholder."eduroam/psk"} password=${placeholder."eduroam/psk"}
phase2-auth=mschapv2 phase2-auth=mschapv2
''; '';
environment.etc."NetworkManager/system-connections/eduroam.nmconnection".source = config.sops.templates."eduroam.nmconnection".path; };
environment.etc = let
template = config.sops.templates;
base = "NetworkManager/system-connections";
in {
"${base}/home.nmconnection".source = template."home.nmconnection".path;
"${base}/eduroam.nmconnection".source = template."eduroam.nmconnection".path;
};
networking.networkmanager = { networking.networkmanager = {
enable = true; enable = true;
ensureProfiles.profiles = { ensureProfiles.profiles = {
home = {
connection = {
id = "Please Hack";
type = "wifi";
};
wifi = {
mode = "infrastructure";
ssid = "Please Hack";
};
wifi-security = {
key-mgmt = "wpa-psk";
};
};
eduroam = {
connection = {
id = "eduroam";
type = "wifi";
};
wifi = {
mode = "infrastructure";
ssid = "eduroam";
};
wifi-security = {
key-mgmt = "wpa-eap";
};
"802-1x" = {
anonymous-identity = "anonymous@uni-hannover.de";
ca-cert = "${./T-TeleSec_GlobalRoot_Class_2.crt}";
domain-suffix-match = "radius-dfn.luis.uni-hannover.de";
eap = "ttls;";
phase2-auth = "mschapv2";
};
};
luhbotsNet5 = { luhbotsNet5 = {
connection = { connection = {
id = "luhbotsNet5"; id = "luhbotsNet5";