241 current 1970-01-01 01:00:00 24.05.20240316.c75037b 6.6.22 *
This commit is contained in:
parent
d9bf9363bb
commit
267616cc4e
@ -13,6 +13,7 @@
|
|||||||
# script for rebuilding nixos
|
# script for rebuilding nixos
|
||||||
../../modules/nixos/rebuild.nix
|
../../modules/nixos/rebuild.nix
|
||||||
../../modules/nixos/wifi.nix
|
../../modules/nixos/wifi.nix
|
||||||
|
../../modules/nixos/sops.nix
|
||||||
# greetd login manager
|
# greetd login manager
|
||||||
../../modules/nixos/greetd.nix
|
../../modules/nixos/greetd.nix
|
||||||
# sway as window manager
|
# sway as window manager
|
||||||
|
19
modules/nixos/sops.nix
Normal file
19
modules/nixos/sops.nix
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
{sops, ...}: {
|
||||||
|
sops = {
|
||||||
|
age.keyFile = /home/max/.config/sops/age/keys.txt;
|
||||||
|
secrets = {
|
||||||
|
"home/ssid" = {
|
||||||
|
sopsFile = ../../secrets/wifi.yaml;
|
||||||
|
};
|
||||||
|
"home/psk" = {
|
||||||
|
sopsFile = ../../secrets/wifi.yaml;
|
||||||
|
};
|
||||||
|
"eduroam/ident" = {
|
||||||
|
sopsFile = ../../secrets/wifi.yaml;
|
||||||
|
};
|
||||||
|
"eduroam/psk" = {
|
||||||
|
sopsFile = ../../secrets/wifi.yaml;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
@ -3,78 +3,55 @@
|
|||||||
pkgs,
|
pkgs,
|
||||||
...
|
...
|
||||||
}: {
|
}: {
|
||||||
sops.age.keyFile = /home/max/.config/sops/age/keys.txt;
|
sops.templates = let
|
||||||
sops.secrets."home/ssid" = {
|
placeholder = config.sops.placeholder;
|
||||||
sopsFile = ../../secrets/wifi.yaml;
|
in {
|
||||||
};
|
"home.nmconnection".content = ''
|
||||||
sops.secrets."home/psk" = {
|
[connection]
|
||||||
sopsFile = ../../secrets/wifi.yaml;
|
id=${placeholder."home/ssid"}
|
||||||
};
|
type=wifi
|
||||||
sops.secrets."eduroam/ident" = {
|
|
||||||
sopsFile = ../../secrets/wifi.yaml;
|
|
||||||
};
|
|
||||||
sops.secrets."eduroam/psk" = {
|
|
||||||
sopsFile = ../../secrets/wifi.yaml;
|
|
||||||
};
|
|
||||||
sops.templates."eduroam.nmconnection".content = ''
|
|
||||||
[connection]
|
|
||||||
id=eduroam
|
|
||||||
type=wifi
|
|
||||||
|
|
||||||
[wifi]
|
[wifi]
|
||||||
mode=infrastructure
|
mode=infrastructure
|
||||||
ssid=eduroam
|
ssid=${placeholder."home/ssid"}
|
||||||
|
|
||||||
[wifi-security]
|
[wifi-security]
|
||||||
auth-alg=open
|
key-mgmt=wpa-psk
|
||||||
key-mgmt=wpa-eap
|
psk=${placeholder."home/psk"}
|
||||||
|
'';
|
||||||
|
"eduroam.nmconnection".content = ''
|
||||||
|
[connection]
|
||||||
|
id=eduroam
|
||||||
|
type=wifi
|
||||||
|
|
||||||
[802-1x]
|
[wifi]
|
||||||
anonymous-identity=anonymous@uni-hannover.de
|
mode=infrastructure
|
||||||
ca-cert=${./T-TeleSec_GlobalRoot_Class_2.crt}
|
ssid=eduroam
|
||||||
domain-suffix-match=radius-dfn.luis.uni-hannover.de
|
|
||||||
eap=ttls;
|
[wifi-security]
|
||||||
identity=${config.sops.placeholder."eduroam/ident"}
|
auth-alg=open
|
||||||
password=${config.sops.placeholder."eduroam/psk"}
|
key-mgmt=wpa-eap
|
||||||
phase2-auth=mschapv2
|
|
||||||
'';
|
[802-1x]
|
||||||
environment.etc."NetworkManager/system-connections/eduroam.nmconnection".source = config.sops.templates."eduroam.nmconnection".path;
|
anonymous-identity=anonymous@uni-hannover.de
|
||||||
|
ca-cert=${./T-TeleSec_GlobalRoot_Class_2.crt}
|
||||||
|
domain-suffix-match=radius-dfn.luis.uni-hannover.de
|
||||||
|
eap=ttls;
|
||||||
|
identity=${placeholder."eduroam/ident"}
|
||||||
|
password=${placeholder."eduroam/psk"}
|
||||||
|
phase2-auth=mschapv2
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
environment.etc = let
|
||||||
|
template = config.sops.templates;
|
||||||
|
base = "NetworkManager/system-connections";
|
||||||
|
in {
|
||||||
|
"${base}/home.nmconnection".source = template."home.nmconnection".path;
|
||||||
|
"${base}/eduroam.nmconnection".source = template."eduroam.nmconnection".path;
|
||||||
|
};
|
||||||
networking.networkmanager = {
|
networking.networkmanager = {
|
||||||
enable = true;
|
enable = true;
|
||||||
ensureProfiles.profiles = {
|
ensureProfiles.profiles = {
|
||||||
home = {
|
|
||||||
connection = {
|
|
||||||
id = "Please Hack";
|
|
||||||
type = "wifi";
|
|
||||||
};
|
|
||||||
wifi = {
|
|
||||||
mode = "infrastructure";
|
|
||||||
ssid = "Please Hack";
|
|
||||||
};
|
|
||||||
wifi-security = {
|
|
||||||
key-mgmt = "wpa-psk";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
eduroam = {
|
|
||||||
connection = {
|
|
||||||
id = "eduroam";
|
|
||||||
type = "wifi";
|
|
||||||
};
|
|
||||||
wifi = {
|
|
||||||
mode = "infrastructure";
|
|
||||||
ssid = "eduroam";
|
|
||||||
};
|
|
||||||
wifi-security = {
|
|
||||||
key-mgmt = "wpa-eap";
|
|
||||||
};
|
|
||||||
"802-1x" = {
|
|
||||||
anonymous-identity = "anonymous@uni-hannover.de";
|
|
||||||
ca-cert = "${./T-TeleSec_GlobalRoot_Class_2.crt}";
|
|
||||||
domain-suffix-match = "radius-dfn.luis.uni-hannover.de";
|
|
||||||
eap = "ttls;";
|
|
||||||
phase2-auth = "mschapv2";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
luhbotsNet5 = {
|
luhbotsNet5 = {
|
||||||
connection = {
|
connection = {
|
||||||
id = "luhbotsNet5";
|
id = "luhbotsNet5";
|
||||||
|
Loading…
Reference in New Issue
Block a user