From ae6526445ebcd00da3f743fd4b5d84424d275a8d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Max=20K=C3=A4nner?= <max.kaenner@gmail.com>
Date: Fri, 8 Mar 2024 23:28:19 +0100
Subject: [PATCH] 104 current  1970-01-01 01:00:00  24.05.20240303.b8697e5  
 6.6.19                          *

---
 .sops.yaml             |  7 +++++++
 flake.lock             | 40 +++++++++++++++++++++++++++++++++++++++-
 flake.nix              |  8 ++++++++
 modules/nixos/wifi.nix | 14 ++++++++++++++
 secrets/wifi.yaml      | 21 +++++++++++++++++++++
 5 files changed, 89 insertions(+), 1 deletion(-)
 create mode 100644 .sops.yaml
 create mode 100644 modules/nixos/wifi.nix
 create mode 100644 secrets/wifi.yaml

diff --git a/.sops.yaml b/.sops.yaml
new file mode 100644
index 0000000..86184e9
--- /dev/null
+++ b/.sops.yaml
@@ -0,0 +1,7 @@
+keys:
+  - &max age1d6ze98387f0gryqwvrdlcxgz3wgs607ach4duwmnp72dzaa63cxqchc78n
+creation_rules:
+  - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
+    key_groups:
+    - age:
+      - *max
diff --git a/flake.lock b/flake.lock
index ed3d0e7..af07d7d 100644
--- a/flake.lock
+++ b/flake.lock
@@ -36,10 +36,48 @@
         "type": "github"
       }
     },
+    "nixpkgs-stable": {
+      "locked": {
+        "lastModified": 1709428628,
+        "narHash": "sha256-//ZCCnpVai/ShtO2vPjh3AWgo8riXCaret6V9s7Hew4=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "66d65cb00b82ffa04ee03347595aa20e41fe3555",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "release-23.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "root": {
       "inputs": {
         "home-manager": "home-manager",
-        "nixpkgs": "nixpkgs"
+        "nixpkgs": "nixpkgs",
+        "sops-nix": "sops-nix"
+      }
+    },
+    "sops-nix": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "nixpkgs-stable": "nixpkgs-stable"
+      },
+      "locked": {
+        "lastModified": 1709711091,
+        "narHash": "sha256-L0rSIU9IguTG4YqSj4B/02SyTEz55ACq5t8gXpzteYc=",
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "rev": "25dd60fdd08fcacee2567a26ba6b91fe098941dc",
+        "type": "github"
+      },
+      "original": {
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "type": "github"
       }
     }
   },
diff --git a/flake.nix b/flake.nix
index a0ff672..60cabd7 100644
--- a/flake.nix
+++ b/flake.nix
@@ -8,12 +8,18 @@
       url = "github:nix-community/home-manager";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+
+    sops-nix = {
+      url = "github:Mic92/sops-nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
   };
 
   outputs = {
     self,
     nixpkgs,
     home-manager,
+    sops-nix,
     ...
   } @ inputs: let
     system = "x86_64-linux";
@@ -21,6 +27,7 @@
   in {
     nixosConfigurations."MaxNixosLaptop" = nixpkgs.lib.nixosSystem {
       specialArgs = {inherit inputs;};
+      system = "x86_64-linux";
       modules = [
         ./hosts/MaxNixosLaptop/configuration.nix
         home-manager.nixosModules.default
@@ -28,6 +35,7 @@
           home-manager.useGlobalPkgs = true;
           home-manager.useUserPackages = true;
         }
+        sops-nix.nixosModules.sops
       ];
     };
   };
diff --git a/modules/nixos/wifi.nix b/modules/nixos/wifi.nix
new file mode 100644
index 0000000..fa49abd
--- /dev/null
+++ b/modules/nixos/wifi.nix
@@ -0,0 +1,14 @@
+{config, ...}: {
+  sops.secrets."wireless.env" = {};
+  networking.wireless = {
+    enable = true;
+    userControlled.enable = true;
+    environmentFile = config.sops.secrets."wireless.env".path;
+    networks = {
+      "@home_uuid@" = {
+        psk = "@home_psk@";
+      };
+    };
+  };
+  users.extraUsers.max.extraGroups = ["wheel"];
+}
diff --git a/secrets/wifi.yaml b/secrets/wifi.yaml
new file mode 100644
index 0000000..11fd3dd
--- /dev/null
+++ b/secrets/wifi.yaml
@@ -0,0 +1,21 @@
+wireless.env: ENC[AES256_GCM,data:pXOU206hhiqiIRs+PtZQWeSnDw5CE+haT5e5yhJsBd6HwgYhf10Np7GJqO9h05LhzXc=,iv:qzfZra19gKLnbOuuoxBZvjTmj4S2oUTIzOoruThiTtM=,tag:IBlapf2nDAtGn7HNRPqPuQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1d6ze98387f0gryqwvrdlcxgz3wgs607ach4duwmnp72dzaa63cxqchc78n
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1dUU1SERuNW9QODFDVFMr
+            NVRuelgyLzJQL3lmT1dKc3lqVU5WVUZod204CndiNThocnVERm5KVXhSZlE1TGtK
+            ZzMxNlljOGdWU0pOVXhVY2dyekFkWkUKLS0tIHNwZFNyeHBhSHlnSVVxVDBQNWEr
+            d0FZc0x5UVhPQ09xUE5Qa1A0QkExVmcKkcy1i+nME0uHlLy8vCu8vgqSuR+0NqaD
+            D+zKRKNdfJn1TLsoyDb4iDSeqp8nB9fZzQqIJshGRhlnqxuzIiYqqA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-03-08T22:23:12Z"
+    mac: ENC[AES256_GCM,data:zEl2mrrkj3P5D1FGMn5fGLxgCW1pfj5Y8KBgnxZLAtuq2LecYZotth7XpeyyReGaGWUt7GnBBJd6xL/qILiBsHpQMzyptNZp7QZM0kGygxMj7rhCkEXB6J6KQdbf7RilpZIe3mbNhvK11+OXY6jSBnTzkIht08l1fYc/FFa6S6A=,iv:/H+13Qc+Rt/f8G7aue73LCNb5LWyLDIupnJCEIhDxO8=,tag:rRRC4VqTlaSkeg4ST0p3yQ==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1