104 current 1970-01-01 01:00:00 24.05.20240303.b8697e5 6.6.19 *

.sops.yaml

@@ -0,0 +1,7 @@
+keys:
+  - &max age1d6ze98387f0gryqwvrdlcxgz3wgs607ach4duwmnp72dzaa63cxqchc78n
+creation_rules:
+  - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
+    key_groups:
+    - age:
+      - *max

flake.lock

@@ -36,10 +36,48 @@
         "type": "github"
       }
     },
+    "nixpkgs-stable": {
+      "locked": {
+        "lastModified": 1709428628,
+        "narHash": "sha256-//ZCCnpVai/ShtO2vPjh3AWgo8riXCaret6V9s7Hew4=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "66d65cb00b82ffa04ee03347595aa20e41fe3555",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "release-23.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "root": {
       "inputs": {
         "home-manager": "home-manager",
-        "nixpkgs": "nixpkgs"
+        "nixpkgs": "nixpkgs",
+        "sops-nix": "sops-nix"
+      }
+    },
+    "sops-nix": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "nixpkgs-stable": "nixpkgs-stable"
+      },
+      "locked": {
+        "lastModified": 1709711091,
+        "narHash": "sha256-L0rSIU9IguTG4YqSj4B/02SyTEz55ACq5t8gXpzteYc=",
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "rev": "25dd60fdd08fcacee2567a26ba6b91fe098941dc",
+        "type": "github"
+      },
+      "original": {
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "type": "github"
       }
     }
   },

flake.nix

@@ -8,12 +8,18 @@
       url = "github:nix-community/home-manager";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+
+    sops-nix = {
+      url = "github:Mic92/sops-nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
   };
 
   outputs = {
     self,
     nixpkgs,
     home-manager,
+    sops-nix,
     ...
   } @ inputs: let
     system = "x86_64-linux";
@@ -21,6 +27,7 @@
   in {
     nixosConfigurations."MaxNixosLaptop" = nixpkgs.lib.nixosSystem {
       specialArgs = {inherit inputs;};
+      system = "x86_64-linux";
       modules = [
         ./hosts/MaxNixosLaptop/configuration.nix
         home-manager.nixosModules.default
@@ -28,6 +35,7 @@
           home-manager.useGlobalPkgs = true;
           home-manager.useUserPackages = true;
         }
+        sops-nix.nixosModules.sops
       ];
     };
   };

modules/nixos/wifi.nix

@@ -0,0 +1,14 @@
+{config, ...}: {
+  sops.secrets."wireless.env" = {};
+  networking.wireless = {
+    enable = true;
+    userControlled.enable = true;
+    environmentFile = config.sops.secrets."wireless.env".path;
+    networks = {
+      "@home_uuid@" = {
+        psk = "@home_psk@";
+      };
+    };
+  };
+  users.extraUsers.max.extraGroups = ["wheel"];
+}

secrets/wifi.yaml

@@ -0,0 +1,21 @@
+wireless.env: ENC[AES256_GCM,data:pXOU206hhiqiIRs+PtZQWeSnDw5CE+haT5e5yhJsBd6HwgYhf10Np7GJqO9h05LhzXc=,iv:qzfZra19gKLnbOuuoxBZvjTmj4S2oUTIzOoruThiTtM=,tag:IBlapf2nDAtGn7HNRPqPuQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1d6ze98387f0gryqwvrdlcxgz3wgs607ach4duwmnp72dzaa63cxqchc78n
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1dUU1SERuNW9QODFDVFMr
+            NVRuelgyLzJQL3lmT1dKc3lqVU5WVUZod204CndiNThocnVERm5KVXhSZlE1TGtK
+            ZzMxNlljOGdWU0pOVXhVY2dyekFkWkUKLS0tIHNwZFNyeHBhSHlnSVVxVDBQNWEr
+            d0FZc0x5UVhPQ09xUE5Qa1A0QkExVmcKkcy1i+nME0uHlLy8vCu8vgqSuR+0NqaD
+            D+zKRKNdfJn1TLsoyDb4iDSeqp8nB9fZzQqIJshGRhlnqxuzIiYqqA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-03-08T22:23:12Z"
+    mac: ENC[AES256_GCM,data:zEl2mrrkj3P5D1FGMn5fGLxgCW1pfj5Y8KBgnxZLAtuq2LecYZotth7XpeyyReGaGWUt7GnBBJd6xL/qILiBsHpQMzyptNZp7QZM0kGygxMj7rhCkEXB6J6KQdbf7RilpZIe3mbNhvK11+OXY6jSBnTzkIht08l1fYc/FFa6S6A=,iv:/H+13Qc+Rt/f8G7aue73LCNb5LWyLDIupnJCEIhDxO8=,tag:rRRC4VqTlaSkeg4ST0p3yQ==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1