summary refs log tree commit diff stats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--hosts/thinklappi/default.nix1
-rw-r--r--secrets/default.nix7
-rw-r--r--secrets/secrets.nix10
-rw-r--r--secrets/wireless.age12
-rw-r--r--sys/networking/default.nix3
-rw-r--r--sys/networking/networks.nixbin85 -> 128 bytes
6 files changed, 32 insertions, 1 deletions
diff --git a/hosts/thinklappi/default.nix b/hosts/thinklappi/default.nix
index 7f58e92..71f03fa 100644
--- a/hosts/thinklappi/default.nix
+++ b/hosts/thinklappi/default.nix
@@ -6,6 +6,7 @@
   imports = [
     ./basesystem.nix
     ../../sys
+    ../../secrets
   ];
 
   hardware = {
diff --git a/secrets/default.nix b/secrets/default.nix
new file mode 100644
index 0000000..d737de7
--- /dev/null
+++ b/secrets/default.nix
@@ -0,0 +1,7 @@
+{...}: {
+  age.secrets = {
+    wireless = {
+      file = ./wireless.age;
+    };
+  };
+}
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
new file mode 100644
index 0000000..104e25b
--- /dev/null
+++ b/secrets/secrets.nix
@@ -0,0 +1,10 @@
+let
+  sils = "age1vuhaey7kd9l76y6f9weeqmde3s4kjw38869ju6u3027yece2r3rqssjxst";
+  thinklappi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGtOvWH5GgVhCAUsHTlKI/N2w7rK+uODMro0VZYWWdZJ root@thinklappi";
+  allSecrets = [
+    sils
+    thinklappi
+  ];
+in {
+  "wireless.age".publicKeys = allSecrets;
+}
diff --git a/secrets/wireless.age b/secrets/wireless.age
new file mode 100644
index 0000000..b24ce17
--- /dev/null
+++ b/secrets/wireless.age
@@ -0,0 +1,12 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvR2xGVk03aHZrcHZOV0Jw
+STl0SlByMXhKdDBlQXNyRTdnY3RGQ2NPZ2hFCnlXa3E5RGJTd1V6R3VLQzlYQmpo
+a0tCZUd6VnRyZTFEcTRFc1NORk9mZ2MKLT4gc3NoLWVkMjU1MTkgL1BReS9BIGs1
+cGFkMGd0QzVsU0JPRTRhUG0vbWY2bXR4M0NQaktIZjZsQmpCUTcxVHMKMSs4VkxZ
+UVYxT1hBcXBSNUlmc1FYR0NQNGpkN0JLVnZWMDNHdW4zS205MAotPiB5Y0NfNlxU
+LWdyZWFzZSBUQ2NNYlRDbCBiQFsgeEsgVQptR05yL1BsYjc4MlJKSFY3MmhhSnhZ
+SWJxN256djdlU01JY2pLS25Od2ZudEFhVQotLS0gQWRYZW9raGtCUEZ1czgwSVo2
+MDBoOEl5b0RUVnVieVFXR1I0OWRjL2NWMAoOWBXxJA9Bn+pQXWltE5cpHtE2YHP7
+17opbS05pkcCwXCCOH/7woPSlrFY+JgM61nUsvrXBujYTUbzJxXyXNODj4KpRICH
+OOqMORMzVZ72D7127VCYRXpfoIMOacUIh1MT
+-----END AGE ENCRYPTED FILE-----
diff --git a/sys/networking/default.nix b/sys/networking/default.nix
index c630249..2d5a74b 100644
--- a/sys/networking/default.nix
+++ b/sys/networking/default.nix
@@ -1,9 +1,10 @@
-{...}: {
+{config, ...}: {
   networking = {
     useDHCP = true;
     #nameservers = ["2620:fe::fe" "2620:fe::9" "9.9.9.9" "149.112.112.112"];
     wireless = {
       enable = true;
+      environmentFile = config.age.secrets.wireless.path;
       networks = import ./networks.nix;
     };
   };
diff --git a/sys/networking/networks.nix b/sys/networking/networks.nix
index 8f3130d..fdb2d1b 100644
--- a/sys/networking/networks.nix
+++ b/sys/networking/networks.nix
Binary files differ
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-28 23:39:21 +0000