summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--hosts/thinklappi/default.nix1
-rw-r--r--secrets/default.nix7
-rw-r--r--secrets/secrets.nix10
-rw-r--r--secrets/wireless.age12
-rw-r--r--sys/networking/default.nix3
-rw-r--r--sys/networking/networks.nixbin85 -> 128 bytes
6 files changed, 32 insertions, 1 deletions
diff --git a/hosts/thinklappi/default.nix b/hosts/thinklappi/default.nix
index 7f58e92..71f03fa 100644
--- a/hosts/thinklappi/default.nix
+++ b/hosts/thinklappi/default.nix
@@ -6,6 +6,7 @@
imports = [
./basesystem.nix
../../sys
+ ../../secrets
];
hardware = {
diff --git a/secrets/default.nix b/secrets/default.nix
new file mode 100644
index 0000000..d737de7
--- /dev/null
+++ b/secrets/default.nix
@@ -0,0 +1,7 @@
+{...}: {
+ age.secrets = {
+ wireless = {
+ file = ./wireless.age;
+ };
+ };
+}
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
new file mode 100644
index 0000000..104e25b
--- /dev/null
+++ b/secrets/secrets.nix
@@ -0,0 +1,10 @@
+let
+ sils = "age1vuhaey7kd9l76y6f9weeqmde3s4kjw38869ju6u3027yece2r3rqssjxst";
+ thinklappi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGtOvWH5GgVhCAUsHTlKI/N2w7rK+uODMro0VZYWWdZJ root@thinklappi";
+ allSecrets = [
+ sils
+ thinklappi
+ ];
+in {
+ "wireless.age".publicKeys = allSecrets;
+}
diff --git a/secrets/wireless.age b/secrets/wireless.age
new file mode 100644
index 0000000..b24ce17
--- /dev/null
+++ b/secrets/wireless.age
@@ -0,0 +1,12 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvR2xGVk03aHZrcHZOV0Jw
+STl0SlByMXhKdDBlQXNyRTdnY3RGQ2NPZ2hFCnlXa3E5RGJTd1V6R3VLQzlYQmpo
+a0tCZUd6VnRyZTFEcTRFc1NORk9mZ2MKLT4gc3NoLWVkMjU1MTkgL1BReS9BIGs1
+cGFkMGd0QzVsU0JPRTRhUG0vbWY2bXR4M0NQaktIZjZsQmpCUTcxVHMKMSs4VkxZ
+UVYxT1hBcXBSNUlmc1FYR0NQNGpkN0JLVnZWMDNHdW4zS205MAotPiB5Y0NfNlxU
+LWdyZWFzZSBUQ2NNYlRDbCBiQFsgeEsgVQptR05yL1BsYjc4MlJKSFY3MmhhSnhZ
+SWJxN256djdlU01JY2pLS25Od2ZudEFhVQotLS0gQWRYZW9raGtCUEZ1czgwSVo2
+MDBoOEl5b0RUVnVieVFXR1I0OWRjL2NWMAoOWBXxJA9Bn+pQXWltE5cpHtE2YHP7
+17opbS05pkcCwXCCOH/7woPSlrFY+JgM61nUsvrXBujYTUbzJxXyXNODj4KpRICH
+OOqMORMzVZ72D7127VCYRXpfoIMOacUIh1MT
+-----END AGE ENCRYPTED FILE-----
diff --git a/sys/networking/default.nix b/sys/networking/default.nix
index c630249..2d5a74b 100644
--- a/sys/networking/default.nix
+++ b/sys/networking/default.nix
@@ -1,9 +1,10 @@
-{...}: {
+{config, ...}: {
networking = {
useDHCP = true;
#nameservers = ["2620:fe::fe" "2620:fe::9" "9.9.9.9" "149.112.112.112"];
wireless = {
enable = true;
+ environmentFile = config.age.secrets.wireless.path;
networks = import ./networks.nix;
};
};
diff --git a/sys/networking/networks.nix b/sys/networking/networks.nix
index 8f3130d..fdb2d1b 100644
--- a/sys/networking/networks.nix
+++ b/sys/networking/networks.nix
Binary files differ
generated by cgit v1.3.1 (git 2.54.0) at 2026-06-02 17:26:35 +0000