Make use of sops templates

2026-01-21 17:31:34 +01:00 · 2024-06-26 17:21:09 +02:00 · 2024-06-26 17:21:09 +02:00 · 8805183553
commit 8805183553
parent e2261da99b
4 changed files with 41 additions and 17 deletions
--- a/modules/system/geoclue.nix
+++ b/modules/system/geoclue.nix
@ -3,9 +3,17 @@
  options.myConfig.geoclue.enable = lib.mkEnableOption "";

  config = lib.mkIf config.myConfig.geoclue.enable {
-    sops.secrets.geoclue-location-service = {
-      owner = "geoclue";
-      path = "/etc/geoclue/conf.d/location-service.conf";
+    sops = {
+      secrets.geolocation-api-key = { };
+
+      templates."geoclue-location-service.conf" = {
+        owner = "geoclue";
+        path = "/etc/geoclue/conf.d/location-service.conf";
+        content = ''
+          [wifi]
+          url=https://www.googleapis.com/geolocation/v1/geolocate?key=${config.sops.placeholder.geolocation-api-key}
+        '';
+      };
    };

    services.geoclue2 = {
--- a/modules/system/wlan.nix
+++ b/modules/system/wlan.nix
@ -8,9 +8,23 @@
  options.myConfig.wlan.enable = lib.mkEnableOption "";

  config = lib.mkIf config.myConfig.wlan.enable {
-    sops.secrets = {
-      "iwd/WLAN-233151" = { };
-      "iwd/Fairphone4" = { };
+    sops = {
+      secrets = {
+        "wlan/WLAN-233151/key" = { };
+        "wlan/Fairphone4/key" = { };
+      };
+
+      templates =
+        let
+          mkPskFile = key: ''
+            [Security]
+            Passphrase=${key}
+          '';
+        in
+        {
+          "iwd/WLAN-233151.psk".content = mkPskFile "${config.sops.placeholder."wlan/WLAN-233151/key"}";
+          "iwd/Fairphone4.psk".content = mkPskFile "${config.sops.placeholder."wlan/Fairphone4/key"}";
+        };
    };

    networking.wireless.iwd = {
@ -24,8 +38,8 @@
    };

    systemd.tmpfiles.rules = [
-      "C /var/lib/iwd/WLAN-233151.psk 0600 root root - ${config.sops.secrets."iwd/WLAN-233151".path}"
-      "C /var/lib/iwd/Fairphone4.psk 0600 root root - ${config.sops.secrets."iwd/Fairphone4".path}"
+      "C /var/lib/iwd/WLAN-233151.psk 0600 root root - ${config.sops.templates."iwd/WLAN-233151.psk".path}"
+      "C /var/lib/iwd/Fairphone4.psk 0600 root root - ${config.sops.templates."iwd/Fairphone4.psk".path}"
    ];

    environment.systemPackages = [ pkgs.iwgtk ];