mirror of
https://github.com/SebastianStork/nixos-config.git
synced 2026-01-21 16:21:34 +01:00
Make use of sops templates
This commit is contained in:
parent
e2261da99b
commit
8805183553
4 changed files with 41 additions and 17 deletions
|
|
@ -1,9 +1,11 @@
|
|||
seb-password: ENC[AES256_GCM,data:LlW1njlY0tVfYne/NFM2KJbAPb4eAQgy0mPMIZAIPH5mdr7cSCaPYhc+WF5ZlrlL//mh8WHhsHbEBuA6P7oabSeP6ZczCmTV6w==,iv:oWQj47oxjxR3DBHhFwUD/Emj5ziZHwcbXzD69ChRmHU=,tag:cuTloyd4HW6behF8fmWdxw==,type:str]
|
||||
tailscale-auth-key: ENC[AES256_GCM,data:P63hQK6x6OjKQFZmoDXK2+ffUNd6wCzxot+d9GOsplbLMI1Dlvknt+Qq1GHaaziFgvGoQbLLha6RmORD1w==,iv:L9tKkJHuGuN6hzBcPum4giYInpn6+DuAq1zthTRSB/U=,tag:FDCnHCYY/vBYgf1xNiYyMg==,type:str]
|
||||
geoclue-location-service: ENC[AES256_GCM,data:eNtzXHhgdhYbGkcIoPk8gkoj2puxebdWC7QData8Ze1/M9+HITDVEDWcxUjXj2oUuXvfJT3dHjEky4b0vAib8odDBBl/+2o4rqjrflGpCUyPU2Qjb8c72w9eYPlekuqeZ7RhOrc2J3LPsQI=,iv:AapFoiKZ/NGBheBhqp5Ei3zzg9yT3rtZVObB5fbIulU=,tag:+k67dDHjQMLsk9KWwboUaA==,type:str]
|
||||
iwd:
|
||||
WLAN-233151: ENC[AES256_GCM,data:qnP47hqkVVAWycWaradtJQ/AUu6Jqhh281az4lHp9Vo6bmRLWNga2vG0Sg==,iv:+pC6EVtgzxR//bMJCDyzmsBrT25pcGZ5sAEkUkohU5Y=,tag:tAokgFEzr2S5B4UreB5lPA==,type:str]
|
||||
Fairphone4: ENC[AES256_GCM,data:BUSZHUxLNPCVc+h8VvcGo11ZHt04s7HVDOh0oaSOl/oB4dQ=,iv:YGbX6sF2FtjPwuGQGcQutWz7TD4Lg8DG0zi7ddXCkas=,tag:cNKu8xvrLOGy4Vq7WIBFTg==,type:str]
|
||||
geolocation-api-key: ENC[AES256_GCM,data:LQgB/VEVlKhvaGowNjdmlLq14+VTTE6tZJVrUoYuy6fFUX0jykoj,iv:40TPjSxkycF9K7eC+eJaXf+wN7DjUJJ5L7ES93o7Oyk=,tag:C9D3/fj0vBLnMFz0rsHLqw==,type:str]
|
||||
wlan:
|
||||
WLAN-233151:
|
||||
key: ENC[AES256_GCM,data:/DAuYEU6tUisLxz/9TkdB4Yk/vQ=,iv:Ubj28yyfOqcXQyUs9e0iPq0BscHjfB2vRQd14x8L4Cg=,tag:vf9FITNJZxEzLo5+ZInD5Q==,type:str]
|
||||
Fairphone4:
|
||||
key: ENC[AES256_GCM,data:tfiTA4P9H3X2OgLW,iv:9wVmeeiKmQ7nFLbvXdVCeJU7/e9SHAzlCOJA31uWZOY=,tag:u3CboobFFAwxL1c5emCz9Q==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
|
@ -28,8 +30,8 @@ sops:
|
|||
WlU1TjFDSHFzVU9TVWlNZVBJNkZabTQKkkgMlCEN84e1Syf9wB06CwToxZoE3CZi
|
||||
h369oefzYx06hEde06tU9UP7FtXRP0ktgZps4d+Fx4IkNJxoP6Ucuw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-06-25T17:41:16Z"
|
||||
mac: ENC[AES256_GCM,data:aPpJ8bvF0Xr0MCKgTpQ6IDZ3LEWCnQPBZl/qSWmZ4lG9YTCZwW/0mFgnYPdYGDsGMYswPPJemphj7Krggi4BvdhfmsA9HEp4oDx4OtKbCgU66VraZ5HDHYh8BTJABAmR0vtEYeo9BhddBBEreSlA6Wul9tsFTlpUXbe03ZNWY6M=,iv:38dMQH7jKT9JnMbnOJagGgXTiqknFTWQVtWuGVH7HBQ=,tag:hd6Z7oX8EmXwOiGSB1GB2A==,type:str]
|
||||
lastmodified: "2024-06-26T15:14:33Z"
|
||||
mac: ENC[AES256_GCM,data:qkKMK00irokIrnA7xgg1lAD/0iutNO+Aiw+WNczgHZtnCdOaZ0A69xQz4mVCrKuV3ZLKCpL/gCkZivxPS9dQC1wX+OFFgsRl97uURAuUqEpfsWr6eDaYJCWoKi+04Ku8/gjFO0Oj8Dz/HOyYIO1zXFwjOkOetWvaYQVSmf6Oob8=,iv:1bGiGRBjWv4bvsC6Vinj4gp7k2fR40ueAhdO5zSHdLM=,tag:hJpgtn6+r7WaNPhaax+dFg==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
seb-password: ENC[AES256_GCM,data:vZml/awD9ieBCQQwYs9zZveqjDDzMxFH1PFKQ8qLlaiUgaWL2BmKf4RbuS/pkjNLHr/UkPM3d3rlW6WAlNvhZiMRE+naGwD1Mw==,iv:vORmRgBgZvdafRa8vFF4LL3fw44yZV3yNq3L8eOcQRI=,tag:B7jX2LV/vKpzFlvG0bnCVA==,type:str]
|
||||
tailscale-auth-key: ENC[AES256_GCM,data:fFiUzrcS6KWhu+BjFgOfW9YmC/T7V4cebJT209lxScV6UKsUD6Pih5Kq7wOoajSH6fR+JorZwSowi6nXBg==,iv:0PEC9oOWrlZoALGu/KVD1dV1X3YVe9cIkiXWqoynxX8=,tag:ISyeO06FdgqoqNpi5jlg5w==,type:str]
|
||||
geoclue-location-service: ENC[AES256_GCM,data:3/PmcfCtqLB1tIHnY8bcISoFKckc1zeSK1+g4oavMMsW0OF4Bh9HlSz3KEiu0F3QdQQeT5vlWwAXHwwmSiVKiU+T+JiDYLbJphFErLzDy8G0z9LknoALFyFv/aCUgZ4QfnCztbBv/erG6Og=,iv:pevsZNa+1F2Kf345yJYsW1SUy/5q/63mKbhu/qF+lZ8=,tag:LDBzC/ZK6UVT5RvjYtQi/g==,type:str]
|
||||
geolocation-api-key: ENC[AES256_GCM,data:sq2W2xdyHkSk465fK7sWHcewCdh03K3z01WM/U4OwcjISr59gkR8,iv:sdGZRGL+DIzax22EyPgTi+Zrqac8hmLK6isqdsW6E/g=,tag:oeBHPgfdcdgAANfjTtDCLw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
|
@ -25,8 +25,8 @@ sops:
|
|||
S04zMkpXT21GYTBSRFI2c1gyalZCK1UKtD6FA5BLLqnMAtVqYIujkM5qqMD524ck
|
||||
GipN/XwBhXSL98xrgaNmnN+Q46SNX0s41maGO624xvZMKZhObjxHIw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-06-25T15:59:15Z"
|
||||
mac: ENC[AES256_GCM,data:WmMkOUz6fC20y+bxjGcP1SJXMpIuE8h21SNYybKuZLl9azAClvqvD0xPaHTLfZI9mvJhHInTA616dDV0W9EAjgHjmna+jj2/6xZ9WY/skjNbXe4SSYJW7xxWvwsft92KKvNobqC25qm1BPvCWyDYcVS3h3Uh5BSf4UnYCOnM72A=,iv:FejTJW6AY4hx5SGSMKlzWoeNvZonOM5ESHzH7eLp1U4=,tag:yAiyRErSKJQYW4y+XsQUaA==,type:str]
|
||||
lastmodified: "2024-06-26T15:20:06Z"
|
||||
mac: ENC[AES256_GCM,data:ugcd4SWU3JJpvoO4PFbTncKrNOZbNAhDohQMQcZcP0ffofnTEHrVxKVsS829pQ1dENMzS7iI0Ui1J+r3V5Poa8WzuTPcbNefYHWihILYPuA1d+436XcTOxtg0kuz7tjrmCQAicJHOVk5v/olsGkFSA862uV5XNWxRU/QdkSWUxU=,iv:1OVAa0yoNpu2SguZQKSNP1BOuHudYLmn4oHVJt4qMBY=,tag:noatWgTBgTGXXcJFPpFG0g==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
|
|
|
|||
|
|
@ -3,9 +3,17 @@
|
|||
options.myConfig.geoclue.enable = lib.mkEnableOption "";
|
||||
|
||||
config = lib.mkIf config.myConfig.geoclue.enable {
|
||||
sops.secrets.geoclue-location-service = {
|
||||
sops = {
|
||||
secrets.geolocation-api-key = { };
|
||||
|
||||
templates."geoclue-location-service.conf" = {
|
||||
owner = "geoclue";
|
||||
path = "/etc/geoclue/conf.d/location-service.conf";
|
||||
content = ''
|
||||
[wifi]
|
||||
url=https://www.googleapis.com/geolocation/v1/geolocate?key=${config.sops.placeholder.geolocation-api-key}
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
services.geoclue2 = {
|
||||
|
|
|
|||
|
|
@ -8,9 +8,23 @@
|
|||
options.myConfig.wlan.enable = lib.mkEnableOption "";
|
||||
|
||||
config = lib.mkIf config.myConfig.wlan.enable {
|
||||
sops.secrets = {
|
||||
"iwd/WLAN-233151" = { };
|
||||
"iwd/Fairphone4" = { };
|
||||
sops = {
|
||||
secrets = {
|
||||
"wlan/WLAN-233151/key" = { };
|
||||
"wlan/Fairphone4/key" = { };
|
||||
};
|
||||
|
||||
templates =
|
||||
let
|
||||
mkPskFile = key: ''
|
||||
[Security]
|
||||
Passphrase=${key}
|
||||
'';
|
||||
in
|
||||
{
|
||||
"iwd/WLAN-233151.psk".content = mkPskFile "${config.sops.placeholder."wlan/WLAN-233151/key"}";
|
||||
"iwd/Fairphone4.psk".content = mkPskFile "${config.sops.placeholder."wlan/Fairphone4/key"}";
|
||||
};
|
||||
};
|
||||
|
||||
networking.wireless.iwd = {
|
||||
|
|
@ -24,8 +38,8 @@
|
|||
};
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"C /var/lib/iwd/WLAN-233151.psk 0600 root root - ${config.sops.secrets."iwd/WLAN-233151".path}"
|
||||
"C /var/lib/iwd/Fairphone4.psk 0600 root root - ${config.sops.secrets."iwd/Fairphone4".path}"
|
||||
"C /var/lib/iwd/WLAN-233151.psk 0600 root root - ${config.sops.templates."iwd/WLAN-233151.psk".path}"
|
||||
"C /var/lib/iwd/Fairphone4.psk 0600 root root - ${config.sops.templates."iwd/Fairphone4.psk".path}"
|
||||
];
|
||||
|
||||
environment.systemPackages = [ pkgs.iwgtk ];
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue