From 97f94d43d4626183fd3449819530f902811555db Mon Sep 17 00:00:00 2001 From: Guanran Wang Date: Tue, 1 Oct 2024 00:26:30 +0800 Subject: [PATCH] nixos/wireless: merge into dust --- .sops.yaml | 5 ---- hosts/dust/default.nix | 28 +++++++++++++++------- hosts/dust/hardware-configuration.nix | 2 ++ hosts/dust/secrets.yaml | 9 +++++-- nixos/profiles/wireless/default.nix | 21 ----------------- nixos/profiles/wireless/secrets.yaml | 34 --------------------------- 6 files changed, 28 insertions(+), 71 deletions(-) delete mode 100644 nixos/profiles/wireless/default.nix delete mode 100644 nixos/profiles/wireless/secrets.yaml diff --git a/.sops.yaml b/.sops.yaml index 92212e9..9525f1f 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -43,11 +43,6 @@ creation_rules: - *guanranwang - *tyo0 - *sin0 - - path_regex: ^nixos/profiles/wireless/secrets.yaml$ - key_groups: - - age: - - *guanranwang - - *dust # opentofu - path_regex: ^infra/secrets.yaml$ diff --git a/hosts/dust/default.nix b/hosts/dust/default.nix index aeff093..69de060 100644 --- a/hosts/dust/default.nix +++ b/hosts/dust/default.nix @@ -25,15 +25,25 @@ preservation.nixosModules.preservation ]); - sops.secrets = lib.mapAttrs (_n: v: v // { sopsFile = ./secrets.yaml; }) { - "hashed-passwd" = { - neededForUsers = true; - }; - "nix-access-tokens" = { - owner = "guanranwang"; - mode = "0440"; - }; - }; + sops.secrets = lib.mapAttrs (_n: v: v // { sopsFile = ./secrets.yaml; }) ( + lib.listToAttrs ( + lib.map (x: lib.nameValuePair "wireless/${x}" { path = "/var/lib/iwd/${x}.psk"; }) [ + "Galaxy S24 EC54" + "ImmortalWrt" + "XYC-SEEWO" + "wangxiaobo" + ] + ) + // { + "hashed-passwd" = { + neededForUsers = true; + }; + "nix-access-tokens" = { + owner = "guanranwang"; + mode = "0440"; + }; + } + ); nix.extraOptions = "!include ${config.sops.secrets.nix-access-tokens.path}"; diff --git a/hosts/dust/hardware-configuration.nix b/hosts/dust/hardware-configuration.nix index 7cbbcc3..3e07980 100644 --- a/hosts/dust/hardware-configuration.nix +++ b/hosts/dust/hardware-configuration.nix @@ -20,6 +20,8 @@ settings.General.FastConnectable = true; }; + networking.wireless.iwd.enable = true; + boot.loader.timeout = 0; boot.loader.efi.canTouchEfiVariables = true; diff --git a/hosts/dust/secrets.yaml b/hosts/dust/secrets.yaml index 93b1ccb..59a9f72 100644 --- a/hosts/dust/secrets.yaml +++ b/hosts/dust/secrets.yaml @@ -1,5 +1,10 @@ hashed-passwd: ENC[AES256_GCM,data:Ww/aE2CEQG2ZvFALA0cfN/jsmoywTsDLUh9sgVtF6xyNYLLd1+XCbzG9KUJGsB0PXO+ISdL/5ySRCuU8a79FytZdbyZ1FZKTzg==,iv:vLKHMzFjiwp8gW9VhKZq85D2tj+TvJ9iIeQoJBcvCDE=,tag:aZ5JmvrCfE7WQ1FIugpHkQ==,type:str] nix-access-tokens: ENC[AES256_GCM,data:K9AFK869TWjPFFRSayy0B7nWQQwRt/v2q4+TdUdyv0QtSG1xAd9tr0OQHmFksxQoOa5ky0IqUAuitdXT9oiwfH8ySz1qS+ogQnQCZm/ml0bvwFw82Lre/fJdax4I1cw31nnIYJfkVGCrlGZcg5jGUpFKcOvUkm9V,iv:mGahzq5szvZbBOtQCP8Km4ZWFoRNabmLhSaXBOGVgVM=,tag:rzO+yh+xnPNhfrefwCuQSA==,type:str] +wireless: + wangxiaobo: ENC[AES256_GCM,data:jI9LvLRcc2Meo1bFnSu2PSTOwU85RDV1/TstjI68wKgLtWlqnzIycxuHcFyioY4s9K1RxG4/qkicbgGZMipt+Hg+JL79fA5ANAnCFKebdDne9LR5IoZNaGI5AWRw7aCXH6pbUj4+xKhMCUzudwRDHIP2WYKsyPv3an3610mYKKk90F9T0PxwniKQeOG3Zs8b1mrTyPqiQiMEUnoSXM1cM0n+6ZbVIn/tkItteSKY0bGleYMs+BDyV6GQp8/LhaWkUz9jhp22h7UjVnCezy6/WlabNiKmK+y3fQ4eWhNwYJh5gd+bDQn4E2w4fhVVdDo2cluox+TiAJ+xAF0qA3f1Sbxx9J6iONg09mC9B61p1SMhjqax2BWiIE4QURgpl1Kj6vKAZdhFvshaIvNwz0XE7JrdeGPFXndqQFHT8k2kP6BKazgFIhMo7nr57i24sGu2cKj4Ya859tXv1hVA6Y5+v6TB6NSkQhuKgghAkKUhscJNpgUN7WTuFBRlgsaEDyIlq7rF2rlNihid6pwQvo0fOCtQskZh3Bq4zaJy8rvEZW3kzYW1iFXefGQ6RNhKOuDeFsv5ESXred3EtoYoNs4gu3540Eq9EVDmP1GhNMLepA==,iv:EjZERRf9lGr/z537RRWEDjB2oZsEoKESwWSBxRR44lE=,tag:oo/q0O25H4+q5YaYlrqhsg==,type:str] + ImmortalWrt: ENC[AES256_GCM,data:e0U9GdKNTC+pWbWQiVBfszQE8T+b8sv8JBrw61kjR2Q6eMNonKjtk2/am4gek7AMKmDXMJZGKCKGa+vqFF/AlhiaMe6ylNf5NS1GU2Tjqi0EoeSecVDc+56muJO7Uevz6o69kBq/T4wnCrygWX4qcRM6cptvbfeJH8J+o0TpRFaMoDPxrNmwWICX17dHYE4MDuycDZLrN/qRwmHeq6fHjR2SLbTEIHES8mJAf8WiGWjZ5NIB300P8Iqcu1gB//4DfmP2WnkGMTL9ZZajmAh+a3WGPlCYx+1q9K5trUE6qyAY2/Df9zwydznClHYqu4TP7qJTAkmwVVLTRVv1SHTCS0J6lRX7VxRtoBpl5B/E57hfoPGoZXOdmXIPldgfPgzMy8adJGWCWnIb3DypMnNP8pRbX7DuiFHhwWqW66uNqeQ3TxV4rJEydNC3RpY4rrIqT6/jO6laPlCqC9FMla8lvPNIcSqTu4KtPac2kDFbw3qf6EpYlzyWcC1HUb08TMZV2bxhHUI6bfjCfCr29P5M4eZwCC6h0QTn6HTkzrHHeCCocasCAToVTcGC04VaZV85JmgTc2o+b1S2nXYCq/UStk5B5oKNttbaruAzvTTgXflH,iv:I5S4/fH+DnhShdM49w0RIEp9GLTKj+VjWj4URaZLyF4=,tag:ZN+Ibui5oS+3S871iWlAjQ==,type:str] + XYC-SEEWO: ENC[AES256_GCM,data:UGfrx+rI16E+cz+YoPVTk4BQ2GW8RMBT8Bks7cpvQl8lKTwtLiNWbdMPaMSqaKt8NTxdiqjerxbqCKTr6gLmGlFyS9RyMYEpSPz8QNKR2HzL43kOXu4/39QR7LmZ4jZf9/iYlE2quqSKWEwgfNDX70N9PpKNhRg4NLOztN+fXpX2Q58eh7W6WckabZS/WOcsJy3lJ4+SrLPJcvfXdJSqsDp3yrbIA/uAOcAN1n2EnhuaYfn1CqIVgU9eKuG4JYOg7MHY5TJcE22jtLXNUD42uZKAN+h6qmO/WtuVHXXbamLaINLrx+3rYEqfs7jYfQMGP8T0K+YGWUInxZ7CGeq0jmGNHj+AAzMHUoRrd1HXezxcSZm8JgTv3wat/fEJVCX2DzF/CSlI1Ba2oyg77lxFmpeHdrPCHGuvSn2bI+9tLsTxyBHdFJ+t36jAt1L+JRfDbKUeOT9y9jpjEmN/GmPPA7gY/I3jBwlst5X1F969mQnPrs8dsU3CkwNhJSYcY6gJAKUA/YbpzUJyrNOYXQ5ut7kRdIJNiUdsVSo63bZFjTcXo75mksbjPKuOYpVKLx4xZam15JHgtwQI2uC/SWoqeOHDR93OoS3EY8oAxZo=,iv:fPIbAM3Os5I7/S9C++czd/Cr9qBUz8LxLHmx6MVAqvw=,tag:38ZIAdLMxQrKf6HRrMYbYA==,type:str] + Galaxy S24 EC54: ENC[AES256_GCM,data:ClupRb0iyIUatouAru54bTP6XdsXmJ5klersRQHLN1s3w6RZmgQWQ1zSZLmydtB4wwS2xWmcCoAE+SnRmDLNZuxIUpU45fDTBs35Gy524B7ZGqIW8ya15or1NzQBFLpfgS/UYbJdEWIUlJba6zcAG0V0LiTuj4Jipj4uGzAF/l9fZV2OgM5U81BJMjcDylxroF/ZFQRWdcXMjflrIJFv6eSWcpn3mwXI73/hxznKbsGqyHc3FrlqKNIHfuw3OO6iXrBzlGX8JQ/MknfP1Q5SCbvigACqyPH1SZmdGVBzEIYY4opqhR6SBwsOirNbGEFlrMGkHHICWUnI71yxeggTd1gM0Obg8TKcoY+nhsAOtucccR4Ha3eHfgaE1AGdisEquhEHLdattq0C8OWfNEVIzv4zDJnD9/jY5QzLR1psFo2HdyNPY8wht+75iPJw6BCf1fuXR1v+/KG8+qRL/cSejqq4ukE9AaAxNiVzzxiTg+Cnecl74gKHeluWSv0jAVzanzaG0ScsgsfjVZ0xVaaXMT16Ni/83YiNTYxcNmFvGqBENVHwNU2470DmVT7LHxD1PQCxsb8gKI16zPV79MRtuDatwaVQ+WM1hLSbzjKrYd7d7OvS,iv:u3TEIpQR8fWScbWdf0eyHtfHf8/PpGmUl1XtBubdVNQ=,tag:V2sghtHlWlehD6eJ2HuHTQ==,type:str] sops: kms: [] gcp_kms: [] @@ -24,8 +29,8 @@ sops: VFVQMENGUms4ME9KUVhMcnk3K2VJejQKfLmuUjFwgG0gHgk2//AR+HfMvG2IfOel TgzJwaYAGnfGCeSKSaAd1lkqtYteR5nmb0lqh1a76kjsZRQgfN4iwA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-09-30T16:17:54Z" - mac: ENC[AES256_GCM,data:yGUiB22nw0HJObLFpIAC9dYMM7oKCsZmxn9VKPTOHfklM9NSxBtpnQG9WuRa1PYt+QiaY/E++ERszpbk3goi9KsnjLpYAx/Nw00W3SS1DIAqzHaV7XM5qlQqhT8ALLbEZBWwYg3VOeJaEMUYRs+yaDHX0PsjHqm1ipLSwfy6AM4=,iv:Z/y1LdqfXoZgPoezF4vpwx1VAbwheagwIg9FHJ4Tdzo=,tag:FlZZALl1vMDndt1+40Br/w==,type:str] + lastmodified: "2024-09-30T16:25:30Z" + mac: ENC[AES256_GCM,data:x3sPlLUTrH1Xqqc3WFEim2dv6R+9TG8HvSOdt3vPwGFBwTmG/ziYp0df4q3VaOEO5HaoEiDxDyUV1zHuBk+SfeMYCW+LZXXuKouAzCLPsbz3c/uD++TA9SdEF/K4Ry7fj5oq9ZtCGBG/U4cZTn7mnJR/nt2ZdBgDlQ983Xkiln4=,iv:ikLweu6DolotfhGzSFETvJt/BVHfd/Ubfv2ZUYtFZ2Y=,tag:HBTcWuD2yMupjA9dnakvPA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.0 diff --git a/nixos/profiles/wireless/default.nix b/nixos/profiles/wireless/default.nix deleted file mode 100644 index ea04306..0000000 --- a/nixos/profiles/wireless/default.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ lib, ... }: -{ - sops.secrets = lib.listToAttrs ( - lib.map - ( - x: - lib.nameValuePair "wireless/${x}" { - path = "/var/lib/iwd/${x}.psk"; - sopsFile = ./secrets.yaml; - } - ) - [ - "Galaxy S24 EC54" - "ImmortalWrt" - "XYC-SEEWO" - "wangxiaobo" - ] - ); - - networking.wireless.iwd.enable = true; -} diff --git a/nixos/profiles/wireless/secrets.yaml b/nixos/profiles/wireless/secrets.yaml deleted file mode 100644 index 1a28067..0000000 --- a/nixos/profiles/wireless/secrets.yaml +++ /dev/null @@ -1,34 +0,0 @@ -wireless: - wangxiaobo: ENC[AES256_GCM,data:D9m+JRZ2Tw1a4mukW+WU3QLYIRiTiRkGz1ddD7zvkctbuYg+BZXtRgDR0FOIn586t0DsgA1wBDEN/WWiLRTrArgWTHiv7OsOa1NI7+BuL1cFb1TNbk04zbtc6cCOpDBH8qivx0jdZIqrJ5JzIaeZ9T78tj1jMmp3pyt3RiEcZLqxjnPiJhJVaZ8iUNDTvuX3DpsmqybYiLO+Hz7qvIHwM1euc/vyraZ2SR/y5DjTjwVK1jiAs3glPy2oYayVhv+RPs/AHVDnslbtPxGrPhRXxZT3t9LnBw+I0VgrdKUl39ym38PurGnVoBJ7EUVWl3SUPQjnDfQI/XQiDyI3DZ8uA5MGwlR9mny5N/ojs+q7J/k4YiSThCasA5tA24SNRZQWI9lFevoortU+is9FTTGkfzgrrcuURDs6E3ShbbHgn4tvHPhB87J1mP9D7UMIFFfVyvqp5fRgBMHcrEA8xln2xvvQdRDDj/JJYIj3ex8PpTqvAi1EwnAFWhBgqIchcHRFcfQRWOsR7h8M1UQpnge85UZfePMropq5zJ3TSF4AKa2A4UqhgkvLm8qrMI1lvsEnH4TMoyV5Z59T4sPd4Eb3FV26wey6DTdw6cCuywh0AQ==,iv:nbD9EcQYaAf4XwvTLKRy+IjTkV7aHsHK+gBD/Ooc/l8=,tag:VHD3X0ONH4YTp/BTcnpLDQ==,type:str] - ImmortalWrt: ENC[AES256_GCM,data:xMQtz/XklFZnT9HzD464f6Hh4Yz6LnfEV2A9xQzXgbKygKX8MZd1DN1+axtg0SBWEFevEYJ8hZJJjYbUd1LM2m7p51w8tBb+NeaunI2gl1DGcd7jyacH/Z3sTOFr0Lh9zfPSo8XAc3rP1tRyEDClc6AAjH72adGfBR83ZFvBlq80/uIbBULm53H+MqBm+ak9bRPiom3mv8e4CdwTcAHzfA2iYYGwOr3J/vRBeRaenhz01wXnmVDIOh50/wP4ttw5iEAsqjJnVG2G4oMbVFbHumNNC97/FAiZ1SSES5MVjLl9i4RYlTnS/ypuUci0qQUvi0PBDC1cYrkHtfP1OUnRopqPcKIFk5tCbOOgxSLI6GOoPT8+98M4xRI5WA9v3DKlTEzsqOAlhSOcRTiQFc+YVAo75jMBi3dsOUVYM2NvYNIw7aKuNcWuvgFsMadO+GELLiix94wecupV/Ruve+fJTxIiJsiTbZdqTCkb257VApVA4P/eMSgbHIu1MnYCRzccfQiEpEXq7SGLy9WHXfulqKSXMuZB/ai756cuV1jf1+h/ZniA+A/K8c5n6QzFWTa6pgRcIR2NP2IvldpF49aSbVCZZWD8lmnhrQmxgIxarHJW,iv:Pj9se0zKfvtoAM5FcWa99/DJ4VCFAJjDhEN8wfW51gU=,tag:fM+IBDGY56LVSZhBnHqoYA==,type:str] - XYC-SEEWO: ENC[AES256_GCM,data:sYTetWv7umk52isRprFNQMoQeENHV18JT3NdIiC9EywBpVmhLlaLa/7tsBx1sZA7M8En+zjXB7uwbA3piVnQH8reBb+phzx+lm8oN77kVKnDKqog8mfXg/Q+gPk+St7LFa/m0CxQdD1O6GqKKhjSaomdKX6CIBOuWXWM3jzzQYOI40P+2IX2BrCcQro8SimwO8qpqqdb8WFlQsLp2ab5xdHHipi13XtnANyQjW1iSdMTMCxoFQ5j9ojiUcE2F9K6mYXRtvCeljuDP8Kq579ak0AVIyBDnTkSVK3Z96GOsoQGKPnyiFQJOmy16QrMlZEQ8KSe+cKZCgKNgtaQJvF2TIBQ/orsPGBiKQqLVJCOErT/lxl62x3tqur14IWZE6j66CesaDxTce6MvaCnHNskfbwGKG0DIMe2XAdiX5u9VqGEbDu7XTgZoxnMVNHNg8VN3LGFjRYV9/gv6nScewzibFKbw8lNrzLs0nk5vjr8RE02pRU21+grnRrcdcxasclJpYVtE3q/9Yi2F86FBrmOQnZB2xCpwf0Ojmlqo9+J6cRQn1VjFYpL2LEoRmbnqq6jxeR8EZ71gzRIJ9oyWTYf9ooudjJW9JBjpHBljT4=,iv:2KreMWy5ey70whzfbVaTDkntomrKEjAPfsTvCv3BORQ=,tag:SeVE07LhL3L/2yLotQzNPw==,type:str] - Galaxy S24 EC54: ENC[AES256_GCM,data:JoQzwSByBGE1KtRZh9T9v6+XrHS0fnAbGlICUt+09vYEZh28vslFWUvCeUq5+0Xg01mB3TgegyxFyUk26tJUtjFCFyjBSLxD8NC/Nv07Pu8jbPQcnyn392y7AQQynkiw/smrKLsVQY8ZEBm/ZhizwIgNMayIjUCwlL9UxPOh5BZVaM+NbC2H+9qub6KpdjrObA11+OkDO+D1DLt983uJVI92casNXyO34NSYt4UXDl6dJM8B+rnoFOsHoI4VcbHdIB2AdT9QDGHQ6cpz+uJ9//K4yPaiMuZXoShbrO/ER0a22s0X76gCrJ5TSaUYJCYiRUcgKDmekwK0wrNYeGr6sF3d73In0suj1mVaJzImwHOK1+ujGidYIeWmuBv6v/f9KGaHIeEkC0EiKLsT3lqfHZNHovasoIwedEVROUKGEg8t39sv3kcsQD2FxfKbYiNFcGU+7Hz2sIw5gUjFqs+djN+zyywTmQG//fG8OCjRnX/C5LZ2f6Qil/4Q0mdynLa2bhkpxsKT6Ow22dK3Z0hFPNHii1hlW2l6pBPyMcUCeI9IxFPHhVvP2IA89Jxaj/Z4+vzqGbQ5r1NjG9nLde2BGpK1MeP+3kCZvLMOeuZclmu66t28,iv:RdLGNZAVWOfCfmAOoJ/S3EosHL9VzDDU9HKlFafW2eg=,tag:iYL8DovtLkic/XFBD5fnjQ==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age129yyxyz686qj88ce5v77ahelqqwt6zz94mzzls0ny4hq76psrd9qhc79kq - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyMDlEUldrMDUzMFFTY0sw - Uld1WTRrUERPbWxnUWlTVTJKQzM0cFR4U3pJCmR1SWV2VWJxaUN6K2RLcDNwQWxZ - S01sVjZHUktveDF4RDZIZjJ3UWhVQkEKLS0tIGdqeHpLQWUxd3V6WVd2ak80MXYv - dW9BS0FSS1ljM2RwTFlsaWl3Zmh5OHMKSpz9jbEMYVvV6QuBP8a9UeHKRhbrewoh - vu3Da65hAcdYFI9sg+p3YRuwaWAD/jQcz39f+s/tCEcR8hyOfxeU1A== - -----END AGE ENCRYPTED FILE----- - - recipient: age193x79xx8snu82w3t3hax6nruuw57g7pduwnkpvzkzmd7fs5jvfrquqa3sl - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJQno2eDJsZlREcW44bDl0 - RXh5djJzbTlHRk8zK05XeXBWKzlRQlQySmpJCmV4amxKcG1WTytNNTgvNVRIeFZF - L2VUTmc4UitVYVpycFFtaTExM2tpM00KLS0tIGZGcHNVRVJiSkhUYjZHa1A3a1A2 - anlOQ09Eb2lFc05kY3dGNUNwRWVIYzQKVDQK6DwJHr0ujog+LC/usF4jQIN0WxIj - Eqm+ooHFDbOtNmzt4s7iVq0Ml8moUlmWM/VNSCKuaIY+kse4H3Xp+w== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-09-20T17:30:39Z" - mac: ENC[AES256_GCM,data:yyJOLqCF+ZRLFda/E3gCgAv0wB9LbVb4RtBW3IV3+5b0N/1BJxRzzOompfD/JlnTcQz9CA/NPSb2rBt92a3MRdYeoAPv6Gl3Nr23/DJtDYIbz/x+JT/GqrAdso64iPmaQFfhA2QXJbPfGqDy0W3fyYuQViWPV3eE7BXE3TtuHr4=,iv:t8/jVOW2gI7lQf9lqGZHSp+tLSBzNxQMfVXJrrTcmPo=,tag:c9yUOKLK8DGfHDfwW3s22w==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.9.0