add age and sops pkgs. reluctantly add sops nix for managing secrets. change wifi config to use wpa supplicant and configure with secrets. wpa_gui installed.

5 files changed, 59 insertions, 3 deletions

diff --git a/modules/root/default.nix b/modules/root/default.nix
index 9a7affb..fb327e6 100644
--- a/modules/root/default.nix
+++ b/modules/root/default.nix
@@ -14,6 +14,7 @@
 		./normaluser.nix
 		./pipewire.nix
 		./powerkeys.nix
+		./secrets.nix
 		./software.nix
 		./virtualisation.nix
 		./wifi.nix
diff --git a/modules/root/resources/secrets/secrets.yaml b/modules/root/resources/secrets/secrets.yaml
new file mode 100644
index 0000000..9214cca
--- /dev/null
+++ b/modules/root/resources/secrets/secrets.yaml
@@ -0,0 +1,21 @@
+wireless-env: ENC[AES256_GCM,data:y0o30JxPQxdqkC24qOPYeOOGcXYdjErnv82NzmmeaJFKQe+bsBxm1f24dcAkk4ALjfBIoKaxK96HXs1lx779kJBBgMizgDT4sSgSTE+XJcsvFLLlC5DBEWzW6o5IDoM7rWKKbgYdNlxd8IydsSI/4DVHyZoqQZ9NLzKJznQj/b53o/iTcxc/Vp6UT7y1PpBA7x5qpVtoWclRutcqoRfmUJEEcE1z+/4vtCxYVfHccbnUukcsFEE11tckH4+QUKwjxn/J+mN9Cwc8Yj2rmfn1EsoJxf1S5L7LE7hel5UKcf5031VUKHxbxLwcjcfJrhiPYRpLjJhrFad0wn7pJc0D9b0pzQmPznWjMXSbZdHEzYrQMxHtauL8wn8VpfixLgKHBQMIjlAQU19I4ASZvVO0unGgXgAEMc3aulUSYtBvTBuxZoQS9ryu9uoPgb4xIzs7hSc8/LXXFYqO11BNlumGtKxjCzYhLB9fLfvdj1QMLmROnCnaCYL8BlBs91hW,iv:3YDXflMPieSLq5dlfbiq1zu7GxFSRDfPRIYP52UhMWs=,tag:IX+3X/N/5WuUKTg3WUUXDw==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1lkv9x8vfjzkffxz95ygqr8sgqrnulplqkghkhq4zas62klgpgd2qt9p59t
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvTW9sT2hJNXVEYnQxV2RG
+            NzhSK0JzVlRmMlV0WmlUMDB4b0FkTG1wMmo4CjlJNkRTczB2WDZzOC8zYjdXdGt0
+            MXZDdThvREFoL3lUc3BZQUZWdDIxRkEKLS0tIDliMzNsdTVhSHJtM0piWmpnSFRC
+            STJsY1BEeCswc29NbUg4eFB2VXZ0NHcKfT5NbcKhEw4dD106nCa4gE3UiIWnpRDZ
+            r0cbU0q6qWIbh2SUbkoEvaGTBJ9BQVL2L4isQ42EaPq5LdQDQajp+A==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-10-21T00:36:42Z"
+    mac: ENC[AES256_GCM,data:a3CeKSdfXv/VXJHoQ++qalywvqdl4amdk+FM3dAgJQtMZWzWrIsBOvsqBfojIhak6HEUvfdkyvXKRFlXiZyfYBx10Vv1r4QvSRgogYIQU5HhgsSKyIZAxxlwViJcEl4V0lFAUdwPSLByl37YvrvjVMC2tMRlX395eT0aabFkTmM=,iv:agDd5ADjO8kalJ0lsb9H9C/IZ2F57di0+loSpyNen5I=,tag:btS0AUmWq/mvOF2T0+dsEA==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1
diff --git a/modules/root/secrets.nix b/modules/root/secrets.nix
new file mode 100644
index 0000000..464a8f2
--- /dev/null
+++ b/modules/root/secrets.nix
@@ -0,0 +1,13 @@
+{ pkgs, inputs, config, userDetails, ... }: {
+	imports = [ inputs.sops-nix.nixosModules.sops ];
+
+	sops = {
+		defaultSopsFile = ./resources/secrets/secrets.yaml;
+		defaultSopsFormat = "yaml";
+		age.keyFile = "${userDetails.home.root}/.config/sops/age/keys.txt";
+
+		secrets = {
+			wireless-env = { };
+		};
+	};
+}
diff --git a/modules/root/software.nix b/modules/root/software.nix
index 19ffe4d..598ff43 100644
--- a/modules/root/software.nix
+++ b/modules/root/software.nix
@@ -28,6 +28,7 @@
 			pcmanfm
 			redshift
 			sxiv
+			wpa_supplicant_gui
 			zathura
 		] ++ pkgs.lib.optionals config.software.desktop.extra.enable [
 			# Desktop Extra
@@ -63,6 +64,7 @@
 			wireguard-tools
 		] ++ pkgs.lib.optionals config.software.utils.enable [
 			# Utilities
+			age
 			ddcutil # TODO
 			fastfetch
 			htop
@@ -75,6 +77,7 @@
 			screen
 			scrot
 			smartmontools
+			sops
 			stress
 			testdisk
 			tmux
diff --git a/modules/root/wifi.nix b/modules/root/wifi.nix
index 54f9089..6de8598 100644
--- a/modules/root/wifi.nix
+++ b/modules/root/wifi.nix
@@ -1,10 +1,28 @@
-{ pkgs, lib, config, ... }: {
+{ pkgs, lib, config, ... }:
+let
+	mkNetworksFromEnvironmentFile = n: builtins.listToAttrs (
+		map (i: {
+			name     = "@SSID_${toString i}@";
+			value = {
+				psk = "@PSK_${toString i}@";
+				priority = n - i;
+			};
+		}) (lib.lists.range 1 n)
+	);
+	environmentFile = config.sops.secrets.wireless-env.path;
+	#networks = mkNetworksFromEnvironmentFile ((builtins.length (lib.strings.splitString "\n" (builtins.readFile environmentFile))) / 2);
+	networks = mkNetworksFromEnvironmentFile 10;  # Number of networks listed in wireless-env
+in {
 	options = {
 		wifi.enable = lib.mkEnableOption "enables wifi";
 	};
 
 	config = lib.mkIf config.wifi.enable {
-		# networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
-		networking.networkmanager.enable = true;  # Easiest to use and most distros use this by default.
+		networking.wireless = {
+			enable = true;  # Enables wireless support via wpa_supplicant.
+			userControlled.enable = true;
+			inherit networks;
+			inherit environmentFile;
+		};
 	};
 }