stinky wifi
This commit is contained in:
@@ -41,6 +41,11 @@ creation_rules:
|
||||
- age:
|
||||
- *admin_ppetru
|
||||
- *server_stinky
|
||||
- path_regex: secrets/wifi\.yaml
|
||||
key_groups:
|
||||
- age:
|
||||
- *admin_ppetru
|
||||
- *server_stinky
|
||||
- path_regex: secrets/alo-cloud-1\.yaml
|
||||
key_groups:
|
||||
- age:
|
||||
|
||||
38
common/wifi.nix
Normal file
38
common/wifi.nix
Normal file
@@ -0,0 +1,38 @@
|
||||
{ config, lib, ... }:
|
||||
{
|
||||
# WiFi configuration for NixOS hosts
|
||||
# Import this module on hosts that should connect to WiFi
|
||||
# Credentials stored in secrets/wifi.yaml (access controlled via .sops.yaml)
|
||||
|
||||
sops.secrets.wifi-password-pi = {
|
||||
sopsFile = ./../secrets/wifi.yaml;
|
||||
};
|
||||
|
||||
networking.wireless = {
|
||||
enable = true;
|
||||
networks = {
|
||||
"pi" = {
|
||||
pskRaw = "ext:wifi-password-pi";
|
||||
};
|
||||
};
|
||||
# Only enable on wireless interface, not ethernet
|
||||
interfaces = [ "wlan0" ];
|
||||
};
|
||||
|
||||
# Prefer wifi over ethernet, but keep ethernet as fallback
|
||||
networking.dhcpcd.extraConfig = ''
|
||||
# Prefer wlan0 over ethernet interfaces
|
||||
interface wlan0
|
||||
metric 100
|
||||
|
||||
interface eth0
|
||||
metric 200
|
||||
'';
|
||||
|
||||
# Persist wireless configuration across reboots (for impermanence)
|
||||
environment.persistence.${config.custom.impermanence.persistPath} = {
|
||||
files = [
|
||||
"/etc/wpa_supplicant.conf"
|
||||
];
|
||||
};
|
||||
}
|
||||
@@ -11,6 +11,7 @@
|
||||
../../common/resource-limits.nix
|
||||
../../common/sshd.nix
|
||||
../../common/user-ppetru.nix
|
||||
../../common/wifi.nix
|
||||
# Note: No systemd-boot.nix - Raspberry Pi uses generic-extlinux-compatible (from sd-image module)
|
||||
./hardware.nix
|
||||
];
|
||||
|
||||
25
secrets/wifi.yaml
Normal file
25
secrets/wifi.yaml
Normal file
@@ -0,0 +1,25 @@
|
||||
wifi-password-pi: ENC[AES256_GCM,data:uNL8QJxy0tvV2g==,iv:AQyc9j0UpdFnuDFRWEHcIAh0VB4/F8K9YV710ZXynAE=,tag:DmNYDI/2rJ+LQCDcROyqdg==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age1df9ukkmg9yn9cjeheq9m6wspa420su8qarmq570rdvf2de3rl38saqauwn
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUd1lyZG9GVHBZZHU0Wkl5
|
||||
RFJ2NUdtUFRUbmd3aTRFV2dGaVA2S3RWOGk0CmlLV2ZYdERvb21iT0dlUk42TW5S
|
||||
LzdxVlA1U1FpWkxIb1pMeUtRRm9NdFkKLS0tIGszaFM0dkhHeWZUcXc1dlo3SDBX
|
||||
WjltV282VlJtTlBCRmdzOU16R0x5UUUKBTFArSUNWtq7r+HduxT0ChvYfjo8HtbG
|
||||
KeYBoB9QwY5wNRMlk0AIlJVNLKW8A2tC9T8ehbtjol13H7PQK+wsQQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1me78u46409q9ez6fj0qanrfffc5e9kuq7n7uuvlljfwwc2mdaezqmyzxhx
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4THVFa1p5c2l5V0pKckVC
|
||||
YUdYbitJbUpjclAydG4yekxhbXdzeDNpbXdRCnRCZVI1cWJiQi9TdkR3Y0E5TklO
|
||||
T2dHYXFKeW9KSkdXOWFnbWVRQUZOL28KLS0tIDVMVldvd0NWcU5QWkhDTTBmUTla
|
||||
aUs0dTB3Y3RXTlBCOCtYSHdOMUYxdTgKQShxsJ+3EQU18uixmM3FlCe5C9Rl3oS5
|
||||
gwZIrh0amSzX3f9SOjf42h1d+IDL/DMWAlSA/3XMx8TK9A1zKZDgVA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-10-28T17:05:45Z"
|
||||
mac: ENC[AES256_GCM,data:iND5pd6isGy+zhmcgQQD+n9MiNS5xOfqnijpyXtZP/bXyEzzAZ3SvIkPiNvyLbuXCY99AH+AOOvPmQJtGs6RfBtH1qyD/1oiiJLX4Y06BCtI1Vuyrn21S3fYMrlx6aYEIQsKjo7DEo2v1VENSKF+WmrhxngtdmQJxpuFj09oKSM=,iv:dOJuTX0WSW1IcwBGUbIHsBkNMDl7Okw+K37LZQnFbbU=,tag:xX1/+gpIosTV8ChPVbFi2w==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.11.0
|
||||
Reference in New Issue
Block a user