me like nix
split out wifi config
author
Sean Aye
date
(Mar 22, 2026, 8:03 PM -0400)
commit
9cedd961
9cedd961c23b9d03145dc12938e470799f1fca23
parent
f04c5327
f04c53278e2644326c439208b689a5733fefd555
change-id
yqoltpkl
yqoltpklxooxouusqnyykxmzlsxvsrrp
+39
-35
+2
-28
hosts/pi-common/default.nix
+2
-28
hosts/pi-common/default.nix
···
67
67
};
68
68
in
69
69
{
70
+
imports = [ ./wifi.nix ];
71
+
70
72
options.pi = {
71
73
streamName = lib.mkOption {
72
74
type = lib.types.str;
···
118
120
119
121
config = {
120
122
nix.settings.trusted-users = [ "sean" ];
121
-
122
-
# Pre-generated SSH host key for agenix decryption (shared across all Pis)
123
-
services.openssh.hostKeys = [
124
-
{
125
-
path = "/etc/ssh/ssh_host_ed25519_key";
126
-
type = "ed25519";
127
-
}
128
-
];
129
-
130
-
environment.etc."ssh/ssh_host_ed25519_key" = {
131
-
source = /home/sean/nixos-config/secrets/pi_host_key;
132
-
mode = "0600";
133
-
};
134
-
135
-
# Agenix configuration - use Nix store path directly so the key is available
136
-
# before the etc activation script runs (agenix activates before etc)
137
-
age.identityPaths = [ "${/home/sean/nixos-config/secrets/pi_host_key}" ];
138
-
age.secrets.wifi = {
139
-
file = ../../secrets/wifi.age;
140
-
mode = "0444";
141
-
};
142
-
143
-
# WiFi configuration using wpa_supplicant with agenix credentials
144
-
networking.wireless = {
145
-
enable = true;
146
-
secretsFile = config.age.secrets.wifi.path;
147
-
networks."GL-MT6000-6a6".pskRaw = "ext:WIFI_PSK";
148
-
};
149
123
150
124
# Enable DHCP for ethernet
151
125
networking.useDHCP = true;
+31
hosts/pi-common/wifi.nix
+31
hosts/pi-common/wifi.nix
···
1
+
{ config, ... }:
2
+
3
+
{
4
+
# Pre-generated SSH host key for agenix decryption (shared across all Pis)
5
+
services.openssh.hostKeys = [
6
+
{
7
+
path = "/etc/ssh/ssh_host_ed25519_key";
8
+
type = "ed25519";
9
+
}
10
+
];
11
+
12
+
environment.etc."ssh/ssh_host_ed25519_key" = {
13
+
source = /home/sean/nixos-config/secrets/pi_host_key;
14
+
mode = "0600";
15
+
};
16
+
17
+
# Agenix configuration - use Nix store path directly so the key is available
18
+
# before the etc activation script runs (agenix activates before etc)
19
+
age.identityPaths = [ "${/home/sean/nixos-config/secrets/pi_host_key}" ];
20
+
age.secrets.wifi = {
21
+
file = ../../secrets/wifi.age;
22
+
mode = "0444";
23
+
};
24
+
25
+
# WiFi configuration using wpa_supplicant with agenix credentials
26
+
networking.wireless = {
27
+
enable = true;
28
+
secretsFile = config.age.secrets.wifi.path;
29
+
networks."GL-MT6000-6a6".pskRaw = "ext:WIFI_PSK";
30
+
};
31
+
}
+6
-7
secrets/wifi.age
+6
-7
secrets/wifi.age
···
1
1
age-encryption.org/v1
2
-
-> piv-p256 E31U2g A+spFtc3Miia7lQTmUOc+SbIG2gi3GvDUegwEcsdJ/00
3
-
hB3M3NGnqg9oj2Jk6uukOIE1kH1Z1ZUyd8JYPaxvKzU
4
-
-> ssh-ed25519 0pXr6w Zq8AqocMRa3T46I29OF55XrchCk+MuZLcb6sUZkks3A
5
-
Qa32oUCr7e0CEULhcGDfkIGzTXX+IabsHDEatagO5mg
6
-
--- 96nnTQPL3aJmfnbfT8M6S6QBM+HQkEahe9rIrwercIE
7
-
>�ء�����i5
8
-
����������$G���xIp�o�����hg��
� n��6���u��h�9]�3�Vݵ(��/�C�u
2
+
-> piv-p256 E31U2g A9HIv613LCspby/dU8n74ChtD4J8LwYVQgpoid+0JOQk
3
+
46pjun/la4Jdaexu9Ern8aBLm/ao4QdplxkRRBOSIjQ
4
+
-> ssh-ed25519 0pXr6w uKpFmegZMjOLhZE+wskkoBbpHVcfXOZH7BH8iMW9PlI
5
+
7ppGA4WuJ4Lx9vDzca1qei3IlyMenWxqSWWgOpNXyZ8
6
+
--- 8bYGavsBAotXLK5GM/x0hFshjHYL7MLZRUkIEyWUoNs
7
+
��
T�q�S�Q��0�y�H�
����V�h�6���Ii$[ ��p�lF6�E:��)�