diff --git a/.sops.yaml b/.sops.yaml index 32134aa..8d69936 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -6,3 +6,7 @@ creation_rules: key_groups: - age: - *dlaptop + - path_regex: secrets/wifi/[^/]+$ + key_groups: + - age: + - *dlaptop \ No newline at end of file diff --git a/hosts/dlaptop/sops.nix b/hosts/dlaptop/sops.nix index 47d74f5..166efd3 100644 --- a/hosts/dlaptop/sops.nix +++ b/hosts/dlaptop/sops.nix @@ -1,5 +1,18 @@ { config, lib, ...}: +let + # Get the list of all secret files + secretsDir = ../../secrets/wifi; + secretFiles = builtins.attrNames (builtins.readDir secretsDir); + + # Generate an attribute set where each attribute corresponds to a secret file + wifiSecrets = lib.genAttrs secretFiles (secret: { + sopsFile = ../../secrets/wifi/${secret}; + format = "ini"; + path = "/etc/NetworkManager/system-connections/${builtins.replaceStrings [".ini"] [""] secret}.nmconnection"; + mode = "0400"; + }); +in { sops = { defaultSopsFile = ../../secrets/generic.yaml; @@ -7,23 +20,32 @@ #age.keyFile = "/home/delta/.config/sops/age/keys.txt"; defaultSopsFormat = "yaml"; - secrets.qqq = { - mode = "0400"; owner = "delta"; group = "users"; - }; + secrets = { + qqq = { + mode = "0400"; owner = "delta"; group = "users"; + }; - secrets.cloudflared = { - mode = "0400"; owner = "cloudflared"; group = "cloudflared"; - }; - + cloudflared = { + mode = "0400"; owner = "cloudflared"; group = "cloudflared"; + }; - secrets."myservice/my_subdir/my_secret" = {}; + "myservice/my_subdir/my_secret" = {}; - secrets.singbox-aus = { - sopsFile = ../../secrets/singbox-aus.bin; - format = "binary"; - mode = "0400"; - owner = "socks"; - group = "socks"; - }; + singbox-aus = { + sopsFile = ../../secrets/singbox-aus.bin; + format = "binary"; + mode = "0400"; + owner = "socks"; + group = "socks"; + }; + + #HomeNet = { + # sopsFile = ../../secrets/wifi/HomeNet.ini; + # format = "ini"; + # path = "/etc/NetworkManager/system-connections/HomeNet.nmconnection"; + # mode = "0400"; + #}; + + } // wifiSecrets; }; } \ No newline at end of file