nixfiles/hosts/raspberry/secrets.nix

{...}: {
  services.secrets = {
    enable = true;
    secrets = {
      home-wifi-password = {
        user = "root";
        group = "root";
        permissions = "0600";
        path = "/etc/NetworkManager/system-connections/Home-WiFi.nmconnection";

        fetchScript = ''
          ssid=$(simple_get "/passwords/wifi/parentals-home" .ssid)
          password=$(simple_get "/passwords/wifi/parentals-home" .password)

          # Create path to if doesn't exist, useful for when using secrets-init on another host
          if [ ! -d "$SYSROOT/etc/NetworkManager/system-connections" ]; then
            mkdir -p "$SYSROOT/etc/NetworkManager/system-connections"
          fi

          cp ${./data/wifi-nmconnection.template} "$secretFile"
          sed -i "s/WIFI_ID/Home-WiFi/" "$secretFile"
          sed -i "s/WIFI_SSID/$ssid/" "$secretFile"
          sed -i "s/WIFI_PASSWORD/$password/" "$secretFile"
        '';
      };
    };
  };
}
add vaultui flake, minor tidying, start work on raspberry machine 2023-09-13 16:21:54 +01:00			`{...}: {`
			`services.secrets = {`
			`enable = true;`
			`secrets = {`
			`home-wifi-password = {`
			`user = "root";`
			`group = "root";`
			`permissions = "0600";`
			`path = "/etc/NetworkManager/system-connections/Home-WiFi.nmconnection";`

			`fetchScript = ''`
			`ssid=$(simple_get "/passwords/wifi/parentals-home" .ssid)`
			`password=$(simple_get "/passwords/wifi/parentals-home" .password)`

			`# Create path to if doesn't exist, useful for when using secrets-init on another host`
			`if [ ! -d "$SYSROOT/etc/NetworkManager/system-connections" ]; then`
			`mkdir -p "$SYSROOT/etc/NetworkManager/system-connections"`
			`fi`

			`cp ${./data/wifi-nmconnection.template} "$secretFile"`
			`sed -i "s/WIFI_ID/Home-WiFi/" "$secretFile"`
			`sed -i "s/WIFI_SSID/$ssid/" "$secretFile"`
			`sed -i "s/WIFI_PASSWORD/$password/" "$secretFile"`
			`'';`
			`};`
			`};`
			`};`
			`}`