gortium/infra
1
1
Fork 0
Code Issues 13 Pull Requests 20 Actions Packages Projects 1 Releases Wiki Activity

feat(uconsole): add agenix secret for WiFi credentials

Browse Source 
- age.secrets.uconsole-wifi (SSID+password in encrypted file)
- systemd service ensure-wifi reads decrypted secret and configures NM
- agenix.nixosModules.default imported for uconsole-cm5
- uconsole-wifi.age declared in secrets/secrets.nix
This commit is contained in:
Hermes
2026-06-12 16:15:30 -04:00
parent 1f99ca0d37
commit 698d3f91eb
4 changed files with 35 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
assets/compose

Submodule assets/compose updated: d3f2e3b7b9...3c92d93366

2
flake.nix
View File

@@ -130,6 +130,8 @@
nixos-uconsole.nixosModules.configtxt nixos-uconsole.nixosModules.configtxt
(nixos-uconsole.nixosModules.cm { lib = nixpkgs-uconsole.lib; isCM4 = false; }) (nixos-uconsole.nixosModules.cm { lib = nixpkgs-uconsole.lib; isCM4 = false; })
nixos-uconsole.nixosModules.base nixos-uconsole.nixosModules.base
# agenix pour déchiffrer les secrets au déploiement
agenix.nixosModules.default
# Notre config # Notre config
./hosts/uconsole-cm5/configuration.nix ./hosts/uconsole-cm5/configuration.nix
./hosts/uconsole-cm5/hardware-configuration.nix ./hosts/uconsole-cm5/hardware-configuration.nix

33
hosts/uconsole-cm5/configuration.nix
View File

@@ -28,8 +28,37 @@
# ============================================================ # ============================================================
networking.networkmanager.enable = true; networking.networkmanager.enable = true;
# WiFi connection — Thierry ajoutera le password dans un secret agenix # ============================================================
# networking.networkmanager.connections = { ... }; # WiFi credentials from agenix (SSID + password encrypted)
# ============================================================
age.secrets.uconsole-wifi = {
file = ../../secrets/uconsole-wifi.age;
owner = "root";
group = "root";
mode = "0400";
};
# Write WiFi connection at activation (reads decrypted age secret)
systemd.services.ensure-wifi = {
description = "Configure WiFi from age secret";
after = [ "network.target" "age-uconsole-wifi.service" ];
wants = [ "age-uconsole-wifi.service" ];
before = [ "NetworkManager-wait-online.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = let
wifi-setup = pkgs.writeShellScript "wifi-setup" ''
SSID="$(head -1 /run/secrets/uconsole-wifi)"
PASS="$(tail -1 /run/secrets/uconsole-wifi)"
if ! nmcli -t connection show "$SSID" >/dev/null 2>&1; then
nmcli device wifi connect "$SSID" password "$PASS"
fi
'';
in "${wifi-setup}";
};
};
# ============================================================ # ============================================================
# Kernel parameters from nixos-uconsole CM5 module # Kernel parameters from nixos-uconsole CM5 module

1
secrets/secrets.nix
View File

@@ -11,4 +11,5 @@ in
"lazyworkhorse_host_ssh_key.age".publicKeys = authorizedKeys; "lazyworkhorse_host_ssh_key.age".publicKeys = authorizedKeys;
"n8n_ssh_key.age".publicKeys = authorizedKeys; "n8n_ssh_key.age".publicKeys = authorizedKeys;
"openclaw_gateway_token.age".publicKeys = authorizedKeys; "openclaw_gateway_token.age".publicKeys = authorizedKeys;
"uconsole-wifi.age".publicKeys = authorizedKeys;
} }