deploy vpn conf to network manager via sops-nix

modules/sops.nix

@@ -4,50 +4,55 @@
 
   sops = {
 
-  defaultSopsFile = ../secrets/main.yaml;
-  defaultSopsFormat = "yaml";
-
-  age.keyFile = "/var/lib/sops-nix/key.txt";
-
-  age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
-  age.generateKey = true;
-
-  secrets."ssh/config" = {
-    mode = "0644";
-    path = "/home/fschn/.ssh/config";
-    owner = config.users.users.fschn.name;
-  };
-
-  secrets."ssh/authorized_keys" = {
-    mode = "0600";
-    path = "/home/fschn/.ssh/authorized_keys";
-    owner = config.users.users.fschn.name;
-  };
+    defaultSopsFile = ../secrets/main.yaml;
+    defaultSopsFormat = "yaml";
+
+    age.keyFile = "/var/lib/sops-nix/key.txt";
 
-  secrets."ssh/keys/hetzner_flo" = {
-    mode = "0600";
-    path = "/home/fschn/.ssh/hetzner_flo";
-    owner = config.users.users.fschn.name;
-  };
+    age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+    age.generateKey = true;
 
-  secrets."ssh/keys/hetzner_flo.pub" = {
-    mode = "0644";
-    path = "/home/fschn/.ssh/hetzner_flo.pub";
-    owner = config.users.users.fschn.name;
-  };
-
-  secrets."ssh/keys/id_ed25519" = {
-    mode = "0600";
-    path = "/home/fschn/.ssh/id_ed25519";
-    owner = config.users.users.fschn.name;
-  };
-
-  secrets."ssh/keys/id_ed25519.pub" = {
-    mode = "0644";
-    path = "/home/fschn/.ssh/id_ed25519.pub"; 
-    owner = config.users.users.fschn.name;
-  };
-
-  secrets."Users/fschn/Password".neededForUsers = true;
+    secrets."ssh/config" = {
+      mode = "0644";
+      path = "/home/fschn/.ssh/config";
+      owner = config.users.users.fschn.name;
+    };
+
+    secrets."ssh/authorized_keys" = {
+      mode = "0600";
+      path = "/home/fschn/.ssh/authorized_keys";
+      owner = config.users.users.fschn.name;
+    };
+
+    secrets."ssh/keys/hetzner_flo" = {
+      mode = "0600";
+      path = "/home/fschn/.ssh/hetzner_flo";
+      owner = config.users.users.fschn.name;
+    };
+
+    secrets."ssh/keys/hetzner_flo.pub" = {
+      mode = "0644";
+      path = "/home/fschn/.ssh/hetzner_flo.pub";
+      owner = config.users.users.fschn.name;
+    };
+
+    secrets."ssh/keys/id_ed25519" = {
+      mode = "0600";
+      path = "/home/fschn/.ssh/id_ed25519";
+      owner = config.users.users.fschn.name;
+    };
+
+    secrets."ssh/keys/id_ed25519.pub" = {
+      mode = "0644";
+      path = "/home/fschn/.ssh/id_ed25519.pub"; 
+      owner = config.users.users.fschn.name;
+    };
+
+    secrets."Users/fschn/Password".neededForUsers = true;
+
+    secrets."networking/system-connections/wg-flocoding.nmconnection" = {
+      mode = "0600";
+      path = "/etc/NetworkManager/system-connections/wg-flocoding.nmconnection";
+    };
   };
 }  

modules/wireguard.nix

@@ -8,5 +8,5 @@
   };
   networking.firewall.checkReversePath = false;
   networking.wireguard.enable = true;
-
-}
+  
+} 

secrets/main.yaml

@@ -23,6 +23,9 @@ wiregard:
             AllowedIPs: ENC[AES256_GCM,data:4eR4dUQrL0MpoUCGb2N3wEadKjlqwupOUqvZ2hycqSqMpn+JvJczdCUrbevsbyM=,iv:OWKY6VlYFMOXt2wDVu6/uu5tb9E1KKvJzq8zGjTU7+Q=,tag:JwHC8xCkytLVbJx22801IQ==,type:str]
             persistentKeepalive: ENC[AES256_GCM,data:ivE=,iv:/W97Ta0VwaGW/9pE+GzzgUOBto9SE4QguAwH9BzR/kU=,tag:+26BbEifNLFrsIt2K9nWaw==,type:int]
 wireguard_wg-flocoding: ENC[AES256_GCM,data:Bn6eIpuLIfxCw4fhAskAsLLKhfWzJIz/pzJzdMr5BqEDTIPETYTKP0epNZYQ73XOKl7oe324hBQFgvxnCqlYqQGXH58Z7ngxsr9jILVUZDFrUrYIg6+V1obNRcl2LbVkYjXMZ9kU07x1Ke/T4Y4R/1TGvTdxNwnSg7rRX/RzjctgADYXht+d7lIiI4p7IpyTfDSS6YHM4v9CSe1gkpVZTQx/r+IpsTx+PptpmVP2cirT778JzbQDnKmgCD7aUlxQ4JPShrVjEHawchxKFUxEgFKBrM6ymPY55rwOgzIbNKjX5B8xNyAS53jHxAKCNT0gGawUvDQty3GA/nYoafbsUfuDJ9GbhC+ZpVMgH9+kJTyfJny9l5e93U9nsvzwlR9FVmmyzcOYe5moEGqA3x+x6hsT3J+lJ5PHHhaKhKLIG3weaSlNDue/NxO2v+WgWvyJ5TvCrkqFFO0j5innw0C2O/5SEtx2ozqHWjkY1OrQwXhb,iv:LtXPblKhhWYNxif1X0o4pTyW0XhGk5IpsySztLbMEd8=,tag:kReN56KJ6QELAODAzdFLtg==,type:str]
+networking:
+    system-connections:
+        wg-flocoding.nmconnection: ENC[AES256_GCM,data:xk9lviPvZLZgqoqTiEkKZyIHe6uRKxrhHW4VtZiI+Ktzuepf+ibdb7kxp8BvLGaEz7AL/rueam3mkCz0ddRU4Q3UPiTI/EKrd1UWpMLgRtU6GbflZIKqt83EyNcCwUILzwZOzYh7UOEklWNncIZEVh4fg1hgyVT+R5WzGDOlkjQ18TdP3RVVgnATsrQvPc1i2MqgZaBKAiZIfF+4/XAcZTvs4Y0TVs3BMFumnP2fYTdM3//TVfX3+6RJemp0jSjc5cQril9An/bxzXjWg1M0n9Xj4DuKgp7JPNsV4UUXCZPJHS+q2eyp2tAYz00ZKL2/e7M2CMVt012z6BPmH86pgytfPrPqq5RRBwJeM3wH6BgNbsUw90cAW4gMeb/mrAlOKxY5iglTQTXrfQYPjJInreuUWJNQh9dIAmdqtw4Lxz1jSnaF/T9IeoYfVc2eDA+c/W7IZwMFWaFtM8wHr6nuALE6kDmMkyRurQZaQ2KY3bt2JfROHRxhkB7xvVgWAgKAXnOUBFkrmuvRVM+cWfiae5o8GPhr2EN0CmkKrihbCAbktXBafiDtC9+J0ta85fNiGidxtm6+tqtJGAqDTTlM8EX+l6FI9hAyTU1rmoF6gOcecxNz6FT4vH1GFkLrSXryaEc3qZh7VY5xrbEy0qubNJPSGUaovWtE7DWbqRHpDxMLRb3dx1RLWxOkh9BPDFE2S6nfWOjpb01xuYqJKDyKisZtyk5FR34qxiqADaY2KZl5b8lggeMXHXAop6SZd/887CCPTKoYevQdc+L+o2b1lll4wWVVP5DiuUOztFaDR6nHcKZROjd4uorgiv65+TSEpYk+kw==,iv:SvhwxNy34K2Sowd9onDxC0K9Xw2HsoppVg016XX8mRA=,tag:ZcXcrBdshBBMPYQ8xTwvgQ==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -56,8 +59,8 @@ sops:
             NFdObUMrOW9ubm45dnVpVjgrNE0rN2sKoFuRKrYxpVpfcKKIDloheyuKXawrb5JF
             opNfGmVqQXy49T3zyMTl0MdCUkaDxKmJOwNlfAzIoPCXfWg2w6OgZg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-04-12T10:19:08Z"
-    mac: ENC[AES256_GCM,data:cF2iF9/vzUdJQz6/KGGWTUwOtiD6TsWpJpgUrgG84WjIzoLb7eY8mmkdEQCCcKGcc5kmylnDJl4KX/cMQGsGj/oIfjb1yf0Mt34tXcsSz4wAjWyZ9ipfLAVgBn5TED5ApaUrE66W4TVBuB//Nyx20Gi/jj4Vb7vl44SVOKSumGU=,iv:V0w/wV5Qmybb85u5n/QK+63LjhXaX1A6bRHrebv7+ic=,tag:EBf7sD1LNLTSvLq2v+G26A==,type:str]
+    lastmodified: "2024-04-12T11:49:40Z"
+    mac: ENC[AES256_GCM,data:itW1XgsHDhbJ64LyLfUvHGNLe6YyEB7kLNLoIrMR9+rxi5ZDMCoM5XIndxVk08sxAgbichFhL7M/GsCxINzHSu6ySYC1Y1S59pqg6/mCUCFCrDTmZOTu7wf2vkhoXGsUU1vWAmiD1040CBxiSZe4Rrywr7ep4P2nZJg2UTTCRXU=,iv:WQK2sXZCQ9eZ2Z7okhG/g2ssFf6RcQ/x5JT9H40YLRw=,tag:T/ps47gaAzWjVzphzONwpA==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1