add networking through secrets

modules/home-manager/code.nix

@@ -1,14 +1,14 @@
 {pkgs, ...}:
 let
-  baseExtensions = with pkgs.vscode-marketplace; [
+  baseExtensions = pkgs.nix4vscode.forVscode [
     # QOL
-    mhutchie.git-graph
-    redhat.vscode-yaml
-    # github.copilot
-    # github.copilot-chat
+    "mhutchie.git-graph"
+    "redhat.vscode-yaml"
+    "github.copilot"
+    "github.copilot-chat"
     # Nix environment selector
-    arrterian.nix-env-selector
-    continue.continue
+    "arrterian.nix-env-selector"
+    # continue.continue
   ];
 
 
@@ -102,21 +102,21 @@ in
     };
 
     profiles.development = {
-      extensions = baseExtensions ++ (with pkgs.vscode-marketplace; [
+      extensions = baseExtensions ++ pkgs.nix4vscode.forVscode [
         # python
-        ms-python.python
-        ms-python.isort
-        ms-python.debugpy
-        ms-python.vscode-pylance
+        "ms-python.python"
+        "ms-python.isort"
+        "ms-python.debugpy"
+        "ms-python.vscode-pylance"
 
         # nix language
-        jnoortheen.nix-ide
+        "jnoortheen.nix-ide"
 
         # Flutter and co
-        dart-code.flutter
-        dart-code.dart-code
+        "dart-code.flutter"
+        "dart-code.dart-code"
 
-      ]);
+      ];
 
       keybindings = baseKeybindings;
 
@@ -125,19 +125,19 @@ in
 
 
     profiles.science = {
-      extensions = baseExtensions ++ (with pkgs.vscode-marketplace; [
+      extensions = baseExtensions ++ pkgs.nix4vscode.forVscode [
         # python + jupyter
-        ms-python.python
-        ms-python.isort
-        ms-python.debugpy
-        # ms-python.vscode-pylance
-        ms-toolsai.vscode-jupyter-slideshow
-        ms-toolsai.jupyter
-        ms-toolsai.jupyter-hub
-        ms-toolsai.jupyter-renderers
+        "ms-python.python"
+        "ms-python.isort"
+        "ms-python.debugpy"
+        "ms-python.vscode-pylance"
+        "ms-toolsai.vscode-jupyter-slideshow"
+        "ms-toolsai.jupyter"
+        "ms-toolsai.jupyter-hub"
+        "ms-toolsai.jupyter-renderers"
         # Typst
-        myriad-dreamin.tinymist
-      ]);
+        "myriad-dreamin.tinymist"
+      ];
 
       keybindings = baseKeybindings ++ [
         # run code cell in jupyter

modules/home-manager/directories.nix

@@ -11,7 +11,7 @@
     createDirectories = true;
     documents = "${config.home.homeDirectory}/Documents";
     download = "${config.home.homeDirectory}/Downloads";
-    pictures = "${config.home.homeDirectory}/Pictures";#
+    pictures = "${config.home.homeDirectory}/Pictures";
     # do not create the following
     desktop = null;
     music = null;

modules/nixos/networking.nix

@@ -13,6 +13,11 @@ in
       type = lib.types.str;
       default = "nixos";
       };
+
+    nix-config.networking.vpn = lib.mkOption {
+      type = lib.types.bool;
+      default = true;
+    };
   };
 
   config = {
@@ -30,6 +35,60 @@ in
     #   enable = false;
     # };
 
-  };
+    # # VPN setup
+    networking.networkmanager.ensureProfiles = {
+      environmentFiles = [ config.sops.secrets.vpnEnvironment.path ];
+      profiles.wg-home = {
+        connection = {
+          id = "wg-home";
+          type = "wireguard";
+          interface-name = "wgh";
+          autoconnect = false;
+        };
 
+        ipv4 = {
+          address = "10.0.0.2/32";
+          method = "manual";
+        };
+
+        wireguard = {
+          listen-port = 51820;
+          private-key = "$HOME_PRIVATE_KEY";
+        };
+
+        "wireguard-peer.y/TBD/c0GkrRtekDkCb8TUnYYil8bSRPIjPDY650pz8=" = {
+          endpoint = "$HOME_ENDPOINT";
+          allowed-ips = "192.168.1.0/16";
+        };
+      };
+
+
+
+      profiles.wg-fritzbox = {
+        connection = {
+          id = "wg-fritzbox";
+          type = "wireguard";
+          interface-name = "wgfb";
+          autoconnect = false;
+        };
+
+        ipv4 = {
+          address = "192.168.178.201/24";
+          dns = "192.168.178.1";
+          method = "manual";
+        };
+
+        wireguard = {
+          listen-port = 51820;
+          private-key = "$FRITZBOX_PRIVATE_KEY";
+        };
+
+        "wireguard-peer.Jf/seKAL7kWm2qX9gf5Ln8FiN7OlPQB3CyRovDIOEHw=" = {
+          endpoint = "$FRITZBOX_ENDPOINT";
+          allowed-ips = "192.168.178.0/24;fd73:ea00:5841::/64";
+          preshared-key = "$FRITZBOX_PRESHARED_KEY";
+        };
+      };
+    };
+  };
 }

modules/nixos/power.nix

@@ -23,42 +23,42 @@
 
   config = {
 
-    # services.tlp = {
-    #   enable = true;
-    #   settings = {
-    #     # processor chooses frequencies itself but respects the limits set by the user
-    #     CPU_DRIVER_OPMODE_ON_AC = "guided";
-    #     CPU_DRIVER_OPMODE_ON_BAT = "guided";
+    services.tlp = {
+      enable = true;
+      settings = {
+        # processor chooses frequencies itself but respects the limits set by the user
+        CPU_DRIVER_OPMODE_ON_AC = "guided";
+        CPU_DRIVER_OPMODE_ON_BAT = "guided";
 
-    #     # governor dictates global behavior of the CPU
-    #     CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
-    #     CPU_SCALING_GOVERNOR_ON_AC = "performance";
+        # governor dictates global behavior of the CPU
+        CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
+        CPU_SCALING_GOVERNOR_ON_AC = "performance";
 
-    #     # energy performance policy (EPP) sets the energy/performance balance
-    #     CPU_ENERGY_PERF_POLICY_ON_BAT = "balance_power";
-    #     CPU_ENERGY_PERF_POLICY_ON_AC = "performance";
+        # energy performance policy (EPP) sets the energy/performance balance
+        CPU_ENERGY_PERF_POLICY_ON_BAT = "balance_power";
+        CPU_ENERGY_PERF_POLICY_ON_AC = "performance";
 
 
-    #     # clock speeds reported by `sudo tlp-stat`
-    #     # 623377 [kHz] and 5090910 [kHz]
-    #     # CPU_SCALING_MIN_FREQ_ON_AC = 623377;
-    #     # CPU_SCALING_MAX_FREQ_ON_AC = 5090910;
-    #     # CPU_SCALING_MIN_FREQ_ON_BAT = 0;
-    #     # # reduce max frequency on battery to save power
-    #     # CPU_SCALING_MAX_FREQ_ON_BAT = 3000000;
+        # clock speeds reported by `sudo tlp-stat`
+        # 623377 [kHz] and 5090910 [kHz]
+        CPU_SCALING_MIN_FREQ_ON_AC = 623377;
+        CPU_SCALING_MAX_FREQ_ON_AC = 5090910;
+        CPU_SCALING_MIN_FREQ_ON_BAT = 0;
+        # reduce max frequency on battery to save power
+        CPU_SCALING_MAX_FREQ_ON_BAT = 3000000;
 
-    #     # Allow the CPU to boost
-    #     CPU_BOOST_ON_AC = 1;
-    #     CPU_BOOST_ON_BAT = 1;
+        # Allow the CPU to boost
+        CPU_BOOST_ON_AC = 1;
+        CPU_BOOST_ON_BAT = 1;
 
 
-    #     RADEON_DPM_PERF_LEVEL_ON_AC = "high";
-    #     WIFI_PWR_ON_BAT = "off";
+        RADEON_DPM_PERF_LEVEL_ON_AC = "high";
+        # WIFI_PWR_ON_BAT = "off";
 
-    #     # enable battery charge thresholds on the default battery
-    #     STOP_CHARGE_THRESH_BAT0 = 1;
-    #   };
-    # };
+        # enable battery charge thresholds on the default battery
+        STOP_CHARGE_THRESH_BAT0 = 1;
+      };
+    };
 
 
 
@@ -69,15 +69,15 @@
       AllowSuspendThenHibernate=yes
     '';
 
-    services.watt = {
-      enable = true;
-      settings = {
-        battery_charge_thresholds = [
-          40
-          80
-        ];
-      };
-    };
+    # services.watt = {
+    #   enable = true;
+    #   settings = {
+    #     battery_charge_thresholds = [
+    #       40
+    #       80
+    #     ];
+    #   };
+    # };
 
     services.upower.enable = true;
 

modules/nixos/sops.nix

@@ -0,0 +1,12 @@
+{
+  inputs,
+  ...
+}:
+{
+  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+  sops.defaultSopsFile = ./../../secrets/vpn.env;
+  sops.secrets.vpnEnvironment = {
+    sopsFile = ./../../secrets/vpn.env;
+    format = "dotenv";
+  };
+}