add networking through secrets

modules/nixos/networking.nix

@@ -13,6 +13,11 @@ in
       type = lib.types.str;
       default = "nixos";
       };
+
+    nix-config.networking.vpn = lib.mkOption {
+      type = lib.types.bool;
+      default = true;
+    };
   };
 
   config = {
@@ -30,6 +35,60 @@ in
     #   enable = false;
     # };
 
-  };
+    # # VPN setup
+    networking.networkmanager.ensureProfiles = {
+      environmentFiles = [ config.sops.secrets.vpnEnvironment.path ];
+      profiles.wg-home = {
+        connection = {
+          id = "wg-home";
+          type = "wireguard";
+          interface-name = "wgh";
+          autoconnect = false;
+        };
 
+        ipv4 = {
+          address = "10.0.0.2/32";
+          method = "manual";
+        };
+
+        wireguard = {
+          listen-port = 51820;
+          private-key = "$HOME_PRIVATE_KEY";
+        };
+
+        "wireguard-peer.y/TBD/c0GkrRtekDkCb8TUnYYil8bSRPIjPDY650pz8=" = {
+          endpoint = "$HOME_ENDPOINT";
+          allowed-ips = "192.168.1.0/16";
+        };
+      };
+
+
+
+      profiles.wg-fritzbox = {
+        connection = {
+          id = "wg-fritzbox";
+          type = "wireguard";
+          interface-name = "wgfb";
+          autoconnect = false;
+        };
+
+        ipv4 = {
+          address = "192.168.178.201/24";
+          dns = "192.168.178.1";
+          method = "manual";
+        };
+
+        wireguard = {
+          listen-port = 51820;
+          private-key = "$FRITZBOX_PRIVATE_KEY";
+        };
+
+        "wireguard-peer.Jf/seKAL7kWm2qX9gf5Ln8FiN7OlPQB3CyRovDIOEHw=" = {
+          endpoint = "$FRITZBOX_ENDPOINT";
+          allowed-ips = "192.168.178.0/24;fd73:ea00:5841::/64";
+          preshared-key = "$FRITZBOX_PRESHARED_KEY";
+        };
+      };
+    };
+  };
 }

modules/nixos/power.nix

@@ -23,42 +23,42 @@
 
   config = {
 
-    # services.tlp = {
-    #   enable = true;
-    #   settings = {
-    #     # processor chooses frequencies itself but respects the limits set by the user
-    #     CPU_DRIVER_OPMODE_ON_AC = "guided";
-    #     CPU_DRIVER_OPMODE_ON_BAT = "guided";
+    services.tlp = {
+      enable = true;
+      settings = {
+        # processor chooses frequencies itself but respects the limits set by the user
+        CPU_DRIVER_OPMODE_ON_AC = "guided";
+        CPU_DRIVER_OPMODE_ON_BAT = "guided";
 
-    #     # governor dictates global behavior of the CPU
-    #     CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
-    #     CPU_SCALING_GOVERNOR_ON_AC = "performance";
+        # governor dictates global behavior of the CPU
+        CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
+        CPU_SCALING_GOVERNOR_ON_AC = "performance";
 
-    #     # energy performance policy (EPP) sets the energy/performance balance
-    #     CPU_ENERGY_PERF_POLICY_ON_BAT = "balance_power";
-    #     CPU_ENERGY_PERF_POLICY_ON_AC = "performance";
+        # energy performance policy (EPP) sets the energy/performance balance
+        CPU_ENERGY_PERF_POLICY_ON_BAT = "balance_power";
+        CPU_ENERGY_PERF_POLICY_ON_AC = "performance";
 
 
-    #     # clock speeds reported by `sudo tlp-stat`
-    #     # 623377 [kHz] and 5090910 [kHz]
-    #     # CPU_SCALING_MIN_FREQ_ON_AC = 623377;
-    #     # CPU_SCALING_MAX_FREQ_ON_AC = 5090910;
-    #     # CPU_SCALING_MIN_FREQ_ON_BAT = 0;
-    #     # # reduce max frequency on battery to save power
-    #     # CPU_SCALING_MAX_FREQ_ON_BAT = 3000000;
+        # clock speeds reported by `sudo tlp-stat`
+        # 623377 [kHz] and 5090910 [kHz]
+        CPU_SCALING_MIN_FREQ_ON_AC = 623377;
+        CPU_SCALING_MAX_FREQ_ON_AC = 5090910;
+        CPU_SCALING_MIN_FREQ_ON_BAT = 0;
+        # reduce max frequency on battery to save power
+        CPU_SCALING_MAX_FREQ_ON_BAT = 3000000;
 
-    #     # Allow the CPU to boost
-    #     CPU_BOOST_ON_AC = 1;
-    #     CPU_BOOST_ON_BAT = 1;
+        # Allow the CPU to boost
+        CPU_BOOST_ON_AC = 1;
+        CPU_BOOST_ON_BAT = 1;
 
 
-    #     RADEON_DPM_PERF_LEVEL_ON_AC = "high";
-    #     WIFI_PWR_ON_BAT = "off";
+        RADEON_DPM_PERF_LEVEL_ON_AC = "high";
+        # WIFI_PWR_ON_BAT = "off";
 
-    #     # enable battery charge thresholds on the default battery
-    #     STOP_CHARGE_THRESH_BAT0 = 1;
-    #   };
-    # };
+        # enable battery charge thresholds on the default battery
+        STOP_CHARGE_THRESH_BAT0 = 1;
+      };
+    };
 
 
 
@@ -69,15 +69,15 @@
       AllowSuspendThenHibernate=yes
     '';
 
-    services.watt = {
-      enable = true;
-      settings = {
-        battery_charge_thresholds = [
-          40
-          80
-        ];
-      };
-    };
+    # services.watt = {
+    #   enable = true;
+    #   settings = {
+    #     battery_charge_thresholds = [
+    #       40
+    #       80
+    #     ];
+    #   };
+    # };
 
     services.upower.enable = true;
 

modules/nixos/sops.nix

@@ -0,0 +1,12 @@
+{
+  inputs,
+  ...
+}:
+{
+  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+  sops.defaultSopsFile = ./../../secrets/vpn.env;
+  sops.secrets.vpnEnvironment = {
+    sopsFile = ./../../secrets/vpn.env;
+    format = "dotenv";
+  };
+}