start replacing sops with agenix

hosts/thinkpad/default.nix

@@ -49,8 +49,9 @@
     ];
   };
   # impermanence fixes
-  sops.age.sshKeyPaths = lib.mkForce [ "/nix/persist/system/etc/ssh/ssh_host_ed25519_key" ];
-  sops.gnupg.sshKeyPaths = lib.mkForce [ ];
+  # sops.age.sshKeyPaths = lib.mkForce [ "/nix/persist/system/etc/ssh/ssh_host_ed25519_key" ];
+  # sops.gnupg.sshKeyPaths = lib.mkForce [ ];
+  age.identityPaths = [ "/nix/persist/system/etc/ssh/ssh_host_ed25519_key" ];
 
   time.timeZone = "Europe/Berlin";
   i18n.defaultLocale = "en_US.UTF-8";

hosts/thinkpad/modules/backup/default.nix

@@ -1,6 +1,8 @@
 { config, pkgs, ... }:
 {
-  sops.secrets."borg/passphrase" = { };
+  age.secrets."borg/passphrase" = {
+    file = ../../../../secrets/thinkpad/borg/passphrase.age;
+  };
   environment.systemPackages = [ pkgs.borgbackup ];
   services.borgmatic = {
     enable = true;
@@ -32,7 +34,7 @@
         "/home/*/.local/share"
         "/home/*/Linux/Isos"
       ];
-      encryption_passcommand = "${pkgs.coreutils}/bin/cat ${config.sops.secrets."borg/passphrase".path}";
+      encryption_passcommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets."borg/passphrase".path}";
       compression = "lz4";
       keep_daily = 7;
       keep_weekly = 4;

hosts/thinkpad/modules/networks/default.nix

@@ -2,14 +2,19 @@
 {
   imports = [ ./uni.nix ];
 
-  sops.secrets = {
-    "wireless-env" = { };
+  age.secrets = {
+    wireless = {
+      file = ../../../../secrets/thinkpad/wireless.age;
+    };
     "wireguard/dorm/private" = {
+      file = ../../../../secrets/thinkpad/wireguard/dorm/private.age;
       owner = config.users.users.systemd-network.name;
     };
     "wireguard/dorm/preshared" = {
+      file = ../../../../secrets/thinkpad/wireguard/dorm/preshared.age;
       owner = config.users.users.systemd-network.name;
     };
+
   };
   services.lldpd.enable = true;
   services.resolved = {
@@ -32,7 +37,7 @@
     wireless = {
       enable = true;
       userControlled.enable = true;
-      environmentFile = config.sops.secrets."wireless-env".path;
+      environmentFile = config.age.secrets.wireless.path;
       networks = {
         "@HOME_SSID@" = {
           psk = "@HOME_PSK@";
@@ -109,14 +114,14 @@
         Name = "wg0";
       };
       wireguardConfig = {
-        PrivateKeyFile = config.sops.secrets."wireguard/dorm/private".path;
+        PrivateKeyFile = config.age.secrets."wireguard/dorm/private".path;
         ListenPort = 51820;
       };
       wireguardPeers = [
         {
           wireguardPeerConfig = {
             PublicKey = "Z5lwwHTCDr6OF4lfaCdSHNveunOn4RzuOQeyB+El9mQ=";
-            PresharedKeyFile = config.sops.secrets."wireguard/dorm/preshared".path;
+            PresharedKeyFile = config.age.secrets."wireguard/dorm/preshared".path;
             Endpoint = "141.30.227.6:51820";
             AllowedIPs = "192.168.42.0/24, 192.168.43.0/24";
           };

hosts/thinkpad/modules/networks/uni.nix

@@ -1,6 +1,9 @@
 { config, ... }:
 {
-  sops.secrets."uni/zih" = { };
+  # sops.secrets."uni/zih" = { };
+  age.secrets.tud = {
+    file = ../../../../secrets/thinkpad/tud.age;
+  };
   networking = {
     wireless.networks = {
       eduroam = {
@@ -60,7 +63,7 @@
         protocol = "anyconnect";
         gateway = "vpn2.zih.tu-dresden.de";
         user = "rose159e@tu-dresden.de";
-        passwordFile = config.sops.secrets."uni/zih".path;
+        passwordFile = config.age.secrets.tud.path;
         autoStart = false;
         extraOptions = {
           authgroup = "A-Tunnel-TU-Networks";
@@ -71,7 +74,7 @@
         protocol = "anyconnect";
         gateway = "vpn2.zih.tu-dresden.de";
         user = "rose159e@tu-dresden.de";
-        passwordFile = config.sops.secrets."uni/zih".path;
+        passwordFile = config.age.secrets.tud.path;
         autoStart = false;
         extraOptions = {
           authgroup = "C-Tunnel-All-Networks";