diff --git a/modules/nixos/wifi.nix b/modules/nixos/wifi.nix
index c9c2155..0a5c0dc 100644
--- a/modules/nixos/wifi.nix
+++ b/modules/nixos/wifi.nix
@@ -3,13 +3,42 @@
   pkgs,
   ...
 }: {
+  sops.age.keyFile = /home/max/.config/sops/age/keys.txt;
   sops.secrets."home/ssid" = {
     sopsFile = ../../secrets/wifi.yaml;
   };
   sops.secrets."home/psk" = {
     sopsFile = ../../secrets/wifi.yaml;
   };
-  sops.age.keyFile = /home/max/.config/sops/age/keys.txt;
+  sops.secrets."eduroam/ident" = {
+    sopsFile = ../../secrets/wifi.yaml;
+  };
+  sops.secrets."eduroam/psk" = {
+    sopsFile = ../../secrets/wifi.yaml;
+  };
+  sops.templates."eduroam.nmconnection".content = ''
+    [connection]
+    id=eduroam
+    type=wifi
+
+    [wifi]
+    mode=infrastructure
+    ssid=eduroam
+
+    [wifi-security]
+    auth-alg=open
+    key-mgmt=wpa-eap
+
+    [802-1x]
+    anonymous-identity=anonymous@uni-hannover.de
+    ca-cert=${./T-TeleSec_GlobalRoot_Class_2.crt}
+    domain-suffix-match=radius-dfn.luis.uni-hannover.de
+    eap=ttls;
+    identity=${config.sops.placeholder."eduroam/ident"}
+    password=${config.sops.placeholder."eduroam/psk"}
+    phase2-auth=mschapv2
+  '';
+  environment.etc."NetworkManager/system-connections/eduroam.nmconnection".source = config.sops.templates."eduroam.nmconnection".path;
   networking.networkmanager = {
     enable = true;
     ensureProfiles.profiles = {