From d9bf9363bb97845ce9aa3a1693b2f274ebd3bb93 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Max=20K=C3=A4nner?= <max.kaenner@gmail.com>
Date: Mon, 18 Mar 2024 10:05:49 +0100
Subject: [PATCH] 239 current  1970-01-01 01:00:00  24.05.20240314.d691274 
 6.6.21                          *

---
 modules/nixos/wifi.nix | 31 ++++++++++++++++++++++++++++++-
 1 file changed, 30 insertions(+), 1 deletion(-)

diff --git a/modules/nixos/wifi.nix b/modules/nixos/wifi.nix
index c9c2155..0a5c0dc 100644
--- a/modules/nixos/wifi.nix
+++ b/modules/nixos/wifi.nix
@@ -3,13 +3,42 @@
   pkgs,
   ...
 }: {
+  sops.age.keyFile = /home/max/.config/sops/age/keys.txt;
   sops.secrets."home/ssid" = {
     sopsFile = ../../secrets/wifi.yaml;
   };
   sops.secrets."home/psk" = {
     sopsFile = ../../secrets/wifi.yaml;
   };
-  sops.age.keyFile = /home/max/.config/sops/age/keys.txt;
+  sops.secrets."eduroam/ident" = {
+    sopsFile = ../../secrets/wifi.yaml;
+  };
+  sops.secrets."eduroam/psk" = {
+    sopsFile = ../../secrets/wifi.yaml;
+  };
+  sops.templates."eduroam.nmconnection".content = ''
+    [connection]
+    id=eduroam
+    type=wifi
+
+    [wifi]
+    mode=infrastructure
+    ssid=eduroam
+
+    [wifi-security]
+    auth-alg=open
+    key-mgmt=wpa-eap
+
+    [802-1x]
+    anonymous-identity=anonymous@uni-hannover.de
+    ca-cert=${./T-TeleSec_GlobalRoot_Class_2.crt}
+    domain-suffix-match=radius-dfn.luis.uni-hannover.de
+    eap=ttls;
+    identity=${config.sops.placeholder."eduroam/ident"}
+    password=${config.sops.placeholder."eduroam/psk"}
+    phase2-auth=mschapv2
+  '';
+  environment.etc."NetworkManager/system-connections/eduroam.nmconnection".source = config.sops.templates."eduroam.nmconnection".path;
   networking.networkmanager = {
     enable = true;
     ensureProfiles.profiles = {