nixos/modules/nixos/wifi.nix

{
  config,
  pkgs,
  ...
}: {
  sops.age.keyFile = /home/max/.config/sops/age/keys.txt;
  sops.secrets."home/ssid" = {
    sopsFile = ../../secrets/wifi.yaml;
  };
  sops.secrets."home/psk" = {
    sopsFile = ../../secrets/wifi.yaml;
  };
  sops.secrets."eduroam/ident" = {
    sopsFile = ../../secrets/wifi.yaml;
  };
  sops.secrets."eduroam/psk" = {
    sopsFile = ../../secrets/wifi.yaml;
  };
  sops.templates."eduroam.nmconnection".content = ''
    [connection]
    id=eduroam
    type=wifi

    [wifi]
    mode=infrastructure
    ssid=eduroam

    [wifi-security]
    auth-alg=open
    key-mgmt=wpa-eap

    [802-1x]
    anonymous-identity=anonymous@uni-hannover.de
    ca-cert=${./T-TeleSec_GlobalRoot_Class_2.crt}
    domain-suffix-match=radius-dfn.luis.uni-hannover.de
    eap=ttls;
    identity=${config.sops.placeholder."eduroam/ident"}
    password=${config.sops.placeholder."eduroam/psk"}
    phase2-auth=mschapv2
  '';
  environment.etc."NetworkManager/system-connections/eduroam.nmconnection".source = config.sops.templates."eduroam.nmconnection".path;
  networking.networkmanager = {
    enable = true;
    ensureProfiles.profiles = {
      home = {
        connection = {
          id = "Please Hack";
          type = "wifi";
        };
        wifi = {
          mode = "infrastructure";
          ssid = "Please Hack";
        };
        wifi-security = {
          key-mgmt = "wpa-psk";
        };
      };
      eduroam = {
        connection = {
          id = "eduroam";
          type = "wifi";
        };
        wifi = {
          mode = "infrastructure";
          ssid = "eduroam";
        };
        wifi-security = {
          key-mgmt = "wpa-eap";
        };
        "802-1x" = {
          anonymous-identity = "anonymous@uni-hannover.de";
          ca-cert = "${./T-TeleSec_GlobalRoot_Class_2.crt}";
          domain-suffix-match = "radius-dfn.luis.uni-hannover.de";
          eap = "ttls;";
          phase2-auth = "mschapv2";
        };
      };
      luhbotsNet5 = {
        connection = {
          id = "luhbotsNet5";
          type = "wifi";
          autoconnect-priority = "10";
        };
        wifi = {
          mode = "infrastructure";
          ssid = "luhbotsNet5";
        };
        wifi-security = {
          key-mgmt = "wpa-psk";
        };
      };
      luhbotsNet = {
        connection = {
          id = "luhbotsNet";
          type = "wifi";
          autoconnect-priority = "5";
        };
        wifi = {
          mode = "infrastructure";
          ssid = "luhbotsNet";
        };
        wifi-security = {
          key-mgmt = "wpa-psk";
        };
      };
    };
  };

  environment.systemPackages = with pkgs; [
    nm-tray
  ];
}