reogranize files more only working on optiplex for now prepare for home manager refactoringHEADmaster

1 files changed, 38 insertions, 0 deletions

diff --git a/archetypes/tjkeller/wifi.nix b/archetypes/tjkeller/wifi.nix
new file mode 100644
index 0000000..32b6ef8
--- /dev/null
+++ b/archetypes/tjkeller/wifi.nix
@@ -0,0 +1,38 @@
+{ lib, config, ... }: let
+	cfg = config._archetypes.tjkeller.wifi;
+in {
+	options._archetypes.tjkeller.wifi = {
+		enable = lib.mkEnableOption "enables wifi";
+	};
+
+	config = lib.mkIf cfg.enable {
+		networking.wireless = {
+			enable = true;  # Enables wireless support via wpa_supplicant.
+			userControlled.enable = true;
+			allowAuxiliaryImperativeNetworks = true;  # Networks defined in aux imperitive networks (/etc/wpa_supplicant.conf)
+		};
+
+		# Load wpa_supplicant.conf secret config
+		sops.secrets.wpa_supplicant-conf = {
+			sopsFile = ./resources/secrets/wpa_supplicant-conf.yaml;
+		};
+
+		# Link /etc/wpa_supplicant.conf -> secret config
+		environment.etc."wpa_supplicant.conf" = {
+			source = config.sops.secrets.wpa_supplicant-conf.path;
+		};
+
+		# This service is a workaround to ensure that secrets are available on
+		# reboot when the secret keys are on a separate subvolume
+		systemd.services.npcnix-force-rebuild-sops-hack = {
+			wantedBy = [ "multi-user.target" ];
+			before = [ "wpa_supplicant.service" ];
+			serviceConfig = {
+				ExecStart = "/run/current-system/activate";
+				Type = "oneshot";
+				Restart = "on-failure"; # because oneshot
+				RestartSec = "10s";
+			};
+		};
+	};
+}