summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--nixos/default.nix1
-rw-r--r--nixos/wireless.nix22
-rw-r--r--users/timmy/wifi.nix16
3 files changed, 27 insertions, 12 deletions
diff --git a/nixos/default.nix b/nixos/default.nix
index 2d70630..ea8a317 100644
--- a/nixos/default.nix
+++ b/nixos/default.nix
@@ -22,6 +22,7 @@
./powerkeys.nix
./secrets.nix
./suspend.nix
+ ./wireless.nix
./zshenv.nix
];
}
diff --git a/nixos/wireless.nix b/nixos/wireless.nix
new file mode 100644
index 0000000..22c759f
--- /dev/null
+++ b/nixos/wireless.nix
@@ -0,0 +1,22 @@
+{ config, lib, ... }: let
+ cfg = config.networking.wireless;
+ mkCredential = cred: file: "${cred}:${file}";
+ mkCredentialPath = cred: _: "/run/credentials/wpa_supplicant.service/${cred}";
+in {
+ options.networking.wireless = {
+ _extraSecretConfigs = lib.mkOption {
+ type = lib.types.attrsOf lib.types.str;
+ description = "extra config files loaded into systemd credentials";
+ default = {};
+ };
+ };
+
+ config = lib.mkIf cfg.enable {
+ systemd.services.wpa_supplicant.serviceConfig = {
+ LoadCredential = lib.mapAttrsToList mkCredential cfg._extraSecretConfigs;
+ };
+ networking.wireless = {
+ extraConfigFiles = lib.mapAttrsToList mkCredentialPath cfg._extraSecretConfigs;
+ };
+ };
+}
diff --git a/users/timmy/wifi.nix b/users/timmy/wifi.nix
index 8c762b0..ab5332f 100644
--- a/users/timmy/wifi.nix
+++ b/users/timmy/wifi.nix
@@ -6,20 +6,12 @@ in {
};
config = lib.mkIf cfg.enable {
- networking.wireless = {
- enable = true; # Enables wireless support via wpa_supplicant.
- userControlled.enable = true;
- allowAuxiliaryImperativeNetworks = true; # Networks defined in aux imperitive networks (/etc/wpa_supplicant.conf)
- };
-
# Load wpa_supplicant.conf secret config
- sops.secrets.wpa_supplicant-conf = {
- sopsFile = ./resources/secrets/wpa_supplicant-conf.yaml;
- };
+ sops.secrets.wpa_supplicant-conf.sopsFile = ./resources/secrets/wpa_supplicant-conf.yaml;
- # Link /etc/wpa_supplicant.conf -> secret config
- environment.etc."wpa_supplicant.conf" = {
- source = config.sops.secrets.wpa_supplicant-conf.path;
+ networking.wireless = {
+ enable = true; # Enables wireless support via wpa_supplicant.
+ _extraSecretConfigs.networks = config.sops.secrets.wpa_supplicant-conf.path; # Load secret network config via systemd credential
};
};
}