diff options
| -rw-r--r-- | nixos/default.nix | 1 | ||||
| -rw-r--r-- | nixos/wireless.nix | 22 | ||||
| -rw-r--r-- | users/timmy/wifi.nix | 16 |
3 files changed, 27 insertions, 12 deletions
diff --git a/nixos/default.nix b/nixos/default.nix index 2d70630..ea8a317 100644 --- a/nixos/default.nix +++ b/nixos/default.nix @@ -22,6 +22,7 @@ ./powerkeys.nix ./secrets.nix ./suspend.nix + ./wireless.nix ./zshenv.nix ]; } diff --git a/nixos/wireless.nix b/nixos/wireless.nix new file mode 100644 index 0000000..22c759f --- /dev/null +++ b/nixos/wireless.nix @@ -0,0 +1,22 @@ +{ config, lib, ... }: let + cfg = config.networking.wireless; + mkCredential = cred: file: "${cred}:${file}"; + mkCredentialPath = cred: _: "/run/credentials/wpa_supplicant.service/${cred}"; +in { + options.networking.wireless = { + _extraSecretConfigs = lib.mkOption { + type = lib.types.attrsOf lib.types.str; + description = "extra config files loaded into systemd credentials"; + default = {}; + }; + }; + + config = lib.mkIf cfg.enable { + systemd.services.wpa_supplicant.serviceConfig = { + LoadCredential = lib.mapAttrsToList mkCredential cfg._extraSecretConfigs; + }; + networking.wireless = { + extraConfigFiles = lib.mapAttrsToList mkCredentialPath cfg._extraSecretConfigs; + }; + }; +} diff --git a/users/timmy/wifi.nix b/users/timmy/wifi.nix index 8c762b0..ab5332f 100644 --- a/users/timmy/wifi.nix +++ b/users/timmy/wifi.nix @@ -6,20 +6,12 @@ in { }; config = lib.mkIf cfg.enable { - networking.wireless = { - enable = true; # Enables wireless support via wpa_supplicant. - userControlled.enable = true; - allowAuxiliaryImperativeNetworks = true; # Networks defined in aux imperitive networks (/etc/wpa_supplicant.conf) - }; - # Load wpa_supplicant.conf secret config - sops.secrets.wpa_supplicant-conf = { - sopsFile = ./resources/secrets/wpa_supplicant-conf.yaml; - }; + sops.secrets.wpa_supplicant-conf.sopsFile = ./resources/secrets/wpa_supplicant-conf.yaml; - # Link /etc/wpa_supplicant.conf -> secret config - environment.etc."wpa_supplicant.conf" = { - source = config.sops.secrets.wpa_supplicant-conf.path; + networking.wireless = { + enable = true; # Enables wireless support via wpa_supplicant. + _extraSecretConfigs.networks = config.sops.secrets.wpa_supplicant-conf.path; # Load secret network config via systemd credential }; }; } |
