summaryrefslogtreecommitdiff
path: root/archetypes/tjkeller/wifi.nix
diff options
context:
space:
mode:
Diffstat (limited to 'archetypes/tjkeller/wifi.nix')
-rw-r--r--archetypes/tjkeller/wifi.nix38
1 files changed, 38 insertions, 0 deletions
diff --git a/archetypes/tjkeller/wifi.nix b/archetypes/tjkeller/wifi.nix
new file mode 100644
index 0000000..32b6ef8
--- /dev/null
+++ b/archetypes/tjkeller/wifi.nix
@@ -0,0 +1,38 @@
+{ lib, config, ... }: let
+ cfg = config._archetypes.tjkeller.wifi;
+in {
+ options._archetypes.tjkeller.wifi = {
+ enable = lib.mkEnableOption "enables wifi";
+ };
+
+ config = lib.mkIf cfg.enable {
+ networking.wireless = {
+ enable = true; # Enables wireless support via wpa_supplicant.
+ userControlled.enable = true;
+ allowAuxiliaryImperativeNetworks = true; # Networks defined in aux imperitive networks (/etc/wpa_supplicant.conf)
+ };
+
+ # Load wpa_supplicant.conf secret config
+ sops.secrets.wpa_supplicant-conf = {
+ sopsFile = ./resources/secrets/wpa_supplicant-conf.yaml;
+ };
+
+ # Link /etc/wpa_supplicant.conf -> secret config
+ environment.etc."wpa_supplicant.conf" = {
+ source = config.sops.secrets.wpa_supplicant-conf.path;
+ };
+
+ # This service is a workaround to ensure that secrets are available on
+ # reboot when the secret keys are on a separate subvolume
+ systemd.services.npcnix-force-rebuild-sops-hack = {
+ wantedBy = [ "multi-user.target" ];
+ before = [ "wpa_supplicant.service" ];
+ serviceConfig = {
+ ExecStart = "/run/current-system/activate";
+ Type = "oneshot";
+ Restart = "on-failure"; # because oneshot
+ RestartSec = "10s";
+ };
+ };
+ };
+}
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-28 11:13:58 +0000