blob: 9dbf233fea549465ca2b5fe3b6f23c09eed1edec (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
{ lib, config, ... }: {
options = {
wifi.enable = lib.mkEnableOption "enables wifi";
};
config = lib.mkIf config.wifi.enable {
networking.wireless = {
enable = true; # Enables wireless support via wpa_supplicant.
userControlled.enable = true;
allowAuxiliaryImperativeNetworks = true; # Networks defined in aux imperitive networks (/etc/wpa_supplicant.conf)
};
# Load wpa_supplicant.conf secret config
sops.secrets.wpa_supplicant-conf = {
sopsFile = ./resources/secrets/wpa_supplicant-conf.yaml;
};
# Link /etc/wpa_supplicant.conf -> secret config
environment.etc."wpa_supplicant.conf" = {
source = config.sops.secrets.wpa_supplicant-conf.path;
};
# This service is a workaround to ensure that secrets are available on
# reboot when the secret keys are on a separate subvolume
systemd.services.npcnix-force-rebuild-sops-hack = {
wantedBy = [ "multi-user.target" ];
before = [ "wpa_supplicant.service" ];
serviceConfig = {
ExecStart = "/run/current-system/activate";
Type = "oneshot";
Restart = "on-failure"; # because oneshot
RestartSec = "10s";
};
};
};
}
|
