first commit

hosts/T14p/network.nix

@@ -0,0 +1,83 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+let
+  wifi = ssid: alias: priority: {
+    sops.secrets."wifi_${alias}" = { };
+    sops.templates."wifi_${alias}.nmconnection" = {
+      path = "/etc/NetworkManager/system-connections/wifi_${ssid}.nmconnection";
+      owner = "root";
+      group = "root";
+      mode = "0600";
+      content = ''
+        [connection]
+        id=${ssid}
+        type=wifi
+        autoconnect=true
+        autoconnect-priority=${toString priority}
+
+        [wifi]
+        ssid=${ssid}
+        mode=infrastructure
+
+        [wifi-security]
+        key-mgmt=wpa-psk
+        psk=${config.sops.placeholder."wifi_${alias}"}
+
+        [ipv4]
+        method=auto
+
+        [ipv6]
+        addr-gen-mode=default
+        method=auto
+      '';
+    };
+  };
+in
+lib.mkMerge [
+  (wifi "Ziggo966936B" "home" 100)
+  {
+    sops.secrets.wifi_leiden_identity = { };
+    sops.secrets.wifi_leiden_password = { };
+    sops.templates."wifi_eduroam.nmconnection" = {
+      path = "/etc/NetworkManager/system-connections/eduroam.nmconnection";
+
+      owner = "root";
+      group = "root";
+      mode = "0600";
+
+      content = ''
+        [connection]
+        id=eduroam
+        type=wifi
+
+        [wifi]
+        ssid=eduroam
+        mode=infrastructure
+
+        [wifi-security]
+        key-mgmt=wpa-eap
+
+        [802-1x]
+        eap=peap
+        identity=${config.sops.placeholder.wifi_leiden_identity}
+        password=${config.sops.placeholder.wifi_leiden_password}
+        anonymous-identity=anonymous@leidenuniv.nl
+        phase2-auth=mschapv2
+        ca-cert=${./leiden.crt}
+      '';
+    };
+  }
+  {
+    # Run nmcli reload after every switch
+    system.activationScripts.nm-reload = {
+      text = ''
+        ${pkgs.networkmanager}/bin/nmcli connection reload || true
+      '';
+      deps = [ ];
+    };
+  }
+]