nixos-conf/modules/networking/wireless.nix

{ config, lib, ... }:
let
  cfg = config.custom.networking.wireless;
in
{
  options.custom.networking.wireless.enable =
    lib.mkEnableOption "wireless networking with preconfigured networks";

  config = lib.mkIf cfg.enable {
    sops = {
      secrets = {
        WRT_Personal_PSK.sopsFile = ../../secrets/wireless.yaml;
        WLNPub_PSK.sopsFile = ../../secrets/wireless.yaml;
        ViliMobile_PSK.sopsFile = ../../secrets/wireless.yaml;
      };

      templates."wpa_supplicant_secrets".content = ''
        WRT_Personal_PSK=${config.sops.placeholder.WRT_Personal_PSK}
        WLNPub_PSK=${config.sops.placeholder.WLNPub_PSK}
        ViliMobile_PSK=${config.sops.placeholder.ViliMobile_PSK}
      '';
    };

    networking.networkmanager.unmanaged = [ "except:type:wifi" ];

    networking.wireless = {
      fallbackToWPA2 = false;
      enable = true;
      userControlled.enable = true;
      secretsFile = config.sops.templates."wpa_supplicant_secrets".path;
      extraConfig = ''
        mac_addr=1
      '';
      networks = {
        WRT_Personal = {
          authProtocols = [ "SAE" ];
          pskRaw = "ext:WRT_Personal_PSK";
          priority = 100;
          extraConfig = ''
            ieee80211w=2
            pairwise=CCMP
            group=CCMP
            mac_addr=0
          '';
        };
        WLNPub = {
          # TODO Fix
          pskRaw = "ext:WLNPub_PSK";
          priority = 100;
          extraConfig = ''
            ieee80211w=2
            pairwise=CCMP
            group=CCMP
            mac_addr=0
          '';
        };
        ViliMobile = {
          authProtocols = [ "SAE" ];
          pskRaw = "ext:ViliMobile_PSK";
          priority = 50;
          extraConfig = ''
            ieee80211w=2
            pairwise=CCMP
            group=CCMP
            mac_addr=0
          '';
        };
      };
    };
  };
}
Start declarative WiFi configuration 2025-07-21 16:34:24 +03:00			`{ config, lib, ... }:`
			`let`
			`cfg = config.custom.networking.wireless;`
			`in`
			`{`
			`options.custom.networking.wireless.enable =`
			`lib.mkEnableOption "wireless networking with preconfigured networks";`

			`config = lib.mkIf cfg.enable {`
			`sops = {`
			`secrets = {`
			`WRT_Personal_PSK.sopsFile = ../../secrets/wireless.yaml;`
			`WLNPub_PSK.sopsFile = ../../secrets/wireless.yaml;`
			`ViliMobile_PSK.sopsFile = ../../secrets/wireless.yaml;`
			`};`

			`templates."wpa_supplicant_secrets".content = ''`
			`WRT_Personal_PSK=${config.sops.placeholder.WRT_Personal_PSK}`
			`WLNPub_PSK=${config.sops.placeholder.WLNPub_PSK}`
			`ViliMobile_PSK=${config.sops.placeholder.ViliMobile_PSK}`
			`'';`
			`};`

			`networking.networkmanager.unmanaged = [ "except:type:wifi" ];`

			`networking.wireless = {`
			`fallbackToWPA2 = false;`
			`enable = true;`
			`userControlled.enable = true;`
			`secretsFile = config.sops.templates."wpa_supplicant_secrets".path;`
			`extraConfig = ''`
			`mac_addr=1`
			`'';`
			`networks = {`
			`WRT_Personal = {`
			`authProtocols = [ "SAE" ];`
			`pskRaw = "ext:WRT_Personal_PSK";`
			`priority = 100;`
			`extraConfig = ''`
			`ieee80211w=2`
			`pairwise=CCMP`
			`group=CCMP`
			`mac_addr=0`
			`'';`
			`};`
			`WLNPub = {`
			`# TODO Fix`
			`pskRaw = "ext:WLNPub_PSK";`
			`priority = 100;`
			`extraConfig = ''`
			`ieee80211w=2`
			`pairwise=CCMP`
			`group=CCMP`
			`mac_addr=0`
			`'';`
			`};`
			`ViliMobile = {`
			`authProtocols = [ "SAE" ];`
			`pskRaw = "ext:ViliMobile_PSK";`
			`priority = 50;`
			`extraConfig = ''`
			`ieee80211w=2`
			`pairwise=CCMP`
			`group=CCMP`
			`mac_addr=0`
			`'';`
			`};`
			`};`
			`};`
			`};`
			`}`