{ config, lib, ... }:
let
  cfg = config.custom.networking.wireless;
in
{
  options.custom.networking.wireless.enable =
    lib.mkEnableOption "wireless networking with preconfigured networks";

  config = lib.mkIf cfg.enable {
    sops = {
      secrets = {
        WRT_Personal_PSK.sopsFile = ../../secrets/wireless.yaml;
        WLNPub_PSK.sopsFile = ../../secrets/wireless.yaml;
        ViliMobile_PSK.sopsFile = ../../secrets/wireless.yaml;
      };

      templates."wpa_supplicant_secrets".content = ''
        WRT_Personal_PSK=${config.sops.placeholder.WRT_Personal_PSK}
        WLNPub_PSK=${config.sops.placeholder.WLNPub_PSK}
        ViliMobile_PSK=${config.sops.placeholder.ViliMobile_PSK}
      '';
    };

    networking.networkmanager.unmanaged = [ "except:type:wifi" ];

    networking.wireless = {
      fallbackToWPA2 = false;
      enable = true;
      userControlled.enable = true;
      secretsFile = config.sops.templates."wpa_supplicant_secrets".path;
      extraConfig = ''
        mac_addr=1
      '';
      networks = {
        WRT_Personal = {
          authProtocols = [ "SAE" ];
          pskRaw = "ext:WRT_Personal_PSK";
          priority = 100;
          extraConfig = ''
            ieee80211w=2
            pairwise=CCMP
            group=CCMP
            mac_addr=0
          '';
        };
        WLNPub = {
          # TODO Fix
          pskRaw = "ext:WLNPub_PSK";
          priority = 100;
          extraConfig = ''
            ieee80211w=2
            pairwise=CCMP
            group=CCMP
            mac_addr=0
          '';
        };
        ViliMobile = {
          authProtocols = [ "SAE" ];
          pskRaw = "ext:ViliMobile_PSK";
          priority = 50;
          extraConfig = ''
            ieee80211w=2
            pairwise=CCMP
            group=CCMP
            mac_addr=0
          '';
        };
      };
    };
  };
}