nixos-conf/modules/networking/wireless.nix

{ config, lib, ... }:
let
  cfg = config.custom.networking.wireless;
in
{
  options.custom.networking.wireless.enable =
    lib.mkEnableOption "wireless networking with preconfigured networks";

  config = lib.mkIf cfg.enable {
    sops = {
      secrets = {
        WRT_Personal_PSK.sopsFile = ../../secrets/wireless.yaml;
        WLNPub_PSK.sopsFile = ../../secrets/wireless.yaml;
        ViliMobile_PSK.sopsFile = ../../secrets/wireless.yaml;
      };

      templates."nm_wifi_secrets.env".content = ''
        WRT_Personal_PSK=${config.sops.placeholder.WRT_Personal_PSK}
        WLNPub_PSK=${config.sops.placeholder.WLNPub_PSK}
        ViliMobile_PSK=${config.sops.placeholder.ViliMobile_PSK}
      '';
    };

    networking.networkmanager.ensureProfiles = {
      environmentFiles = [ config.sops.templates."nm_wifi_secrets.env".path ];
      profiles = {
        WRT_Personal = {
          connection = {
            id = "WRT_Personal";
            type = "wifi";
            uuid = "d31db7fa-aa1f-479d-8410-675f7175406c";
          };
          wifi.ssid = "WRT_Personal";
          wifi-security = {
            key-mgmt = "sae";
            psk = "$WRT_Personal_PSK";
          };
        };
        WLNPub = {
          connection = {
            id = "WLNPub";
            type = "wifi";
            uuid = "7cca6ccd-641b-41e0-a0d2-aaed77394267";
          };
          wifi.ssid = "WLNPub";
          wifi-security = {
            key-mgmt = "wpa-psk";
            psk = "$WLNPub_PSK";
          };
        };
        ViliMobile = {
          connection = {
            id = "ViliMobile";
            type = "wifi";
            uuid = "0bba8429-5078-4da3-8af3-b27cc2b24b19";
          };
          wifi.ssid = "ViliMobile";
          wifi-security = {
            key-mgmt = "sae";
            psk = "$ViliMobile_PSK";
          };
        };
      };
    };
  };
}