From f948f1e52d0da3e3a718f6bac0b97cb57332d81a Mon Sep 17 00:00:00 2001
From: Lillian-Violet <info@lillianviolet.dev>
Date: Fri, 12 Jan 2024 17:21:29 +0100
Subject: [PATCH] Add wifi connection to wheatley

---
 nixos/hosts/wheatley/configuration.nix | 16 ++++++++++++++++
 nixos/hosts/wheatley/secrets/sops.yaml | 21 +++++++++++++++++++++
 2 files changed, 37 insertions(+)
 create mode 100644 nixos/hosts/wheatley/secrets/sops.yaml

diff --git a/nixos/hosts/wheatley/configuration.nix b/nixos/hosts/wheatley/configuration.nix
index 2c09b8f..dd6adbd 100644
--- a/nixos/hosts/wheatley/configuration.nix
+++ b/nixos/hosts/wheatley/configuration.nix
@@ -45,6 +45,12 @@
     };
   };
 
+  sops.defaultSopsFile = ./secrets/sops.yaml;
+  sops.age.keyFile = ../../../../../var/secrets/keys.txt;
+
+  sops.secrets."wireless.env".mode = "0440";
+  sops.secrets."wireless.env".owner = config.users.users.root.name;
+
   environment.systemPackages = with pkgs; [
     age
     git
@@ -103,6 +109,16 @@
     };
   };
 
+  networking.wireless.enable = true;
+  networking.wireless.environmentFile = config.sops.secrets."wireless.env".path;
+  networking.wireless.networks."KPNAA6306" = {
+    hidden = true;
+    auth = ''
+      key_mgmt=WPA
+      password="@PSK_HOME@"
+    '';
+  };
+
   networking.firewall.enable = true;
 
   networking.firewall = {
diff --git a/nixos/hosts/wheatley/secrets/sops.yaml b/nixos/hosts/wheatley/secrets/sops.yaml
new file mode 100644
index 0000000..94f8617
--- /dev/null
+++ b/nixos/hosts/wheatley/secrets/sops.yaml
@@ -0,0 +1,21 @@
+wireless.env: ENC[AES256_GCM,data:a5sUW0Lc4GRd9aUJwHbmQvzvRB8WaRjMSQ==,iv:+3ncL38E3aqbejoCzzeBtMukLk4n/AQBJELlqhXDqSA=,tag:buY9Mp10DAEEEKqSyHwB3g==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age12e00qvf4shtmsfq3ujamyaa72pjvad2qhrxkvpl9hryrjvgxev4sjhmkxz
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEWnJ1Slh0aEtVQVhJT051
+            a0FKQnpYRlZKckt0NURhNm0wTjd4N1N3S3djCmhzUUloOHUzVGZXVW1xNXMyQnoz
+            N2lKdXZBdXdxRFVTMDRKYzBCZThOaTQKLS0tIGlhbVF1Rjc1K0RPeW1LN3ZCbXhw
+            Vm9mWk5JRGtZNVVhN1JQWTBlb2kySkEKoLI1MzS3uGNUbyn7kI5DylKZiPtc1div
+            bKIboWoobTfDt0EURfmZ5+JrX6DlZxRyNQyl9dsKmZT6pLdaIppStA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-01-12T16:14:03Z"
+    mac: ENC[AES256_GCM,data:J/0+e7w8tcfsQ9xtWJifKYpWQLpLssjSgxMl/PdIyYuWKDKkF/dDr+joP7Evlk5Hg3dXL7ijGFgYVwUjhFzbgk9pUiHt0cvXj0hthgwUIUpQh42M6qKtxRaxP/Mp9Shb2CSwZfZ2GyXP4lJuMS76SDKo46xGdbejwlLPZ11oArA=,iv:rWrrB9VUxX3N2OSSep9SPfyl9Ke7hQVGkheazOrbis4=,tag:9fBYgtCoNm9Unv7ADJTb0Q==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1