From 2da2cd592e859110a6d3f1af7caa4a4a63ce91a2 Mon Sep 17 00:00:00 2001
From: SebastianStork <sebastian.stork@pm.me>
Date: Sun, 20 Jul 2025 14:47:46 +0200
Subject: [PATCH] wifi: derive networks from sops secrets file

---
 modules/system/sops.nix | 19 ++++++++++++++++---
 modules/system/wifi.nix | 22 +++++++++++-----------
 2 files changed, 27 insertions(+), 14 deletions(-)

diff --git a/modules/system/sops.nix b/modules/system/sops.nix
index 6c7df12..df3a9bf 100644
--- a/modules/system/sops.nix
+++ b/modules/system/sops.nix
@@ -5,15 +5,28 @@
   lib,
   ...
 }:
+let
+  cfg = config.custom.sops;
+in
 {
   imports = [ inputs.sops-nix.nixosModules.sops ];
 
-  options.custom.sops.enable = lib.mkEnableOption "";
+  options.custom.sops = {
+    enable = lib.mkEnableOption "";
+    defaultSopsFile = lib.mkOption {
+      type = lib.types.path;
+      default = "${self}/hosts/${config.networking.hostName}/secrets.json";
+    };
+    secrets = lib.mkOption {
+      type = lib.types.anything;
+      default = cfg.defaultSopsFile |> builtins.readFile |> builtins.fromJSON;
+    };
+  };
 
-  config = lib.mkIf config.custom.sops.enable {
+  config = lib.mkIf cfg.enable {
     sops = {
       age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
-      defaultSopsFile = "${self}/hosts/${config.networking.hostName}/secrets.json";
+      inherit (cfg) defaultSopsFile;
     };
   };
 }
diff --git a/modules/system/wifi.nix b/modules/system/wifi.nix
index 6745f31..2cafecc 100644
--- a/modules/system/wifi.nix
+++ b/modules/system/wifi.nix
@@ -5,18 +5,18 @@
   ...
 }:
 let
-  networks = [
-    "EW90N.psk"
-    "Fairphone4.psk"
-    "WLAN-233151.psk"
-    "DSL_EXT.psk"
-    "eduroam.8021x"
-  ];
+  cfg = config.custom.wifi;
 in
 {
-  options.custom.wifi.enable = lib.mkEnableOption "";
+  options.custom.wifi = {
+    enable = lib.mkEnableOption "";
+    networks = lib.mkOption {
+      type = lib.types.listOf lib.types.str;
+      default = config.custom.sops.secrets.iwd |> lib.attrNames;
+    };
+  };
 
-  config = lib.mkIf config.custom.wifi.enable {
+  config = lib.mkIf cfg.enable {
     networking.wireless.iwd = {
       enable = true;
       settings = {
@@ -28,7 +28,7 @@ in
     environment.systemPackages = [ pkgs.iwgtk ];
 
     sops.secrets =
-      networks
+      cfg.networks
       |> lib.map (name: {
         name = "iwd/${name}";
         value = { };
@@ -36,7 +36,7 @@ in
       |> lib.listToAttrs;
 
     systemd.tmpfiles.rules =
-      networks
+      cfg.networks
       |> lib.map (name: "C /var/lib/iwd/${name} - - - - ${config.sops.secrets."iwd/${name}".path}");
   };
 }