From bb3c37d0c984ada08c7d90368c8467adb733cb78 Mon Sep 17 00:00:00 2001
From: SebastianStork <sebastian.stork@pm.me>
Date: Tue, 10 Sep 2024 15:32:56 +0200
Subject: [PATCH] Add eduroam wlan

---
 hosts/inspiron/secrets.yaml |  6 ++++--
 modules/system/wlan.nix     | 17 +++++++++++++++++
 2 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/hosts/inspiron/secrets.yaml b/hosts/inspiron/secrets.yaml
index 01cc7b3..83a4b32 100644
--- a/hosts/inspiron/secrets.yaml
+++ b/hosts/inspiron/secrets.yaml
@@ -8,6 +8,8 @@ wlan:
     key: ENC[AES256_GCM,data:tfiTA4P9H3X2OgLW,iv:9wVmeeiKmQ7nFLbvXdVCeJU7/e9SHAzlCOJA31uWZOY=,tag:u3CboobFFAwxL1c5emCz9Q==,type:str]
   DSL_EXT:
     key: ENC[AES256_GCM,data:cyc4Dys+356io+9Oc2J4fp0sLUg=,iv:CpP2v9ZGLzVlEU0Tc1Vz0Pa33vuoORshZVKJr3uSBuQ=,tag:2qMQJa77fuy8iWNWgVsT4g==,type:str]
+  eduroam:
+    password: ENC[AES256_GCM,data:ZaU/8lBnFhYQjx4N9u+qZ41bHS0=,iv:Lk9biaZqC0trXo+RdcpMfaXwmMZH/764RWebtjjDYek=,tag:HbL+D32T9WpM+c5RlYywyA==,type:str]
 sops:
   kms: []
   gcp_kms: []
@@ -32,8 +34,8 @@ sops:
         WlU1TjFDSHFzVU9TVWlNZVBJNkZabTQKkkgMlCEN84e1Syf9wB06CwToxZoE3CZi
         h369oefzYx06hEde06tU9UP7FtXRP0ktgZps4d+Fx4IkNJxoP6Ucuw==
         -----END AGE ENCRYPTED FILE-----
-  lastmodified: "2024-07-14T15:11:45Z"
-  mac: ENC[AES256_GCM,data:v96uBeXVe1lcfMKClJa/+MrjxwDea5xX6fmC0i3oI5jRJnyKNaHiq+L6eyFtcRba44en76INV5P1jBV1su0oN8RkiplFkjQ9ot1jMZBx4AG0WSmGSDLjAwyiYoPlz8yVorf7Go4YdfrwrIQuupJGKFbFwnJQtzqtvLQZYiBkmzo=,iv:CdpiIleHDirVJ88lIZqAVqsf80RIkVqbEJBdk12VNQk=,tag:wQCiXNC1vQrO0ybCVqcDlA==,type:str]
+  lastmodified: "2024-09-09T21:35:29Z"
+  mac: ENC[AES256_GCM,data:U7BpXZ9Q7cq5QO/Ir+Pn8MW8mQCZDnAH6wBHckWhbrJ7tdbAe+DWGb9/HMJsebL3uYN+NWkYBMDPPHorhk9P6Abyqbe9Noz7+Vx2fdYyHTjjr51q9/ugYtuTaasRIVB7kE0EbUxP8G4hmYA/3w7Z9O/ANxYew92nLxeMAPFfre4=,iv:BR/bTFciyOCG8GInabFY0mRr1wph6/OWOhvoNwQ7LOU=,tag:kiou/+Ktu4+9veQNpsLpFA==,type:str]
   pgp: []
   unencrypted_suffix: _unencrypted
   version: 3.9.0
diff --git a/modules/system/wlan.nix b/modules/system/wlan.nix
index 1c38e86..e3f5f87 100644
--- a/modules/system/wlan.nix
+++ b/modules/system/wlan.nix
@@ -27,6 +27,23 @@ in
         };
 
         environment.systemPackages = [ pkgs.iwgtk ];
+
+        sops = {
+          secrets."wlan/eduroam/password" = { };
+
+          templates."iwd/eduroam.8021x".content = ''
+            [Security]
+            EAP-Method=PEAP
+            EAP-Identity=anonymous@h-da.de
+            EAP-PEAP-Phase2-Method=MSCHAPV2
+            EAP-PEAP-Phase2-Identity=sebastian.stork@stud.h-da.de
+            EAP-PEAP-Phase2-Password=${config.sops.placeholder."wlan/eduroam/password"}
+          '';
+        };
+
+        systemd.tmpfiles.rules = [
+          "C /var/lib/iwd/eduroam.8021x - - - - ${config.sops.templates."iwd/eduroam.8021x".path}"
+        ];
       }
 
       (lib.mkMerge (