diff --git a/nixos/configuration.nix b/nixos/configuration.nix index d551488..999c472 100644 --- a/nixos/configuration.nix +++ b/nixos/configuration.nix @@ -105,7 +105,46 @@ in # Or disable the firewall altogether. # networking.firewall.enable = false; - networking.networkmanager.enable = true; + networking.networkmanager = { + enable = true; + # FIXME: move into own file, use SOPS for secrets + ensureProfiles.profiles = { + "37C3" = { + connection = { + id = "37C3"; + type = "wifi"; + interface-name = "wlan0"; + }; + wifi = { + mode = "infrastructure"; + ssid = "37C3"; + }; + wifi-security = { + auth-alg = "open"; + key-mgmt = "wpa-eap"; + }; + "802-1x" = { + anonymous-identity = "37C3"; + eap = "ttls;"; + identity = "37C3"; + password = "37C3"; + phase2-auth = "pap"; + altsubject-matches = "DNS:radius.c3noc.net"; + ca-cert = "${builtins.fetchurl { + url = "https://letsencrypt.org/certs/isrgrootx1.pem"; + sha256 = "sha256:1la36n2f31j9s03v847ig6ny9lr875q3g7smnq33dcsmf2i5gd92"; + }}"; + }; + ipv4 = { + method = "auto"; + }; + ipv6 = { + addr-gen-mode = "default"; + method = "auto"; + }; + }; + }; +}; services.avahi.enable = true;