hosts/pi-common/wifi.nix at 43002b2172ed721acef022b76e9ac852841c3ea1 · seanaye.bsky.social/nixos-config

me like nix

nixos-config / hosts / pi-common / wifi.nix

at 43002b2172ed721acef022b76e9ac852841c3ea1 1.3 kB View raw

Sean Aye update tv pi config 3mo ago

 1{ config, pkgs, ... }:
 2
 3{
 4  # Pre-generated SSH host key for agenix decryption (shared across all Pis)
 5  services.openssh.hostKeys = [
 6    {
 7      path = "/etc/ssh/ssh_host_ed25519_key";
 8      type = "ed25519";
 9    }
10  ];
11
12  # Agenix configuration - reference the host key at its runtime path
13  # (the key lives on disk, never passes through the world-readable Nix store)
14  age.identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
15  age.secrets.wifi = {
16    file = ../../secrets/wifi.age;
17    mode = "0444";
18  };
19
20  # WiFi configuration using wpa_supplicant with agenix credentials
21  networking.wireless = {
22    enable = true;
23    secretsFile = config.age.secrets.wifi.path;
24    networks."GL-MT6000-6a6" = {
25      pskRaw = "ext:WIFI_PSK";
26      extraConfig = ''
27        freq_list=5180 5200 5220 5240 5260 5280 5300 5320 5500 5520 5540 5560 5580 5600 5620 5640 5660 5680 5700 5720 5745 5765 5785 5805 5825
28      '';
29    };
30  };
31
32  # Disable WiFi power save to prevent brcmfmac firmware hangs
33  systemd.services.wifi-powersave-off = {
34    description = "Disable WiFi power save";
35    after = [ "network.target" ];
36    wantedBy = [ "multi-user.target" ];
37    serviceConfig = {
38      Type = "oneshot";
39      ExecStart = "${pkgs.iw}/bin/iw dev wlan0 set power_save off";
40      RemainAfterExit = true;
41    };
42  };
43}

Configure Feed

Configure Feed