Configuring network manager with secrets in NixOS

In recent weeks I’ve explored configuring my system with NixOS and home-manager.

Configuring network manager

Network manager profiles for wireless network connections can be configured via the networking.networkmanager.ensureProfiles.profiles array. For each entry a separate network will be added to network manager. An example configuration for a network would look like this:

<profile_name> = {
    connection = {
        id = "<profile_name>";
        uuid = "<profile-uuid>";
        type = "<profile-type>"; # This should be "wifi" for wireless networks
    };
    wifi = {
        mode = "infrastructure";
        ssid = "<SSID>";
    };
    wifi-security = {
        auth-alg = "open";
        key-mgmt = "wpa-psk";
        psk = "<Password>";
    }; 
};

Configuring sops-nix

As you may have realized the value for wifi-security.psk is the password in plaintext. To avoid hardcoding the password into the Nix-Configuration and publishing it on GitHub, sops-nix can be used to provide credentials for the network. With networking.networkmanager.ensureProfiles.environmentFiles environment files can be specified which may contain values of your configuration.

I provide a path to a sops-nix secret to this, which contains my secrets. For that I followed the usage example on the GitHub page of the project

My configuration can be found on GitHub.