{ pkgs, lib, host, secrets, ... }:
{
  # sops.secrets = {
  #   "wireless-networking.env" = {};
  # };

  networking = {
    nameservers = [
      "1.1.1.1"
      "8.8.8.8"
    ];
    hostName = host;
    networkmanager = {
      enable = true;
    };
    enableIPv6 = false;
    firewall.allowedTCPPorts = [ 
      80
      443
    ];
  };
  environment.etc = {
    "ssl/certs/tuda-eduroam-root.crt".source = "${pkgs.cacert.unbundled}/etc/ssl/certs/T-TeleSec_GlobalRoot_Class_2:1.crt";
  };
  sops.secrets = {
    "eduroam/tuda_nmconnection" = {
      mode = "0600";
      owner = "root";
      path = "/etc/NetworkManager/system-connections/eduroam.nmconnection";
    };
  };

}