{
  lib,
  config,
  pkgs,
  ...
}:
{

  options.zpha.configure.cccdaWifi.enable =
    lib.mkEnableOption "configure cccda wifi NetworkManager profile";

  config = lib.mkIf config.zpha.configure.cccdaWifi.enable {
    networking.networkmanager.ensureProfiles = {
      profiles.ccc-da-wifi = {
        connection = {
          id = "darmstadt.ccc.de";
          type = "wifi";
          uuid = "945c40f1-a800-4619-8276-1002a718a9f2";
          autoconnect = "true";
        };
        "wifi" = {
          ssid = "darmstadt.ccc.de";
          mode = "infrastructure";
        };
        "wifi-security" = {
          "auth-alg" = "open";
          "key-mgmt" = "wpa-eap";
        };
        "802-1x" = {
          "eap" = "ttls";
          "phase2-auth" = "pap";
          "ca-cert" = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
          "altsubject-matches" = "DNS:radius.cccda.de";
          "identity" = config.networking.fqdn;
          "password" = config.networking.fqdn + (toString config.networking.hostId);
        };
        ipv4.method = "auto";
        ipv6.method = "auto";
      };
    };
  };

}