diff --git a/hosts/thinkpad/default.nix b/hosts/thinkpad/default.nix
index 38ed476..754351c 100755
--- a/hosts/thinkpad/default.nix
+++ b/hosts/thinkpad/default.nix
@@ -5,6 +5,7 @@
     [
       ./hardware-configuration.nix
       ./modules/autorandr
+      ./modules/networks
       ../../shared/vim.nix
       ../../shared/input.nix
       ../../shared/sops.nix
@@ -16,13 +17,6 @@
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
 
-  networking.hostName = "thinkpad";
-  networking.networkmanager.enable = true;
-  networking.firewall = {
-    allowedUDPPorts = [ 51820 ]; # used for wireguard
-    checkReversePath = false;
-  };
-
   # Set your time zone.
   time.timeZone = "Europe/Berlin";
 
diff --git a/hosts/thinkpad/modules/networks/default.nix b/hosts/thinkpad/modules/networks/default.nix
new file mode 100644
index 0000000..87ca123
--- /dev/null
+++ b/hosts/thinkpad/modules/networks/default.nix
@@ -0,0 +1,28 @@
+{ config, ... }:
+{
+  imports = [ ./uni.nix ];
+
+  sops.secrets."wireless-env" = {};
+  networking = {
+    hostName = "thinkpad";
+    firewall = {
+      allowedUDPPorts = [ 51820 ]; # used for wireguard
+      checkReversePath = false;
+    };
+    wireless = {
+      enable = true;
+      userControlled.enable = true;
+      environmentFile = config.sops.secrets."wireless-env".path;
+      networks = {
+        "@HOME_SSID@" = {
+          psk = "@HOME_PSK@";
+          authProtocols = [ "WPA-PSK" ];
+        };
+        "@DORM_SSID@" = {
+          psk = "@DORM_PSK@";
+          authProtocols = [ "WPA-PSK" ];
+        };
+      };
+    };
+  };
+}
diff --git a/hosts/thinkpad/modules/networks/uni.nix b/hosts/thinkpad/modules/networks/uni.nix
new file mode 100644
index 0000000..7483efe
--- /dev/null
+++ b/hosts/thinkpad/modules/networks/uni.nix
@@ -0,0 +1,29 @@
+{ config, ... }:
+{
+  networking.wireless.networks = {
+    eduroam ={
+      auth = ''
+        eap=PEAP
+        anonymous_identity="anonymous@tu-dresden.de"
+        ca_cert="/etc/ssl/certs/ca-certificates.crt"
+        domain_suffix_match="radius-eduroam.zih.tu-dresden.de"
+        identity="rose159e@tu-dresden.de"
+        password="@EDUROAM_AUTH@"
+        phase2="auth=mschapv2"
+      '';
+      authProtocols = [ "WPA-EAP" ];
+    };
+    agdsn ={
+      auth = ''
+        eap=TTLS
+        anonymous_identity="anonymous@agdsn.de"
+        ca_cert="/etc/ssl/certs/ca-certificates.crt"
+        domain_suffix_match="radius.agdsn.de"
+        identity="r5"
+        password="@AGDSN_AUTH@"
+        phase2="auth=PAP"
+      '';
+      authProtocols = [ "WPA-EAP" ];
+    };
+  };
+}
diff --git a/secrets/thinkpad.yaml b/secrets/thinkpad.yaml
index 09794d5..8570d72 100644
--- a/secrets/thinkpad.yaml
+++ b/secrets/thinkpad.yaml
@@ -1,4 +1,4 @@
-o: ENC[AES256_GCM,data:OQ==,iv:bxliflmDvVoZkuJXrOGc1kh8/urnWdbt3wFcLmPcDf8=,tag:dk0FgO/KZGou4ujnZTpmOA==,type:str]
+wireless-env: ENC[AES256_GCM,data:ammPuyKddupz2q4zYLNzAH3W0uarrUnD4vu6ta3cboYN5egTrDrKWrgInSFNcebHUJknaS8WV8uqxFISMvi0+6KDXgf1CFpaF2xIaRhDUNr2Cd7eSCS9sbmy4tJ7Vinwt8prgElMm0heAjEgsP/ob9dAPrkFBkWXIk9pRtOZsAngqZ2CBXyPH2EciLCdJBaE+2SiQCvZfcNvsmKM2b9oTpQcP4Yp8HuWkUJthy+qyOHBq2LStiBAIjjXPqRR/PFKofPrXojs7+by,iv:63dNbgQq3fDGitfsHAxtwPzhiSyb4818a6iuc0s+zzo=,tag:edV7fPU5h8N362vonltt9g==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -14,8 +14,8 @@ sops:
             S0NwYWFQcmFtTm5zTEZLVXRtMi91Zk0K3ylHH4OXduJlJxepPz9GxBzVmKGpv9LL
             ApkEQxfPL4Bxrb2XOFLOYqJGv2SwxBv1QNYT7eTXRLTEsIXUHR0MGA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2022-12-27T16:39:22Z"
-    mac: ENC[AES256_GCM,data:ziliEa5Nqxpgp8fAQ89TjnUvCpSH813aViSpBZGqAq+fO0QSsNOIGiTCVoEskwAhIUK733rheJpBKfhApGk87Z/aZeUV3KYMhA80n8J5TMwqXAMoIqlYVXJv/HkRF40yafkSlDewURgUE+dx/IqKT++XOA5/S6E2lyLvTpsEyDc=,iv:gste7RZyzgrE8FdLYruAvdc6Obq/KCJFx4YPd4NWEjs=,tag:BGwL2z/6rgW6hZTcQ7hFMQ==,type:str]
+    lastmodified: "2022-12-29T13:31:52Z"
+    mac: ENC[AES256_GCM,data:F60xsH+HRhYxx8MNjWeY/tt40rAi2QLNxuZjFxAkP8RUNZyHyZaqR1ZBSUgyaLz4UvFxv9AacRs4+Gwt9a2ndIX9tHl11TE0WRnRvQGKfyND8mK5tc7G3wwxWd5n+ZiiMqSfJ0WXf5EWCh9OBetSUtQZ4yO3IEQRSr+3hv8xTyo=,iv:DN/dTSX3HAUeiT2Ii47vWxISsRw99fLQZ87Ur6VKw00=,tag:fVT4rNDyX03E1ZWJ5ZDH9w==,type:str]
     pgp:
         - created_at: "2022-12-27T16:39:15Z"
           enc: |-
diff --git a/users/rouven/modules/awesome/rc.lua b/users/rouven/modules/awesome/rc.lua
index b4f3ebd..f358d2f 100644
--- a/users/rouven/modules/awesome/rc.lua
+++ b/users/rouven/modules/awesome/rc.lua
@@ -21,9 +21,7 @@ local hotkeys_popup = require("awful.hotkeys_popup")
 require("awful.hotkeys_popup.keys")
 
 -- Autstart some stuff
-awful.spawn.with_shell("nm-applet")
 awful.spawn.with_shell("light-locker --lock-on-lid")
--- awful.spawn.with_shell("nextcloud")
 
 -- Handle runtime errors after startup
 do
diff --git a/users/rouven/modules/packages.nix b/users/rouven/modules/packages.nix
index 0986117..bcf082d 100644
--- a/users/rouven/modules/packages.nix
+++ b/users/rouven/modules/packages.nix
@@ -2,7 +2,6 @@
 {
   home.packages = with pkgs; [
     # essentials
-    networkmanagerapplet
     pcmanfm
     xsel
     lightlocker