From 246f0e91cda1357ef31708e414d4b697ec9a15a7 Mon Sep 17 00:00:00 2001
From: Robin Gloster <mail@glob.in>
Date: Wed, 6 Jan 2016 03:57:25 +0000
Subject: [PATCH] wpa_supplicant service: Warn about plaintext keys in docs

---
 nixos/doc/manual/configuration/wireless.xml          | 4 +++-
 nixos/modules/services/networking/wpa_supplicant.nix | 3 +++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/nixos/doc/manual/configuration/wireless.xml b/nixos/doc/manual/configuration/wireless.xml
index 13e4283d241c..e4560f2da36b 100644
--- a/nixos/doc/manual/configuration/wireless.xml
+++ b/nixos/doc/manual/configuration/wireless.xml
@@ -28,7 +28,9 @@ networking.wireless.networks = {
 }
 </programlisting>
 
-When no networks are set it will default to using a configuration file at
+Be aware that keys will be written to the nix store in plaintext!
+
+When no networks are set, it will default to using a configuration file at
 <literal>/etc/wpa_supplicant.conf</literal>. You should edit this file
 yourself to define wireless networks, WPA keys and so on (see
 wpa_supplicant.conf(5)).
diff --git a/nixos/modules/services/networking/wpa_supplicant.nix b/nixos/modules/services/networking/wpa_supplicant.nix
index 397811f96266..1b655af6c82d 100644
--- a/nixos/modules/services/networking/wpa_supplicant.nix
+++ b/nixos/modules/services/networking/wpa_supplicant.nix
@@ -46,6 +46,9 @@ in {
               description = ''
                 The network's pre-shared key in plaintext defaulting
                 to being a network without any authentication.
+
+                Be aware that these will be written to the nix store
+                in plaintext!
               '';
             };
           };