feat(uconsole): add agenix secret for WiFi credentials

- age.secrets.uconsole-wifi (SSID+password in encrypted file)
- systemd service ensure-wifi reads decrypted secret and configures NM
- agenix.nixosModules.default imported for uconsole-cm5
- uconsole-wifi.age declared in secrets/secrets.nix

flake.nix

@@ -130,6 +130,8 @@
               nixos-uconsole.nixosModules.configtxt
               (nixos-uconsole.nixosModules.cm { lib = nixpkgs-uconsole.lib; isCM4 = false; })
               nixos-uconsole.nixosModules.base
+              # agenix pour déchiffrer les secrets au déploiement
+              agenix.nixosModules.default
               # Notre config
               ./hosts/uconsole-cm5/configuration.nix
               ./hosts/uconsole-cm5/hardware-configuration.nix

hosts/uconsole-cm5/configuration.nix

@@ -28,8 +28,37 @@
   # ============================================================
   networking.networkmanager.enable = true;
 
-  # WiFi connection — Thierry ajoutera le password dans un secret agenix
-  # networking.networkmanager.connections = { ... };
+  # ============================================================
+  # WiFi credentials from agenix (SSID + password encrypted)
+  # ============================================================
+  age.secrets.uconsole-wifi = {
+    file = ../../secrets/uconsole-wifi.age;
+    owner = "root";
+    group = "root";
+    mode = "0400";
+  };
+
+  # Write WiFi connection at activation (reads decrypted age secret)
+  systemd.services.ensure-wifi = {
+    description = "Configure WiFi from age secret";
+    after = [ "network.target" "age-uconsole-wifi.service" ];
+    wants = [ "age-uconsole-wifi.service" ];
+    before = [ "NetworkManager-wait-online.service" ];
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+      ExecStart = let
+        wifi-setup = pkgs.writeShellScript "wifi-setup" ''
+          SSID="$(head -1 /run/secrets/uconsole-wifi)"
+          PASS="$(tail -1 /run/secrets/uconsole-wifi)"
+          if ! nmcli -t connection show "$SSID" >/dev/null 2>&1; then
+            nmcli device wifi connect "$SSID" password "$PASS"
+          fi
+        '';
+      in "${wifi-setup}";
+    };
+  };
 
   # ============================================================
   # Kernel parameters from nixos-uconsole CM5 module

secrets/secrets.nix

@@ -11,4 +11,5 @@ in
   "lazyworkhorse_host_ssh_key.age".publicKeys = authorizedKeys;
   "n8n_ssh_key.age".publicKeys = authorizedKeys;
   "openclaw_gateway_token.age".publicKeys = authorizedKeys;
+  "uconsole-wifi.age".publicKeys = authorizedKeys;
 }