diff --git a/systems/logistics/nixos.nix b/systems/logistics/nixos.nix
index 0a1b6239..293857fb 100644
--- a/systems/logistics/nixos.nix
+++ b/systems/logistics/nixos.nix
@@ -5,8 +5,11 @@
   config,
   pkgs,
   meta,
+  lib,
   ...
-}: {
+}: let
+  inherit (lib.modules) mkIf;
+in {
   imports = let
     inherit (meta) nixos;
   in [
@@ -115,7 +118,13 @@
 
   sops = {
     defaultSopsFile = ./secrets.yaml;
-    secrets.logistics-user-password = {};
+    secrets = {
+      logistics-user-password = {};
+      networkmanager-wifi-connection = mkIf config.networking.networkmanager.enable {
+        path = "/etc/NetworkManager/system-connections/wifi.nmconnection";
+        mode = "0400";
+      };
+    };
   };
 
   # This value determines the NixOS release from which the default
diff --git a/systems/logistics/secrets.yaml b/systems/logistics/secrets.yaml
index c328001b..cbe49704 100644
--- a/systems/logistics/secrets.yaml
+++ b/systems/logistics/secrets.yaml
@@ -1,4 +1,5 @@
 logistics-user-password: ENC[AES256_GCM,data:2n7OFQT4ZTrjzwVuuejP2sJxenP0dXzooWfr3Y+g6u5fM5tkGm5+Oa76VfLrFZtjwJUj3Q9BP1L1/ISPVZxnujxDwJW7mDtvKg==,iv:Q/UAxMQypP2Y6CzQxboI5dN6l95KECuJa2pB+Dcivvs=,tag:B1ahOzNzR8mU30qECWZtqA==,type:str]
+networkmanager-wifi-connection: ENC[AES256_GCM,data:nxdDGCePACS4WlDQNPrmjYvs7kxDHCoVnrQmj+VweaqeMBr3An9MI8r3oyJJRCI2G8HA9agzecB7JcKzM7CWnxDo5ijHJRezSRwjwxgWgkCHNcOoB2MhEpH6KP8dRqd7DYnI2WgKVzI77hqM0mkiWdE+LPWCeA810wtwRD21CRc9WhZtwZrjNy3NxmyzoHBmp8xbkxQSeSokfXNpFERbTY4x+j2pBo7Mjj5eQl425LnF1XRqox+raXiowTqwUILyFBWaQ0WIfQPI/oS8SGLVu3Rjjbh3WV2NJyag46afX85SD+U7ihyZ4OYBv2Uxk9eEsoycmA2yg/Fnl+LcmiyMJiXxUVR6iyeVFhKXt4FC/Y23PNn+0ezsMZEco5tqHWyaT1tnBmOCnTYI6nWsZvfDa/7HvMOtWEHfsyqA61coCpJMJIt+EaJA6AyKQmjT+ftVdoh4sU61FVaTqMU=,iv:ySfCpobbT9vIHzEeHXOw/S3sv7Bij2olh5mmiHEDYK8=,tag:tVFv/jJDcpxZmPt7HtlSMA==,type:str]
 sops:
     shamir_threshold: 1
     kms: []
@@ -15,8 +16,8 @@ sops:
             dFVET2hqU0NTTmtKc0dKSGFSdnhMTGcKreJqNeHczADUmMgHOHhy+pa7S5hZvTUt
             TXycS6WHfBjiG221yoxyr/L/wPCHKTatVMmcxHhTPBKyzOBYZL3dzQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-05-18T00:10:16Z"
-    mac: ENC[AES256_GCM,data:XmvgNXygTjC3ra13KvluZNUZt8XTGN75OVsnNX+pK/ZXbK/+qt9/Q/1thSOhkg8pLzfLYm9KXqRlVYHTrK+Wr2jko/mVdr9i8IgkVS5pJfvmvIjG7tW5nN88XjfFWAs5fnuvtSvJ2eJKzC5/kgWRwOMXdEfnodiZllqcqznvDAo=,iv:VbJvo8TgU78SOWAvlQ/bH4XY/w1ISaQG7X1UzNZ6InU=,tag:LRrfSssmIgDxuagy0gfbpg==,type:str]
+    lastmodified: "2024-05-20T23:53:01Z"
+    mac: ENC[AES256_GCM,data:7yH6mvUg2i55Y2RkCSz3PHimfHEQE1jpUSbuEEpMdu3zCyDZ6tgvVfrlmRDbptI4e8Mf9xsYrirBy5HPCgf6Loaatx2HlVILFgQZqeggoy6d1jW+KZDqkDBeUNDIbqMOkHf6U4njWQ9IUAewePLq0sV6oIn7tdngzPOU//9z83k=,iv:EZQBHcGOJeSEJPCWnSqVSjJ3mJ1Rmc31+Oq9w+jVcx4=,tag:MUZxOoWstY6hLTIBxzOCeQ==,type:str]
     pgp:
         - created_at: "2024-05-18T00:09:19Z"
           enc: |-