From 00064ee98bf045d1bca07b101fd1453a77e618ae Mon Sep 17 00:00:00 2001
From: DavHau <d.hauer.it@gmail.com>
Date: Thu, 28 Nov 2024 15:49:23 +0700
Subject: [PATCH] wifi: init as experimental module

---
 clanModules/flake-module.nix        |  1 +
 clanModules/wifi/README.md          |  7 +++
 clanModules/wifi/roles/default.nix  | 82 +++++++++++++++++++++++++++++
 docs/nix/render_options/__init__.py |  5 ++
 lib/frontmatter/interface.nix       |  1 +
 5 files changed, 96 insertions(+)
 create mode 100644 clanModules/wifi/README.md
 create mode 100644 clanModules/wifi/roles/default.nix

diff --git a/clanModules/flake-module.nix b/clanModules/flake-module.nix
index 157799d42..f7978046a 100644
--- a/clanModules/flake-module.nix
+++ b/clanModules/flake-module.nix
@@ -34,6 +34,7 @@
     trusted-nix-caches = ./trusted-nix-caches;
     user-password = ./user-password;
     vaultwarden = ./vaultwarden;
+    wifi = ./wifi;
     xfce = ./xfce;
     zerotier = ./zerotier;
     zerotier-static-peers = ./zerotier-static-peers;
diff --git a/clanModules/wifi/README.md b/clanModules/wifi/README.md
new file mode 100644
index 000000000..2b96f0346
--- /dev/null
+++ b/clanModules/wifi/README.md
@@ -0,0 +1,7 @@
+---
+description = "Configures Wifi networks to join"
+features = [ "inventory", "experimental" ]
+categories = [ "Network", "System" ]
+---
+
+## Experimental wifi module
diff --git a/clanModules/wifi/roles/default.nix b/clanModules/wifi/roles/default.nix
new file mode 100644
index 000000000..04ad9e6a9
--- /dev/null
+++ b/clanModules/wifi/roles/default.nix
@@ -0,0 +1,82 @@
+{ lib, config, ... }:
+
+let
+  cfg = config.clan.wifi;
+  secret_path = ssid: config.clan.core.vars.generators."iwd.${ssid}".files.password.path;
+  secret_generator = name: value: {
+    name = "iwd.${value.ssid}";
+    value = {
+      script = ''
+        config="
+        [Settings]
+          AutoConnect=${if value.AutoConnect then "true" else "false"}
+        [Security]
+          Passphrase=$(cat $prompts/password)
+        "
+        echo "$config" > $out/password
+      '';
+      prompts.password.type = "hidden";
+      share = true;
+    };
+  };
+in
+{
+  options.clan.wifi = {
+    networks = lib.mkOption {
+      visible = false;
+      type = lib.types.attrsOf (
+        lib.types.submodule (
+          { name, ... }:
+          {
+            options = {
+              ssid = lib.mkOption {
+                type = lib.types.str;
+                default = name;
+                description = "The name of the wifi network";
+              };
+              AutoConnect = lib.mkOption {
+                type = lib.types.bool;
+                default = true;
+                description = "Automatically try to join this wifi network";
+              };
+            };
+          }
+        )
+      );
+      default = { };
+      description = "Wifi networks to predefine";
+    };
+  };
+
+  config = lib.mkMerge [
+    (lib.mkIf (cfg.networks != { }) {
+      # Systemd tmpfiles rule to create /var/lib/iwd/example.pswd.${ssid}k file
+      systemd.tmpfiles.rules = lib.mapAttrsToList (
+        _: value: ''C "/var/lib/iwd/${value.ssid}.psk" 0600 root root - ${secret_path value.ssid}''
+      ) cfg.networks;
+
+      clan.core.vars.generators = lib.mapAttrs' secret_generator cfg.networks;
+
+      systemd.services.iwd.partOf = [ "nixos-activation.service" ];
+    })
+    {
+      # disable wpa supplicant
+      networking.wireless.enable = false;
+
+      # Set the network manager backend to iwd
+      networking.networkmanager.wifi.backend = "iwd";
+
+      # Use iwd instead of wpa_supplicant. It has a user friendly CLI
+      networking.wireless.iwd = {
+        enable = true;
+        settings = {
+          Network = {
+            EnableIPv6 = true;
+            RoutePriorityOffset = 300;
+          };
+          Settings.AutoConnect = true;
+        };
+      };
+    }
+  ];
+}
diff --git a/docs/nix/render_options/__init__.py b/docs/nix/render_options/__init__.py
index 535f7800f..6be0fe7d8 100644
--- a/docs/nix/render_options/__init__.py
+++ b/docs/nix/render_options/__init__.py
@@ -393,6 +393,11 @@ def produce_clan_modules_docs() -> None:
             frontmatter: Frontmatter
             frontmatter, readme_content = extract_frontmatter(readme, str(readme_file))
 
+        # skip if experimental feature enabled
+        if "experimental" in frontmatter.features:
+            print(f"Skipping {module_name}: Experimental feature")
+            continue
+
         modules_index += build_option_card(module_name, frontmatter)
 
         ##### Print module documentation #####
diff --git a/lib/frontmatter/interface.nix b/lib/frontmatter/interface.nix
index 45e33f01e..52c0bcb3c 100644
--- a/lib/frontmatter/interface.nix
+++ b/lib/frontmatter/interface.nix
@@ -54,6 +54,7 @@ in
       '';
       type = types.listOf (
         types.enum [
+          "experimental"
           "inventory"
         ]
       );