diff --git a/clanModules/wifi/README.md b/clanModules/wifi/README.md deleted file mode 100644 index 63704215e..000000000 --- a/clanModules/wifi/README.md +++ /dev/null @@ -1,7 +0,0 @@ ---- -description = "Configures Wifi networks to join" -features = [ "inventory", "experimental", "deprecated" ] -categories = [ "Network", "System" ] ---- - -## Experimental wifi module diff --git a/clanModules/wifi/default.nix b/clanModules/wifi/default.nix deleted file mode 100644 index 0dead62d2..000000000 --- a/clanModules/wifi/default.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - imports = [ - ./roles/default.nix - ]; -} diff --git a/clanModules/wifi/roles/default.nix b/clanModules/wifi/roles/default.nix deleted file mode 100644 index 976012941..000000000 --- a/clanModules/wifi/roles/default.nix +++ /dev/null @@ -1,110 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: - -let - cfg = config.clan.wifi; - - inherit (lib) - concatMapAttrsStringSep - flip - mapAttrs - ; - - password_path = - network_name: config.clan.core.vars.generators."iwd.${network_name}".files.password.path; - - ssid_path = network_name: config.clan.core.vars.generators."iwd.${network_name}".files.ssid.path; - - secret_generator = name: value: { - name = "iwd.${name}"; - value = { - prompts.ssid.type = "line"; - prompts.ssid.persist = true; - prompts.password.type = "hidden"; - prompts.password.persist = true; - share = true; - }; - }; -in -{ - options.clan.wifi = { - networks = lib.mkOption { - visible = false; - type = lib.types.attrsOf ( - lib.types.submodule ( - { ... }: - { - options = { - enable = lib.mkOption { - type = lib.types.bool; - default = true; - description = "Enable this wifi network"; - }; - autoConnect = lib.mkOption { - type = lib.types.bool; - default = true; - description = "Automatically try to join this wifi network"; - }; - }; - } - ) - ); - default = { }; - description = "Wifi networks to predefine"; - }; - }; - - config = lib.mkIf (cfg.networks != { }) { - - clan.core.vars.generators = lib.mapAttrs' secret_generator cfg.networks; - - networking.networkmanager.enable = true; - - networking.networkmanager.ensureProfiles.environmentFiles = [ - "/run/secrets/NetworkManager/wifi-secrets" - ]; - - networking.networkmanager.ensureProfiles.profiles = flip mapAttrs cfg.networks ( - name: _network: { - connection.id = "$ssid_${name}"; - connection.type = "wifi"; - wifi.mode = "infrastructure"; - wifi.ssid = "$ssid_${name}"; - wifi-security.psk = "$pw_${name}"; - wifi-security.key-mgmt = "wpa-psk"; - } - ); - - # service to generate the environment file containing all secrets, as - # expected by the nixos NetworkManager-ensure-profile service - systemd.services.NetworkManager-setup-secrets = { - description = "Generate wifi secrets for NetworkManager"; - requiredBy = [ "NetworkManager-ensure-profiles.service" ]; - partOf = [ "NetworkManager-ensure-profiles.service" ]; - before = [ "NetworkManager-ensure-profiles.service" ]; - serviceConfig = { - Type = "oneshot"; - ExecStart = pkgs.writeShellScript "wifi-secrets" '' - set -euo pipefail - - env_file=/run/secrets/NetworkManager/wifi-secrets - mkdir -p $(dirname "$env_file") - : > "$env_file" - - # Generate the secrets file - echo "Generating wifi secrets file: $env_file" - ${flip (concatMapAttrsStringSep "\n") cfg.networks ( - name: _network: '' - echo "ssid_${name}=\"$(cat "${ssid_path name}")\"" >> /run/secrets/NetworkManager/wifi-secrets - echo "pw_${name}=\"$(cat "${password_path name}")\"" >> /run/secrets/NetworkManager/wifi-secrets - '' - )} - ''; - }; - }; - }; -} diff --git a/clanServices/wifi/default.nix b/clanServices/wifi/default.nix index 03773bf56..903c06d74 100644 --- a/clanServices/wifi/default.nix +++ b/clanServices/wifi/default.nix @@ -1,5 +1,12 @@ { packages }: { lib, ... }: +let + inherit (lib) + concatMapAttrsStringSep + flip + mapAttrs + ; +in { _class = "clan.service"; manifest.name = "wifi"; @@ -30,17 +37,19 @@ default = { }; description = "Wifi networks to predefine"; }; - }; + perInstance = { settings, ... }: { nixosModule = - { config, pkgs, ... }: + { pkgs, config, ... }: let - secret_path = + password_path = network_name: config.clan.core.vars.generators."iwd.${network_name}".files.password.path; + ssid_path = network_name: config.clan.core.vars.generators."iwd.${network_name}".files.ssid.path; + secret_generator = name: value: { name = "iwd.${name}"; value = { @@ -52,59 +61,55 @@ }; }; in - { + lib.mkIf (settings.networks != { }) { + clan.core.vars.generators = lib.mapAttrs' secret_generator settings.networks; - systemd.services.iwd.partOf = [ "nixos-activation.service" ]; + networking.networkmanager.enable = true; - /* - script that generates iwd config files inside /var/lib/iwd/clan and symlinks - them to /var/lib/iwd. - */ - systemd.services.iwd.serviceConfig.ExecStartPre = pkgs.writeShellScript "clan-iwd-setup" '' - set -e + networking.networkmanager.ensureProfiles.environmentFiles = [ + "/run/secrets/NetworkManager/wifi-secrets" + ]; - rm -rf /var/lib/iwd/clan - mkdir -p /var/lib/iwd/clan + networking.networkmanager.ensureProfiles.profiles = flip mapAttrs settings.networks ( + name: _network: { + connection.id = "$ssid_${name}"; + connection.type = "wifi"; + wifi.mode = "infrastructure"; + wifi.ssid = "$ssid_${name}"; + wifi-security.psk = "$pw_${name}"; + wifi-security.key-mgmt = "wpa-psk"; + } + ); - # remove all existing symlinks in /var/lib/iwd - ${pkgs.findutils}/bin/find /var/lib/iwd -type l -exec rm {} \; + # service to generate the environment file containing all secrets, as + # expected by the nixos NetworkManager-ensure-profile service + systemd.services.NetworkManager-setup-secrets = { + description = "Generate wifi secrets for NetworkManager"; + requiredBy = [ "NetworkManager-ensure-profiles.service" ]; + partOf = [ "NetworkManager-ensure-profiles.service" ]; + before = [ "NetworkManager-ensure-profiles.service" ]; + serviceConfig = { + Type = "oneshot"; + ExecStart = pkgs.writeShellScript "wifi-secrets" '' + set -euo pipefail - ${toString ( - lib.mapAttrsToList (name: network: '' - passwd=$(cat "${secret_path name}") - ssid=$(cat "${ssid_path name}") - echo " - [Settings] - autoConnect=${if network.autoConnect then "true" else "false"} - [Security] - Passphrase=$passwd - " > "/var/lib/iwd/clan/$ssid.psk" - '') settings.networks - )} + env_file=/run/secrets/NetworkManager/wifi-secrets + mkdir -p $(dirname "$env_file") + : > "$env_file" - # link all files in /var/lib/iwd/clan to /var/lib/iwd - ${pkgs.findutils}/bin/find /var/lib/iwd/clan -type f -exec ln -s {} /var/lib/iwd \; - ''; - # disable wpa supplicant - networking.wireless.enable = false; - - # Set the network manager backend to iwd - networking.networkmanager.wifi.backend = "iwd"; - - # Use iwd instead of wpa_supplicant. It has a user friendly CLI - networking.wireless.iwd = { - enable = true; - settings = { - Network = { - EnableIPv6 = true; - RoutePriorityOffset = 300; - }; - Settings.autoConnect = true; + # Generate the secrets file + echo "Generating wifi secrets file: $env_file" + ${flip (concatMapAttrsStringSep "\n") settings.networks ( + name: _network: '' + echo "ssid_${name}=\"$(cat "${ssid_path name}")\"" >> /run/secrets/NetworkManager/wifi-secrets + echo "pw_${name}=\"$(cat "${password_path name}")\"" >> /run/secrets/NetworkManager/wifi-secrets + '' + )} + ''; }; }; }; }; }; - } diff --git a/clanServices/wifi/tests/vm/default.nix b/clanServices/wifi/tests/vm/default.nix index a20339e66..d14a17591 100644 --- a/clanServices/wifi/tests/vm/default.nix +++ b/clanServices/wifi/tests/vm/default.nix @@ -34,8 +34,8 @@ clanLib.test.makeTestClan { testScript = '' start_all() - test.wait_for_unit("iwd.service") - psk = test.succeed("cat /var/lib/iwd/ssid-one.psk") + test.wait_for_unit("NetworkManager.service") + psk = test.succeed("cat /run/NetworkManager/system-connections/one.nmconnection") assert "password-eins" in psk, "Password is incorrect" ''; }