clanModule: Init wifi iwd clan module, with which you can predefine wifi network credentials

2024-08-07 15:50:30 +02:00
parent 9138d72fad
commit 9d8d2bc61e
4 changed files with 90 additions and 19 deletions
--- a/clanModules/flake-module.nix
+++ b/clanModules/flake-module.nix
@@ -1,6 +1,7 @@
 { ... }:
 {
  flake.clanModules = {
+    iwd = ./iwd;
    borgbackup = ./borgbackup;
    borgbackup-static = ./borgbackup-static;
    deltachat = ./deltachat;
--- a/clanModules/iwd/README.md
+++ b/clanModules/iwd/README.md
@@ -0,0 +1,10 @@
+---
+description = "Automatically provisions wifi credentials"
+---
+
+
+!!! Warning
+    This module is for demo purposes only right now the password is not encrypted and world readable!
+
+
+
--- a/clanModules/iwd/default.nix
+++ b/clanModules/iwd/default.nix
@@ -0,0 +1,77 @@
+{ lib, config, ... }:
+
+let
+  cfg = config.clan.iwd;
+  secret_path = ssid: config.clan.core.facts.services."iwd.${ssid}".secret."wifi-password".path or "";
+  secret_generator = name: value: {
+    name = "iwd.${value.ssid}";
+    value = {
+      secret."iwd.${value.ssid}" = { };
+      generator.prompt = "Wifi password for '${value.ssid}'";
+      generator.script = ''
+        config="
+        [Security]
+          Passphrase=$prompt_value
+        "
+        echo "$config" > $secrets/wifi-password
+      '';
+    };
+  };
+in
+{
+  options.clan.iwd = {
+    networks = lib.mkOption {
+      type = lib.types.attrsOf (
+        lib.types.submodule (
+          { name, ... }:
+          {
+            options = {
+              ssid = lib.mkOption {
+                type = lib.types.strMatching "^[a-zA-Z0-9._-]+$";
+                default = name;
+                description = "The name of the wifi network";
+              };
+            };
+          }
+        )
+      );
+      default = { };
+      description = "Wifi networks to predefine";
+    };
+  };
+
+  imports = [
+    (lib.mkRemovedOptionModule [
+      "clan"
+      "iwd"
+      "enable"
+    ] "Just define clan.iwd.networks to enable it")
+  ];
+
+  config = lib.mkMerge [
+    (lib.mkIf (cfg.networks != { }) {
+      # Systemd tmpfiles rule to create /var/lib/iwd/example.psk file
+      systemd.tmpfiles.rules = lib.mapAttrsToList (
+        _: value: "C /var/lib/iwd/${value.ssid}.psk 0600 root root - ${secret_path value.ssid}"
+      ) cfg.networks;
+
+      clan.core.facts.services = lib.mapAttrs' secret_generator cfg.networks;
+    })
+    {
+      # disable wpa supplicant
+      networking.wireless.enable = false;
+
+      # Use iwd instead of wpa_supplicant. It has a user friendly CLI
+      networking.wireless.iwd = {
+        enable = true;
+        settings = {
+          Network = {
+            EnableIPv6 = true;
+            RoutePriorityOffset = 300;
+          };
+          Settings.AutoConnect = true;
+        };
+      };
+    }
+  ];
+}
--- a/pkgs/installer/flake-module.nix
+++ b/pkgs/installer/flake-module.nix
@@ -1,32 +1,15 @@
 { self, lib, ... }:

 let
-  wifiModule =
-    { ... }:
-    {
-      # use iwd instead of wpa_supplicant
-      networking.wireless.enable = false;
-
-      # Use iwd instead of wpa_supplicant. It has a user friendly CLI
-      networking.wireless.iwd = {
-        enable = true;
-        settings = {
-          Network = {
-            EnableIPv6 = true;
-            RoutePriorityOffset = 300;
-          };
-          Settings.AutoConnect = true;
-        };
-      };
-    };

  flashInstallerModule =
    { config, ... }:
    {
      imports = [
-        wifiModule
+        self.clanModules.iwd
        self.nixosModules.installer
      ];
+
      system.stateVersion = config.system.nixos.version;
      nixpkgs.pkgs = self.inputs.nixpkgs.legacyPackages.x86_64-linux;
    }