From 9d8d2bc61eba539a4ce9efd48ad8f8db4076e51a Mon Sep 17 00:00:00 2001 From: Qubasa Date: Wed, 7 Aug 2024 15:50:30 +0200 Subject: [PATCH] clanModule: Init wifi iwd clan module, with which you can predefine wifi network credentials --- clanModules/flake-module.nix | 1 + clanModules/iwd/README.md | 10 +++++ clanModules/iwd/default.nix | 77 +++++++++++++++++++++++++++++++++ pkgs/installer/flake-module.nix | 21 +-------- 4 files changed, 90 insertions(+), 19 deletions(-) create mode 100644 clanModules/iwd/README.md create mode 100644 clanModules/iwd/default.nix diff --git a/clanModules/flake-module.nix b/clanModules/flake-module.nix index f385b87f3..3f13fc971 100644 --- a/clanModules/flake-module.nix +++ b/clanModules/flake-module.nix @@ -1,6 +1,7 @@ { ... }: { flake.clanModules = { + iwd = ./iwd; borgbackup = ./borgbackup; borgbackup-static = ./borgbackup-static; deltachat = ./deltachat; diff --git a/clanModules/iwd/README.md b/clanModules/iwd/README.md new file mode 100644 index 000000000..1ac1001fe --- /dev/null +++ b/clanModules/iwd/README.md @@ -0,0 +1,10 @@ +--- +description = "Automatically provisions wifi credentials" +--- + + +!!! Warning + This module is for demo purposes only right now the password is not encrypted and world readable! + + + diff --git a/clanModules/iwd/default.nix b/clanModules/iwd/default.nix new file mode 100644 index 000000000..6875dcdb9 --- /dev/null +++ b/clanModules/iwd/default.nix @@ -0,0 +1,77 @@ +{ lib, config, ... }: + +let + cfg = config.clan.iwd; + secret_path = ssid: config.clan.core.facts.services."iwd.${ssid}".secret."wifi-password".path or ""; + secret_generator = name: value: { + name = "iwd.${value.ssid}"; + value = { + secret."iwd.${value.ssid}" = { }; + generator.prompt = "Wifi password for '${value.ssid}'"; + generator.script = '' + config=" + [Security] + Passphrase=$prompt_value + " + echo "$config" > $secrets/wifi-password + ''; + }; + }; +in +{ + options.clan.iwd = { + networks = lib.mkOption { + type = lib.types.attrsOf ( + lib.types.submodule ( + { name, ... }: + { + options = { + ssid = lib.mkOption { + type = lib.types.strMatching "^[a-zA-Z0-9._-]+$"; + default = name; + description = "The name of the wifi network"; + }; + }; + } + ) + ); + default = { }; + description = "Wifi networks to predefine"; + }; + }; + + imports = [ + (lib.mkRemovedOptionModule [ + "clan" + "iwd" + "enable" + ] "Just define clan.iwd.networks to enable it") + ]; + + config = lib.mkMerge [ + (lib.mkIf (cfg.networks != { }) { + # Systemd tmpfiles rule to create /var/lib/iwd/example.psk file + systemd.tmpfiles.rules = lib.mapAttrsToList ( + _: value: "C /var/lib/iwd/${value.ssid}.psk 0600 root root - ${secret_path value.ssid}" + ) cfg.networks; + + clan.core.facts.services = lib.mapAttrs' secret_generator cfg.networks; + }) + { + # disable wpa supplicant + networking.wireless.enable = false; + + # Use iwd instead of wpa_supplicant. It has a user friendly CLI + networking.wireless.iwd = { + enable = true; + settings = { + Network = { + EnableIPv6 = true; + RoutePriorityOffset = 300; + }; + Settings.AutoConnect = true; + }; + }; + } + ]; +} diff --git a/pkgs/installer/flake-module.nix b/pkgs/installer/flake-module.nix index b00c22a79..def3b2b98 100644 --- a/pkgs/installer/flake-module.nix +++ b/pkgs/installer/flake-module.nix @@ -1,32 +1,15 @@ { self, lib, ... }: let - wifiModule = - { ... }: - { - # use iwd instead of wpa_supplicant - networking.wireless.enable = false; - - # Use iwd instead of wpa_supplicant. It has a user friendly CLI - networking.wireless.iwd = { - enable = true; - settings = { - Network = { - EnableIPv6 = true; - RoutePriorityOffset = 300; - }; - Settings.AutoConnect = true; - }; - }; - }; flashInstallerModule = { config, ... }: { imports = [ - wifiModule + self.clanModules.iwd self.nixosModules.installer ]; + system.stateVersion = config.system.nixos.version; nixpkgs.pkgs = self.inputs.nixpkgs.legacyPackages.x86_64-linux; }