mirror of
https://github.com/kmein/niveum
synced 2026-03-16 10:11:08 +01:00
feat(networkmanager): declarative
This commit is contained in:
@@ -1,13 +1,82 @@
|
|||||||
{ pkgs, ... }:
|
{ lib, pkgs, ... }:
|
||||||
let
|
let
|
||||||
autowifi = pkgs.writers.writePython3Bin "autowifi" { flakeIgnore = [ "E501" ]; } <stockholm/lass/5pkgs/autowifi/autowifi.py>;
|
autowifi = pkgs.writers.writePython3Bin "autowifi" { flakeIgnore = [ "E501" ]; } <stockholm/lass/5pkgs/autowifi/autowifi.py>;
|
||||||
|
profile = name: custom: lib.recursiveUpdate {
|
||||||
|
connection.id = name;
|
||||||
|
connection.type = "wifi";
|
||||||
|
connection.interface-name = "wlp3s0";
|
||||||
|
connection.permissions = "";
|
||||||
|
wifi.mac-address-blacklist = "";
|
||||||
|
wifi.ssid = name;
|
||||||
|
wifi.mode = "infrastructure";
|
||||||
|
ipv4.dns-search = "";
|
||||||
|
ipv4.method = "auto";
|
||||||
|
ipv6.addr-gen-mode = "stable-privacy";
|
||||||
|
ipv6.dns-search = "";
|
||||||
|
ipv6.method = "auto";
|
||||||
|
proxy = {};
|
||||||
|
} custom;
|
||||||
|
eduroamProfile = {
|
||||||
|
connection.uuid = "eae9fee6-a7d2-4120-a609-440b457d6fcf";
|
||||||
|
wifi-security = {
|
||||||
|
group = "ccmp;tkip;";
|
||||||
|
key-mgmt = "wpa-eap";
|
||||||
|
pairwise = "ccmp;";
|
||||||
|
proto = "rsn;";
|
||||||
|
};
|
||||||
|
"802-1x" = {
|
||||||
|
altsubject-matches = "DNS:srv1-radius.cms.hu-berlin.de;DNS:srv2-radius.cms.hu-berlin.de;";
|
||||||
|
anonymous-identity = "anonymous@wlan.hu-berlin.de";
|
||||||
|
ca-cert = pkgs.fetchurl {
|
||||||
|
url = "https://www.cms.hu-berlin.de/de/dl/netze/wlan/config/eduroam/t-telesec_globalroot_class_2.pem";
|
||||||
|
sha256 = "0if8aqd06sid7a0vw009zpa087wxcgdd2x6z2zs4pis5kvyqj2dk";
|
||||||
|
};
|
||||||
|
eap = "ttls;";
|
||||||
|
identity = lib.strings.fileContents <secrets/eduroam/identity>;
|
||||||
|
password = lib.strings.fileContents <secrets/eduroam/password>;
|
||||||
|
phase2-auth = "pap";
|
||||||
|
};
|
||||||
|
};
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
imports = [ <niveum/modules/networkmanager-declarative.nix> ];
|
||||||
|
|
||||||
networking.networkmanager = {
|
networking.networkmanager = {
|
||||||
enable = true;
|
enable = true;
|
||||||
wifi.macAddress = "random";
|
wifi.macAddress = "random";
|
||||||
ethernet.macAddress = "random";
|
ethernet.macAddress = "random";
|
||||||
unmanaged = [ "docker*" ];
|
unmanaged = [ "docker*" ];
|
||||||
|
profiles = lib.mapAttrs profile {
|
||||||
|
Aether = {
|
||||||
|
connection.uuid = "7138bb0f-1aeb-4905-890e-a6628427aa21";
|
||||||
|
wifi-security = {
|
||||||
|
psk = lib.strings.fileContents <secrets/wifi/Aether.psk>;
|
||||||
|
auth-alg = "open";
|
||||||
|
key-mgmt = "wpa-psk";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
FactoryCommunityGuest = {
|
||||||
|
connection.uuid = "fb1f2e52-651e-48b5-a72c-1accddf31afb";
|
||||||
|
connection.timestamp = "1631885129";
|
||||||
|
wifi.seen-bssids = "54:EC:2F:19:30:DC;54:EC:2F:19:5C:9C;54:EC:2F:58:E4:3C;";
|
||||||
|
wifi-security = {
|
||||||
|
psk = "Factory4ever";
|
||||||
|
auth-alg = "open";
|
||||||
|
key-mgmt = "wpa-psk";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
o2-WLAN66 = {
|
||||||
|
connection.uuid = "c563aec3-f344-4ffb-8d1c-60a6cdac8fe0";
|
||||||
|
wifi-security = {
|
||||||
|
psk = "PK3468KV488T934U";
|
||||||
|
auth-alg = "open";
|
||||||
|
key-mgmt = "wpa-psk";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
"WIFI@DB".connection.uuid = "4eff4e94-8850-4e9f-a338-1787d0d90479";
|
||||||
|
eduroam = eduroamProfile;
|
||||||
|
eduroam_5GHz = eduroamProfile;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
users.users.me.extraGroups = [ "networkmanager" ];
|
users.users.me.extraGroups = [ "networkmanager" ];
|
||||||
|
|||||||
50
modules/networkmanager-declarative.nix
Normal file
50
modules/networkmanager-declarative.nix
Normal file
@@ -0,0 +1,50 @@
|
|||||||
|
# https://github.com/jmackie/nixos-networkmanager-profiles/
|
||||||
|
{ lib, config, ... }:
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
nm = config.networking.networkmanager;
|
||||||
|
|
||||||
|
mkProfile = profileAttrs:
|
||||||
|
if !(isAttrs profileAttrs) then
|
||||||
|
throw "error 1"
|
||||||
|
else {
|
||||||
|
enable = true;
|
||||||
|
mode = "0400"; # readonly (user)
|
||||||
|
text = (foldlAttrs (accum:
|
||||||
|
{ name, value }: ''
|
||||||
|
${accum}
|
||||||
|
|
||||||
|
[${name}] ${mkProfileEntry value}'')
|
||||||
|
"# Generated by nixos-networkmanager-profiles" profileAttrs) + "\n";
|
||||||
|
};
|
||||||
|
|
||||||
|
mkProfileEntry = entryAttrs:
|
||||||
|
if !(isAttrs entryAttrs) then
|
||||||
|
throw "error 2"
|
||||||
|
else
|
||||||
|
foldlAttrs (accum:
|
||||||
|
{ name, value }: ''
|
||||||
|
${accum}
|
||||||
|
${name}=${toString value}'') "" entryAttrs;
|
||||||
|
|
||||||
|
foldlAttrs = op: nul: attrs:
|
||||||
|
foldl (accum: { fst, snd }: op accum (nameValuePair fst snd)) nul
|
||||||
|
(lists.zipLists (attrNames attrs) (attrValues attrs));
|
||||||
|
|
||||||
|
attrLength = attrs: length (attrValues attrs);
|
||||||
|
|
||||||
|
in {
|
||||||
|
options.networking.networkmanager.profiles = mkOption {
|
||||||
|
type = types.attrs;
|
||||||
|
default = { };
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf (attrLength nm.profiles > 0) {
|
||||||
|
environment.etc = (foldlAttrs (accum:
|
||||||
|
{ name, value }:
|
||||||
|
accum // {
|
||||||
|
"NetworkManager/system-connections/${name}.nmconnection" =
|
||||||
|
mkProfile value;
|
||||||
|
}) { } nm.profiles);
|
||||||
|
};
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user