kfm/niveum
1
0
Fork 0
mirror of https://github.com/kmein/niveum synced 2026-03-16 10:11:08 +01:00
Code Releases Activity

feat(networkmanager): declarative

Browse Source
This commit is contained in:
Kierán Meinhardt
2021-09-22 07:55:49 +02:00
parent c60e90f001
commit 4c2a4df663
2 changed files with 120 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

71
configs/networkmanager.nix
View File

@@ -1,13 +1,82 @@
{ pkgs, ... }:
{ lib, pkgs, ... }:
let
autowifi = pkgs.writers.writePython3Bin "autowifi" { flakeIgnore = [ "E501" ]; } <stockholm/lass/5pkgs/autowifi/autowifi.py>;
profile = name: custom: lib.recursiveUpdate {
connection.id = name;
connection.type = "wifi";
connection.interface-name = "wlp3s0";
connection.permissions = "";
wifi.mac-address-blacklist = "";
wifi.ssid = name;
wifi.mode = "infrastructure";
ipv4.dns-search = "";
ipv4.method = "auto";
ipv6.addr-gen-mode = "stable-privacy";
ipv6.dns-search = "";
ipv6.method = "auto";
proxy = {};
} custom;
eduroamProfile = {
connection.uuid = "eae9fee6-a7d2-4120-a609-440b457d6fcf";
wifi-security = {
group = "ccmp;tkip;";
key-mgmt = "wpa-eap";
pairwise = "ccmp;";
proto = "rsn;";
};
"802-1x" = {
altsubject-matches = "DNS:srv1-radius.cms.hu-berlin.de;DNS:srv2-radius.cms.hu-berlin.de;";
anonymous-identity = "anonymous@wlan.hu-berlin.de";
ca-cert = pkgs.fetchurl {
url = "https://www.cms.hu-berlin.de/de/dl/netze/wlan/config/eduroam/t-telesec_globalroot_class_2.pem";
sha256 = "0if8aqd06sid7a0vw009zpa087wxcgdd2x6z2zs4pis5kvyqj2dk";
};
eap = "ttls;";
identity = lib.strings.fileContents <secrets/eduroam/identity>;
password = lib.strings.fileContents <secrets/eduroam/password>;
phase2-auth = "pap";
};
};
in
{
imports = [ <niveum/modules/networkmanager-declarative.nix> ];
networking.networkmanager = {
enable = true;
wifi.macAddress = "random";
ethernet.macAddress = "random";
unmanaged = [ "docker*" ];
profiles = lib.mapAttrs profile {
Aether = {
connection.uuid = "7138bb0f-1aeb-4905-890e-a6628427aa21";
wifi-security = {
psk = lib.strings.fileContents <secrets/wifi/Aether.psk>;
auth-alg = "open";
key-mgmt = "wpa-psk";
};
};
FactoryCommunityGuest = {
connection.uuid = "fb1f2e52-651e-48b5-a72c-1accddf31afb";
connection.timestamp = "1631885129";
wifi.seen-bssids = "54:EC:2F:19:30:DC;54:EC:2F:19:5C:9C;54:EC:2F:58:E4:3C;";
wifi-security = {
psk = "Factory4ever";
auth-alg = "open";
key-mgmt = "wpa-psk";
};
};
o2-WLAN66 = {
connection.uuid = "c563aec3-f344-4ffb-8d1c-60a6cdac8fe0";
wifi-security = {
psk = "PK3468KV488T934U";
auth-alg = "open";
key-mgmt = "wpa-psk";
};
};
"WIFI@DB".connection.uuid = "4eff4e94-8850-4e9f-a338-1787d0d90479";
eduroam = eduroamProfile;
eduroam_5GHz = eduroamProfile;
};
};
users.users.me.extraGroups = [ "networkmanager" ];

50
modules/networkmanager-declarative.nix Normal file
View File

@@ -0,0 +1,50 @@
# https://github.com/jmackie/nixos-networkmanager-profiles/
{ lib, config, ... }:
with lib;
let
nm = config.networking.networkmanager;
mkProfile = profileAttrs:
if !(isAttrs profileAttrs) then
throw "error 1"
else {
enable = true;
mode = "0400"; # readonly (user)
text = (foldlAttrs (accum:
{ name, value }: ''
${accum}
[${name}] ${mkProfileEntry value}'')
"# Generated by nixos-networkmanager-profiles" profileAttrs) + "\n";
};
mkProfileEntry = entryAttrs:
if !(isAttrs entryAttrs) then
throw "error 2"
else
foldlAttrs (accum:
{ name, value }: ''
${accum}
${name}=${toString value}'') "" entryAttrs;
foldlAttrs = op: nul: attrs:
foldl (accum: { fst, snd }: op accum (nameValuePair fst snd)) nul
(lists.zipLists (attrNames attrs) (attrValues attrs));
attrLength = attrs: length (attrValues attrs);
in {
options.networking.networkmanager.profiles = mkOption {
type = types.attrs;
default = { };
};
config = mkIf (attrLength nm.profiles > 0) {
environment.etc = (foldlAttrs (accum:
{ name, value }:
accum // {
"NetworkManager/system-connections/${name}.nmconnection" =
mkProfile value;
}) { } nm.profiles);
};
}