Start declarative WiFi configuration
This commit is contained in:
parent
ef702f721d
commit
035a5b1b4a
SSH key fingerprint:
SHA256:FladqYjaE4scJY3Hi+gnShZ6ygnTJgixy0I6BAoHyos
4 changed files with 114 additions and 0 deletions
|
|
@ -71,3 +71,9 @@ creation_rules:
|
||||||
- age:
|
- age:
|
||||||
- *vili-bw
|
- *vili-bw
|
||||||
- *wg-rpi
|
- *wg-rpi
|
||||||
|
- path_regex: ^secrets/wireless.yaml$
|
||||||
|
key_groups:
|
||||||
|
- age:
|
||||||
|
- *vili-bw
|
||||||
|
- *helium
|
||||||
|
- *lithium
|
||||||
|
|
|
||||||
|
|
@ -20,6 +20,7 @@
|
||||||
enable = true;
|
enable = true;
|
||||||
suffix = "8";
|
suffix = "8";
|
||||||
};
|
};
|
||||||
|
wireless.enable = true;
|
||||||
};
|
};
|
||||||
hardware.intelLaptop.enable = true;
|
hardware.intelLaptop.enable = true;
|
||||||
services = {
|
services = {
|
||||||
|
|
|
||||||
71
modules/networking/wireless.nix
Normal file
71
modules/networking/wireless.nix
Normal file
|
|
@ -0,0 +1,71 @@
|
||||||
|
{ config, lib, ... }:
|
||||||
|
let
|
||||||
|
cfg = config.custom.networking.wireless;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.custom.networking.wireless.enable =
|
||||||
|
lib.mkEnableOption "wireless networking with preconfigured networks";
|
||||||
|
|
||||||
|
config = lib.mkIf cfg.enable {
|
||||||
|
sops = {
|
||||||
|
secrets = {
|
||||||
|
WRT_Personal_PSK.sopsFile = ../../secrets/wireless.yaml;
|
||||||
|
WLNPub_PSK.sopsFile = ../../secrets/wireless.yaml;
|
||||||
|
ViliMobile_PSK.sopsFile = ../../secrets/wireless.yaml;
|
||||||
|
};
|
||||||
|
|
||||||
|
templates."wpa_supplicant_secrets".content = ''
|
||||||
|
WRT_Personal_PSK=${config.sops.placeholder.WRT_Personal_PSK}
|
||||||
|
WLNPub_PSK=${config.sops.placeholder.WLNPub_PSK}
|
||||||
|
ViliMobile_PSK=${config.sops.placeholder.ViliMobile_PSK}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.networkmanager.unmanaged = [ "except:type:wifi" ];
|
||||||
|
|
||||||
|
networking.wireless = {
|
||||||
|
fallbackToWPA2 = false;
|
||||||
|
enable = true;
|
||||||
|
userControlled.enable = true;
|
||||||
|
secretsFile = config.sops.templates."wpa_supplicant_secrets".path;
|
||||||
|
extraConfig = ''
|
||||||
|
mac_addr=1
|
||||||
|
'';
|
||||||
|
networks = {
|
||||||
|
WRT_Personal = {
|
||||||
|
authProtocols = [ "SAE" ];
|
||||||
|
pskRaw = "ext:WRT_Personal_PSK";
|
||||||
|
priority = 100;
|
||||||
|
extraConfig = ''
|
||||||
|
ieee80211w=2
|
||||||
|
pairwise=CCMP
|
||||||
|
group=CCMP
|
||||||
|
mac_addr=0
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
WLNPub = {
|
||||||
|
# TODO Fix
|
||||||
|
pskRaw = "ext:WLNPub_PSK";
|
||||||
|
priority = 100;
|
||||||
|
extraConfig = ''
|
||||||
|
ieee80211w=2
|
||||||
|
pairwise=CCMP
|
||||||
|
group=CCMP
|
||||||
|
mac_addr=0
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
ViliMobile = {
|
||||||
|
authProtocols = [ "SAE" ];
|
||||||
|
pskRaw = "ext:ViliMobile_PSK";
|
||||||
|
priority = 50;
|
||||||
|
extraConfig = ''
|
||||||
|
ieee80211w=2
|
||||||
|
pairwise=CCMP
|
||||||
|
group=CCMP
|
||||||
|
mac_addr=0
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
36
secrets/wireless.yaml
Normal file
36
secrets/wireless.yaml
Normal file
|
|
@ -0,0 +1,36 @@
|
||||||
|
WRT_Personal_PSK: ENC[AES256_GCM,data:14EgZsa+2+tJqBJBkF8tIhTbjdg=,iv:s7jRDOGwjEJKh+p2UJQ4lJkouM0NVkLsoz6kNQ8pmAU=,tag:cqZoXOHHskcSEnLOIFPEuw==,type:str]
|
||||||
|
WLNPub_PSK: ENC[AES256_GCM,data:scmOwtACDv4cVjQVw7Rd,iv:wnQE1+fASxe6t88sP1k78Mkv6aPmdqMZ0pkvilYYInU=,tag:5FEFnWVm/8XG7TnrDoJueg==,type:str]
|
||||||
|
ViliMobile_PSK: ENC[AES256_GCM,data:vqihGwqqzd/ZuZJ9TaDajA==,iv:7MXFeA4vZFVvUx8DbkdPoQek8jUTV6tNyhkBF59PjR8=,tag:pbCJbAdT2JPi9KcF4/5DJQ==,type:str]
|
||||||
|
sops:
|
||||||
|
age:
|
||||||
|
- recipient: age1pvkuvcc38pke3euzsjzpgp6s6v3jykug2e69rplytdy7gxntm5jsraxhvp
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsbi9sU2NjYkl0R3hNOFEr
|
||||||
|
UEhvV2NxTE1QQUZOMXNjKzlGNlZQOXdybzFJCm9ZVkFXbGVuKzVVQ3NkODhhc1o0
|
||||||
|
OHVlcElYeEt5UzZFVE9pU2wzcEt4Y0UKLS0tIGRYVjhsYm9qS0J0Z0FlMGNVQmY4
|
||||||
|
c0d6bUFibDhCcWN3K3lDbzg3OCtnaTgKYPkeIn83IYP/PmcrMlDhYRTMuMmGGrFs
|
||||||
|
ZYe5bW7Mp9Mf04IFDzAtFI4sdcND7EiZcwX6LVLBU/qCBEp21OvWKA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1xp02dggk2e6csvxg2q5nfts4tjhd05vthrcvvk2l67m3tgs3vugqshg24q
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBdnJRUzRPeXNSYzZxbFl2
|
||||||
|
QjBZTkpUMVZDVk5va1VNazNuTHlubFZGb3lzCmppL2hYZTZsTFpIY3BZQmQrZTVI
|
||||||
|
d044ZXNka3hxOHcxVHpld1FJWDlWa3cKLS0tIEwwV3VXNnFxVnB3TWFhWFdORUdy
|
||||||
|
OTJNVXFXYkxDZVVxNHg0YnBzMUZsN1EKNftAqBZKlcnrEyCLemXGtc1DscRHsDBU
|
||||||
|
P8r0mHJpeJJ99/ADTtH9dVN7HtADP1ana9LdI8kqaiJ0goI7al+v6Q==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1yrfr0q72nqa842t0mzckeemfww28qzcd3wqmrd8mvzwvgpzssvlq9ruzlk
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpaE5selZZUzl5NmFhNHhz
|
||||||
|
OGpFKzNhZW5vTVRWRmhzTm9ORGVZK1BoMnlVCkovYmlPK0lRUXRyMFo0Zm5JdUpC
|
||||||
|
STdOcjYvVzltc2lsZ0hleVI5TjRYeWsKLS0tIHB3cGJZUi9vTFpFcnZpU0p6U3lT
|
||||||
|
aGdnUXVCZlZDUmltdk5mMDc5Y2huLzgKjf6lENGwYqJ0tOkTDeNmIXTq8vqMUzz8
|
||||||
|
aNRUtHutwo4BcLPRpWpwdY13DNwQVulGm4Pca6UO12phy+OIFhE8ag==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2025-07-21T12:13:12Z"
|
||||||
|
mac: ENC[AES256_GCM,data:SdtWdtydEfqSoe2mMHfFpNkiHyHh/gbr40W8ke7oWeFSUiS32lz5Pmp/qrqxO2sWwjIpM4VMIBJmTgiqRLVaPVhthJqCEaR13ZUJjD/WAk6ApdAR0y46y6o+zw7FHii6dr9l9lgKwAuqYVMUuYAsdSPpD5fUVHoBLd/8Ogk8Vvo=,iv:wtBsAcu4FtqUSFgMsbFisobl0c/0p77f5HlIPy5EFJo=,tag:Vq+QsISQGq9ut9OHUNgkzw==,type:str]
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.10.2
|
||||||
Loading…
Add table
Add a link
Reference in a new issue