dotfiles/os/wireless/import.py

"""
Exports Wi-Fi networks configuration stored in pass
into a format readable by Nix.
"""

# TODO EAP ca_cert=/etc/ssl/... probably won't work. Example fix:
# builtins.fetchurl {
#     url = "https://letsencrypt.org/certs/isrgrootx1.pem";
#     sha256 = "sha256:1la36n2f31j9s03v847ig6ny9lr875q3g7smnq33dcsmf2i5gd92";
# }

import json
import os
import subprocess

import yaml

# passpy doesn't handle encoding properly, so doing this with calls

PASSWORD_STORE = os.environ["PASSWORD_STORE_DIR"]
SUBFOLDER = "wifi"


def list_networks() -> list[str]:
    paths = []
    pass_folder = os.path.join(PASSWORD_STORE, SUBFOLDER)
    for filename in os.listdir(pass_folder):
        if not filename.endswith(".gpg"):
            continue
        filepath = os.path.join(pass_folder, filename)
        if not os.path.isfile(filepath):
            continue

        file = filename[:-4]
        path = os.path.join(SUBFOLDER, file)
        paths.append(path)
    paths.sort()
    return paths


networks: list[dict[str, str | list[str] | int]] = list()
for path in list_networks():
    proc = subprocess.run(["pass", path], stdout=subprocess.PIPE)
    proc.check_returncode()

    raw = proc.stdout.decode()
    split = raw.split("\n")

    password = split[0]
    data = yaml.safe_load("\n".join(split[1:])) or dict()

    # Helpers to prevent repetition
    suffixes = data.pop("suffixes", [""])
    data.setdefault("key_mgmt", ["WPA-PSK"] if password else ["NONE"])
    if password:
        if any(map(lambda m: "PSK" in m.split("-"), data["key_mgmt"])):
            data["psk"] = password
        if any(map(lambda m: "EAP" in m.split("-"), data["key_mgmt"])):
            data["password"] = password
    assert "ssid" in data, f"{path}: Missing SSID"
    data.setdefault("disabled", 0)

    for suffix in suffixes:
        network = data.copy()
        network["ssid"] += suffix
        networks.append(network)

with open("wireless_networks.json", "w") as fd:
    json.dump(networks, fd, indent=4)
nix: Wi-Fi configuration It's, uh, a bit ugly. But let's try to make it work for now, improve later. Apparently my wpa_supplicant config file was visible for everyone already, so that's not a regression :D 2023-10-28 18:53:17 +02:00			`"""`
wifi: Make more user-friendly 2024-02-18 13:38:01 +01:00			`Exports Wi-Fi networks configuration stored in pass`
			`into a format readable by Nix.`
nix: Wi-Fi configuration It's, uh, a bit ugly. But let's try to make it work for now, improve later. Apparently my wpa_supplicant config file was visible for everyone already, so that's not a regression :D 2023-10-28 18:53:17 +02:00			`"""`

			`# TODO EAP ca_cert=/etc/ssl/... probably won't work. Example fix:`
			`# builtins.fetchurl {`
			`# url = "https://letsencrypt.org/certs/isrgrootx1.pem";`
			`# sha256 = "sha256:1la36n2f31j9s03v847ig6ny9lr875q3g7smnq33dcsmf2i5gd92";`
			`# }`

			`import json`
			`import os`
			`import subprocess`

			`import yaml`

			`# passpy doesn't handle encoding properly, so doing this with calls`

wifi: Make more user-friendly 2024-02-18 13:38:01 +01:00			`PASSWORD_STORE = os.environ["PASSWORD_STORE_DIR"]`
nix: Wi-Fi configuration It's, uh, a bit ugly. But let's try to make it work for now, improve later. Apparently my wpa_supplicant config file was visible for everyone already, so that's not a regression :D 2023-10-28 18:53:17 +02:00			`SUBFOLDER = "wifi"`


			`def list_networks() -> list[str]:`
			`paths = []`
			`pass_folder = os.path.join(PASSWORD_STORE, SUBFOLDER)`
			`for filename in os.listdir(pass_folder):`
			`if not filename.endswith(".gpg"):`
			`continue`
			`filepath = os.path.join(pass_folder, filename)`
			`if not os.path.isfile(filepath):`
			`continue`

			`file = filename[:-4]`
			`path = os.path.join(SUBFOLDER, file)`
			`paths.append(path)`
Make Wi-Fi semi-declarative 2024-06-08 15:54:33 +02:00			`paths.sort()`
nix: Wi-Fi configuration It's, uh, a bit ugly. But let's try to make it work for now, improve later. Apparently my wpa_supplicant config file was visible for everyone already, so that's not a regression :D 2023-10-28 18:53:17 +02:00			`return paths`


Make Wi-Fi semi-declarative 2024-06-08 15:54:33 +02:00			`networks: list[dict[str, str \| list[str] \| int]] = list()`
nix: Wi-Fi configuration It's, uh, a bit ugly. But let's try to make it work for now, improve later. Apparently my wpa_supplicant config file was visible for everyone already, so that's not a regression :D 2023-10-28 18:53:17 +02:00			`for path in list_networks():`
			`proc = subprocess.run(["pass", path], stdout=subprocess.PIPE)`
			`proc.check_returncode()`

			`raw = proc.stdout.decode()`
			`split = raw.split("\n")`

Make Wi-Fi semi-declarative 2024-06-08 15:54:33 +02:00			`password = split[0]`
nix: Wi-Fi configuration It's, uh, a bit ugly. But let's try to make it work for now, improve later. Apparently my wpa_supplicant config file was visible for everyone already, so that's not a regression :D 2023-10-28 18:53:17 +02:00			`data = yaml.safe_load("\n".join(split[1:])) or dict()`

			`# Helpers to prevent repetition`
			`suffixes = data.pop("suffixes", [""])`
Make Wi-Fi semi-declarative 2024-06-08 15:54:33 +02:00			`data.setdefault("key_mgmt", ["WPA-PSK"] if password else ["NONE"])`
nix: Wi-Fi configuration It's, uh, a bit ugly. But let's try to make it work for now, improve later. Apparently my wpa_supplicant config file was visible for everyone already, so that's not a regression :D 2023-10-28 18:53:17 +02:00			`if password:`
			`if any(map(lambda m: "PSK" in m.split("-"), data["key_mgmt"])):`
			`data["psk"] = password`
			`if any(map(lambda m: "EAP" in m.split("-"), data["key_mgmt"])):`
			`data["password"] = password`
			`assert "ssid" in data, f"{path}: Missing SSID"`
Make Wi-Fi semi-declarative 2024-06-08 15:54:33 +02:00			`data.setdefault("disabled", 0)`
nix: Wi-Fi configuration It's, uh, a bit ugly. But let's try to make it work for now, improve later. Apparently my wpa_supplicant config file was visible for everyone already, so that's not a regression :D 2023-10-28 18:53:17 +02:00
			`for suffix in suffixes:`
Make Wi-Fi semi-declarative 2024-06-08 15:54:33 +02:00			`network = data.copy()`
			`network["ssid"] += suffix`
			`networks.append(network)`
nix: Wi-Fi configuration It's, uh, a bit ugly. But let's try to make it work for now, improve later. Apparently my wpa_supplicant config file was visible for everyone already, so that's not a regression :D 2023-10-28 18:53:17 +02:00
Fix Wi-Fi flakes 2024-01-06 19:10:47 +01:00			`with open("wireless_networks.json", "w") as fd:`
nix: Wi-Fi configuration It's, uh, a bit ugly. But let's try to make it work for now, improve later. Apparently my wpa_supplicant config file was visible for everyone already, so that's not a regression :D 2023-10-28 18:53:17 +02:00			`json.dump(networks, fd, indent=4)`