Make Wi-Fi semi-declarative

2024-06-08 15:54:33 +02:00 · 2024-06-08 15:54:33 +02:00 · 96dea140be
commit 96dea140be
parent bc53468373
5 changed files with 125 additions and 126 deletions
--- a/os/wireless/default.nix
+++ b/os/wireless/default.nix
@ -1,34 +1,49 @@
 { pkgs, lib, config, ... }:
+let
+  importScript = pkgs.writers.writePython3 "install-wifi-import"
+    {
+      libraries = [ pkgs.python3Packages.pyaml ];
+    }
+    (builtins.readFile ./import.py);
+  applyScript = pkgs.writers.writePython3 "install-wifi-apply" { } (builtins.readFile ./apply.py);
+in
 {
  environment.systemPackages = [
    (pkgs.writeShellApplication {
      name = "install-wifi";
+      runtimeInputs = with pkgs; [ wpa_supplicant diffutils ];
      text = ''
        temp="$(mktemp --directory --suffix="-install-wifi")"
        cd "$temp"
-        ${
-          pkgs.writers.writePython3 "install-wifi-import" {
-            libraries = [ pkgs.python3Packages.pyaml ];
-          } (builtins.readFile ./import.py)
-        }
-        sudo chown root:root wireless_networks.{env,json}
-        sudo chmod "u=r" wireless_networks.env
-        sudo chmod "u=r,g=r,o=r" wireless_networks.json
+
+        # Save config for diffing later
+        wpa_cli save_config > /dev/null
+        cat <(sudo cat /run/wpa_supplicant/wpa_supplicant.conf) > old.conf
+
+        # Export Wi-Fi config from pass
+        ${importScript}
+
+        # Save on persistent storage for boot
+        sudo chown root:root wireless_networks.json
+        sudo chmod "u=r" wireless_networks.json
        sudo mkdir -p /etc/keys
-        sudo mv -f wireless_networks.{env,json} /etc/keys
-        cd -
+        sudo mv -f wireless_networks.json /etc/keys
+
+        # Apply configuration
+        sudo ${applyScript}
+
+        # Diff the config
+        wpa_cli save_config > /dev/null
+        cat <(sudo cat /run/wpa_supplicant/wpa_supplicant.conf) > new.conf
+        diff --color=auto -U 5 old.conf new.conf
+
+        rm old.conf new.conf
+        cd /
        rmdir "$temp"
-        rb
      '';
-      # This relies on multiple off-repo things:
-      # - pass password store with wifi/${name} entries, containing wpa_supplicant networks
-      #   loosely converted to YAML (see import.py script)
-      # - In a (private) flake:
-      #   inputs.wirelessNetworks.url = "path:/etc/keys/wireless_networks.json";
-      #   inputs.wirelessNetworks.flake = false;
-      # - In NixOS config (using flake inputs):
-      #   networking.wireless.environmentFile = "/etc/keys/wireless_networks.env";
-      #   networking.wireless.networks = builtins.fromJSON (builtins.readFile wirelessNetworks);
+      # This relies on pass password store with wifi/${name} entries,
+      # containing wpa_supplicant networks loosely converted to YAML
+      # (see import.py script)
    })
  ];
  # wireless support via wpa_supplicant
@ -51,4 +66,10 @@
    userControlled.enable = true; # Allow some control with wpa_cli
  };
  services.chrony.serverOption = "offline";
+  systemd.services.wifi_apply = {
+    after = [ "wpa_supplicant.service" ];
+    requiredBy = [ "wpa_supplicant.service" ];
+    path = with pkgs; [ wpa_supplicant ];
+    script = "${applyScript}";
+  };
 }