From ee4e45905afe586f53f8c5747b390e81bfb412bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Geoffrey=20=E2=80=9CFrogeye=E2=80=9D=20Preud=27homme?= Date: Sun, 18 Feb 2024 13:38:01 +0100 Subject: [PATCH] wifi: Make more user-friendly --- install_os.sh | 1 + os/default.nix | 2 +- os/wireless.nix | 13 ---------- os/wireless/default.nix | 54 +++++++++++++++++++++++++++++++++++++++++ os/wireless/import.py | 25 +++++++------------ 5 files changed, 65 insertions(+), 30 deletions(-) delete mode 100644 os/wireless.nix create mode 100644 os/wireless/default.nix diff --git a/install_os.sh b/install_os.sh index 806d03f..62e37cd 100755 --- a/install_os.sh +++ b/install_os.sh @@ -115,6 +115,7 @@ echo "- Boot into the system" echo "- Transfer necessary private keys (or use ssh -A for testing)" echo "- Run git-sync" echo "- Run install-passwords" +echo "- Run install-wifi" echo "- Run rb" echo "- Change root and user password" diff --git a/os/default.nix b/os/default.nix index 9dd27a5..786f1e0 100644 --- a/os/default.nix +++ b/os/default.nix @@ -12,6 +12,6 @@ ./geoffrey.nix ./printing ./style - ./wireless.nix + ./wireless ]; } diff --git a/os/wireless.nix b/os/wireless.nix deleted file mode 100644 index fc72db7..0000000 --- a/os/wireless.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ pkgs, ... }: -{ - # wireless support via wpa_supplicant - networking.wireless = { - enable = true; - extraConfig = '' - country=NL - ''; - }; - networking.wireless.userControlled.enable = true; # Allow some control with wpa_cli - environment.systemPackages = with pkgs; [ wirelesstools ]; - services.chrony.serverOption = "offline"; -} diff --git a/os/wireless/default.nix b/os/wireless/default.nix new file mode 100644 index 0000000..edc20f7 --- /dev/null +++ b/os/wireless/default.nix @@ -0,0 +1,54 @@ +{ pkgs, lib, config, ... }: +{ + environment.systemPackages = [ + (pkgs.writeShellApplication { + name = "install-wifi"; + text = '' + temp="$(mktemp --directory --suffix="-install-wifi")" + cd "$temp" + ${ + pkgs.writers.writePython3 "install-wifi-import" { + libraries = [ pkgs.python3Packages.pyaml ]; + } (builtins.readFile ./import.py) + } + sudo chown root:root wireless_networks.{env,json} + sudo chmod "u=r" wireless_networks.env + sudo chmod "u=r,g=r,o=r" wireless_networks.json + sudo mkdir -p /etc/keys + sudo mv -f wireless_networks.{env,json} /etc/keys + cd - + rmdir "$temp" + rb + ''; + # This relies on multiple off-repo things: + # - pass password store with wifi/${name} entries, containing wpa_supplicant networks + # loosely converted to YAML (see import.py script) + # - In a (private) flake: + # inputs.wirelessNetworks.url = "path:/etc/keys/wireless_networks.json"; + # inputs.wirelessNetworks.flake = false; + # - In NixOS config (using flake inputs): + # networking.wireless.environmentFile = "/etc/keys/wireless_networks.env"; + # networking.wireless.networks = builtins.fromJSON (builtins.readFile wirelessNetworks); + }) + ]; + # wireless support via wpa_supplicant + networking.wireless = { + enable = true; + extraConfig = '' + country=NL + ''; + # Public wireless networks + networks = lib.genAttrs [ + "EurostarTrainsWiFi" + "_SNCF gare-gratuit" + "_SNCF_WIFI_INOUI" + "Wifi in de trein" + "WiFi in de trein" + "_WIFI_LYRIA" + "WIFIonICE" + ] + (ssid: { }); + userControlled.enable = true; # Allow some control with wpa_cli + }; + services.chrony.serverOption = "offline"; +} diff --git a/os/wireless/import.py b/os/wireless/import.py index 5182be5..e3ce59c 100755 --- a/os/wireless/import.py +++ b/os/wireless/import.py @@ -1,9 +1,6 @@ -#!/usr/bin/env nix-shell -#! nix-shell -i python3 -#! nix-shell -p python3 python3Packages.pyaml - """ -Exports Wi-Fi networks configuration stored in pass into a format readable by Nix. +Exports Wi-Fi networks configuration stored in pass +into a format readable by Nix. """ # TODO EAP ca_cert=/etc/ssl/... probably won't work. Example fix: @@ -11,7 +8,6 @@ Exports Wi-Fi networks configuration stored in pass into a format readable by Ni # url = "https://letsencrypt.org/certs/isrgrootx1.pem"; # sha256 = "sha256:1la36n2f31j9s03v847ig6ny9lr875q3g7smnq33dcsmf2i5gd92"; # } -# TODO Very ugly, can probably do better import hashlib import json @@ -22,10 +18,9 @@ import yaml # passpy doesn't handle encoding properly, so doing this with calls -PASSWORD_STORE = os.path.expanduser("~/.local/share/pass") +PASSWORD_STORE = os.environ["PASSWORD_STORE_DIR"] SUBFOLDER = "wifi" -SEPARATE_PASSWORDS = False -# TODO Find a way to make then env file available at whatever time it is needed +SEPARATE_PASSWORDS = True class Password: @@ -41,7 +36,7 @@ class Password: # return self.path.split("/")[-1].upper() m = hashlib.sha256() m.update(self.path.encode()) - return m.hexdigest().upper() + return "p" + m.hexdigest().upper() def val(self) -> str: return self.content @@ -148,7 +143,9 @@ for path in list_networks(): if psk: network["psk"] = psk.key() if data: - raise NotImplementedError(f"{path}: Unhandled non-auth extra: {data}") + raise NotImplementedError( + f"{path}: Unhandled non-auth extra: {data}" + ) else: if data: network["auth"] = format_wpa_supplicant_conf(data) @@ -164,8 +161,4 @@ with open("wireless_networks.json", "w") as fd: with open("wireless_networks.env", "w") as fd: if SEPARATE_PASSWORDS: for k, v in Password.vars().items(): - print(f"{k}={v}", file=fd) - -print("Now, execute:") -print("sudo mv -f wireless_networks.* /etc/keys") -print("rb") + print(f'{k}="{v}"', file=fd)