wifi: Make more user-friendly

This commit is contained in:
Geoffrey Frogeye 2024-02-18 13:38:01 +01:00
parent 097d53807d
commit ee4e45905a
Signed by: geoffrey
GPG key ID: C72403E7F82E6AD8
5 changed files with 65 additions and 30 deletions

View file

@ -115,6 +115,7 @@ echo "- Boot into the system"
echo "- Transfer necessary private keys (or use ssh -A for testing)" echo "- Transfer necessary private keys (or use ssh -A for testing)"
echo "- Run git-sync" echo "- Run git-sync"
echo "- Run install-passwords" echo "- Run install-passwords"
echo "- Run install-wifi"
echo "- Run rb" echo "- Run rb"
echo "- Change root and user password" echo "- Change root and user password"

View file

@ -12,6 +12,6 @@
./geoffrey.nix ./geoffrey.nix
./printing ./printing
./style ./style
./wireless.nix ./wireless
]; ];
} }

View file

@ -1,13 +0,0 @@
{ pkgs, ... }:
{
# wireless support via wpa_supplicant
networking.wireless = {
enable = true;
extraConfig = ''
country=NL
'';
};
networking.wireless.userControlled.enable = true; # Allow some control with wpa_cli
environment.systemPackages = with pkgs; [ wirelesstools ];
services.chrony.serverOption = "offline";
}

54
os/wireless/default.nix Normal file
View file

@ -0,0 +1,54 @@
{ pkgs, lib, config, ... }:
{
environment.systemPackages = [
(pkgs.writeShellApplication {
name = "install-wifi";
text = ''
temp="$(mktemp --directory --suffix="-install-wifi")"
cd "$temp"
${
pkgs.writers.writePython3 "install-wifi-import" {
libraries = [ pkgs.python3Packages.pyaml ];
} (builtins.readFile ./import.py)
}
sudo chown root:root wireless_networks.{env,json}
sudo chmod "u=r" wireless_networks.env
sudo chmod "u=r,g=r,o=r" wireless_networks.json
sudo mkdir -p /etc/keys
sudo mv -f wireless_networks.{env,json} /etc/keys
cd -
rmdir "$temp"
rb
'';
# This relies on multiple off-repo things:
# - pass password store with wifi/${name} entries, containing wpa_supplicant networks
# loosely converted to YAML (see import.py script)
# - In a (private) flake:
# inputs.wirelessNetworks.url = "path:/etc/keys/wireless_networks.json";
# inputs.wirelessNetworks.flake = false;
# - In NixOS config (using flake inputs):
# networking.wireless.environmentFile = "/etc/keys/wireless_networks.env";
# networking.wireless.networks = builtins.fromJSON (builtins.readFile wirelessNetworks);
})
];
# wireless support via wpa_supplicant
networking.wireless = {
enable = true;
extraConfig = ''
country=NL
'';
# Public wireless networks
networks = lib.genAttrs [
"EurostarTrainsWiFi"
"_SNCF gare-gratuit"
"_SNCF_WIFI_INOUI"
"Wifi in de trein"
"WiFi in de trein"
"_WIFI_LYRIA"
"WIFIonICE"
]
(ssid: { });
userControlled.enable = true; # Allow some control with wpa_cli
};
services.chrony.serverOption = "offline";
}

View file

@ -1,9 +1,6 @@
#!/usr/bin/env nix-shell
#! nix-shell -i python3
#! nix-shell -p python3 python3Packages.pyaml
""" """
Exports Wi-Fi networks configuration stored in pass into a format readable by Nix. Exports Wi-Fi networks configuration stored in pass
into a format readable by Nix.
""" """
# TODO EAP ca_cert=/etc/ssl/... probably won't work. Example fix: # TODO EAP ca_cert=/etc/ssl/... probably won't work. Example fix:
@ -11,7 +8,6 @@ Exports Wi-Fi networks configuration stored in pass into a format readable by Ni
# url = "https://letsencrypt.org/certs/isrgrootx1.pem"; # url = "https://letsencrypt.org/certs/isrgrootx1.pem";
# sha256 = "sha256:1la36n2f31j9s03v847ig6ny9lr875q3g7smnq33dcsmf2i5gd92"; # sha256 = "sha256:1la36n2f31j9s03v847ig6ny9lr875q3g7smnq33dcsmf2i5gd92";
# } # }
# TODO Very ugly, can probably do better
import hashlib import hashlib
import json import json
@ -22,10 +18,9 @@ import yaml
# passpy doesn't handle encoding properly, so doing this with calls # passpy doesn't handle encoding properly, so doing this with calls
PASSWORD_STORE = os.path.expanduser("~/.local/share/pass") PASSWORD_STORE = os.environ["PASSWORD_STORE_DIR"]
SUBFOLDER = "wifi" SUBFOLDER = "wifi"
SEPARATE_PASSWORDS = False SEPARATE_PASSWORDS = True
# TODO Find a way to make then env file available at whatever time it is needed
class Password: class Password:
@ -41,7 +36,7 @@ class Password:
# return self.path.split("/")[-1].upper() # return self.path.split("/")[-1].upper()
m = hashlib.sha256() m = hashlib.sha256()
m.update(self.path.encode()) m.update(self.path.encode())
return m.hexdigest().upper() return "p" + m.hexdigest().upper()
def val(self) -> str: def val(self) -> str:
return self.content return self.content
@ -148,7 +143,9 @@ for path in list_networks():
if psk: if psk:
network["psk"] = psk.key() network["psk"] = psk.key()
if data: if data:
raise NotImplementedError(f"{path}: Unhandled non-auth extra: {data}") raise NotImplementedError(
f"{path}: Unhandled non-auth extra: {data}"
)
else: else:
if data: if data:
network["auth"] = format_wpa_supplicant_conf(data) network["auth"] = format_wpa_supplicant_conf(data)
@ -164,8 +161,4 @@ with open("wireless_networks.json", "w") as fd:
with open("wireless_networks.env", "w") as fd: with open("wireless_networks.env", "w") as fd:
if SEPARATE_PASSWORDS: if SEPARATE_PASSWORDS:
for k, v in Password.vars().items(): for k, v in Password.vars().items():
print(f"{k}={v}", file=fd) print(f'{k}="{v}"', file=fd)
print("Now, execute:")
print("sudo mv -f wireless_networks.* /etc/keys")
print("rb")