modules/nixos/system/wifi.nix at main · dunkirk.sh/dots

dunkirk.sh / dots
Kieran's opinionated (and probably slightly dumb) nix config
dots / modules / nixos / system / wifi.nix
at main 4.9 kB view raw
  1# simple network manager
  2#
  3# This module provides a simpler way to declare wifi profiles with network manager.
  4# - you can pass the PSK via environment variable, direct value, or file.
  5# - profiles are defined in `atelier.network.wifi.profiles`.
  6# - eduroam networks are supported with the `eduroam = true` flag.
  7#
  8# Example usage:
  9#   atelier.network.wifi = {
 10#     enable = true;
 11#     profiles = {
 12#       "MySSID" = { psk = "supersecret"; };
 13#       "eduroam" = {
 14#         eduroam = true;
 15#         identity = "user@university.edu";
 16#         psk = "password";
 17#       };
 18#     };
 19#   };
 20
 21{
 22  lib,
 23  config,
 24  pkgs,
 25  ...
 26}:
 27let
 28  cfg = config.atelier.network.wifi;
 29  mkProfile =
 30    name:
 31    {
 32      pskVar ? null,
 33      psk ? null,
 34      pskFile ? null,
 35      eduroam ? false,
 36      identity ? null,
 37    }:
 38    let
 39      base = {
 40        connection = {
 41          id = name;
 42          type = "wifi";
 43        };
 44        ipv4.method = "auto";
 45        ipv6 = {
 46          addr-gen-mode = "stable-privacy";
 47          method = "auto";
 48        };
 49        wifi = {
 50          mode = "infrastructure";
 51          ssid = name;
 52        };
 53      };
 54      sec =
 55        if eduroam then
 56          if pskVar != null then
 57            {
 58              wifi-security = {
 59                key-mgmt = "wpa-eap";
 60                password = "$" + pskVar;
 61                identity = identity;
 62                phase2-auth = "mschapv2";
 63              };
 64            }
 65          else if psk != null then
 66            {
 67              wifi-security = {
 68                key-mgmt = "wpa-eap";
 69                password = psk;
 70                identity = identity;
 71                phase2-auth = "mschapv2";
 72              };
 73            }
 74          else if pskFile != null then
 75            {
 76              wifi-security = {
 77                key-mgmt = "wpa-eap";
 78                password = "$(" + pkgs.coreutils + "/bin/cat " + pskFile + ")";
 79                identity = identity;
 80                phase2-auth = "mschapv2";
 81              };
 82            }
 83          else
 84            { }
 85        else if pskVar != null then
 86          {
 87            wifi-security = {
 88              key-mgmt = "wpa-psk";
 89              psk = "$" + pskVar;
 90            };
 91          }
 92        else if psk != null then
 93          {
 94            wifi-security = {
 95              key-mgmt = "wpa-psk";
 96              psk = psk;
 97            };
 98          }
 99        else if pskFile != null then
100          {
101            wifi-security = {
102              key-mgmt = "wpa-psk";
103              psk = "$(" + pkgs.coreutils + "/bin/cat " + pskFile + ")";
104            };
105          }
106        else
107          { };
108    in
109    base // sec;
110in
111{
112  options.atelier.network.wifi = {
113    enable = lib.mkEnableOption "Enable NetworkManager with simplified Wi-Fi profiles";
114    hostName = lib.mkOption {
115      type = lib.types.str;
116      default = lib.mkDefault (config.networking.hostName or "nixos");
117    };
118    nameservers = lib.mkOption {
119      type = lib.types.listOf lib.types.str;
120      default = lib.mkDefault [ ];
121    };
122    envFile = lib.mkOption {
123      type = lib.types.nullOr lib.types.path;
124      default = null;
125      description = "Single environment file with PSK variables (used once).";
126    };
127
128    profiles = lib.mkOption {
129      type = lib.types.attrsOf (
130        lib.types.submodule (
131          { name, ... }:
132          {
133            options = {
134              pskVar = lib.mkOption {
135                type = lib.types.nullOr lib.types.str;
136                default = null;
137                description = "Variable name in envFile providing PSK";
138              };
139              psk = lib.mkOption {
140                type = lib.types.nullOr lib.types.str;
141                default = null;
142              };
143              pskFile = lib.mkOption {
144                type = lib.types.nullOr lib.types.path;
145                default = null;
146              };
147              eduroam = lib.mkOption {
148                type = lib.types.bool;
149                default = false;
150                description = "Enable eduroam configuration";
151              };
152              identity = lib.mkOption {
153                type = lib.types.nullOr lib.types.str;
154                default = null;
155                description = "Identity for eduroam authentication";
156              };
157            };
158          }
159        )
160      );
161      default = { };
162      description = "Map of SSID -> { pskVar | psk | pskFile | eduroam config }.";
163    };
164  };
165
166  config = lib.mkIf cfg.enable {
167    networking = {
168      hostName = lib.mkIf (cfg.hostName != "") cfg.hostName;
169      nameservers = lib.mkIf (cfg.nameservers != [ ]) cfg.nameservers;
170      useDHCP = false;
171      dhcpcd.enable = false;
172      networkmanager = {
173        enable = true;
174        dns = "none";
175        ensureProfiles = {
176          environmentFiles = lib.optional (cfg.envFile != null) cfg.envFile;
177          profiles = lib.mapAttrs mkProfile cfg.profiles;
178        };
179      };
180    };
181  };
182}