commit e68eba2dba2e7b8be6506ea10e467c1e5932bf7a · pyrox.dev/nixpkgs

+67

nixos/doc/manual/from_md/release-notes/rl-2111.section.xml

···

       1280
       1280
        
             <listitem>

     

       1281
       1281
        
               <para>

     

       1282
       1282
        
                 The

     

       1283
       1283
       +
                 <link xlink:href="options.html#opt-networking.wireless.enable">networking.wireless</link>

     

       1284
       1284
       +
                 module (based on wpa_supplicant) has been heavily reworked,

     

       1285
       1285
       +
                 solving a number of issues and adding useful features:

     

       1286
       1286
       +
               </para>

     

       1287
       1287
       +
               <itemizedlist spacing="compact">

     

       1288
       1288
       +
                 <listitem>

     

       1289
       1289
       +
                   <para>

     

       1290
       1290
       +
                     The automatic discovery of wireless interfaces at boot has

     

       1291
       1291
       +
                     been made reliable again (issues

     

       1292
       1292
       +
                     <link xlink:href="https://github.com/NixOS/nixpkgs/issues/101963">#101963</link>,

     

       1293
       1293
       +
                     <link xlink:href="https://github.com/NixOS/nixpkgs/issues/23196">#23196</link>).

     

       1294
       1294
       +
                   </para>

     

       1295
       1295
       +
                 </listitem>

     

       1296
       1296
       +
                 <listitem>

     

       1297
       1297
       +
                   <para>

     

       1298
       1298
       +
                     WPA3 and Fast BSS Transition (802.11r) are now enabled by

     

       1299
       1299
       +
                     default for all networks.

     

       1300
       1300
       +
                   </para>

     

       1301
       1301
       +
                 </listitem>

     

       1302
       1302
       +
                 <listitem>

     

       1303
       1303
       +
                   <para>

     

       1304
       1304
       +
                     Secrets like pre-shared keys and passwords can now be

     

       1305
       1305
       +
                     handled safely, meaning without including them in a

     

       1306
       1306
       +
                     world-readable file

     

       1307
       1307
       +
                     (<literal>wpa_supplicant.conf</literal> under /nix/store).

     

       1308
       1308
       +
                     This is achieved by storing the secrets in a secured

     

       1309
       1309
       +
                     <link xlink:href="options.html#opt-networking.wireless.environmentFile">environmentFile</link>

     

       1310
       1310
       +
                     and referring to them though environment variables that

     

       1311
       1311
       +
                     are expanded inside the configuration.

     

       1312
       1312
       +
                   </para>

     

       1313
       1313
       +
                 </listitem>

     

       1314
       1314
       +
                 <listitem>

     

       1315
       1315
       +
                   <para>

     

       1316
       1316
       +
                     With multiple interfaces declared, independent

     

       1317
       1317
       +
                     wpa_supplicant daemons are started, one for each interface

     

       1318
       1318
       +
                     (the services are named

     

       1319
       1319
       +
                     <literal>wpa_supplicant-wlan0</literal>,

     

       1320
       1320
       +
                     <literal>wpa_supplicant-wlan1</literal>, etc.).

     

       1321
       1321
       +
                   </para>

     

       1322
       1322
       +
                 </listitem>

     

       1323
       1323
       +
                 <listitem>

     

       1324
       1324
       +
                   <para>

     

       1325
       1325
       +
                     The generated <literal>wpa_supplicant.conf</literal> file

     

       1326
       1326
       +
                     is now formatted for easier reading.

     

       1327
       1327
       +
                   </para>

     

       1328
       1328
       +
                 </listitem>

     

       1329
       1329
       +
                 <listitem>

     

       1330
       1330
       +
                   <para>

     

       1331
       1331
       +
                     A new

     

       1332
       1332
       +
                     <link xlink:href="options.html#opt-networking.wireless.scanOnLowSignal">scanOnLowSignal</link>

     

       1333
       1333
       +
                     option has been added to facilitate fast roaming between

     

       1334
       1334
       +
                     access points (enabled by default).

     

       1335
       1335
       +
                   </para>

     

       1336
       1336
       +
                 </listitem>

     

       1337
       1337
       +
                 <listitem>

     

       1338
       1338
       +
                   <para>

     

       1339
       1339
       +
                     A new

     

       1340
       1340
       +
                     <link xlink:href="options.html#opt-networking.wireless.networks._name_.authProtocols">networks.&lt;name&gt;.authProtocols</link>

     

       1341
       1341
       +
                     option has been added to change the authentication

     

       1342
       1342
       +
                     protocols used when connecting to a network.

     

       1343
       1343
       +
                   </para>

     

       1344
       1344
       +
                 </listitem>

     

       1345
       1345
       +
               </itemizedlist>

     

       1346
       1346
       +
             </listitem>

     

       1347
       1347
       +
             <listitem>

     

       1348
       1348
       +
               <para>

     

       1349
       1349
       +
                 The

     

       1283
       1350
        
                 <link xlink:href="options.html#opt-networking.wireless.iwd.enable">networking.wireless.iwd</link>

     

       1284
       1351
        
                 module has a new

     

       1285
       1352
        
                 <link xlink:href="options.html#opt-networking.wireless.iwd.settings">networking.wireless.iwd.settings</link>

+10

nixos/doc/manual/release-notes/rl-2111.section.md

···

       390
       390
        
           `myhostname`, but before `dns` should use the default priority

     

       391
       391
        
         - NSS modules which should come after `dns` should use mkAfter.

     

       392
       392
        
       

     

       393
       393
       +
       - The [networking.wireless](options.html#opt-networking.wireless.enable) module (based on wpa_supplicant) has been heavily reworked, solving a number of issues and adding useful features:

     

       394
       394
       +
         - The automatic discovery of wireless interfaces at boot has been made reliable again (issues [#101963](https://github.com/NixOS/nixpkgs/issues/101963), [#23196](https://github.com/NixOS/nixpkgs/issues/23196)).

     

       395
       395
       +
         - WPA3 and Fast BSS Transition (802.11r) are now enabled by default for all networks.

     

       396
       396
       +
         - Secrets like pre-shared keys and passwords can now be handled safely, meaning without including them in a world-readable file (`wpa_supplicant.conf` under /nix/store).

     

       397
       397
       +
           This is achieved by storing the secrets in a secured [environmentFile](options.html#opt-networking.wireless.environmentFile) and referring to them though environment variables that are expanded inside the configuration.

     

       398
       398
       +
         - With multiple interfaces declared, independent wpa_supplicant daemons are started, one for each interface (the services are named `wpa_supplicant-wlan0`, `wpa_supplicant-wlan1`, etc.).

     

       399
       399
       +
         - The generated `wpa_supplicant.conf` file is now formatted for easier reading.

     

       400
       400
       +
         - A new [scanOnLowSignal](options.html#opt-networking.wireless.scanOnLowSignal) option has been added to facilitate fast roaming between access points (enabled by default).

     

       401
       401
       +
         - A new [networks.&lt;name&gt;.authProtocols](options.html#opt-networking.wireless.networks._name_.authProtocols) option has been added to change the authentication protocols used when connecting to a network.

     

       402
       402
       +
       

     

       393
       403
        
       - The [networking.wireless.iwd](options.html#opt-networking.wireless.iwd.enable) module has a new [networking.wireless.iwd.settings](options.html#opt-networking.wireless.iwd.settings) option.

     

       394
       404
        
       

     

       395
       405
        
       - The [services.syncoid.enable](options.html#opt-services.syncoid.enable) module now properly drops ZFS permissions after usage. Before it delegated permissions to whole pools instead of datasets and didn't clean up after execution. You can manually look this up for your pools by running `zfs allow your-pool-name` and use `zfs unallow syncoid your-pool-name` to clean this up.

+96 -14

nixos/modules/services/networking/wpa_supplicant.nix

···

       20
       20
        
           ++ optional cfg.scanOnLowSignal ''bgscan="simple:30:-70:3600"''

     

       21
       21
        
           ++ optional (cfg.extraConfig != "") cfg.extraConfig);

     

       22
       22
        
       

     

       23
       23
       +
         configIsGenerated = with cfg;

     

       24
       24
       +
           networks != {} || extraConfig != "" || userControlled.enable;

     

       25
       25
       +
       

     

       26
       26
       +
         # the original configuration file

     

       23
       27
        
         configFile =

     

       24
       24
       -
           if cfg.networks != {} || cfg.extraConfig != "" || cfg.userControlled.enable

     

       28
       28
       +
           if configIsGenerated

     

       25
       29
        
             then pkgs.writeText "wpa_supplicant.conf" generatedConfig

     

       26
       30
        
             else "/etc/wpa_supplicant.conf";

     

       31
       31
       +
         # the config file with environment variables replaced

     

       32
       32
       +
         finalConfig = ''"$RUNTIME_DIRECTORY"/wpa_supplicant.conf'';

     

       27
       33
        
       

     

       28
       34
        
         # Creates a network block for wpa_supplicant.conf

     

       29
       35
        
         mkNetwork = ssid: opts:

     
···

       56
       62
        
           let

     

       57
       63
        
             deviceUnit = optional (iface != null) "sys-subsystem-net-devices-${utils.escapeSystemdPath iface}.device";

     

       58
       64
        
             configStr = if cfg.allowAuxiliaryImperativeNetworks

     

       59
       59
       -
               then "-c /etc/wpa_supplicant.conf -I ${configFile}"

     

       60
       60
       -
               else "-c ${configFile}";

     

       65
       65
       +
               then "-c /etc/wpa_supplicant.conf -I ${finalConfig}"

     

       66
       66
       +
               else "-c ${finalConfig}";

     

       61
       67
        
           in {

     

       62
       68
        
             description = "WPA Supplicant instance" + optionalString (iface != null) " for interface ${iface}";

     

       63
       69
        
       

     
···

       69
       75
        
             stopIfChanged = false;

     

       70
       76
        
       

     

       71
       77
        
             path = [ package ];

     

       78
       78
       +
             serviceConfig.RuntimeDirectory = "wpa_supplicant";

     

       79
       79
       +
             serviceConfig.RuntimeDirectoryMode = "700";

     

       80
       80
       +
             serviceConfig.EnvironmentFile = mkIf (cfg.environmentFile != null)

     

       81
       81
       +
               (builtins.toString cfg.environmentFile);

     

       72
       82
        
       

     

       73
       83
        
             script =

     

       74
       84
        
             ''

     

       75
       75
       -
               if [ -f /etc/wpa_supplicant.conf -a "/etc/wpa_supplicant.conf" != "${configFile}" ]; then

     

       76
       76
       -
                 echo >&2 "<3>/etc/wpa_supplicant.conf present but ignored. Generated ${configFile} is used instead."

     

       77
       77
       -
               fi

     

       85
       85
       +
               ${optionalString configIsGenerated ''

     

       86
       86
       +
                 if [ -f /etc/wpa_supplicant.conf ]; then

     

       87
       87
       +
                   echo >&2 "<3>/etc/wpa_supplicant.conf present but ignored. Generated ${configFile} is used instead."

     

       88
       88
       +
                 fi

     

       89
       89
       +
               ''}

     

       90
       90
       +
       

     

       91
       91
       +
               # substitute environment variables

     

       92
       92
       +
               ${pkgs.gawk}/bin/awk '{

     

       93
       93
       +
                 for(varname in ENVIRON)

     

       94
       94
       +
                   gsub("@"varname"@", ENVIRON[varname])

     

       95
       95
       +
                 print

     

       96
       96
       +
               }' "${configFile}" > "${finalConfig}"

     

       78
       97
        
       

     

       79
       98
        
               iface_args="-s ${optionalString cfg.dbusControlled "-u"} -D${cfg.driver} ${configStr}"

     

       80
       99
        
       

     
···

       155
       174
        
               '';

     

       156
       175
        
             };

     

       157
       176
        
       

     

       177
       177
       +
             environmentFile = mkOption {

     

       178
       178
       +
               type = types.nullOr types.path;

     

       179
       179
       +
               default = null;

     

       180
       180
       +
               example = "/run/secrets/wireless.env";

     

       181
       181
       +
               description = ''

     

       182
       182
       +
                 File consisting of lines of the form <literal>varname=value</literal>

     

       183
       183
       +
                 to define variables for the wireless configuration.

     

       184
       184
       +
       

     

       185
       185
       +
                 See section "EnvironmentFile=" in <citerefentry>

     

       186
       186
       +
                 <refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum>

     

       187
       187
       +
                 </citerefentry> for a syntax reference.

     

       188
       188
       +
       

     

       189
       189
       +
                 Secrets (PSKs, passwords, etc.) can be provided without adding them to

     

       190
       190
       +
                 the world-readable Nix store by defining them in the environment file and

     

       191
       191
       +
                 referring to them in option <option>networking.wireless.networks</option>

     

       192
       192
       +
                 with the syntax <literal>@varname@</literal>. Example:

     

       193
       193
       +
       

     

       194
       194
       +
                 <programlisting>

     

       195
       195
       +
                 # content of /run/secrets/wireless.env

     

       196
       196
       +
                 PSK_HOME=mypassword

     

       197
       197
       +
                 PASS_WORK=myworkpassword

     

       198
       198
       +
                 </programlisting>

     

       199
       199
       +
       

     

       200
       200
       +
                 <programlisting>

     

       201
       201
       +
                 # wireless-related configuration

     

       202
       202
       +
                 networking.wireless.environmentFile = "/run/secrets/wireless.env";

     

       203
       203
       +
                 networking.wireless.networks = {

     

       204
       204
       +
                   home.psk = "@PSK_HOME@";

     

       205
       205
       +
                   work.auth = '''

     

       206
       206
       +
                     eap=PEAP

     

       207
       207
       +
                     identity="my-user@example.com"

     

       208
       208
       +
                     password="@PASS_WORK@"

     

       209
       209
       +
                   ''';

     

       210
       210
       +
                 };

     

       211
       211
       +
                 </programlisting>

     

       212
       212
       +
               '';

     

       213
       213
       +
             };

     

       214
       214
       +
       

     

       158
       215
        
             networks = mkOption {

     

       159
       216
        
               type = types.attrsOf (types.submodule {

     

       160
       217
        
                 options = {

     
···

       165
       222
        
                       The network's pre-shared key in plaintext defaulting

     

       166
       223
        
                       to being a network without any authentication.

     

       167
       224
        
       

     

       168
       168
       -
                       Be aware that these will be written to the nix store

     

       169
       169
       -
                       in plaintext!

     

       225
       225
       +
                       <warning><para>

     

       226
       226
       +
                         Be aware that this will be written to the nix store

     

       227
       227
       +
                         in plaintext! Use an environment variable instead.

     

       228
       228
       +
                       </para></warning>

     

       170
       229
        
       

     

       171
       171
       -
                       Mutually exclusive with <varname>pskRaw</varname>.

     

       230
       230
       +
                       <note><para>

     

       231
       231
       +
                         Mutually exclusive with <varname>pskRaw</varname>.

     

       232
       232
       +
                       </para></note>

     

       172
       233
        
                     '';

     

       173
       234
        
                   };

     

       174
       235
        
       

     
···

       179
       240
        
                       The network's pre-shared key in hex defaulting

     

       180
       241
        
                       to being a network without any authentication.

     

       181
       242
        
       

     

       182
       182
       -
                       Mutually exclusive with <varname>psk</varname>.

     

       243
       243
       +
                       <warning><para>

     

       244
       244
       +
                         Be aware that this will be written to the nix store

     

       245
       245
       +
                         in plaintext! Use an environment variable instead.

     

       246
       246
       +
                       </para></warning>

     

       247
       247
       +
       

     

       248
       248
       +
                       <note><para>

     

       249
       249
       +
                         Mutually exclusive with <varname>psk</varname>.

     

       250
       250
       +
                       </para></note>

     

       183
       251
        
                     '';

     

       184
       252
        
                   };

     

       185
       253
        
       

     
···

       231
       299
        
                     example = ''

     

       232
       300
        
                       eap=PEAP

     

       233
       301
        
                       identity="user@example.com"

     

       234
       234
       -
                       password="secret"

     

       302
       302
       +
                       password="@EXAMPLE_PASSWORD@"

     

       235
       303
        
                     '';

     

       236
       304
        
                     description = ''

     

       237
       305
        
                       Use this option to configure advanced authentication methods like EAP.

     
···

       242
       310
        
                       </citerefentry>

     

       243
       311
        
                       for example configurations.

     

       244
       312
        
       

     

       245
       245
       -
                       Mutually exclusive with <varname>psk</varname> and <varname>pskRaw</varname>.

     

       313
       313
       +
                       <warning><para>

     

       314
       314
       +
                         Be aware that this will be written to the nix store

     

       315
       315
       +
                         in plaintext! Use an environment variable for secrets.

     

       316
       316
       +
                       </para></warning>

     

       317
       317
       +
       

     

       318
       318
       +
                       <note><para>

     

       319
       319
       +
                         Mutually exclusive with <varname>psk</varname> and

     

       320
       320
       +
                         <varname>pskRaw</varname>.

     

       321
       321
       +
                       </para></note>

     

       246
       322
        
                     '';

     

       247
       323
        
                   };

     

       248
       324
        
       

     
···

       303
       379
        
               default = {};

     

       304
       380
        
               example = literalExample ''

     

       305
       381
        
                 { echelon = {                   # SSID with no spaces or special characters

     

       306
       306
       -
                     psk = "abcdefgh";

     

       382
       382
       +
                     psk = "abcdefgh";           # (password will be written to /nix/store!)

     

       307
       383
        
                   };

     

       384
       384
       +
       

     

       385
       385
       +
                   echelon = {                   # safe version of the above: read PSK from the

     

       386
       386
       +
                     psk = "@PSK_ECHELON@";      # variable PSK_ECHELON, defined in environmentFile,

     

       387
       387
       +
                   };                            # this won't leak into /nix/store

     

       388
       388
       +
       

     

       308
       389
        
                   "echelon's AP" = {            # SSID with spaces and/or special characters

     

       309
       309
       -
                      psk = "ijklmnop";

     

       390
       390
       +
                      psk = "ijklmnop";          # (password will be written to /nix/store!)

     

       310
       391
        
                   };

     

       392
       392
       +
       

     

       311
       393
        
                   "free.wifi" = {};             # Public wireless network

     

       312
       394
        
                 }

     

       313
       395
        
               '';

nixos/tests/all-tests.nix

···

       479
       479
        
         wiki-js = handleTest ./wiki-js.nix {};

     

       480
       480
        
         wireguard = handleTest ./wireguard {};

     

       481
       481
        
         wmderland = handleTest ./wmderland.nix {};

     

       482
       482
       +
         wpa_supplicant = handleTest ./wpa_supplicant.nix {};

     

       482
       483
        
         wordpress = handleTest ./wordpress.nix {};

     

       483
       484
        
         xandikos = handleTest ./xandikos.nix {};

     

       484
       485
        
         xautolock = handleTest ./xautolock.nix {};

+81

nixos/tests/wpa_supplicant.nix

···

       1
       1
       +
       import ./make-test-python.nix ({ pkgs, lib, ...}:

     

       2
       2
       +
       {

     

       3
       3
       +
         name = "wpa_supplicant";

     

       4
       4
       +
         meta = with lib.maintainers; {

     

       5
       5
       +
           maintainers = [ rnhmjoj ];

     

       6
       6
       +
         };

     

       7
       7
       +
       

     

       8
       8
       +
         machine = { ... }: {

     

       9
       9
       +
           imports = [ ../modules/profiles/minimal.nix ];

     

       10
       10
       +
       

     

       11
       11
       +
           # add a virtual wlan interface

     

       12
       12
       +
           boot.kernelModules = [ "mac80211_hwsim" ];

     

       13
       13
       +
       

     

       14
       14
       +
           # wireless access point

     

       15
       15
       +
           services.hostapd = {

     

       16
       16
       +
             enable = true;

     

       17
       17
       +
             wpa = true;

     

       18
       18
       +
             interface = "wlan0";

     

       19
       19
       +
             ssid = "nixos-test";

     

       20
       20
       +
             wpaPassphrase = "reproducibility";

     

       21
       21
       +
           };

     

       22
       22
       +
       

     

       23
       23
       +
           # wireless client

     

       24
       24
       +
           networking.wireless = {

     

       25
       25
       +
             # the override is needed because the wifi is

     

       26
       26
       +
             # disabled with mkVMOverride in qemu-vm.nix.

     

       27
       27
       +
             enable = lib.mkOverride 0 true;

     

       28
       28
       +
             userControlled.enable = true;

     

       29
       29
       +
             interfaces = [ "wlan1" ];

     

       30
       30
       +
       

     

       31
       31
       +
             networks = {

     

       32
       32
       +
               # test network

     

       33
       33
       +
               nixos-test.psk = "@PSK_NIXOS_TEST@";

     

       34
       34
       +
       

     

       35
       35
       +
               # secrets substitution test cases

     

       36
       36
       +
               test1.psk = "@PSK_VALID@";              # should be replaced

     

       37
       37
       +
               test2.psk = "@PSK_SPECIAL@";            # should be replaced

     

       38
       38
       +
               test3.psk = "@PSK_MISSING@";            # should not be replaced

     

       39
       39
       +
               test4.psk = "P@ssowrdWithSome@tSymbol"; # should not be replaced

     

       40
       40
       +
             };

     

       41
       41
       +
       

     

       42
       42
       +
             # secrets

     

       43
       43
       +
             environmentFile = pkgs.writeText "wpa-secrets" ''

     

       44
       44
       +
               PSK_NIXOS_TEST="reproducibility"

     

       45
       45
       +
               PSK_VALID="S0m3BadP4ssw0rd";

     

       46
       46
       +
               # taken from https://github.com/minimaxir/big-list-of-naughty-strings

     

       47
       47
       +
               PSK_SPECIAL=",./;'[]\-= <>?:\"{}|_+ !@#$%^\&*()`~";

     

       48
       48
       +
             '';

     

       49
       49
       +
           };

     

       50
       50
       +
       

     

       51
       51
       +
         };

     

       52
       52
       +
       

     

       53
       53
       +
         testScript =

     

       54
       54
       +
           ''

     

       55
       55
       +
             config_file = "/run/wpa_supplicant/wpa_supplicant.conf"

     

       56
       56
       +
       

     

       57
       57
       +
             with subtest("Configuration file is inaccessible to other users"):

     

       58
       58
       +
                 machine.wait_for_file(config_file)

     

       59
       59
       +
                 machine.fail(f"sudo -u nobody ls {config_file}")

     

       60
       60
       +
       

     

       61
       61
       +
             with subtest("Secrets variables have been substituted"):

     

       62
       62
       +
                 machine.fail(f"grep -q @PSK_VALID@ {config_file}")

     

       63
       63
       +
                 machine.fail(f"grep -q @PSK_SPECIAL@ {config_file}")

     

       64
       64
       +
                 machine.succeed(f"grep -q @PSK_MISSING@ {config_file}")

     

       65
       65
       +
                 machine.succeed(f"grep -q P@ssowrdWithSome@tSymbol {config_file}")

     

       66
       66
       +
       

     

       67
       67
       +
                 # save file for manual inspection

     

       68
       68
       +
                 machine.copy_from_vm(config_file)

     

       69
       69
       +
       

     

       70
       70
       +
             with subtest("Daemon is running and accepting connections"):

     

       71
       71
       +
                 machine.wait_for_unit("wpa_supplicant-wlan1.service")

     

       72
       72
       +
                 status = machine.succeed("wpa_cli -i wlan1 status")

     

       73
       73
       +
                 assert "Failed to connect" not in status, \

     

       74
       74
       +
                        "Failed to connect to the daemon"

     

       75
       75
       +
       

     

       76
       76
       +
             with subtest("Daemon can connect to the access point"):

     

       77
       77
       +
                 machine.wait_until_succeeds(

     

       78
       78
       +
                   "wpa_cli -i wlan1 status | grep -q wpa_state=COMPLETED"

     

       79
       79
       +
                 )

     

       80
       80
       +
           '';

     

       81
       81
       +
       })

pkgs/os-specific/linux/wpa_supplicant/default.nix

···

       1
       1
        
       { lib, stdenv, fetchurl, fetchpatch, openssl, pkg-config, libnl

     

       2
       2
       +
       , nixosTests

     

       2
       3
        
       , withDbus ? true, dbus

     

       3
       4
        
       , withReadline ? true, readline

     

       4
       5
        
       , withPcsclite ? true, pcsclite

     
···

       138
       139
        
           rm $out/share/man/man8/wpa_priv.8

     

       139
       140
        
           install -Dm444 wpa_supplicant.conf $out/share/doc/wpa_supplicant/wpa_supplicant.conf.example

     

       140
       141
        
         '';

     

       142
       142
       +
       

     

       143
       143
       +
         passthru.tests = {

     

       144
       144
       +
           inherit (nixosTests) wpa_supplicant;

     

       145
       145
       +
         };

     

       141
       146
        
       

     

       142
       147
        
         meta = with lib; {

     

       143
       148
        
           homepage = "https://w1.fi/wpa_supplicant/";