colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

bt/wifi: switch back to sane.fs; fix so WiFi creds are available before NetworkManager starts

Browse Source
This commit is contained in:
Colin
2024-10-01 11:21:45 +00:00
parent b56aae444d
commit caabf1421b
2 changed files with 5 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
hosts/modules/roles/client/bluetooth-pairings.nix
View File

@@ -13,9 +13,7 @@ lib.optionalAttrs false #< disabled 2024-09-27 while i rework sane.fs
# persist external pairings by default
sane.persist.sys.byStore.plaintext = [ "/var/lib/bluetooth" ]; #< TODO: port to private, but may be tricky to ensure service dependencies
systemd.tmpfiles.settings."20-sane-bluetooth-pairings"."/var/lib/bluetooth".d = {
mode = "0700";
};
sane.fs."/var/lib/bluetooth".dir.acl.mode = "0700";
systemd.services.bluetooth-provision-secrets = {
before = [ "bluetooth.service" ];
wantedBy = [ "bluetooth.service" ];

8
hosts/modules/roles/client/wifi-pairings.nix
View File

@@ -10,19 +10,19 @@ in
config = lib.mkIf config.sane.roles.client {
sops.secrets."net/all.json".owner = "networkmanager";
systemd.tmpfiles.settings."20-sane-wifi-pairings"."/var/lib/iwd".d = {
mode = "0700";
};
systemd.services.iwd-provision-secrets = {
before = [ "iwd.service" ];
wantedBy = [ "iwd.service" ];
serviceConfig.ExecStart = "${lib.getExe install-nm} /run/secrets/net/all.json /var/lib/iwd --flavor iwd";
};
systemd.tmpfiles.settings."20-sane-wifi-pairings"."/var/lib/NetworkManager/system-connections".d = {
sane.fs."/var/lib/NetworkManager/system-connections".dir.acl = {
user = "networkmanager";
group = "networkmanager";
mode = "0700";
};
systemd.services.NetworkManager-provision-secrets = {
after = [ "systemd-tmpfiles-setup.service" ]; #< for sane.fs; ensure system-connections exists as a directory first.
before = [ "NetworkManager.service" ];
wantedBy = [ "NetworkManager.service" ];
serviceConfig.ExecStart = "${lib.getExe install-nm} /run/secrets/net/all.json /var/lib/NetworkManager/system-connections --flavor nm";