diff --git a/hosts/common/bluetooth.nix b/hosts/common/bluetooth.nix index 50fb5bea..1887de65 100644 --- a/hosts/common/bluetooth.nix +++ b/hosts/common/bluetooth.nix @@ -1,8 +1,8 @@ { lib, pkgs, ... }: { - # optionally: persist handshakes. can be useful when debugging, but might disrupt other keys - # sane.persist.sys.plaintext = [ "/var/lib/bluetooth" ]; + # persist external pairings by default + sane.persist.sys.plaintext = [ "/var/lib/bluetooth" ]; sane.fs."/var/lib/bluetooth".generated.acl.mode = "0700"; sane.fs."/var/lib/bluetooth/.secrets.stamp" = { diff --git a/scripts/install-bluetooth b/scripts/install-bluetooth index f0f01f0f..0addd869 100755 --- a/scripts/install-bluetooth +++ b/scripts/install-bluetooth @@ -7,6 +7,7 @@ # bluetooth connection structure is /var/lib/bluetooth///{attributes,info} # bluetoothd/main.conf options can be found here: # - +# can be set via nixos' `hardware.bluetooth.settings` srcdir="$1" destdir="$2" @@ -23,9 +24,14 @@ for f in $(ls "$srcdir") do mac=$(sed -rn 's/# MAC=(.*)/\1/p' "$srcdir/$f") condir="$destdir/$mac" - test -d "$condir" || mkdir "$condir" || test -d "$condir" - # bluetoothd just converts my symlinks into plain files anyway, so may as well cp directly - cp "$srcdir/$f" "$condir/info" - # ln -sf --no-dereference "$srcdir/$f" "$condir/info" - touch "$condir/attributes" + if ! test -f "$condir/info" + then + # don't *overwrite* pairings. instead, only copy the device data if the host doesn't yet know about it. + # unfortunately, it seems that for most BT devices i can't share link keys across hosts. + # perhaps i could using `bdaddr` to force a shared host MAC across all hosts, but that doesn't work for all manufacturers. + # instead, my bluetooth "secrets" are mostly just a list of MACs i want a host to trust. + mkdir "$condir" + cp "$srcdir/$f" "$condir/info" + touch "$condir/attributes" + fi done diff --git a/secrets/universal/bt/portable-speaker.bin b/secrets/universal/bt/portable-speaker.bin index a3bdc338..121d5777 100644 --- a/secrets/universal/bt/portable-speaker.bin +++ b/secrets/universal/bt/portable-speaker.bin @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:GIq5+OrFh6wG8pFt0inBaJDlBLet9NndAl1CHQ1OpWXDc0yk7Pu2qUdqEZbJoWWpUW4yYQUYSvx5ub/LS+u4NWkK7qWkDa7VgoGhyOPF7T54HLUtKXbUVh7Sy4a7EVtPz2xhpeKpyfShq3IDUIGS0Usl+my36qdnOlZgWHpPlhhKgX1nXTLP+KMD3WShfDpJxt0ZP+bCJUvVKDA/ABHQt6n+rO1nlR235RmBmc7bE/3lCzMzh63lRYfJWCchzZGdJoxEup8GB6Sm7Svc56VEikz9XnOEZWIWB7aijdBe7ZmroOdEVS0sDYhed722rwAQ/nE1L/2Lc8/baqC1ip6n/MzpOKCCGRp69ED1DktDvwS7t9w94WOS3hx/fG7Rzx7hGuylieQ7ykVfcWYhpnYb97K3EsG2b4IlgkfS0Pahdu3RHC3CJtlhYNGKwbGuuYrc/FXtJmcABlxHe+Dd5XCn8KyJc2A9Htl4aySaJkH4MiQz3PbfTi4qCsmmYtCcJBxCBwBbEEu1yLzIDCr24uG42S6jypH5hWBjUuOTH+MGYDou/HeTf7EgvEzqqZKs4ZeDMwRvDGWbdA8EQiBhAYmUpQY8I2vS17r2FfvrNQANeEQebaes8bjsFjKQOiBXm5Fp,iv:BPxUV5791usFMAir3ewjLlZok5HD2D6AEYKZ/TSFIsM=,tag:oVVAcBSOOgaslHof7ZZxeQ==,type:str]", + "data": "ENC[AES256_GCM,data:WbIbrAEaBV1ye3Vzxt5DybxNzsQgqsGmRRG8GWibq3DTv8zeJ0hBAWKJHA6BZvK3gxoAOCr+jEsKq/hIcaZkth0G+otQI8UWd8aUC0O+MQMT7bXXu7g+uI/VwofZTu/+AwceBfnyPdfWcmORobbzWABaNxT0OC4tZ+369u37QRmp9Nny9sQALaXW5cUS2kK2ajouWhXaXUt0hVhDTYULDWm7tNaqEFG1sTpg75AGlXfDcvRUNP+FHs1ISfNPgHf2QrPDD48xOCT/weNAy1xIMqS8Ecns5XGRt2sitTz0O5Lz2B5b436GdlsxcGfFv+RATpLGY7DtEirmfPyNybRbxdIrV3oceJO8op2TRmaDR9D0zhF2vtPb470z8lCrU7uyooc+b9mUx2tX3b3FLQy9ukSS2QG6TleVGxznrqO2XYFvse1OZMVDFdXjhn0CaiCHc0f51SNEunS5gLMFpcBvI20FHntT9uj7nwV4yCOGVlWAziyUtK7w/mbcACvOWhwjrN3D4LXQ9QPGSuWBqni9Dsk7de+uArqYP//zqSotJbv1qS1TpB7QYrlJf9VaJ/eLxwAAM7AxEt2So5sNbreh+zZi5cAhaudyEb1fNSf7suACqnHk1BhXoQtRh93ngetMmneQlsXMZGM=,iv:6kYaqB/TMZdvns3Gv0nO0yp+LQBGSS2xn979FfXffvc=,tag:QzfQi4YXhGWLjPIWng1HAg==,type:str]", "sops": { "kms": null, "gcp_kms": null, @@ -39,8 +39,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzYnMxbDNUR2xyV3B5VzFQ\nM1IxQzV5OXM5L1VYdFRYWUt0cWl4ZUdsQVNJCmRjUjdPMmhoaEFmUUxrVmJCRlFl\nNzZqY3p0YUF3T2lYdysvakx4WVg0bFUKLS0tIFFlazJzb3hmVXNyUU5leUFKL3p0\nNlN0TGxVbGtoUHFtK3hBS2RiYUViVFEKii4w04zeDD6HWURzmAhJdxNdNmQgsPw/\nawI6HSVbbmEGXyL23Pe0oultY8k/ZVE4oHRKBkHh00XoCZM/Ye6neA==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2023-01-07T09:24:09Z", - "mac": "ENC[AES256_GCM,data:TSIhuvZdO8C+2ETT2m4pw5NJwpXfB9kK7kyIZOR70Ivy//gtcY8CTsZ+/xl8IUF/iK/wmPWdd9PcJDZGYjWtRKFZNTgliJJZfz9gwtYCYRks3tcvF6I8FtOem98VRHBQzq9exAWoTsMKAZqfHzUqofgd1dpDlk4JMkb40lzNndY=,iv:v+76adlqVwHnKgcs5+PK7d0BBC4FflkOEvquTn3me4A=,tag:wUFfqIX52CgLH/aK4NjbWQ==,type:str]", + "lastmodified": "2023-01-07T11:04:42Z", + "mac": "ENC[AES256_GCM,data:QiNqZSB5WIVroTQKWxt73NLGvv13waePyMcQ3OJaecaOZQiXGhuq9Ojwnk+I2DSs7X8Nv10VilHk97kYNgTjsNdWmXHqtSY0LKbbMoJpzPoF42MCPSv8g5tLOnIR095Ihu8Ntw+FdOsl0rqa9ipqJFFswOpGI/xamcsLtpRnQnQ=,iv:i4YCULu9YJR5zLomeAYpzvFG7SB9x+4wWPhaiFGlTQQ=,tag:xLbmIhg7hPZnHvQVhbgDpQ==,type:str]", "pgp": null, "unencrypted_suffix": "_unencrypted", "version": "3.7.3"