bluetooth: accept that LinkKeys are device/host-specific and stop trying to share them across machines
This commit is contained in:
parent
fb7d94209c
commit
ea5552daa7
|
@ -1,8 +1,8 @@
|
||||||
{ lib, pkgs, ... }:
|
{ lib, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
# optionally: persist handshakes. can be useful when debugging, but might disrupt other keys
|
# persist external pairings by default
|
||||||
# sane.persist.sys.plaintext = [ "/var/lib/bluetooth" ];
|
sane.persist.sys.plaintext = [ "/var/lib/bluetooth" ];
|
||||||
|
|
||||||
sane.fs."/var/lib/bluetooth".generated.acl.mode = "0700";
|
sane.fs."/var/lib/bluetooth".generated.acl.mode = "0700";
|
||||||
sane.fs."/var/lib/bluetooth/.secrets.stamp" = {
|
sane.fs."/var/lib/bluetooth/.secrets.stamp" = {
|
||||||
|
|
|
@ -7,6 +7,7 @@
|
||||||
# bluetooth connection structure is /var/lib/bluetooth/<HOST_MAC>/<DEVICE_MAX>/{attributes,info}
|
# bluetooth connection structure is /var/lib/bluetooth/<HOST_MAC>/<DEVICE_MAX>/{attributes,info}
|
||||||
# bluetoothd/main.conf options can be found here:
|
# bluetoothd/main.conf options can be found here:
|
||||||
# - <https://pythonhosted.org/BT-Manager/config.html>
|
# - <https://pythonhosted.org/BT-Manager/config.html>
|
||||||
|
# can be set via nixos' `hardware.bluetooth.settings`
|
||||||
|
|
||||||
srcdir="$1"
|
srcdir="$1"
|
||||||
destdir="$2"
|
destdir="$2"
|
||||||
|
@ -23,9 +24,14 @@ for f in $(ls "$srcdir")
|
||||||
do
|
do
|
||||||
mac=$(sed -rn 's/# MAC=(.*)/\1/p' "$srcdir/$f")
|
mac=$(sed -rn 's/# MAC=(.*)/\1/p' "$srcdir/$f")
|
||||||
condir="$destdir/$mac"
|
condir="$destdir/$mac"
|
||||||
test -d "$condir" || mkdir "$condir" || test -d "$condir"
|
if ! test -f "$condir/info"
|
||||||
# bluetoothd just converts my symlinks into plain files anyway, so may as well cp directly
|
then
|
||||||
|
# don't *overwrite* pairings. instead, only copy the device data if the host doesn't yet know about it.
|
||||||
|
# unfortunately, it seems that for most BT devices i can't share link keys across hosts.
|
||||||
|
# perhaps i could using `bdaddr` to force a shared host MAC across all hosts, but that doesn't work for all manufacturers.
|
||||||
|
# instead, my bluetooth "secrets" are mostly just a list of MACs i want a host to trust.
|
||||||
|
mkdir "$condir"
|
||||||
cp "$srcdir/$f" "$condir/info"
|
cp "$srcdir/$f" "$condir/info"
|
||||||
# ln -sf --no-dereference "$srcdir/$f" "$condir/info"
|
|
||||||
touch "$condir/attributes"
|
touch "$condir/attributes"
|
||||||
|
fi
|
||||||
done
|
done
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
{
|
{
|
||||||
"data": "ENC[AES256_GCM,data:GIq5+OrFh6wG8pFt0inBaJDlBLet9NndAl1CHQ1OpWXDc0yk7Pu2qUdqEZbJoWWpUW4yYQUYSvx5ub/LS+u4NWkK7qWkDa7VgoGhyOPF7T54HLUtKXbUVh7Sy4a7EVtPz2xhpeKpyfShq3IDUIGS0Usl+my36qdnOlZgWHpPlhhKgX1nXTLP+KMD3WShfDpJxt0ZP+bCJUvVKDA/ABHQt6n+rO1nlR235RmBmc7bE/3lCzMzh63lRYfJWCchzZGdJoxEup8GB6Sm7Svc56VEikz9XnOEZWIWB7aijdBe7ZmroOdEVS0sDYhed722rwAQ/nE1L/2Lc8/baqC1ip6n/MzpOKCCGRp69ED1DktDvwS7t9w94WOS3hx/fG7Rzx7hGuylieQ7ykVfcWYhpnYb97K3EsG2b4IlgkfS0Pahdu3RHC3CJtlhYNGKwbGuuYrc/FXtJmcABlxHe+Dd5XCn8KyJc2A9Htl4aySaJkH4MiQz3PbfTi4qCsmmYtCcJBxCBwBbEEu1yLzIDCr24uG42S6jypH5hWBjUuOTH+MGYDou/HeTf7EgvEzqqZKs4ZeDMwRvDGWbdA8EQiBhAYmUpQY8I2vS17r2FfvrNQANeEQebaes8bjsFjKQOiBXm5Fp,iv:BPxUV5791usFMAir3ewjLlZok5HD2D6AEYKZ/TSFIsM=,tag:oVVAcBSOOgaslHof7ZZxeQ==,type:str]",
|
"data": "ENC[AES256_GCM,data:WbIbrAEaBV1ye3Vzxt5DybxNzsQgqsGmRRG8GWibq3DTv8zeJ0hBAWKJHA6BZvK3gxoAOCr+jEsKq/hIcaZkth0G+otQI8UWd8aUC0O+MQMT7bXXu7g+uI/VwofZTu/+AwceBfnyPdfWcmORobbzWABaNxT0OC4tZ+369u37QRmp9Nny9sQALaXW5cUS2kK2ajouWhXaXUt0hVhDTYULDWm7tNaqEFG1sTpg75AGlXfDcvRUNP+FHs1ISfNPgHf2QrPDD48xOCT/weNAy1xIMqS8Ecns5XGRt2sitTz0O5Lz2B5b436GdlsxcGfFv+RATpLGY7DtEirmfPyNybRbxdIrV3oceJO8op2TRmaDR9D0zhF2vtPb470z8lCrU7uyooc+b9mUx2tX3b3FLQy9ukSS2QG6TleVGxznrqO2XYFvse1OZMVDFdXjhn0CaiCHc0f51SNEunS5gLMFpcBvI20FHntT9uj7nwV4yCOGVlWAziyUtK7w/mbcACvOWhwjrN3D4LXQ9QPGSuWBqni9Dsk7de+uArqYP//zqSotJbv1qS1TpB7QYrlJf9VaJ/eLxwAAM7AxEt2So5sNbreh+zZi5cAhaudyEb1fNSf7suACqnHk1BhXoQtRh93ngetMmneQlsXMZGM=,iv:6kYaqB/TMZdvns3Gv0nO0yp+LQBGSS2xn979FfXffvc=,tag:QzfQi4YXhGWLjPIWng1HAg==,type:str]",
|
||||||
"sops": {
|
"sops": {
|
||||||
"kms": null,
|
"kms": null,
|
||||||
"gcp_kms": null,
|
"gcp_kms": null,
|
||||||
|
@ -39,8 +39,8 @@
|
||||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzYnMxbDNUR2xyV3B5VzFQ\nM1IxQzV5OXM5L1VYdFRYWUt0cWl4ZUdsQVNJCmRjUjdPMmhoaEFmUUxrVmJCRlFl\nNzZqY3p0YUF3T2lYdysvakx4WVg0bFUKLS0tIFFlazJzb3hmVXNyUU5leUFKL3p0\nNlN0TGxVbGtoUHFtK3hBS2RiYUViVFEKii4w04zeDD6HWURzmAhJdxNdNmQgsPw/\nawI6HSVbbmEGXyL23Pe0oultY8k/ZVE4oHRKBkHh00XoCZM/Ye6neA==\n-----END AGE ENCRYPTED FILE-----\n"
|
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzYnMxbDNUR2xyV3B5VzFQ\nM1IxQzV5OXM5L1VYdFRYWUt0cWl4ZUdsQVNJCmRjUjdPMmhoaEFmUUxrVmJCRlFl\nNzZqY3p0YUF3T2lYdysvakx4WVg0bFUKLS0tIFFlazJzb3hmVXNyUU5leUFKL3p0\nNlN0TGxVbGtoUHFtK3hBS2RiYUViVFEKii4w04zeDD6HWURzmAhJdxNdNmQgsPw/\nawI6HSVbbmEGXyL23Pe0oultY8k/ZVE4oHRKBkHh00XoCZM/Ye6neA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"lastmodified": "2023-01-07T09:24:09Z",
|
"lastmodified": "2023-01-07T11:04:42Z",
|
||||||
"mac": "ENC[AES256_GCM,data:TSIhuvZdO8C+2ETT2m4pw5NJwpXfB9kK7kyIZOR70Ivy//gtcY8CTsZ+/xl8IUF/iK/wmPWdd9PcJDZGYjWtRKFZNTgliJJZfz9gwtYCYRks3tcvF6I8FtOem98VRHBQzq9exAWoTsMKAZqfHzUqofgd1dpDlk4JMkb40lzNndY=,iv:v+76adlqVwHnKgcs5+PK7d0BBC4FflkOEvquTn3me4A=,tag:wUFfqIX52CgLH/aK4NjbWQ==,type:str]",
|
"mac": "ENC[AES256_GCM,data:QiNqZSB5WIVroTQKWxt73NLGvv13waePyMcQ3OJaecaOZQiXGhuq9Ojwnk+I2DSs7X8Nv10VilHk97kYNgTjsNdWmXHqtSY0LKbbMoJpzPoF42MCPSv8g5tLOnIR095Ihu8Ntw+FdOsl0rqa9ipqJFFswOpGI/xamcsLtpRnQnQ=,iv:i4YCULu9YJR5zLomeAYpzvFG7SB9x+4wWPhaiFGlTQQ=,tag:xLbmIhg7hPZnHvQVhbgDpQ==,type:str]",
|
||||||
"pgp": null,
|
"pgp": null,
|
||||||
"unencrypted_suffix": "_unencrypted",
|
"unencrypted_suffix": "_unencrypted",
|
||||||
"version": "3.7.3"
|
"version": "3.7.3"
|
||||||
|
|
Loading…
Reference in New Issue