nixos/wireless: add manual network configuration

2017-10-17 11:14:44 +02:00 · 2017-10-17 11:14:44 +02:00 · 2918f6a3f0
commit 2918f6a3f0
parent 1503409aac
1 changed files with 51 additions and 9 deletions
--- a/nixos/modules/services/networking/wpa_supplicant.nix
+++ b/nixos/modules/services/networking/wpa_supplicant.nix
@ -8,17 +8,20 @@ let
    ${optionalString cfg.userControlled.enable ''
      ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=${cfg.userControlled.group}
      update_config=1''}
-    ${concatStringsSep "\n" (mapAttrsToList (ssid: networkConfig: let
-      psk = if networkConfig.psk != null
-        then ''"${networkConfig.psk}"''
-        else networkConfig.pskRaw;
-      priority = networkConfig.priority;
+    ${concatStringsSep "\n" (mapAttrsToList (ssid: config: with config; let
+      key = if psk != null
+        then ''"${psk}"''
+        else pskRaw;
+      baseAuth = if key != null
+        then ''psk=${key}''
+        else ''key_mgmt=NONE'';
    in ''
      network={
        ssid="${ssid}"
-        ${optionalString (psk != null) ''psk=${psk}''}
-        ${optionalString (psk == null) ''key_mgmt=NONE''}
        ${optionalString (priority != null) ''priority=${toString priority}''}
+        ${optionalString hidden "scan_ssid=1"}
+        ${if (auth != null) then auth else baseAuth}
+        ${extraConfig}
      }
    '') cfg.networks)}
  '' else "/etc/wpa_supplicant.conf";
@ -70,6 +73,32 @@ in {
                Mutually exclusive with <varname>psk</varname>.
              '';
            };
+
+            auth = mkOption {
+              type = types.nullOr types.str;
+              default = null;
+              example = ''
+                key_mgmt=WPA-EAP
+                eap=PEAP
+                identity="user@example.com"
+                password="secret"
+              '';
+              description = ''
+                Use this option to configure advanced authentication methods like EAP.
+                See wpa_supplicant.conf(5) for example configurations.
+
+                Mutually exclusive with <varname>psk</varname> and <varname>pskRaw</varname>.
+              '';
+            };
+
+            hidden = mkOption {
+              type = types.bool;
+              default = false;
+              description = ''
+                Set this to <literal>true</literal> if the SSID of the network is hidden.
+              '';
+            };
+
            priority = mkOption {
              type = types.nullOr types.int;
              default = null;
@ -83,6 +112,19 @@ in {
                policy, signal strength, etc.
              '';
            };
+
+            extraConfig = mkOption {
+              type = types.str;
+              default = "";
+              example = ''
+                bssid_blacklist=02:11:22:33:44:55 02:22:aa:44:55:66
+              '';
+              description = ''
+                Extra configuration lines appended to the network block.
+                See wpa_supplicant.conf(5) for available options.
+              '';
+            };
+
          };
        });
        description = ''
@ -128,8 +170,8 @@ in {

  config = mkIf cfg.enable {
    assertions = flip mapAttrsToList cfg.networks (name: cfg: {
-      assertion = cfg.psk == null || cfg.pskRaw == null;
-      message = ''networking.wireless."${name}".psk and networking.wireless."${name}".pskRaw are mutually exclusive'';
+      assertion = with cfg; count (x: x != null) [ psk pskRaw auth ] <= 1;
+      message = ''options networking.wireless."${name}".{psk,pskRaw,auth} are mutually exclusive'';
    });

    environment.systemPackages =  [ pkgs.wpa_supplicant ];