diff --git a/nix/configurations/vanadium/nixos/connectivity.nix b/nix/configurations/vanadium/nixos/connectivity.nix index 2d67634d..761c9743 100644 --- a/nix/configurations/vanadium/nixos/connectivity.nix +++ b/nix/configurations/vanadium/nixos/connectivity.nix @@ -38,98 +38,134 @@ secretsFile = config.age.secrets.wpa_password.path; scanOnLowSignal = false; networks = let - properties = lib.flip lib.pipe; - networks = lib.flip lib.genAttrs (_: {}); + # wpa_supplicant uses `strchr` to seek to the first `=`, so the only forbidden character is `=`. + escapePwdKey = lib.replaceStrings ["="] ["_"]; - # The higher the more preferred - setPrio = i: lib.mapAttrs (_: conf: conf // {priority = i;}); - private = setPrio 10; - limited = setPrio (-10); + privatePriority = 10; + limitedPriority = -10; - extraConfig = value: conf: conf // {extraConfig = conf.extraConfig or "" + value;}; - randomizeMac = lib.mapAttrs (_: extraConfig "mac_addr=1\n"); - roaming = lib.mapAttrs (_: extraConfig "bgscan=\"simple:30:-70:3600\"\n"); - - hasPsk = let - # wpa_supplicant uses `strchr` to seek to the first `=`, so the only forbidden character is `=`. - escapePwdKey = lib.replaceStrings ["="] ["_"]; - in - lib.mapAttrs (name: conf: conf // {pskRaw = "ext:${escapePwdKey conf.ssid or name}";}); - in - lib.mkMerge [ - (properties [private hasPsk] - (networks [ - "~" - "Pei’s Wifi" - "girlypop-net" - ])) - (properties [private roaming hasPsk] - (networks [ - "annapurna" - "5526-1" # TODO: prefer dead dead dodo later - ])) - - # - # School - # - (properties [private roaming] - { - eduroam = { - authProtocols = ["WPA-EAP"]; - auth = '' - pairwise=CCMP - group=CCMP TKIP - eap=PEAP - ca_cert="${./certs/universite_de_rennes.pem}" - identity="ychiang@etudiant.univ-rennes.fr" - altsubject_match="DNS:radius.univ-rennes1.fr;DNS:radius1.univ-rennes1.fr;DNS:radius2.univ-rennes1.fr;DNS:vmradius-psf1.univ-rennes1.fr;DNS:vmradius-psf2.univ-rennes1.fr" - phase2="auth=MSCHAPV2" - password=ext:EDUROAM - anonymous_identity="anonymous@univ-rennes.fr" + fromList = ns: let + go = networkArgs @ { + ssid, + # Custom fields wrapping nixpkgs module options + hasPassword ? false, + scanOnLowSignal ? false, + randomizeMac ? false, + ... + }: { + ${ssid} = lib.mkMerge [ + (builtins.removeAttrs networkArgs ["ssid" "hasPassword" "scanOnLowSignal" "randomizeMac"]) + (lib.optionalAttrs hasPassword { + pskRaw = "ext:${escapePwdKey ssid}"; + }) + (lib.optionalAttrs scanOnLowSignal { + extraConfig = '' + bgscan="simple:30:-70:3600" ''; - }; - }) + }) + (lib.optionalAttrs randomizeMac { + extraConfig = '' + mac_addr=1 + ''; + }) + ]; + }; + in + lib.mkMerge (map go ns); + in + fromList [ + { + ssid = "~"; + priority = privatePriority; + hasPassword = true; + } + { + ssid = "Pei’s Wifi"; + priority = privatePriority; + hasPassword = true; + } + { + ssid = "girlypop-net"; + priority = privatePriority; + hasPassword = true; + } - # - # Cafés - # - (properties [private randomizeMac hasPsk] - (networks [ - "A-WAY" - "CAT.jpgcafe" - "LOUISA" # 區公所 - "LouisaCoffee" # 七張 - "MetroTaipei x Louisa" # 大安 - ])) + { + ssid = "annapurna"; + priority = privatePriority; + hasPassword = true; + scanOnLowSignal = true; + } + { + ssid = "5526-1"; # TODO: set bssid preference ? + priority = privatePriority; + hasPassword = true; + scanOnLowSignal = true; + } - # - # Open networks - # - # - # Use this link to do portal login - # http://detectportal.firefox.com/canonical.html - (properties [randomizeMac] - (networks [ - # Transport - "_SNCF_WIFI_INOUI" - "_WIFI_LYRIA" - "EurostarTrainsWiFi" - "SBB-FREE" - "AOT Airport Free Wi-Fi by NT" + { + ssid = "eduroam"; + priority = privatePriority; + scanOnLowSignal = true; - # Library - "NewTaipei" + authProtocols = ["WPA-EAP"]; + auth = '' + pairwise=CCMP + group=CCMP TKIP + eap=PEAP + ca_cert="${./certs/universite_de_rennes.pem}" + identity="ychiang@etudiant.univ-rennes.fr" + altsubject_match="DNS:radius.univ-rennes1.fr;DNS:radius1.univ-rennes1.fr;DNS:radius2.univ-rennes1.fr;DNS:vmradius-psf1.univ-rennes1.fr;DNS:vmradius-psf2.univ-rennes1.fr" + phase2="auth=MSCHAPV2" + password=ext:EDUROAM + anonymous_identity="anonymous@univ-rennes.fr" + ''; + } - "Fami-WiFi" - ])) + { + ssid = "A-WAY"; + priority = privatePriority; + hasPassword = true; + randomizeMac = true; + } + { + ssid = "CAT.jpgcafe"; + priority = privatePriority; + hasPassword = true; + randomizeMac = true; + } + { + ssid = "LOUISA"; # 區公所 + priority = privatePriority; + hasPassword = true; + randomizeMac = true; + } + { + ssid = "LouisaCoffee"; # 七張 + priority = privatePriority; + hasPassword = true; + randomizeMac = true; + } + { + ssid = "MetroTaipei x Louisa"; # 大安 + priority = privatePriority; + hasPassword = true; + randomizeMac = true; + } - # - # Phones - # - (properties [limited hasPsk] - (networks [ - "iPhone de Léana 江" - ])) + {ssid = "_SNCF_WIFI_INOUI";} + {ssid = "_WIFI_LYRIA";} + {ssid = "EurostarTrainsWiFi";} + {ssid = "SBB-FREE";} + {ssid = "AOT Airport Free Wi-Fi by NT";} + {ssid = "NewTaipei";} + {ssid = "Fami-WiFi";} + + { + ssid = "iPhone de Léana 江"; + priority = limitedPriority; + hasPassword = true; + } ]; }; };