primrose/.files
1
0
Fork 0
mirror of https://codeberg.org/leana8959/.files.git synced 2025-12-06 06:39:14 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

vanadium/connectivity: refactor network

Browse source 
Another week another useless abstraction
This commit is contained in:
Primrose 2025-10-22 21:12:28 +08:00
parent 6c6d4ec13a
commit 3ac7e3b73b
Signed by: primrose
GPG key ID: 4E887A4CA9714ADA
1 changed files with 120 additions and 84 deletions
Download patch file Download diff file Expand all files Collapse all files

204
nix/configurations/vanadium/nixos/connectivity.nix
View file

@ -38,98 +38,134 @@
secretsFile = config.age.secrets.wpa_password.path;
scanOnLowSignal = false;
networks = let
properties = lib.flip lib.pipe;
networks = lib.flip lib.genAttrs (_: {});
# wpa_supplicant uses `strchr` to seek to the first `=`, so the only forbidden character is `=`.
escapePwdKey = lib.replaceStrings ["="] ["_"];
# The higher the more preferred
setPrio = i: lib.mapAttrs (_: conf: conf // {priority = i;});
private = setPrio 10;
limited = setPrio (-10);
privatePriority = 10;
limitedPriority = -10;
extraConfig = value: conf: conf // {extraConfig = conf.extraConfig or "" + value;};
randomizeMac = lib.mapAttrs (_: extraConfig "mac_addr=1\n");
roaming = lib.mapAttrs (_: extraConfig "bgscan=\"simple:30:-70:3600\"\n");
hasPsk = let
# wpa_supplicant uses `strchr` to seek to the first `=`, so the only forbidden character is `=`.
escapePwdKey = lib.replaceStrings ["="] ["_"];
in
lib.mapAttrs (name: conf: conf // {pskRaw = "ext:${escapePwdKey conf.ssid or name}";});
in
lib.mkMerge [
(properties [private hasPsk]
(networks [
"~"
"Peis Wifi"
"girlypop-net"
]))
(properties [private roaming hasPsk]
(networks [
"annapurna"
"5526-1" # TODO: prefer dead dead dodo later
]))
#
# School
#
(properties [private roaming]
{
eduroam = {
authProtocols = ["WPA-EAP"];
auth = ''
pairwise=CCMP
group=CCMP TKIP
eap=PEAP
ca_cert="${./certs/universite_de_rennes.pem}"
identity="ychiang@etudiant.univ-rennes.fr"
altsubject_match="DNS:radius.univ-rennes1.fr;DNS:radius1.univ-rennes1.fr;DNS:radius2.univ-rennes1.fr;DNS:vmradius-psf1.univ-rennes1.fr;DNS:vmradius-psf2.univ-rennes1.fr"
phase2="auth=MSCHAPV2"
password=ext:EDUROAM
anonymous_identity="anonymous@univ-rennes.fr"
fromList = ns: let
go = networkArgs @ {
ssid,
# Custom fields wrapping nixpkgs module options
hasPassword ? false,
scanOnLowSignal ? false,
randomizeMac ? false,
...
}: {
${ssid} = lib.mkMerge [
(builtins.removeAttrs networkArgs ["ssid" "hasPassword" "scanOnLowSignal" "randomizeMac"])
(lib.optionalAttrs hasPassword {
pskRaw = "ext:${escapePwdKey ssid}";
})
(lib.optionalAttrs scanOnLowSignal {
extraConfig = ''
bgscan="simple:30:-70:3600"
'';
};
})
})
(lib.optionalAttrs randomizeMac {
extraConfig = ''
mac_addr=1
'';
})
];
};
in
lib.mkMerge (map go ns);
in
fromList [
{
ssid = "~";
priority = privatePriority;
hasPassword = true;
}
{
ssid = "Peis Wifi";
priority = privatePriority;
hasPassword = true;
}
{
ssid = "girlypop-net";
priority = privatePriority;
hasPassword = true;
}
#
# Cafés
#
(properties [private randomizeMac hasPsk]
(networks [
"A-WAY"
"CAT.jpgcafe"
"LOUISA" # 區公所
"LouisaCoffee" # 七張
"MetroTaipei x Louisa" # 大安
]))
{
ssid = "annapurna";
priority = privatePriority;
hasPassword = true;
scanOnLowSignal = true;
}
{
ssid = "5526-1"; # TODO: set bssid preference ?
priority = privatePriority;
hasPassword = true;
scanOnLowSignal = true;
}
#
# Open networks
#
#
# Use this link to do portal login
# http://detectportal.firefox.com/canonical.html
(properties [randomizeMac]
(networks [
# Transport
"_SNCF_WIFI_INOUI"
"_WIFI_LYRIA"
"EurostarTrainsWiFi"
"SBB-FREE"
"AOT Airport Free Wi-Fi by NT"
{
ssid = "eduroam";
priority = privatePriority;
scanOnLowSignal = true;
# Library
"NewTaipei"
authProtocols = ["WPA-EAP"];
auth = ''
pairwise=CCMP
group=CCMP TKIP
eap=PEAP
ca_cert="${./certs/universite_de_rennes.pem}"
identity="ychiang@etudiant.univ-rennes.fr"
altsubject_match="DNS:radius.univ-rennes1.fr;DNS:radius1.univ-rennes1.fr;DNS:radius2.univ-rennes1.fr;DNS:vmradius-psf1.univ-rennes1.fr;DNS:vmradius-psf2.univ-rennes1.fr"
phase2="auth=MSCHAPV2"
password=ext:EDUROAM
anonymous_identity="anonymous@univ-rennes.fr"
'';
}
"Fami-WiFi"
]))
{
ssid = "A-WAY";
priority = privatePriority;
hasPassword = true;
randomizeMac = true;
}
{
ssid = "CAT.jpgcafe";
priority = privatePriority;
hasPassword = true;
randomizeMac = true;
}
{
ssid = "LOUISA"; # 區公所
priority = privatePriority;
hasPassword = true;
randomizeMac = true;
}
{
ssid = "LouisaCoffee"; # 七張
priority = privatePriority;
hasPassword = true;
randomizeMac = true;
}
{
ssid = "MetroTaipei x Louisa"; # 大安
priority = privatePriority;
hasPassword = true;
randomizeMac = true;
}
#
# Phones
#
(properties [limited hasPsk]
(networks [
"iPhone de Léana "
]))
{ssid = "_SNCF_WIFI_INOUI";}
{ssid = "_WIFI_LYRIA";}
{ssid = "EurostarTrainsWiFi";}
{ssid = "SBB-FREE";}
{ssid = "AOT Airport Free Wi-Fi by NT";}
{ssid = "NewTaipei";}
{ssid = "Fami-WiFi";}
{
ssid = "iPhone de Léana ";
priority = limitedPriority;
hasPassword = true;
}
];
};
};