From 336a35363994383611902e430e024797fe5cb0f0 Mon Sep 17 00:00:00 2001 From: Charlotte Van Petegem Date: Fri, 22 Oct 2021 17:20:40 +0200 Subject: [PATCH] Use environmentFile for wireless network configuration --- machines/kharbranth/default.nix | 9 +++- machines/kholinar/default.nix | 8 +++- modules/base/network/default.nix | 2 +- modules/base/network/mobile.nix | 55 +++++++++++++++++++++++++ modules/base/network/networkmanager.nix | 24 ----------- secrets.nix | 2 + secrets/passwords/networks.age | 14 +++++++ 7 files changed, 87 insertions(+), 27 deletions(-) create mode 100644 modules/base/network/mobile.nix delete mode 100644 modules/base/network/networkmanager.nix create mode 100644 secrets/passwords/networks.age diff --git a/machines/kharbranth/default.nix b/machines/kharbranth/default.nix index b42895ee..31118031 100644 --- a/machines/kharbranth/default.nix +++ b/machines/kharbranth/default.nix @@ -15,7 +15,14 @@ stateVersion = "20.09"; base = { bluetooth.enable = true; - network.networkmanager.enable = true; + network.mobile = { + enable = true; + wireless-interface = "wlp2s0"; + wired-interfaces = { + "enp0s20f0u1u2" = { macAddress = "10:65:30:df:80:f5"; }; + "enp0s31f6" = { macAddress = "10:65:30:df:80:f5"; }; + }; + }; zfs = { encrypted = true; backups = [ diff --git a/machines/kholinar/default.nix b/machines/kholinar/default.nix index ae7f377b..49047597 100644 --- a/machines/kholinar/default.nix +++ b/machines/kholinar/default.nix @@ -12,7 +12,13 @@ stateVersion = "20.09"; base = { bluetooth.enable = true; - network.networkmanager.enable = true; + network.mobile = { + enable = true; + wireless-interface = "wlp2s0"; + wired-interfaces = { + "enp0s31f6" = { macAddress = "10:65:30:df:80:f5"; }; + }; + }; zfs = { encrypted = true; backups = [ diff --git a/modules/base/network/default.nix b/modules/base/network/default.nix index 191d5158..f1ac80ae 100644 --- a/modules/base/network/default.nix +++ b/modules/base/network/default.nix @@ -3,6 +3,6 @@ { imports = [ ./ovh.nix - ./networkmanager.nix + ./mobile.nix ]; } diff --git a/modules/base/network/mobile.nix b/modules/base/network/mobile.nix new file mode 100644 index 00000000..d298c89a --- /dev/null +++ b/modules/base/network/mobile.nix @@ -0,0 +1,55 @@ +{ config, lib, pkgs, ... }: + +{ + options.chvp.base.network.mobile = { + enable = lib.mkOption { + default = false; + example = true; + }; + wireless-interface = lib.mkOption { + type = lib.types.str; + example = "wlp2s0"; + }; + wired-interfaces = lib.mkOption { + example = { "enp0s29f0u1u2" = { macAddress = "10:65:30:85:bb:18"; }; }; + }; + }; + + config = with config.chvp.base.network.mobile; lib.mkIf enable { + networking = { + wireless = { + enable = true; + interfaces = [ wireless-interface ]; + environmentFile = config.age.secrets."passwords/networks.age".path; + networks = { + "Public Universal Friend".psk = "@PSK_PUF@"; + AndroidAP.psk = "@PSK_AndroidAP@"; + draadloosnw.psk = "@PSK_draadloosnw@"; + Secorima.psk = "@PSK_Secorima@"; + eduroam = { + authProtocols = [ "WPA-EAP" ]; + auth = '' + eap=PEAP + identity="@EDUROAM_USER@" + password="@EDUROAM_PASS@" + ''; + extraConfig = '' + phase1="peaplabel=0" + phase2="auth=MSCHAPV2" + group=CCMP TKIP + ca_cert="/etc/ssl/certs/ca-bundle.crt" + altsubject_match="DNS:ugnps.ugent.be" + ''; + }; + }; + }; + interfaces = { + "${wireless-interface}".useDHCP = true; + } // lib.mapAttrs (name: attrs: { useDHCP = true; } // attrs) wired-interfaces; + }; + + age.secrets."passwords/networks.age" = { + file = ../../../secrets/passwords/networks.age; + }; + }; +} diff --git a/modules/base/network/networkmanager.nix b/modules/base/network/networkmanager.nix deleted file mode 100644 index 0d55bcdc..00000000 --- a/modules/base/network/networkmanager.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - options.chvp.base.network.networkmanager.enable = lib.mkOption { - default = false; - example = true; - }; - - config = lib.mkIf config.chvp.base.network.networkmanager.enable { - chvp.base.zfs.systemLinks = [ - { path = "/etc/NetworkManager/system-connections"; type = "data"; } - ]; - - networking.networkmanager = { - enable = true; - wifi.macAddress = "random"; - }; - - users.users.charlotte.extraGroups = [ "networkmanager" ]; - home-manager.users.charlotte = { ... }: { - home.packages = with pkgs; [ networkmanagerapplet ]; - }; - }; -} diff --git a/secrets.nix b/secrets.nix index d53b2ed7..9f9e960e 100644 --- a/secrets.nix +++ b/secrets.nix @@ -31,6 +31,8 @@ in "secrets/authorized_keys/charlotte.age".publicKeys = hosts ++ users; "secrets/authorized_keys/root.age".publicKeys = hosts ++ users; + "secrets/passwords/networks.age".publicKeys = laptops ++ users; + "secrets/passwords/ugent-mount-credentials.age".publicKeys = laptops ++ users; "secrets/passwords/ugent-vpn.age".publicKeys = laptops ++ users; "secrets/files/programs/vpn/local.age".publicKeys = laptops ++ users; diff --git a/secrets/passwords/networks.age b/secrets/passwords/networks.age new file mode 100644 index 00000000..b2846319 --- /dev/null +++ b/secrets/passwords/networks.age @@ -0,0 +1,14 @@ +age-encryption.org/v1 +-> ssh-ed25519 umFZoA EgJA71dMaNjzeIrIk26f9ZYesUZC61hcz4SVMbRR1Sc +8xQ6pCqqnwpRNsQcty/emlYJMOK3cKZL9v5lBOTkpEc +-> ssh-ed25519 aUd9Ng kDSdEEr7yBvW6xjQYCfjXH8MKiX7ErXyXobNgKMGVGA +0oxfjV2prMCjk0YMqpaKibvnh0lEa8cE8OZOakARq6I +-> ssh-ed25519 s9rb8g QCGjI/c2Lb1/BxH+cPHgIhR7PjDezUUqeDKde/l+3E4 +frUFtiDd5duiqEIUM0+e3b+z+451eBlzbl5R1spw++E +-> ssh-ed25519 yad4VQ BP7LN1CEbor9KE65BfhfXTa9Xzn2H/pybBrAC7fxh0A +34Pkw68+0+9GheQsPSiwJ3ZsmVNjZ4lOQWrEdwKfYH8 +-> ?diR@~VE-grease +H7EVKOdVfcjcgYgh9ph2HV9yFMMyCte4jt9BHa2hag +--- gZWd5okcan8zWduhUh5UeP7ZFXAa7BXAPW1Sv8hoPt4 +AwRš°RÜDGCB4u#þ$vÂùŒ-‘òWz‹‘£žøÃ>ƒ…ÐzË€¨Ð±ä)Ó†»B磊*eŠȨTìÞåÉJêÛÃK9TéY« nöºW>d <À&ûHZóAÚ…ý°