137 lines
3.4 KiB
Nix
137 lines
3.4 KiB
Nix
|
{
|
||
|
|
config,
|
||
|
|
lib,
|
||
|
|
isrgRootX1Cert,
|
||
|
|
...
|
||
|
|
}:
|
||
|
|
|
||
|
|
with lib;
|
||
|
|
|
||
|
|
let
|
||
|
|
cfg = config.networking.wireless.c-base;
|
||
|
|
in
|
||
|
|
{
|
||
|
|
options.networking.wireless.c-base = {
|
||
|
|
crew = mkEnableOption "c-base-crew WLAN access" // {
|
||
|
|
default = false;
|
||
|
|
};
|
||
|
|
usePublic = mkOption {
|
||
|
|
type = types.bool;
|
||
|
|
default = false;
|
||
|
|
description = "Enable c-base-public WLAN access (guests)";
|
||
|
|
};
|
||
|
|
useFreifunk = mkOption {
|
||
|
|
type = types.bool;
|
||
|
|
default = false;
|
||
|
|
description = "Enable berlin.freifunk.net WLAN access";
|
||
|
|
};
|
||
|
|
credentialsFile = mkOption {
|
||
|
|
type = types.nullOr types.path;
|
||
|
|
default = null;
|
||
|
|
description = ''
|
||
|
|
Path to file containing credentials for crew only:
|
||
|
|
USERNAME=your-username
|
||
|
|
PASSWORD=your-password
|
||
|
|
'';
|
||
|
|
};
|
||
|
|
};
|
||
|
|
|
||
|
|
config = mkMerge [
|
||
|
|
{
|
||
|
|
assertions = [
|
||
|
|
{
|
||
|
|
assertion = !(cfg.useFreifunk && cfg.usePublic);
|
||
|
|
message = "useFreifunk and usePublic cannot both be enabled";
|
||
|
|
}
|
||
|
|
{
|
||
|
|
assertion = !cfg.crew || (cfg.credentialsFile != null);
|
||
|
|
message = "credentialsFile must be set when crew is enabled";
|
||
|
|
}
|
||
|
|
];
|
||
|
|
}
|
||
|
|
|
||
|
|
(mkIf cfg.crew {
|
||
|
|
networking.networkmanager = {
|
||
|
|
enable = true;
|
||
|
|
ensureProfiles = {
|
||
|
|
environmentFiles = [ cfg.credentialsFile ];
|
||
|
|
profiles = {
|
||
|
|
"c-base-crew" = {
|
||
|
|
connection = {
|
||
|
|
id = "c-base-crew";
|
||
|
|
type = "wifi";
|
||
|
|
autoconnect = true;
|
||
|
|
autoconnect-priority = 20;
|
||
|
|
};
|
||
|
|
wifi = {
|
||
|
|
ssid = "c-base-crew";
|
||
|
|
mode = "infrastructure";
|
||
|
|
};
|
||
|
|
wifi-security = {
|
||
|
|
key-mgmt = "wpa-eap";
|
||
|
|
};
|
||
|
|
"802-1x" = {
|
||
|
|
eap = "peap";
|
||
|
|
identity = "$USERNAME";
|
||
|
|
password = "$PASSWORD";
|
||
|
|
phase2-auth = "mschapv2";
|
||
|
|
ca-cert = "${isrgRootX1Cert}";
|
||
|
|
domain-suffix-match = "radius.cbrp3.c-base.org";
|
||
|
|
};
|
||
|
|
ipv4.method = "auto";
|
||
|
|
ipv6.method = "auto";
|
||
|
|
};
|
||
|
|
};
|
||
|
|
};
|
||
|
|
};
|
||
|
|
security.pki.certificateFiles = [ isrgRootX1Cert ];
|
||
|
|
})
|
||
|
|
|
||
|
|
(mkIf cfg.usePublic {
|
||
|
|
networking.networkmanager.enable = true;
|
||
|
|
networking.networkmanager.ensureProfiles.profiles = {
|
||
|
|
"c-base-public" = {
|
||
|
|
connection = {
|
||
|
|
id = "c-base-public";
|
||
|
|
type = "wifi";
|
||
|
|
autoconnect = true;
|
||
|
|
autoconnect-priority = 10;
|
||
|
|
};
|
||
|
|
wifi = {
|
||
|
|
ssid = "c-base-public";
|
||
|
|
mode = "infrastructure";
|
||
|
|
};
|
||
|
|
wifi-security = {
|
||
|
|
key-mgmt = "none";
|
||
|
|
};
|
||
|
|
ipv4.method = "auto";
|
||
|
|
ipv6.method = "auto";
|
||
|
|
};
|
||
|
|
};
|
||
|
|
})
|
||
|
|
|
||
|
|
(mkIf cfg.useFreifunk {
|
||
|
|
networking.networkmanager.enable = true;
|
||
|
|
networking.networkmanager.ensureProfiles.profiles = {
|
||
|
|
"berlin-freifunk" = {
|
||
|
|
connection = {
|
||
|
|
id = "berlin.freifunk.net";
|
||
|
|
type = "wifi";
|
||
|
|
autoconnect = true;
|
||
|
|
autoconnect-priority = 5;
|
||
|
|
};
|
||
|
|
wifi = {
|
||
|
|
ssid = "berlin.freifunk.net";
|
||
|
|
mode = "infrastructure";
|
||
|
|
};
|
||
|
|
wifi-security = {
|
||
|
|
key-mgmt = "none";
|
||
|
|
};
|
||
|
|
ipv4.method = "auto";
|
||
|
|
ipv6.method = "auto";
|
||
|
|
};
|
||
|
|
};
|
||
|
|
})
|
||
|
|
];
|
||
|
|
}
|