init

2025-09-25 13:51:04 +02:00 · 2025-09-25 13:51:04 +02:00 · df1ea7ce32
commit df1ea7ce32
5 changed files with 406 additions and 0 deletions
--- a/nixos-modules/wifi.nix
+++ b/nixos-modules/wifi.nix
@ -0,0 +1,136 @@
+{
+  config,
+  lib,
+  isrgRootX1Cert,
+  ...
+}:
+
+with lib;
+
+let
+  cfg = config.networking.wireless.c-base;
+in
+{
+  options.networking.wireless.c-base = {
+    crew = mkEnableOption "c-base-crew WLAN access" // {
+      default = false;
+    };
+    usePublic = mkOption {
+      type = types.bool;
+      default = false;
+      description = "Enable c-base-public WLAN access (guests)";
+    };
+    useFreifunk = mkOption {
+      type = types.bool;
+      default = false;
+      description = "Enable berlin.freifunk.net WLAN access";
+    };
+    credentialsFile = mkOption {
+      type = types.nullOr types.path;
+      default = null;
+      description = ''
+        Path to file containing credentials for crew only:
+        USERNAME=your-username
+        PASSWORD=your-password
+      '';
+    };
+  };
+
+  config = mkMerge [
+    {
+      assertions = [
+        {
+          assertion = !(cfg.useFreifunk && cfg.usePublic);
+          message = "useFreifunk and usePublic cannot both be enabled";
+        }
+        {
+          assertion = !cfg.crew || (cfg.credentialsFile != null);
+          message = "credentialsFile must be set when crew is enabled";
+        }
+      ];
+    }
+
+    (mkIf cfg.crew {
+      networking.networkmanager = {
+        enable = true;
+        ensureProfiles = {
+          environmentFiles = [ cfg.credentialsFile ];
+          profiles = {
+            "c-base-crew" = {
+              connection = {
+                id = "c-base-crew";
+                type = "wifi";
+                autoconnect = true;
+                autoconnect-priority = 20;
+              };
+              wifi = {
+                ssid = "c-base-crew";
+                mode = "infrastructure";
+              };
+              wifi-security = {
+                key-mgmt = "wpa-eap";
+              };
+              "802-1x" = {
+                eap = "peap";
+                identity = "$USERNAME";
+                password = "$PASSWORD";
+                phase2-auth = "mschapv2";
+                ca-cert = "${isrgRootX1Cert}";
+                domain-suffix-match = "radius.cbrp3.c-base.org";
+              };
+              ipv4.method = "auto";
+              ipv6.method = "auto";
+            };
+          };
+        };
+      };
+      security.pki.certificateFiles = [ isrgRootX1Cert ];
+    })
+
+    (mkIf cfg.usePublic {
+      networking.networkmanager.enable = true;
+      networking.networkmanager.ensureProfiles.profiles = {
+        "c-base-public" = {
+          connection = {
+            id = "c-base-public";
+            type = "wifi";
+            autoconnect = true;
+            autoconnect-priority = 10;
+          };
+          wifi = {
+            ssid = "c-base-public";
+            mode = "infrastructure";
+          };
+          wifi-security = {
+            key-mgmt = "none";
+          };
+          ipv4.method = "auto";
+          ipv6.method = "auto";
+        };
+      };
+    })
+
+    (mkIf cfg.useFreifunk {
+      networking.networkmanager.enable = true;
+      networking.networkmanager.ensureProfiles.profiles = {
+        "berlin-freifunk" = {
+          connection = {
+            id = "berlin.freifunk.net";
+            type = "wifi";
+            autoconnect = true;
+            autoconnect-priority = 5;
+          };
+          wifi = {
+            ssid = "berlin.freifunk.net";
+            mode = "infrastructure";
+          };
+          wifi-security = {
+            key-mgmt = "none";
+          };
+          ipv4.method = "auto";
+          ipv6.method = "auto";
+        };
+      };
+    })
+  ];
+}