rework wpa supplicants

2025-04-25 16:08:30 +02:00 · 2024-09-26 17:48:59 +02:00 · 2024-09-26 17:48:59 +02:00 · 8b786bdc42
commit 8b786bdc42
parent 43af3e872c
5 changed files with 89 additions and 60 deletions
--- a/hosts/thinkpad/modules/networks/uni.nix
+++ b/hosts/thinkpad/modules/networks/uni.nix
@ -12,7 +12,36 @@
      "LAN" = {
        userControlled.enable = true;
        driver = "wired";
-        configFile.path = config.age.secrets.dyport-auth.path;
+        configFile.path = pkgs.writeText "supplicant-lan.conf" ''
+          ctrl_interface=/run/wpa_supplicant
+          ap_scan=0
+          network={
+            ssid="apb-ifsr"
+          	key_mgmt=IEEE8021X
+          	eap=TTLS
+          	anonymous_identity="rose159e@apb-ifsr"
+          	ca_cert="/etc/ssl/certs/ca-certificates.crt"
+          	domain_suffix_match="radius-tud.zih.tu-dresden.de"
+          	identity="rose159e@apb-ifsr"
+          	password=ext:TUD_AUTH
+          	phase2="auth=PAP"
+          	disabled=1
+          }
+          network={
+          	ssid="zih-ma"
+          	key_mgmt=IEEE8021X
+          	eap=TTLS
+          	anonymous_identity="rose159e@zih-ma"
+          	ca_cert="/etc/ssl/certs/ca-certificates.crt"
+          	domain_suffix_match="radius-tud.zih.tu-dresden.de"
+          	identity="rose159e@zih-ma"
+          	password=ext:TUD_AUTH
+          	phase2="auth=PAP"
+          	disabled=1
+          }
+          ext_password_backend=file:${config.age.secrets.dyport-auth.path}
+        '';
+        # configFile.path = config.age.secrets.dyport-auth.path;
      };
    };
    wireless.networks = {
@ -23,7 +52,7 @@
          ca_cert="/etc/ssl/certs/ca-certificates.crt"
          domain_suffix_match="radius-eduroam.zih.tu-dresden.de"
          identity="rose159e@tu-dresden.de"
-          password="@EDUROAM_AUTH@"
+          password=ext:EDUROAM_AUTH
          phase2="auth=PAP"
          bssid_ignore=7c:5a:1c:02:3d:ef 82:5a:1c:02:3d:ef 82:5a:1c:02:3d:db 7c:5a:1c:02:3d:8b
        '';
@ -39,7 +68,7 @@
          ca_cert="/etc/ssl/certs/ca-certificates.crt"
          domain_suffix_match="radius.agdsn.de"
          identity="r5"
-          password="@AGDSN_WIFI_AUTH@"
+          password=ext:AGDSN_WIFI_AUTH
          phase2="auth=PAP"
          bssid_ignore=b8:3a:5a:8b:96:c2
        '';
@ -54,18 +83,18 @@
          domain_suffix_match="radius.agdsn.de"
          identity="r5"
          proto=WPA2
-          password="@AGDSN_AUTH@"
+          password=ext:AGDSN_AUTH
          phase2="auth=PAP"
        '';
        extraConfig = "disabled=1";
        authProtocols = [ "WPA-EAP" ];
      };
      agdsn_fritzbox = {
-        psk = "@AGDSN_FRITZBOX_PSK@";
+        psk = "ext:AGDSN_FRITZBOX_PSK";
        authProtocols = [ "WPA-PSK" ];
      };
      FSR = {
-        psk = "@FSR_PSK@";
+        psk = "ext:FSR_PSK";
        authProtocols = [ "WPA-PSK" ];
      };
    };