movefasta/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-13 21:50:33 +03:00
Code Activity

treewide: format all inactive Nix files

Browse source 
After final improvements to the official formatter implementation,
this commit now performs the first treewide reformat of Nix files using it.
This is part of the implementation of RFC 166.

Only "inactive" files are reformatted, meaning only files that
aren't being touched by any PR with activity in the past 2 months.
This is to avoid conflicts for PRs that might soon be merged.
Later we can do a full treewide reformat to get the rest,
which should not cause as many conflicts.

A CI check has already been running for some time to ensure that new and
already-formatted files are formatted, so the files being reformatted here
should also stay formatted.

This commit was automatically created and can be verified using

    nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \
      --argstr baseRev b32a094368
    result/bin/apply-formatting $NIXPKGS_PATH
This commit is contained in:
Silvan Mosberger 2024-12-10 20:26:33 +01:00
parent b32a094368
commit 4f0dadbf38
21293 changed files with 701351 additions and 428307 deletions
Download patch file Download diff file Expand all files Collapse all files

608
nixos/modules/services/networking/wpa_supplicant.nix
View file

@ -1,4 +1,11 @@
{ config, lib, options, pkgs, utils, ... }:
{
config,
lib,
options,
pkgs,
utils,
...
}:
with lib;
@ -6,93 +13,109 @@ let
cfg = config.networking.wireless;
opt = options.networking.wireless;
wpa3Protocols = [ "SAE" "FT-SAE" ];
hasMixedWPA = opts:
wpa3Protocols = [
"SAE"
"FT-SAE"
];
hasMixedWPA =
opts:
let
hasWPA3 = !mutuallyExclusive opts.authProtocols wpa3Protocols;
others = subtractLists wpa3Protocols opts.authProtocols;
in hasWPA3 && others != [];
in
hasWPA3 && others != [ ];
# Gives a WPA3 network higher priority
increaseWPA3Priority = opts:
opts // optionalAttrs (hasMixedWPA opts)
{ priority = if opts.priority == null
then 1
else opts.priority + 1;
};
increaseWPA3Priority =
opts:
opts
// optionalAttrs (hasMixedWPA opts) {
priority = if opts.priority == null then 1 else opts.priority + 1;
};
# Creates a WPA2 fallback network
mkWPA2Fallback = opts:
opts // { authProtocols = subtractLists wpa3Protocols opts.authProtocols; };
mkWPA2Fallback = opts: opts // { authProtocols = subtractLists wpa3Protocols opts.authProtocols; };
# Networks attrset as a list
networkList = mapAttrsToList (ssid: opts: opts // { inherit ssid; })
cfg.networks;
networkList = mapAttrsToList (ssid: opts: opts // { inherit ssid; }) cfg.networks;
# List of all networks (normal + generated fallbacks)
allNetworks =
if cfg.fallbackToWPA2
then map increaseWPA3Priority networkList
++ map mkWPA2Fallback (filter hasMixedWPA networkList)
else networkList;
if cfg.fallbackToWPA2 then
map increaseWPA3Priority networkList ++ map mkWPA2Fallback (filter hasMixedWPA networkList)
else
networkList;
# Content of wpa_supplicant.conf
generatedConfig = concatStringsSep "\n" (
(map mkNetwork allNetworks)
++ optional cfg.userControlled.enable (concatStringsSep "\n"
[ "ctrl_interface=/run/wpa_supplicant"
++ optional cfg.userControlled.enable (
concatStringsSep "\n" [
"ctrl_interface=/run/wpa_supplicant"
"ctrl_interface_group=${cfg.userControlled.group}"
"update_config=1"
])
]
)
++ [ "pmf=1" ]
++ optional (cfg.secretsFile != null)
"ext_password_backend=file:${cfg.secretsFile}"
++ optional (cfg.secretsFile != null) "ext_password_backend=file:${cfg.secretsFile}"
++ optional cfg.scanOnLowSignal ''bgscan="simple:30:-70:3600"''
++ optional (cfg.extraConfig != "") cfg.extraConfig);
++ optional (cfg.extraConfig != "") cfg.extraConfig
);
configIsGenerated = with cfg;
networks != {} || extraConfig != "" || userControlled.enable;
configIsGenerated = with cfg; networks != { } || extraConfig != "" || userControlled.enable;
# the original configuration file
configFile =
if configIsGenerated
then pkgs.writeText "wpa_supplicant.conf" generatedConfig
else "/etc/wpa_supplicant.conf";
if configIsGenerated then
pkgs.writeText "wpa_supplicant.conf" generatedConfig
else
"/etc/wpa_supplicant.conf";
# Creates a network block for wpa_supplicant.conf
mkNetwork = opts:
let
quote = x: ''"${x}"'';
indent = x: " " + x;
mkNetwork =
opts:
let
quote = x: ''"${x}"'';
indent = x: " " + x;
pskString = if opts.psk != null
then quote opts.psk
else opts.pskRaw;
pskString = if opts.psk != null then quote opts.psk else opts.pskRaw;
options = [
"ssid=${quote opts.ssid}"
(if pskString != null || opts.auth != null
then "key_mgmt=${concatStringsSep " " opts.authProtocols}"
else "key_mgmt=NONE")
] ++ optional opts.hidden "scan_ssid=1"
++ optional (pskString != null) "psk=${pskString}"
++ optionals (opts.auth != null) (filter (x: x != "") (splitString "\n" opts.auth))
++ optional (opts.priority != null) "priority=${toString opts.priority}"
++ optional (opts.extraConfig != "") opts.extraConfig;
in ''
network={
${concatMapStringsSep "\n" indent options}
}
'';
options =
[
"ssid=${quote opts.ssid}"
(
if pskString != null || opts.auth != null then
"key_mgmt=${concatStringsSep " " opts.authProtocols}"
else
"key_mgmt=NONE"
)
]
++ optional opts.hidden "scan_ssid=1"
++ optional (pskString != null) "psk=${pskString}"
++ optionals (opts.auth != null) (filter (x: x != "") (splitString "\n" opts.auth))
++ optional (opts.priority != null) "priority=${toString opts.priority}"
++ optional (opts.extraConfig != "") opts.extraConfig;
in
''
network={
${concatMapStringsSep "\n" indent options}
}
'';
# Creates a systemd unit for wpa_supplicant bound to a given (or any) interface
mkUnit = iface:
mkUnit =
iface:
let
deviceUnit = optional (iface != null) "sys-subsystem-net-devices-${utils.escapeSystemdPath iface}.device";
configStr = if cfg.allowAuxiliaryImperativeNetworks
then "-c /etc/wpa_supplicant.conf -I ${configFile}"
else "-c ${configFile}";
in {
deviceUnit = optional (
iface != null
) "sys-subsystem-net-devices-${utils.escapeSystemdPath iface}.device";
configStr =
if cfg.allowAuxiliaryImperativeNetworks then
"-c /etc/wpa_supplicant.conf -I ${configFile}"
else
"-c ${configFile}";
in
{
description = "WPA Supplicant instance" + optionalString (iface != null) " for interface ${iface}";
after = deviceUnit;
@ -110,8 +133,7 @@ let
serviceConfig.RuntimeDirectory = "wpa_supplicant";
serviceConfig.RuntimeDirectoryMode = "700";
script =
''
script = ''
${optionalString (configIsGenerated && !cfg.allowAuxiliaryImperativeNetworks) ''
if [ -f /etc/wpa_supplicant.conf ]; then
echo >&2 "<3>/etc/wpa_supplicant.conf present but ignored. Generated ${configFile} is used instead."
@ -125,30 +147,35 @@ let
iface_args="-s ${optionalString cfg.dbusControlled "-u"} -D${cfg.driver} ${configStr}"
${if iface == null then ''
# detect interfaces automatically
${
if iface == null then
''
# detect interfaces automatically
# check if there are no wireless interfaces
if ! find -H /sys/class/net/* -name wireless | grep -q .; then
# if so, wait until one appears
echo "Waiting for wireless interfaces"
grep -q '^ACTION=add' < <(stdbuf -oL -- udevadm monitor -s net/wlan -pu)
# Note: the above line has been carefully written:
# 1. The process substitution avoids udevadm hanging (after grep has quit)
# until it tries to write to the pipe again. Not even pipefail works here.
# 2. stdbuf is needed because udevadm output is buffered by default and grep
# may hang until more udev events enter the pipe.
fi
# check if there are no wireless interfaces
if ! find -H /sys/class/net/* -name wireless | grep -q .; then
# if so, wait until one appears
echo "Waiting for wireless interfaces"
grep -q '^ACTION=add' < <(stdbuf -oL -- udevadm monitor -s net/wlan -pu)
# Note: the above line has been carefully written:
# 1. The process substitution avoids udevadm hanging (after grep has quit)
# until it tries to write to the pipe again. Not even pipefail works here.
# 2. stdbuf is needed because udevadm output is buffered by default and grep
# may hang until more udev events enter the pipe.
fi
# add any interface found to the daemon arguments
for name in $(find -H /sys/class/net/* -name wireless | cut -d/ -f 5); do
echo "Adding interface $name"
args+="''${args:+ -N} -i$name $iface_args"
done
'' else ''
# add known interface to the daemon arguments
args="-i${iface} $iface_args"
''}
# add any interface found to the daemon arguments
for name in $(find -H /sys/class/net/* -name wireless | cut -d/ -f 5); do
echo "Adding interface $name"
args+="''${args:+ -N} -i$name $iface_args"
done
''
else
''
# add known interface to the daemon arguments
args="-i${iface} $iface_args"
''
}
# finally start daemon
exec wpa_supplicant $args
@ -157,15 +184,19 @@ let
systemctl = "/run/current-system/systemd/bin/systemctl";
in {
in
{
options = {
networking.wireless = {
enable = mkEnableOption "wpa_supplicant";
interfaces = mkOption {
type = types.listOf types.str;
default = [];
example = [ "wlan0" "wlan1" ];
default = [ ];
example = [
"wlan0"
"wlan1"
];
description = ''
The interfaces {command}`wpa_supplicant` will use. If empty, it will
automatically use all wireless interfaces.
@ -182,15 +213,17 @@ in {
description = "Force a specific wpa_supplicant driver.";
};
allowAuxiliaryImperativeNetworks = mkEnableOption "support for imperative & declarative networks" // {
description = ''
Whether to allow configuring networks "imperatively" (e.g. via
`wpa_supplicant_gui`) and declaratively via
[](#opt-networking.wireless.networks).
allowAuxiliaryImperativeNetworks =
mkEnableOption "support for imperative & declarative networks"
// {
description = ''
Whether to allow configuring networks "imperatively" (e.g. via
`wpa_supplicant_gui`) and declaratively via
[](#opt-networking.wireless.networks).
Please note that this adds a custom patch to `wpa_supplicant`.
'';
};
Please note that this adds a custom patch to `wpa_supplicant`.
'';
};
scanOnLowSignal = mkOption {
type = types.bool;
@ -249,172 +282,179 @@ in {
};
networks = mkOption {
type = types.attrsOf (types.submodule {
options = {
psk = mkOption {
type = types.nullOr (types.strMatching "[[:print:]]{8,63}");
default = null;
description = ''
The network's pre-shared key in plaintext defaulting
to being a network without any authentication.
type = types.attrsOf (
types.submodule {
options = {
psk = mkOption {
type = types.nullOr (types.strMatching "[[:print:]]{8,63}");
default = null;
description = ''
The network's pre-shared key in plaintext defaulting
to being a network without any authentication.
::: {.warning}
Be aware that this will be written to the Nix store
in plaintext! Use {var}`pskRaw` with an external
reference to keep it safe.
:::
::: {.warning}
Be aware that this will be written to the Nix store
in plaintext! Use {var}`pskRaw` with an external
reference to keep it safe.
:::
::: {.note}
Mutually exclusive with {var}`pskRaw`.
:::
'';
};
pskRaw = mkOption {
type = types.nullOr (types.strMatching "([[:xdigit:]]{64})|(ext:[^=]+)");
default = null;
example = "ext:name_of_the_secret_here";
description = ''
Either the raw pre-shared key in hexadecimal format
or the name of the secret (as defined inside
[](#opt-networking.wireless.secretsFile) and prefixed
with `ext:`) containing the network pre-shared key.
::: {.warning}
Be aware that this will be written to the Nix store
in plaintext! Always use an external reference.
:::
::: {.note}
The external secret can be either the plaintext
passphrase or the raw pre-shared key.
:::
::: {.note}
Mutually exclusive with {var}`psk` and {var}`auth`.
:::
'';
};
authProtocols = mkOption {
default = [
# WPA2 and WPA3
"WPA-PSK"
"WPA-EAP"
"SAE"
# 802.11r variants of the above
"FT-PSK"
"FT-EAP"
"FT-SAE"
];
# The list can be obtained by running this command
# awk '
# /^# key_mgmt: /{ run=1 }
# /^#$/{ run=0 }
# /^# [A-Z0-9-]{2,}/{ if(run){printf("\"%s\"\n", $2)} }
# ' /run/current-system/sw/share/doc/wpa_supplicant/wpa_supplicant.conf.example
type = types.listOf (
types.enum [
"WPA-PSK"
"WPA-EAP"
"IEEE8021X"
"NONE"
"WPA-NONE"
"FT-PSK"
"FT-EAP"
"FT-EAP-SHA384"
"WPA-PSK-SHA256"
"WPA-EAP-SHA256"
"SAE"
"FT-SAE"
"WPA-EAP-SUITE-B"
"WPA-EAP-SUITE-B-192"
"OSEN"
"FILS-SHA256"
"FILS-SHA384"
"FT-FILS-SHA256"
"FT-FILS-SHA384"
"OWE"
"DPP"
]
);
description = ''
The list of authentication protocols accepted by this network.
This corresponds to the `key_mgmt` option in wpa_supplicant.
'';
};
auth = mkOption {
type = types.nullOr types.str;
default = null;
example = ''
eap=PEAP
identity="user@example.com"
password=ext:example_password
'';
description = ''
Use this option to configure advanced authentication methods
like EAP. See {manpage}`wpa_supplicant.conf(5)` for example
configurations.
::: {.warning}
Be aware that this will be written to the Nix store
in plaintext! Use an external reference like
`ext:secretname` for secrets.
:::
::: {.note}
Mutually exclusive with {var}`psk` and {var}`pskRaw`.
:::
'';
};
hidden = mkOption {
type = types.bool;
default = false;
description = ''
Set this to `true` if the SSID of the network is hidden.
'';
example = literalExpression ''
{ echelon = {
hidden = true;
psk = "abcdefgh";
};
}
'';
};
priority = mkOption {
type = types.nullOr types.int;
default = null;
description = ''
By default, all networks will get same priority group (0). If
some of the networks are more desirable, this field can be used
to change the order in which wpa_supplicant goes through the
networks when selecting a BSS. The priority groups will be
iterated in decreasing priority (i.e., the larger the priority
value, the sooner the network is matched against the scan
results). Within each priority group, networks will be selected
based on security policy, signal strength, etc.
'';
};
extraConfig = mkOption {
type = types.str;
default = "";
example = ''
bssid_blacklist=02:11:22:33:44:55 02:22:aa:44:55:66
'';
description = ''
Extra configuration lines appended to the network block.
See {manpage}`wpa_supplicant.conf(5)` for available options.
'';
};
::: {.note}
Mutually exclusive with {var}`pskRaw`.
:::
'';
};
pskRaw = mkOption {
type = types.nullOr
(types.strMatching "([[:xdigit:]]{64})|(ext:[^=]+)");
default = null;
example = "ext:name_of_the_secret_here";
description = ''
Either the raw pre-shared key in hexadecimal format
or the name of the secret (as defined inside
[](#opt-networking.wireless.secretsFile) and prefixed
with `ext:`) containing the network pre-shared key.
::: {.warning}
Be aware that this will be written to the Nix store
in plaintext! Always use an external reference.
:::
::: {.note}
The external secret can be either the plaintext
passphrase or the raw pre-shared key.
:::
::: {.note}
Mutually exclusive with {var}`psk` and {var}`auth`.
:::
'';
};
authProtocols = mkOption {
default = [
# WPA2 and WPA3
"WPA-PSK" "WPA-EAP" "SAE"
# 802.11r variants of the above
"FT-PSK" "FT-EAP" "FT-SAE"
];
# The list can be obtained by running this command
# awk '
# /^# key_mgmt: /{ run=1 }
# /^#$/{ run=0 }
# /^# [A-Z0-9-]{2,}/{ if(run){printf("\"%s\"\n", $2)} }
# ' /run/current-system/sw/share/doc/wpa_supplicant/wpa_supplicant.conf.example
type = types.listOf (types.enum [
"WPA-PSK"
"WPA-EAP"
"IEEE8021X"
"NONE"
"WPA-NONE"
"FT-PSK"
"FT-EAP"
"FT-EAP-SHA384"
"WPA-PSK-SHA256"
"WPA-EAP-SHA256"
"SAE"
"FT-SAE"
"WPA-EAP-SUITE-B"
"WPA-EAP-SUITE-B-192"
"OSEN"
"FILS-SHA256"
"FILS-SHA384"
"FT-FILS-SHA256"
"FT-FILS-SHA384"
"OWE"
"DPP"
]);
description = ''
The list of authentication protocols accepted by this network.
This corresponds to the `key_mgmt` option in wpa_supplicant.
'';
};
auth = mkOption {
type = types.nullOr types.str;
default = null;
example = ''
eap=PEAP
identity="user@example.com"
password=ext:example_password
'';
description = ''
Use this option to configure advanced authentication methods
like EAP. See {manpage}`wpa_supplicant.conf(5)` for example
configurations.
::: {.warning}
Be aware that this will be written to the Nix store
in plaintext! Use an external reference like
`ext:secretname` for secrets.
:::
::: {.note}
Mutually exclusive with {var}`psk` and {var}`pskRaw`.
:::
'';
};
hidden = mkOption {
type = types.bool;
default = false;
description = ''
Set this to `true` if the SSID of the network is hidden.
'';
example = literalExpression ''
{ echelon = {
hidden = true;
psk = "abcdefgh";
};
}
'';
};
priority = mkOption {
type = types.nullOr types.int;
default = null;
description = ''
By default, all networks will get same priority group (0). If
some of the networks are more desirable, this field can be used
to change the order in which wpa_supplicant goes through the
networks when selecting a BSS. The priority groups will be
iterated in decreasing priority (i.e., the larger the priority
value, the sooner the network is matched against the scan
results). Within each priority group, networks will be selected
based on security policy, signal strength, etc.
'';
};
extraConfig = mkOption {
type = types.str;
default = "";
example = ''
bssid_blacklist=02:11:22:33:44:55 02:22:aa:44:55:66
'';
description = ''
Extra configuration lines appended to the network block.
See {manpage}`wpa_supplicant.conf(5)` for available options.
'';
};
};
});
}
);
description = ''
The network definitions to automatically connect to when
{command}`wpa_supplicant` is running. If this
parameter is left empty wpa_supplicant will use
/etc/wpa_supplicant.conf as the configuration file.
'';
default = {};
default = { };
example = literalExpression ''
{ echelon = { # SSID with no spaces or special characters
psk = "abcdefgh"; # (password will be written to /nix/store!)
@ -483,8 +523,7 @@ in {
};
imports = [
(mkRemovedOptionModule [ "networking" "wireless" "environmentFile" ]
''
(mkRemovedOptionModule [ "networking" "wireless" "environmentFile" ] ''
Secrets are now handled by the `networking.wireless.secretsFile` and
`networking.wireless.networks.<name>.pskRaw` options.
The change is motivated by a mechanism recently added by wpa_supplicant
@ -508,26 +547,44 @@ in {
];
config = mkIf cfg.enable {
assertions = flip mapAttrsToList cfg.networks (name: cfg: {
assertion = with cfg; count (x: x != null) [ psk pskRaw auth ] <= 1;
message = ''options networking.wireless."${name}".{psk,pskRaw,auth} are mutually exclusive'';
}) ++ [
{
assertion = length cfg.interfaces > 1 -> !cfg.dbusControlled;
message =
let daemon = if config.networking.networkmanager.enable then "NetworkManager" else
if config.services.connman.enable then "connman" else null;
assertions =
flip mapAttrsToList cfg.networks (
name: cfg: {
assertion =
with cfg;
count (x: x != null) [
psk
pskRaw
auth
] <= 1;
message = ''options networking.wireless."${name}".{psk,pskRaw,auth} are mutually exclusive'';
}
)
++ [
{
assertion = length cfg.interfaces > 1 -> !cfg.dbusControlled;
message =
let
daemon =
if config.networking.networkmanager.enable then
"NetworkManager"
else if config.services.connman.enable then
"connman"
else
null;
n = toString (length cfg.interfaces);
in ''
It's not possible to run multiple wpa_supplicant instances with DBus support.
Note: you're seeing this error because `networking.wireless.interfaces` has
${n} entries, implying an equal number of wpa_supplicant instances.
'' + optionalString (daemon != null) ''
You don't need to change `networking.wireless.interfaces` when using ${daemon}:
in this case the interfaces will be configured automatically for you.
'';
}
];
in
''
It's not possible to run multiple wpa_supplicant instances with DBus support.
Note: you're seeing this error because `networking.wireless.interfaces` has
${n} entries, implying an equal number of wpa_supplicant instances.
''
+ optionalString (daemon != null) ''
You don't need to change `networking.wireless.interfaces` when using ${daemon}:
in this case the interfaces will be configured automatically for you.
'';
}
];
hardware.wirelessRegulatoryDatabase = true;
@ -535,19 +592,20 @@ in {
services.dbus.packages = optional cfg.dbusControlled pkgs.wpa_supplicant;
systemd.services =
if cfg.interfaces == []
then { wpa_supplicant = mkUnit null; }
else listToAttrs (map (i: nameValuePair "wpa_supplicant-${i}" (mkUnit i)) cfg.interfaces);
if cfg.interfaces == [ ] then
{ wpa_supplicant = mkUnit null; }
else
listToAttrs (map (i: nameValuePair "wpa_supplicant-${i}" (mkUnit i)) cfg.interfaces);
# Restart wpa_supplicant after resuming from sleep
powerManagement.resumeCommands = concatStringsSep "\n" (
optional (cfg.interfaces == []) "${systemctl} try-restart wpa_supplicant"
optional (cfg.interfaces == [ ]) "${systemctl} try-restart wpa_supplicant"
++ map (i: "${systemctl} try-restart wpa_supplicant-${i}") cfg.interfaces
);
# Restart wpa_supplicant when a wlan device appears or disappears. This is
# only needed when an interface hasn't been specified by the user.
services.udev.extraRules = optionalString (cfg.interfaces == []) ''
services.udev.extraRules = optionalString (cfg.interfaces == [ ]) ''
ACTION=="add|remove", SUBSYSTEM=="net", ENV{DEVTYPE}=="wlan", \
RUN+="${systemctl} try-restart wpa_supplicant.service"
'';