{ config, lib, pkgs, ... }: with lib; let cfg = config.networking.wireless; configFile = if cfg.networks != {} then pkgs.writeText "wpa_supplicant.conf" '' ${optionalString cfg.userControlled.enable '' ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=${cfg.userControlled.group} update_config=1''} ${concatStringsSep "\n" (mapAttrsToList (ssid: networkConfig: let psk = if networkConfig.psk != null then ''"${networkConfig.psk}"'' else networkConfig.pskRaw; in '' network={ ssid="${ssid}" ${optionalString (psk != null) ''psk=${psk}''} ${optionalString (psk == null) ''key_mgmt=NONE''} } '') cfg.networks)} '' else "/etc/wpa_supplicant.conf"; in { options = { networking.wireless = { enable = mkEnableOption "wpa_supplicant"; interfaces = mkOption { type = types.listOf types.str; default = []; example = [ "wlan0" "wlan1" ]; description = '' The interfaces wpa_supplicant will use. If empty, it will automatically use all wireless interfaces. ''; }; driver = mkOption { type = types.str; default = "nl80211,wext"; description = "Force a specific wpa_supplicant driver."; }; networks = mkOption { type = types.attrsOf (types.submodule { options = { psk = mkOption { type = types.nullOr types.str; default = null; description = '' The network's pre-shared key in plaintext defaulting to being a network without any authentication. Be aware that these will be written to the nix store in plaintext! Mutually exclusive with pskRaw. ''; }; pskRaw = mkOption { type = types.nullOr types.str; default = null; description = '' The network's pre-shared key in hex defaulting to being a network without any authentication. Mutually exclusive with psk. ''; }; }; }); description = '' The network definitions to automatically connect to when wpa_supplicant is running. If this parameter is left empty wpa_supplicant will use /etc/wpa_supplicant.conf as the configuration file. ''; default = {}; example = literalExample '' echelon = { psk = "abcdefgh"; }; "free.wifi" = {}; ''; }; userControlled = { enable = mkOption { type = types.bool; default = false; description = '' Allow normal users to control wpa_supplicant through wpa_gui or wpa_cli. This is useful for laptop users that switch networks a lot and don't want to depend on a large package such as NetworkManager just to pick nearby access points. When using a declarative network specification you cannot persist any settings via wpa_gui or wpa_cli. ''; }; group = mkOption { type = types.str; default = "wheel"; example = "network"; description = "Members of this group can control wpa_supplicant."; }; }; }; }; config = mkMerge [ (mkIf cfg.enable { assertions = flip mapAttrsToList cfg.networks (name: cfg: { assertion = cfg.psk == null || cfg.pskRaw == null; message = ''networking.wireless."${name}".psk and networking.wireless."${name}".pskRaw are mutually exclusive''; }); environment.systemPackages = [ pkgs.wpa_supplicant ]; services.dbus.packages = [ pkgs.wpa_supplicant ]; # FIXME: start a separate wpa_supplicant instance per interface. systemd.services.wpa_supplicant = let ifaces = cfg.interfaces; in { description = "WPA Supplicant"; wantedBy = [ "network.target" ]; path = [ pkgs.wpa_supplicant ]; script = '' ${if ifaces == [] then '' for i in $(cd /sys/class/net && echo *); do DEVTYPE= source /sys/class/net/$i/uevent if [ "$DEVTYPE" = "wlan" -o -e /sys/class/net/$i/wireless ]; then ifaces="$ifaces''${ifaces:+ -N} -i$i" fi done '' else '' ifaces="${concatStringsSep " -N " (map (i: "-i${i}") ifaces)}" ''} exec wpa_supplicant -s -u -D${cfg.driver} -c ${configFile} $ifaces ''; }; powerManagement.resumeCommands = '' ${config.systemd.package}/bin/systemctl try-restart wpa_supplicant ''; # Restart wpa_supplicant when a wlan device appears or disappears. services.udev.extraRules = '' ACTION=="add|remove", SUBSYSTEM=="net", ENV{DEVTYPE}=="wlan", RUN+="${config.systemd.package}/bin/systemctl try-restart wpa_supplicant.service" ''; }) { meta.maintainers = with lib.maintainers; [ globin ]; } ]; }