pkgs/openwrt/uci-config: add wifi encryption option
This commit is contained in:
parent
0f9246d4ba
commit
ff5d750697
|
@ -442,23 +442,28 @@ let
|
|||
type = int;
|
||||
};
|
||||
ssids = mkOption {
|
||||
type = attrsOf (submodule (
|
||||
{ ... }: {
|
||||
options = {
|
||||
net = mkOption {
|
||||
type = str;
|
||||
};
|
||||
psk = mkOption {
|
||||
type = nullOr str;
|
||||
default = null;
|
||||
};
|
||||
mode = mkOption {
|
||||
type = enum [ "ap" "sta" ];
|
||||
default = "ap";
|
||||
};
|
||||
type = attrsOf (submodule ({ config, ... }: {
|
||||
options = {
|
||||
net = mkOption {
|
||||
type = str;
|
||||
};
|
||||
}
|
||||
));
|
||||
psk = mkOption {
|
||||
type = nullOr str;
|
||||
default = null;
|
||||
};
|
||||
encryption = mkOption {
|
||||
type = enum [ "none" "owe" "wpa2" "wpa3" ];
|
||||
default =
|
||||
if config.psk == null
|
||||
then "owe"
|
||||
else "wpa3";
|
||||
};
|
||||
mode = mkOption {
|
||||
type = enum [ "ap" "sta" ];
|
||||
default = "ap";
|
||||
};
|
||||
};
|
||||
}));
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -735,5 +740,27 @@ in
|
|||
assertion = builtins.length (linksOfGroup group) == 1;
|
||||
message = "${hostName}: group ${group} is used in more than one link: ${lib.concatStringsSep " " (linksOfGroup group)}";
|
||||
}) groups
|
||||
) (builtins.attrNames config.site.hosts)
|
||||
++
|
||||
# wifi psk checks
|
||||
builtins.concatMap (hostName:
|
||||
builtins.concatMap (wifiPath:
|
||||
map (ssid:
|
||||
let
|
||||
ssidConf = config.site.hosts.${hostName}.wifi.${wifiPath}.ssids.${ssid};
|
||||
in
|
||||
if builtins.elem ssidConf.encryption [ "none" "owe" ]
|
||||
then {
|
||||
assertion = ssidConf.psk == null;
|
||||
message = "${hostName}: SSID ${ssid} has encryption ${ssidConf.encryption} but a PSK is set";
|
||||
}
|
||||
else if builtins.elem ssidConf.encryption [ "wpa2" "wpa3" ]
|
||||
then {
|
||||
assertion = ssidConf.psk != null;
|
||||
message = "${hostName}: SSID ${ssid} has encryption ${ssidConf.encryption} but no PSK is set";
|
||||
}
|
||||
else throw "Unsupported WiFi encryption ${ssidConf.encryption}"
|
||||
) (builtins.attrNames config.site.hosts.${hostName}.wifi.${wifiPath}.ssids)
|
||||
) (builtins.attrNames config.site.hosts.${hostName}.wifi)
|
||||
) (builtins.attrNames config.site.hosts);
|
||||
}
|
||||
|
|
|
@ -267,6 +267,13 @@ in
|
|||
${concatMapStrings (ssid:
|
||||
let
|
||||
ssidConfig = radioConfig.ssids.${ssid};
|
||||
# mapping our option to openwrt/hostapd setting
|
||||
encryption = {
|
||||
none = "none";
|
||||
owe = "owe";
|
||||
wpa2 = "psk2";
|
||||
wpa3 = "sae-mixed";
|
||||
}.${radioConfig.ssids.${ssid}.encryption};
|
||||
in ''
|
||||
uci add wireless wifi-iface
|
||||
uci set wireless.@wifi-iface[-1].ifname=${ifPrefix}-${ssidConfig.net}
|
||||
|
@ -275,13 +282,12 @@ in
|
|||
uci set wireless.@wifi-iface[-1].mode=${ssidConfig.mode}
|
||||
uci set wireless.@wifi-iface[-1].network=${ssidConfig.net}
|
||||
uci set wireless.@wifi-iface[-1].mcast_rate=18000
|
||||
uci set wireless.@wifi-iface[-1].encryption='${encryption}'
|
||||
${if (ssidConfig.psk != null)
|
||||
then ''
|
||||
uci set wireless.@wifi-iface[-1].encryption='sae-mixed'
|
||||
uci set wireless.@wifi-iface[-1].key='${ssidConfig.psk}'
|
||||
''
|
||||
else ''
|
||||
uci set wireless.@wifi-iface[-1].encryption='owe'
|
||||
uci -q delete wireless.@wifi-iface[-1].key || true
|
||||
''}
|
||||
''
|
||||
|
|
Loading…
Reference in New Issue