pkgs/openwrt/uci-config: add wifi encryption option
This commit is contained in:
parent
0f9246d4ba
commit
ff5d750697
|
@ -442,23 +442,28 @@ let
|
||||||
type = int;
|
type = int;
|
||||||
};
|
};
|
||||||
ssids = mkOption {
|
ssids = mkOption {
|
||||||
type = attrsOf (submodule (
|
type = attrsOf (submodule ({ config, ... }: {
|
||||||
{ ... }: {
|
options = {
|
||||||
options = {
|
net = mkOption {
|
||||||
net = mkOption {
|
type = str;
|
||||||
type = str;
|
|
||||||
};
|
|
||||||
psk = mkOption {
|
|
||||||
type = nullOr str;
|
|
||||||
default = null;
|
|
||||||
};
|
|
||||||
mode = mkOption {
|
|
||||||
type = enum [ "ap" "sta" ];
|
|
||||||
default = "ap";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
}
|
psk = mkOption {
|
||||||
));
|
type = nullOr str;
|
||||||
|
default = null;
|
||||||
|
};
|
||||||
|
encryption = mkOption {
|
||||||
|
type = enum [ "none" "owe" "wpa2" "wpa3" ];
|
||||||
|
default =
|
||||||
|
if config.psk == null
|
||||||
|
then "owe"
|
||||||
|
else "wpa3";
|
||||||
|
};
|
||||||
|
mode = mkOption {
|
||||||
|
type = enum [ "ap" "sta" ];
|
||||||
|
default = "ap";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}));
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -735,5 +740,27 @@ in
|
||||||
assertion = builtins.length (linksOfGroup group) == 1;
|
assertion = builtins.length (linksOfGroup group) == 1;
|
||||||
message = "${hostName}: group ${group} is used in more than one link: ${lib.concatStringsSep " " (linksOfGroup group)}";
|
message = "${hostName}: group ${group} is used in more than one link: ${lib.concatStringsSep " " (linksOfGroup group)}";
|
||||||
}) groups
|
}) groups
|
||||||
|
) (builtins.attrNames config.site.hosts)
|
||||||
|
++
|
||||||
|
# wifi psk checks
|
||||||
|
builtins.concatMap (hostName:
|
||||||
|
builtins.concatMap (wifiPath:
|
||||||
|
map (ssid:
|
||||||
|
let
|
||||||
|
ssidConf = config.site.hosts.${hostName}.wifi.${wifiPath}.ssids.${ssid};
|
||||||
|
in
|
||||||
|
if builtins.elem ssidConf.encryption [ "none" "owe" ]
|
||||||
|
then {
|
||||||
|
assertion = ssidConf.psk == null;
|
||||||
|
message = "${hostName}: SSID ${ssid} has encryption ${ssidConf.encryption} but a PSK is set";
|
||||||
|
}
|
||||||
|
else if builtins.elem ssidConf.encryption [ "wpa2" "wpa3" ]
|
||||||
|
then {
|
||||||
|
assertion = ssidConf.psk != null;
|
||||||
|
message = "${hostName}: SSID ${ssid} has encryption ${ssidConf.encryption} but no PSK is set";
|
||||||
|
}
|
||||||
|
else throw "Unsupported WiFi encryption ${ssidConf.encryption}"
|
||||||
|
) (builtins.attrNames config.site.hosts.${hostName}.wifi.${wifiPath}.ssids)
|
||||||
|
) (builtins.attrNames config.site.hosts.${hostName}.wifi)
|
||||||
) (builtins.attrNames config.site.hosts);
|
) (builtins.attrNames config.site.hosts);
|
||||||
}
|
}
|
||||||
|
|
|
@ -267,6 +267,13 @@ in
|
||||||
${concatMapStrings (ssid:
|
${concatMapStrings (ssid:
|
||||||
let
|
let
|
||||||
ssidConfig = radioConfig.ssids.${ssid};
|
ssidConfig = radioConfig.ssids.${ssid};
|
||||||
|
# mapping our option to openwrt/hostapd setting
|
||||||
|
encryption = {
|
||||||
|
none = "none";
|
||||||
|
owe = "owe";
|
||||||
|
wpa2 = "psk2";
|
||||||
|
wpa3 = "sae-mixed";
|
||||||
|
}.${radioConfig.ssids.${ssid}.encryption};
|
||||||
in ''
|
in ''
|
||||||
uci add wireless wifi-iface
|
uci add wireless wifi-iface
|
||||||
uci set wireless.@wifi-iface[-1].ifname=${ifPrefix}-${ssidConfig.net}
|
uci set wireless.@wifi-iface[-1].ifname=${ifPrefix}-${ssidConfig.net}
|
||||||
|
@ -275,13 +282,12 @@ in
|
||||||
uci set wireless.@wifi-iface[-1].mode=${ssidConfig.mode}
|
uci set wireless.@wifi-iface[-1].mode=${ssidConfig.mode}
|
||||||
uci set wireless.@wifi-iface[-1].network=${ssidConfig.net}
|
uci set wireless.@wifi-iface[-1].network=${ssidConfig.net}
|
||||||
uci set wireless.@wifi-iface[-1].mcast_rate=18000
|
uci set wireless.@wifi-iface[-1].mcast_rate=18000
|
||||||
|
uci set wireless.@wifi-iface[-1].encryption='${encryption}'
|
||||||
${if (ssidConfig.psk != null)
|
${if (ssidConfig.psk != null)
|
||||||
then ''
|
then ''
|
||||||
uci set wireless.@wifi-iface[-1].encryption='sae-mixed'
|
|
||||||
uci set wireless.@wifi-iface[-1].key='${ssidConfig.psk}'
|
uci set wireless.@wifi-iface[-1].key='${ssidConfig.psk}'
|
||||||
''
|
''
|
||||||
else ''
|
else ''
|
||||||
uci set wireless.@wifi-iface[-1].encryption='owe'
|
|
||||||
uci -q delete wireless.@wifi-iface[-1].key || true
|
uci -q delete wireless.@wifi-iface[-1].key || true
|
||||||
''}
|
''}
|
||||||
''
|
''
|
||||||
|
|
Loading…
Reference in New Issue
Block a user