[Nix-dev] Configure WiFi networks for NetworkManager in configuration.nix?

Mateusz Czaplinski czapkofan at gmail.com
Fri Jan 8 00:39:29 CET 2016


Sent as https://github.com/NixOS/nixpkgs/pull/12219.

Thanks all for help!

/Mateusz.

On Thu, Jan 7, 2016 at 1:21 PM, Mateusz Czaplinski <czapkofan at gmail.com>
wrote:

> The `mode = "0400"` approach seems to work indeed, thanks! And just as you
> advised, the secret is then world-readable in /nix/store/*-etc/... and in
> /etc/nixos/configuration.nix anyway. I see the same issue was discussed in
> the aforementioned #12015 (
> https://github.com/NixOS/nixpkgs/pull/12015#discussion-diff-48864628),
> but it was apparently stepped over and accepted for the time being.
> Personally, I'm inclined to add some comment / "SECURITY WARNING" to both
> the manual and the option description in my forthcoming PR. That said, I'm
> sure interested in how /etc/shadow works if it could possibly be helpful
> here.
>
> As to other aspects, currently I'm reusing the
> "networking.wireless.networks" property from #12015 to build the simple
> WiFi config for network-manager. Is that a good way to go (+ modifying the
> comments in the config & manual to account for nm), or should I create a
> parallel option definition in e.g.
> "networking.networkmanager.wirelessNetworks" instead? Or should I go on and
> send the PR when ready and move that part of the discussion there?
>
> Thanks,
> /Mateusz.
>
> On Thu, Jan 7, 2016 at 12:45 PM, Tomasz Czyż <tomasz.czyz at gmail.com>
> wrote:
>
>> So, how /etc/shadow file works? I did a quick look and seems it's
>> generated by some perl scripts (probably omitting nix store), is that
>> correct? Maybe the same way could be used here.
>>
>> 2016-01-06 15:03 GMT+00:00 Fabian Schmitthenner <fabian at schmitthenner.eu>
>> :
>>
>>> I think you can use
>>>
>>>     environment.etc."NetworkManager/system-connections/some-file" = {
>>>       text = "Text of file";
>>>       mode = "0400";
>>>     }
>>>
>>> This will copy the file into /etc with appropriate mode at activation
>>> time. See also http://nixos.org/nixos/options.html and search for
>>> environment.etc for further options.
>>>
>>> (Of cause other users can still read the original file in the nix store,
>>> so the contents would still be reachable for all users).
>>>
>>> Greetings
>>>
>>> Fabian
>>>
>>> On 01/06/2016 02:26 PM, Vladimír Čunát wrote:
>>> > On 01/06/2016 12:52 AM, Mateusz Czaplinski wrote:
>>> >> NetworkManager expects to have network definitions as chmod 400 files
>>> in
>>> >> /etc/NetworkManager/system-connections/ IIRC.
>>> >
>>> > Files in nix store can't be chmod 400.
>>> >
>>> > --Vladimir
>>> >
>>> >
>>> >
>>> >
>>> > _______________________________________________
>>> > nix-dev mailing list
>>> > nix-dev at lists.science.uu.nl
>>> > http://lists.science.uu.nl/mailman/listinfo/nix-dev
>>> >
>>>
>>>
>>> _______________________________________________
>>> nix-dev mailing list
>>> nix-dev at lists.science.uu.nl
>>> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>>>
>>>
>>
>>
>> --
>> Tomasz Czyż
>>
>> _______________________________________________
>> nix-dev mailing list
>> nix-dev at lists.science.uu.nl
>> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.science.uu.nl/pipermail/nix-dev/attachments/20160108/9e0c6f24/attachment.html 


More information about the nix-dev mailing list