Wpa supplicant: Difference between revisions

(One intermediate revision by one other user not shown)

Line 12:

To be able to use <code>wpa_gui</code> or <code>wpa_cli</code> as user put the following in your <code>configuration.nix</code> file:

<~~syntaxHighlight~~ lang=nix>

networking.wireless.userControlled~~.enable~~ = true;

networking.wireless.userControlled = true;

</~~syntaxHighlight~~>

</syntaxhighlight>

Also your user must be part of the <code>~~wheel~~</code> group (replace USER with your username):

Also your user must be part of the <code>wpa_supplicant</code> group (replace USER with your username):

Line 55:

enable = true; # Enables wireless support via wpa_supplicant.

networks."MYSSID".psk = "myPresharedKey";

~~extraConfig = "ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel";~~

~~# output ends up in /run/wpa_supplicant/wpa_supplicant.conf~~

};

</syntaxhighlight>

Line 126:

Line 124:

=== Restrictions on Certificate Location ===

For certificate-based setups, due to security hardening for wpa_supplicant in NixOS 26.05 and later users of wpa_supplicant face restrictions on where eduroam certificates can be stored<ref>https://discourse.nixos.org/t/breaking-changes-announcement-for-unstable/17574/116</ref>. Certificates should be placed in either <code>/etc/ssl/certs</code> or <code>/etc/wpa_supplicant</code> and should be owned by (or accessible to) the wpa_supplicant user.

Some eduroam configuration scripts may hardcode paths in its relevant <code>/etc/NetworkManager/system-connections/<connection>.nmconnection</code>. In this case, editing the <code>ca-cert</code>, <code>client-cert</code>, and <code>private-key</code> to point at their new location should suffice.

== WEP support ==

@@ Line 12: / Line 12: @@
 To be able to use <code>wpa_gui</code> or <code>wpa_cli</code> as user put the following in your <code>configuration.nix</code> file:
-<syntaxHighlight lang=nix>
+<syntaxhighlight lang="nix">
-networking.wireless.userControlled.enable = true;
+networking.wireless.userControlled = true;
-</syntaxHighlight>
+</syntaxhighlight>
-Also your user must be part of the <code>wheel</code> group (replace USER with your username):
+Also your user must be part of the <code>wpa_supplicant</code> group (replace USER with your username):
 <syntaxHighlight lang=nix>
@@ Line 55: / Line 55: @@
      enable = true;  # Enables wireless support via wpa_supplicant.
      networks."MYSSID".psk = "myPresharedKey";
-    extraConfig = "ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel";
-    # output ends up in /run/wpa_supplicant/wpa_supplicant.conf
    };
 </syntaxhighlight>
@@ Line 126: / Line 124: @@
 === Restrictions on Certificate Location ===
 For certificate-based setups, due to security hardening for wpa_supplicant in NixOS 26.05 and later users of wpa_supplicant face restrictions on where eduroam certificates can be stored<ref>https://discourse.nixos.org/t/breaking-changes-announcement-for-unstable/17574/116</ref>. Certificates should be placed in either <code>/etc/ssl/certs</code> or <code>/etc/wpa_supplicant</code> and should be owned by (or accessible to) the wpa_supplicant user.
+Some eduroam configuration scripts may hardcode paths in its relevant <code>/etc/NetworkManager/system-connections/<connection>.nmconnection</code>. In this case, editing the <code>ca-cert</code>, <code>client-cert</code>, and <code>private-key</code> to point at their new location should suffice.
 == WEP support ==