Iwd

From NixOS Wiki

iwd (iNet wireless daemon) is a Linux-only wireless daemon aiming to decrease the time spent making connections.

Setup

iwd can be enabled with the following snippet.

networking.wireless.iwd.enable = true;

Usage

Connections can be managed using the provided iwctl tool.

Configuration

To configure iwd, you should use networking.wireless.iwd.settings option. An example configuration, which enables IPv6 and automatic connection to known networks, would be similar to:

{
  networking.wireless.iwd.settings = {
    IPv6 = {
      Enabled = true;
    };
    Settings = {
      AutoConnect = true;
    };
  };
}

For a detailed and up-to-date list of available settings, please reference the network daemon configuration docummentation, from kernel Git repo.

Eduroam (WPA2 Enterprise) network

Eduroam wireless networks need to get configured manually by creating following file /var/lib/iwd/eduroam.8021x:

[Security] 
EAP-Method=PEAP
EAP-Identity=eduroamHDcat2024@uni-heidelberg.de
EAP-PEAP-CACert=/var/lib/iwd/ca.pem
EAP-PEAP-ServerDomainMask=radius-node1.urz.uni-heidelberg.de
EAP-PEAP-Phase2-Method=MSCHAPV2
EAP-PEAP-Phase2-Identity=xyz123@uni-heidelberg.de
EAP-PEAP-Phase2-Password=mypassword

[Settings] 
Autoconnect=true

Replace the value in EAP-Identity, EAP-PEAP-ServerDomainMask, EAP-PEAP-Phase2-Identity and EAP-PEAP-Phase2-Password according to your university presets which can be acquired at cat.eduroam.org. After entering your university name there the site will offer you a download link to a Python script which contains most of the required default values. The script also contains a certificate string which can be copied into the file /var/lib/iwd/ca.pem.

iwd as backend for NetworkManager

If iwd is present, it can be used as a backend for NetworkManager through the following snippet.

networking.networkmanager.wifi.backend = "iwd";

iwd as backend for Connman

Iwd could be use as a backend for Connman too.

services.connman.wifi.backend = "iwd";

Note that iwd is experimental and it does not have feature parity with the default backend, wpa_supplicant.

Troubleshooting

org.freedesktop.service failed

When connecting to a protected network it could happen that no password window appears and the following message is written in the journal:

dbus-daemon[1732]: [session uid=9001 pid=1730] Activated service 'org.freedesktop.secrets' failed: Failed to execute program org.freedesktop.secrets: No such file or directory

Your desktop manager may not enable some secrets management service you may need to enable one:

{
  services.gnome3.gnome-keyring.enable = true;
}

rfkill blocks wireless device

If the wi-fi connection is blocked by rf-kill, it it is needed to unblock the the wireless device. A way to do that with Nix is by using system.activationScripts.

{
  system.activationScripts = {
    rfkillUnblockWlan = {
      text = ''
      rfkill unblock wlan
      '';
      deps = [];
    };
  };
}