[Nix-dev] Configure WiFi networks for NetworkManager in configuration.nix?
Mateusz Czaplinski
czapkofan at gmail.com
Thu Jan 7 13:21:03 CET 2016
The `mode = "0400"` approach seems to work indeed, thanks! And just as you
advised, the secret is then world-readable in /nix/store/*-etc/... and in
/etc/nixos/configuration.nix anyway. I see the same issue was discussed in
the aforementioned #12015 (
https://github.com/NixOS/nixpkgs/pull/12015#discussion-diff-48864628), but
it was apparently stepped over and accepted for the time being. Personally,
I'm inclined to add some comment / "SECURITY WARNING" to both the manual
and the option description in my forthcoming PR. That said, I'm sure
interested in how /etc/shadow works if it could possibly be helpful here.
As to other aspects, currently I'm reusing the
"networking.wireless.networks" property from #12015 to build the simple
WiFi config for network-manager. Is that a good way to go (+ modifying the
comments in the config & manual to account for nm), or should I create a
parallel option definition in e.g.
"networking.networkmanager.wirelessNetworks" instead? Or should I go on and
send the PR when ready and move that part of the discussion there?
Thanks,
/Mateusz.
On Thu, Jan 7, 2016 at 12:45 PM, Tomasz Czyż <tomasz.czyz at gmail.com> wrote:
> So, how /etc/shadow file works? I did a quick look and seems it's
> generated by some perl scripts (probably omitting nix store), is that
> correct? Maybe the same way could be used here.
>
> 2016-01-06 15:03 GMT+00:00 Fabian Schmitthenner <fabian at schmitthenner.eu>:
>
>> I think you can use
>>
>> environment.etc."NetworkManager/system-connections/some-file" = {
>> text = "Text of file";
>> mode = "0400";
>> }
>>
>> This will copy the file into /etc with appropriate mode at activation
>> time. See also http://nixos.org/nixos/options.html and search for
>> environment.etc for further options.
>>
>> (Of cause other users can still read the original file in the nix store,
>> so the contents would still be reachable for all users).
>>
>> Greetings
>>
>> Fabian
>>
>> On 01/06/2016 02:26 PM, Vladimír Čunát wrote:
>> > On 01/06/2016 12:52 AM, Mateusz Czaplinski wrote:
>> >> NetworkManager expects to have network definitions as chmod 400 files
>> in
>> >> /etc/NetworkManager/system-connections/ IIRC.
>> >
>> > Files in nix store can't be chmod 400.
>> >
>> > --Vladimir
>> >
>> >
>> >
>> >
>> > _______________________________________________
>> > nix-dev mailing list
>> > nix-dev at lists.science.uu.nl
>> > http://lists.science.uu.nl/mailman/listinfo/nix-dev
>> >
>>
>>
>> _______________________________________________
>> nix-dev mailing list
>> nix-dev at lists.science.uu.nl
>> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>>
>>
>
>
> --
> Tomasz Czyż
>
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.science.uu.nl/pipermail/nix-dev/attachments/20160107/e34cd8a3/attachment.html
More information about the nix-dev
mailing list