Re: [Nix-dev] Configure WiFi networks for NetworkManager in configuration.nix?
Sent as https://github.com/NixOS/nixpkgs/pull/12219.
Thanks all for help!
/Mateusz.
On Thu, Jan 7, 2016 at 1:21 PM, Mateusz Czaplinski
wrote:
> The `mode = "0400"` approach seems to work indeed, thanks! And just as you
> advised, the secret is then world-readable in /nix/store/*-etc/... and in
> /etc/nixos/configuration.nix anyway. I see the same issue was discussed in
> the aforementioned #12015 (
> https://github.com/NixOS/nixpkgs/pull/12015#discussion-diff-48864628),
> but it was apparently stepped over and accepted for the time being.
> Personally, I'm inclined to add some comment / "SECURITY WARNING" to both
> the manual and the option description in my forthcoming PR. That said, I'm
> sure interested in how /etc/shadow works if it could possibly be helpful
> here.
>
> As to other aspects, currently I'm reusing the
> "networking.wireless.networks" property from #12015 to build the simple
> WiFi config for network-manager. Is that a good way to go (+ modifying the
> comments in the config & manual to account for nm), or should I create a
> parallel option definition in e.g.
> "networking.networkmanager.wirelessNetworks" instead? Or should I go on and
> send the PR when ready and move that part of the discussion there?
>
> Thanks,
> /Mateusz.
>
> On Thu, Jan 7, 2016 at 12:45 PM, Tomasz Czyż
> wrote:
>
>> So, how /etc/shadow file works? I did a quick look and seems it's
>> generated by some perl scripts (probably omitting nix store), is that
>> correct? Maybe the same way could be used here.
>>
>> 2016-01-06 15:03 GMT+00:00 Fabian Schmitthenner
>> :
>>
>>> I think you can use
>>>
>>> environment.etc."NetworkManager/system-connections/some-file" = {
>>> text = "Text of file";
>>> mode = "0400";
>>> }
>>>
>>> This will copy the file into /etc with appropriate mode at activation
>>> time. See also http://nixos.org/nixos/options.html and search for
>>> environment.etc for further options.
>>>
>>> (Of cause other users can still read the original file in the nix store,
>>> so the contents would still be reachable for all users).
>>>
>>> Greetings
>>>
>>> Fabian
>>>
>>> On 01/06/2016 02:26 PM, Vladimír Čunát wrote:
>>> > On 01/06/2016 12:52 AM, Mateusz Czaplinski wrote:
>>> >> NetworkManager expects to have network definitions as chmod 400 files
>>> in
>>> >> /etc/NetworkManager/system-connections/ IIRC.
>>> >
>>> > Files in nix store can't be chmod 400.
>>> >
>>> > --Vladimir
>>> >
>>> >
>>> >
>>> >
>>> > ___
>>> > nix-dev mailing list
>>> > nix-dev@lists.science.uu.nl
>>> > http://lists.science.uu.nl/mailman/listinfo/nix-dev
>>> >
>>>
>>>
>>> ___
>>> nix-dev mailing list
>>> nix-dev@lists.science.uu.nl
>>> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>>>
>>>
>>
>>
>> --
>> Tomasz Czyż
>>
>> ___
>> nix-dev mailing list
>> nix-dev@lists.science.uu.nl
>> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>>
>>
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Configure WiFi networks for NetworkManager in configuration.nix?
The `mode = "0400"` approach seems to work indeed, thanks! And just as you
advised, the secret is then world-readable in /nix/store/*-etc/... and in
/etc/nixos/configuration.nix anyway. I see the same issue was discussed in
the aforementioned #12015 (
https://github.com/NixOS/nixpkgs/pull/12015#discussion-diff-48864628), but
it was apparently stepped over and accepted for the time being. Personally,
I'm inclined to add some comment / "SECURITY WARNING" to both the manual
and the option description in my forthcoming PR. That said, I'm sure
interested in how /etc/shadow works if it could possibly be helpful here.
As to other aspects, currently I'm reusing the
"networking.wireless.networks" property from #12015 to build the simple
WiFi config for network-manager. Is that a good way to go (+ modifying the
comments in the config & manual to account for nm), or should I create a
parallel option definition in e.g.
"networking.networkmanager.wirelessNetworks" instead? Or should I go on and
send the PR when ready and move that part of the discussion there?
Thanks,
/Mateusz.
On Thu, Jan 7, 2016 at 12:45 PM, Tomasz Czyż wrote:
> So, how /etc/shadow file works? I did a quick look and seems it's
> generated by some perl scripts (probably omitting nix store), is that
> correct? Maybe the same way could be used here.
>
> 2016-01-06 15:03 GMT+00:00 Fabian Schmitthenner :
>
>> I think you can use
>>
>> environment.etc."NetworkManager/system-connections/some-file" = {
>> text = "Text of file";
>> mode = "0400";
>> }
>>
>> This will copy the file into /etc with appropriate mode at activation
>> time. See also http://nixos.org/nixos/options.html and search for
>> environment.etc for further options.
>>
>> (Of cause other users can still read the original file in the nix store,
>> so the contents would still be reachable for all users).
>>
>> Greetings
>>
>> Fabian
>>
>> On 01/06/2016 02:26 PM, Vladimír Čunát wrote:
>> > On 01/06/2016 12:52 AM, Mateusz Czaplinski wrote:
>> >> NetworkManager expects to have network definitions as chmod 400 files
>> in
>> >> /etc/NetworkManager/system-connections/ IIRC.
>> >
>> > Files in nix store can't be chmod 400.
>> >
>> > --Vladimir
>> >
>> >
>> >
>> >
>> > ___
>> > nix-dev mailing list
>> > nix-dev@lists.science.uu.nl
>> > http://lists.science.uu.nl/mailman/listinfo/nix-dev
>> >
>>
>>
>> ___
>> nix-dev mailing list
>> nix-dev@lists.science.uu.nl
>> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>>
>>
>
>
> --
> Tomasz Czyż
>
> ___
> nix-dev mailing list
> nix-dev@lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Configure WiFi networks for NetworkManager in configuration.nix?
So, how /etc/shadow file works? I did a quick look and seems it's generated
by some perl scripts (probably omitting nix store), is that correct? Maybe
the same way could be used here.
2016-01-06 15:03 GMT+00:00 Fabian Schmitthenner :
> I think you can use
>
> environment.etc."NetworkManager/system-connections/some-file" = {
> text = "Text of file";
> mode = "0400";
> }
>
> This will copy the file into /etc with appropriate mode at activation
> time. See also http://nixos.org/nixos/options.html and search for
> environment.etc for further options.
>
> (Of cause other users can still read the original file in the nix store,
> so the contents would still be reachable for all users).
>
> Greetings
>
> Fabian
>
> On 01/06/2016 02:26 PM, Vladimír Čunát wrote:
> > On 01/06/2016 12:52 AM, Mateusz Czaplinski wrote:
> >> NetworkManager expects to have network definitions as chmod 400 files in
> >> /etc/NetworkManager/system-connections/ IIRC.
> >
> > Files in nix store can't be chmod 400.
> >
> > --Vladimir
> >
> >
> >
> >
> > ___
> > nix-dev mailing list
> > nix-dev@lists.science.uu.nl
> > http://lists.science.uu.nl/mailman/listinfo/nix-dev
> >
>
>
> ___
> nix-dev mailing list
> nix-dev@lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
>
--
Tomasz Czyż
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Configure WiFi networks for NetworkManager in configuration.nix?
Hi,
On 06/01/16 00:52, Mateusz Czaplinski wrote:
> Is it possible to easily create files like with writeText, but such that
> they're
> "chmod 400" *before* the contents is written?
>
> From what I've read, NetworkManager expects to have network definitions as
> chmod
> 400 files in /etc/NetworkManager/system-connections/ IIRC. I'm trying to
> create
> them via appending to "environment.etc" property, but don't know how to make
> them root-only readable.
You can specify a mode, e.g.
environment.etc."NetworkManager/bla" =
{ mode = "0400";
source = writeText ...;
};
However, this won't help much because "source" (and the derivation that produced
it) are still world-readable.
--
Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Configure WiFi networks for NetworkManager in configuration.nix?
On 01/06/2016 12:52 AM, Mateusz Czaplinski wrote: > NetworkManager expects to have network definitions as chmod 400 files in > /etc/NetworkManager/system-connections/ IIRC. Files in nix store can't be chmod 400. --Vladimir smime.p7s Description: S/MIME Cryptographic Signature ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Configure WiFi networks for NetworkManager in configuration.nix?
Is it possible to easily create files like with writeText, but such that they're "chmod 400" *before* the contents is written? >From what I've read, NetworkManager expects to have network definitions as chmod 400 files in /etc/NetworkManager/system-connections/ IIRC. I'm trying to create them via appending to "environment.etc" property, but don't know how to make them root-only readable. On Wed, Dec 30, 2015 at 5:21 PM, Mateusz Czaplinski wrote: > On Wed, Dec 30, 2015 at 5:11 PM, Jakob Gillich wrote: > >> there is a open PR for the same thing with wpa_supplicant: >> https://github.com/NixOS/nixpkgs/pull/12015 >> > > Nice, thanks! I'll try to play with it then and follow the above example. > > ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Configure WiFi networks for NetworkManager in configuration.nix?
On Wed, Dec 30, 2015 at 5:11 PM, Jakob Gillich wrote: > there is a open PR for the same thing with wpa_supplicant: > https://github.com/NixOS/nixpkgs/pull/12015 > Nice, thanks! I'll try to play with it then and follow the above example. ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Configure WiFi networks for NetworkManager in configuration.nix?
Hi, there is a open PR for the same thing with wpa_supplicant: https://github.com/NixOS/nixpkgs/pull/12015 But declarative configuration of Networkmanger would be nice to have, too! On Wed, Dec 30, 2015, at 04:54 PM, Mateusz Czaplinski wrote: > Hi All. I've recently installed NixOS on an old notebook. I > struggled somewhat, especially with network configuration, but in the > end I managed to configure it using network-manager and "nmcli". > > I'd much prefer if I could pre-configure all my default WiFi networks > for network-manager via configuration.nix, instead of having to set > them up manually with nmcli. Is that possible? > > If it's not possible, I'd like to try contributing such a feature to > the network-manager package in nixpkgs. Would such a contribution be > accepted? What API (i.e. example nix expression) would you like to see > for that, or should I propose one? From some quick reading on the > Internet, I believe NetworkManager keeps its settings as files in > /etc/NetworkManager/system- > connections/ [1]; if I'm right on that, I assume I should create such > files from the nix-expression; does that sound correct? > > [1]: https://wiki.gnome.org/Projects/NetworkManager/SystemSettings > Thanks, /Mateusz. > _ > nix-dev mailing list nix-dev@lists.science.uu.nl > http://lists.science.uu.nl/mailman/listinfo/nix-dev ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
[Nix-dev] Configure WiFi networks for NetworkManager in configuration.nix?
Hi All. I've recently installed NixOS on an old notebook. I struggled somewhat, especially with network configuration, but in the end I managed to configure it using network-manager and "nmcli". I'd much prefer if I could pre-configure all my default WiFi networks for network-manager via configuration.nix, instead of having to set them up manually with nmcli. Is that possible? If it's not possible, I'd like to try contributing such a feature to the network-manager package in nixpkgs. Would such a contribution be accepted? What API (i.e. example nix expression) would you like to see for that, or should I propose one? From some quick reading on the Internet, I believe NetworkManager keeps its settings as files in /etc/NetworkManager/system-connections/ [1]; if I'm right on that, I assume I should create such files from the nix-expression; does that sound correct? [1]: https://wiki.gnome.org/Projects/NetworkManager/SystemSettings Thanks, /Mateusz. ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
