The networking.wireless module has been security hardened: the wpa_supplicant daemon now runs under an unprivileged user with restricted access to the system.
Some backward incompatibilities:
-
/etc/wpa_supplicant.confhas been deprecated: the NixOS-generated configuration file is now linked to/etc/wpa_supplicant/nixos.confand/etc/wpa_supplicant/imperative.confhas been added for imperatively configuringwpa_supplicantor when usingnetworking.wireless.allowAuxiliaryImperativeNetworks. -
If client certificates, keys or other files are needed, these should be stored under
/etc/wpa_supplicantand owned bywpa_supplicantto ensure the daemon can read them. -
the
networking.wireless.userControlled.groupoption has been removed since there is now a dedicatedwpa_supplicantgroup to control the daemon, andnetworking.wireless.userControlled.enablehas been renamed tonetworking.wireless.userControlled.
No functionality should have been impacted by these changes (including controlling via wpa_cli, integration with NetworkManager or connman), but if you find any problems, please open an issue on GitHub.
Note for NetworkManager users: before this changes NetworkManager spawned its own wpa_supplicant daemon, but now it uses networking.wireless. So, if you have a networking.wireless.enable = false in your configuration, you should remove that line.