I recently opened https://github.com/NixOS/nixpkgs/pull/113716 which aims to allow both declarative networks (i.e. defining wifi networks for wpa_supplicant in
networking.wireless.networks) and imperative networks (i.e. writing them imperatively to
/etc/wpa_supplicant.conf, e.g. via
The reason for this is that I have a fair share of networks that I want to have “just available” on my config and more sensitive things (such as WPA2 enterprise credentials for university and my employer’s office) that I don’t want to have in the store on my laptop. Right now, you have to choose between imperative or declarative networks, but can’t use both which is something this PR aims to change.
First of all, let me explain how:
- wpa_supplicant has two config files (the “default one” specified with
-c) and a second one specified with
- The second one is only supposed to be used for “global” settings, however it’s possible to write networks into it.
- However all networks (from both files) will be written to
wpa_guiinstructs the daemon to save all changes. This also means, that declarative networks would basically “become” imperative networks if you use
-Ifor a store-path and
-cfor imperative networks.
- I worked around this by patching
wpa_supplicantto ignore networks from the file specified with
wpa_supplicanttreat these as “immutable” while you can still declare networks (and also custom settings) imperatively in
I’m writing this up here because I’d love to get a bit more feedback on this. I know that patching
wpa_supplicant here for basically a new feature is fairly invasive, so I don’t want to see this in
master before getting more feedback. I already had a longer discussion with @bb2020 about this which may provide more context. We also agreed that before this is fully ready, the behavior should be made opt-in at least.
I’m already using this patch for a while without any issues so far. But would be cool to get a few more opinions on this