ilyakooo0/nixpkgs
1
0
Fork 0
mirror of https://github.com/ilyakooo0/nixpkgs.git synced 2024-09-23 05:37:27 +03:00
Code Issues Projects Releases Wiki Activity

hostapd: add "wpa2-sha1" to authentication.mode enum

Browse Source 
This is required for some Kindles (e.g. Kindle Paperwhite 7th Gen),
and printers (e.g. Brother MFC-J4440DW).

OpenWRT typically adds "wpa_key_mgmt = WPA-PSK", per 3f28c422ba/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh (L44-L71)
This commit is contained in:
Tom Fitzhenry 2024-05-04 22:18:33 +10:00 committed by tomf
parent f3a44f6214
commit 54ba3732f1
1 changed files with 11 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
nixos/modules/services/networking/hostapd.nix
View File

@ -687,7 +687,7 @@ in {
authentication = {
mode = mkOption {
default = "wpa3-sae";
type = types.enum ["none" "wpa2-sha256" "wpa3-sae-transition" "wpa3-sae"];
type = types.enum ["none" "wpa2-sha1" "wpa2-sha256" "wpa3-sae-transition" "wpa3-sae"];
description = ''
Selects the authentication mode for this AP.
@ -695,7 +695,9 @@ in {
and create an open AP. Use {option}`settings` together with this option if you
want to configure the authentication manually. Any password options will still be
effective, if set.
- {var}`"wpa2-sha256"`: WPA2-Personal using SHA256 (IEEE 802.11i/RSN). Passwords are set
- {var}`"wpa2-sha1"`: Not recommended. WPA2-Personal using HMAC-SHA1. Passwords are set
using {option}`wpaPassword` or preferably by {option}`wpaPasswordFile` or {option}`wpaPskFile`.
- {var}`"wpa2-sha256"`: WPA2-Personal using HMAC-SHA256 (IEEE 802.11i/RSN). Passwords are set
using {option}`wpaPassword` or preferably by {option}`wpaPasswordFile` or {option}`wpaPskFile`.
- {var}`"wpa3-sae-transition"`: Use WPA3-Personal (SAE) if possible, otherwise fallback
to WPA2-SHA256. Only use if necessary and switch to the newer WPA3-SAE when possible.
@ -812,7 +814,7 @@ in {
Warning: These entries will get put into a world-readable file in
the Nix store! Using {option}`saePasswordFile` instead is recommended.
Not used when {option}`mode` is {var}`"wpa2-sha256"`.
Not used when {option}`mode` is {var}`"wpa2-sha1"` or {var}`"wpa2-sha256"`.
'';
type = types.listOf (types.submodule {
options = {
@ -884,7 +886,7 @@ in {
parameters doesn't matter:
`<password>[|mac=<peer mac>][|vlanid=<VLAN ID>][|pk=<m:ECPrivateKey-base64>][|id=<identifier>]`
Not used when {option}`mode` is {var}`"wpa2-sha256"`.
Not used when {option}`mode` is {var}`"wpa2-sha1"` or {var}`"wpa2-sha256"`.
'';
};
@ -959,6 +961,9 @@ in {
} // optionalAttrs (bssCfg.authentication.mode == "wpa3-sae-transition") {
wpa = 2;
wpa_key_mgmt = "WPA-PSK-SHA256 SAE";
} // optionalAttrs (bssCfg.authentication.mode == "wpa2-sha1") {
wpa = 2;
wpa_key_mgmt = "WPA-PSK";
} // optionalAttrs (bssCfg.authentication.mode == "wpa2-sha256") {
wpa = 2;
wpa_key_mgmt = "WPA-PSK-SHA256";
@ -1186,8 +1191,8 @@ in {
message = ''hostapd radio ${radio} bss ${bss}: uses WPA3-SAE in transition mode requires defining both a wpa password option and a sae password option'';
}
{
assertion = auth.mode == "wpa2-sha256" -> countWpaPasswordDefinitions == 1;
message = ''hostapd radio ${radio} bss ${bss}: uses WPA2-SHA256 which requires defining a wpa password option'';
assertion = (auth.mode == "wpa2-sha1" || auth.mode == "wpa2-sha256") -> countWpaPasswordDefinitions == 1;
message = ''hostapd radio ${radio} bss ${bss}: uses WPA2-PSK which requires defining a wpa password option'';
}
])
radioCfg.networks))