feat: added 37C3 network device

hosts/patricknix/net.nix

@@ -1,4 +1,9 @@
-{config, ...}: {
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
   age.secrets.eduroam = {
     rekeyFile = ./secrets/iwd/eduroam.8021x.age;
     path = "/var/lib/iwd/eduroam.8021x";
@@ -18,7 +23,7 @@
     wireless.iwd = {
       enable = true;
       networks = {
-        devoloog.settings = {
+        devolo-og.settings = {
           Security = {
             PreSharedKey = config.age.secrets.devoloog-psk.path;
             Passphrase = config.age.secrets.devoloog-pass.path;
@@ -26,6 +31,50 @@
             SAE-PT-Group20 = config.age.secrets.devoloog-sae20.path;
           };
         };
+        "37C3".settings = {
+          Security = {
+            EAP-Method = lib.writeText "PEAP";
+            EAP-Identity = lib.writeText "anonymous@37C3";
+            EAP-PEAP-CACert = lib.writeText (pkgs.writeText "ISRG_Root_X1.pem" ''
+              -----BEGIN CERTIFICATE-----
+              MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
+              TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+              cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4
+              WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu
+              ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY
+              MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc
+              h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+
+              0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U
+              A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW
+              T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH
+              B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC
+              B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv
+              KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn
+              OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn
+              jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw
+              qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI
+              rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
+              HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq
+              hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL
+              ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ
+              3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK
+              NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5
+              ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur
+              TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC
+              jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc
+              oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq
+              4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA
+              mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d
+              emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=
+              -----END CERTIFICATE-----
+            '');
+            EAP-PEAP-ServerDomainMask = lib.writeText "radius.c3noc.net";
+            EAP-PEAP-Phase2-Method = lib.writeText "MSCHAPV2";
+            EAP-PEAP-Phase2-Identity = lib.writeText "37C3";
+            EAP-PEAP-Phase2-Password = lib.writeText "37C3";
+          };
+          Settings.AutoConnnect = lib.writeText "true";
+        };
       };
     };
     # Add the VPN based route to my paperless instance to

lib/misc.nix

@@ -17,6 +17,7 @@ _inputs: _self: super: let
     occurrences = countOccurrences xs;
   in
     unique (filter (x: occurrences.${x} > 1) xs);
+  writeText = text: (super.writeText (builtins.hashString "sha256" "${text}") "${text}");
 in {
   lib =
     super.lib
@@ -24,6 +25,7 @@ in {
       inherit
         countOccurrences
         duplicates
+        writeText
         ;
     };
 }

modules/optional/iwd.nix

@@ -46,10 +46,10 @@
             description = "The type of network. This will determine the file ending. The module will try to determine this automatically so this should only be set when the heuristics fail.";
           };
           settings = mkOption {
-            type = with types; (attrsOf (attrsOf str));
+            type = with types; (attrsOf (attrsOf (oneOf [str path])));
             description = ''
               Contents of the iwd config file for this network
-              If a file named like this exists the content will be read from file, else the raw string will be used.
+              The lowest level values should be files, that will be read into the config files
             '';
             default = {};
           };
@@ -65,7 +65,6 @@
       flip
       mapAttrsToList
       concatStringsSep
-      hasPrefix
       ;
     cfg = config.networking.wireless.iwd;
 
@@ -95,11 +94,7 @@
             ${concatStringsSep "\n" (flip mapAttrsToList config.settings (toplevel: config: ''
               [${toplevel}]
               ${concatStringsSep "\n" (flip mapAttrsToList config (name: value: ''
-                ${name}=${
+                ${name}=$(<${value})
-                  if hasPrefix "/" value
-                  then "$(<${value})"
-                  else value
-                }
               ''))}
             ''))}
             EOF