Wireless
networking.wireless.allowAuxiliaryImperativeNetworks
Whether to allow configuring networks "imperatively" (e.g. via
wpa_supplicant_gui) and declaratively via
.
Please note that this adds a custom patch to wpa_supplicant.
Type: boolean
Default
false
Example
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/wpa_supplicant.nix
networking.wireless.athUserRegulatoryDomain
If enabled, sets the ATH_USER_REGD kernel config switch to true to disable the enforcement of EEPROM regulatory restrictions for ath drivers. Requires at least Linux 5.8.
Type: boolean
Default
false
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/hardware/network/ath-user-regd.nix
networking.wireless.dbusControlled
Whether to enable the DBus control interface. This is only needed when using NetworkManager or connman.
Type: boolean
Default
length config.networking.wireless.interfaces < 2
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/wpa_supplicant.nix
networking.wireless.driver
Force a specific wpa_supplicant driver.
Type: string
Default
"nl80211,wext"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/wpa_supplicant.nix
networking.wireless.enable
Whether to enable wpa_supplicant.
Type: boolean
Default
false
Example
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/wpa_supplicant.nix
networking.wireless.environmentFile
File consisting of lines of the form varname=value
to define variables for the wireless configuration.
See section "EnvironmentFile=" in {manpage}systemd.exec(5) for a syntax reference.
Secrets (PSKs, passwords, etc.) can be provided without adding them to
the world-readable Nix store by defining them in the environment file and
referring to them in option {option}networking.wireless.networks
with the syntax @varname@. Example:
# content of /run/secrets/wireless.env
PSK_HOME=mypassword
PASS_WORK=myworkpassword
# wireless-related configuration
networking.wireless.environmentFile = "/run/secrets/wireless.env";
networking.wireless.networks = {
home.psk = "@PSK_HOME@";
work.auth = ''
eap=PEAP
identity="my-user@example.com"
password="@PASS_WORK@"
'';
};
Type: null or path
Default
null
Example
"/run/secrets/wireless.env"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/wpa_supplicant.nix
networking.wireless.extraConfig
Extra lines appended to the configuration file.
See
{manpage}wpa_supplicant.conf(5)
for available options.
Type: string
Default
""
Example
'' p2p_disabled=1''
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/wpa_supplicant.nix
networking.wireless.fallbackToWPA2
Whether to fall back to WPA2 authentication protocols if WPA3 failed. This allows old wireless cards (that lack recent features required by WPA3) to connect to mixed WPA2/WPA3 access points.
To avoid possible downgrade attacks, disable this options.
Type: boolean
Default
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/wpa_supplicant.nix
networking.wireless.interfaces
The interfaces {command}wpa_supplicant will use. If empty, it will
automatically use all wireless interfaces.
::: {.note} A separate wpa_supplicant instance will be started for each interface. :::
Type: list of string
Default
[ ]
Example
["wlan0""wlan1"]
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/wpa_supplicant.nix
networking.wireless.iwd.enable
Whether to enable iwd.
Type: boolean
Default
false
Example
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/iwd.nix
networking.wireless.iwd.package
The iwd package to use.
Type: package
Default
pkgs.iwd
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/iwd.nix
networking.wireless.iwd.settings
Options passed to iwd. See here for supported options.
Type: attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))
Default
{ }
Example
{Network = {EnableIPv6 = true;RoutePriorityOffset = 300;};Settings = {AutoConnect = true;};}
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/iwd.nix
networking.wireless.networks
The network definitions to automatically connect to when
{command}wpa_supplicant is running. If this
parameter is left empty wpa_supplicant will use
/etc/wpa_supplicant.conf as the configuration file.
Type: attribute set of (submodule)
Default
{ }
Example
`#!nix { echelon = { # SSID with no spaces or special characters psk = "abcdefgh"; # (password will be written to /nix/store!) };
echelon = { # safe version of the above: read PSK from the psk = "@PSK_ECHELON@"; # variable PSK_ECHELON, defined in environmentFile, }; # this won't leak into /nix/store
"echelon's AP" = { # SSID with spaces and/or special characters psk = "ijklmnop"; # (password will be written to /nix/store!) };
"free.wifi" = {}; # Public wireless network } `
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/wpa_supplicant.nix
networking.wireless.networks.<name>.auth
Use this option to configure advanced authentication methods like EAP.
See
{manpage}wpa_supplicant.conf(5)
for example configurations.
::: {.warning} Be aware that this will be written to the nix store in plaintext! Use an environment variable for secrets. :::
::: {.note}
Mutually exclusive with {var}psk and
{var}pskRaw.
:::
Type: null or string
Default
null
Example
'' eap=PEAP identity="user@example.com" password="@EXAMPLE_PASSWORD@"''
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/wpa_supplicant.nix
networking.wireless.networks.<name>.authProtocols
The list of authentication protocols accepted by this network.
This corresponds to the key_mgmt option in wpa_supplicant.
Type: list of (one of "WPA-PSK", "WPA-EAP", "IEEE8021X", "NONE", "WPA-NONE", "FT-PSK", "FT-EAP", "FT-EAP-SHA384", "WPA-PSK-SHA256", "WPA-EAP-SHA256", "SAE", "FT-SAE", "WPA-EAP-SUITE-B", "WPA-EAP-SUITE-B-192", "OSEN", "FILS-SHA256", "FILS-SHA384", "FT-FILS-SHA256", "FT-FILS-SHA384", "OWE", "DPP")
Default
["WPA-PSK""WPA-EAP""SAE""FT-PSK""FT-EAP""FT-SAE"]
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/wpa_supplicant.nix
networking.wireless.networks.<name>.extraConfig
Extra configuration lines appended to the network block.
See
{manpage}wpa_supplicant.conf(5)
for available options.
Type: string
Default
""
Example
'' bssid_blacklist=02:11:22:33:44:55 02:22:aa:44:55:66''
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/wpa_supplicant.nix
networking.wireless.networks.<name>.hidden
Set this to true if the SSID of the network is hidden.
Type: boolean
Default
false
Example
{ echelon = {hidden = true;psk = "abcdefgh";};}
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/wpa_supplicant.nix
networking.wireless.networks.<name>.priority
By default, all networks will get same priority group (0). If some of the networks are more desirable, this field can be used to change the order in which wpa_supplicant goes through the networks when selecting a BSS. The priority groups will be iterated in decreasing priority (i.e., the larger the priority value, the sooner the network is matched against the scan results). Within each priority group, networks will be selected based on security policy, signal strength, etc.
Type: null or signed integer
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/wpa_supplicant.nix
networking.wireless.networks.<name>.psk
The network's pre-shared key in plaintext defaulting to being a network without any authentication.
::: {.warning} Be aware that this will be written to the nix store in plaintext! Use an environment variable instead. :::
::: {.note}
Mutually exclusive with {var}pskRaw.
:::
Type: null or string
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/wpa_supplicant.nix
networking.wireless.networks.<name>.pskRaw
The network's pre-shared key in hex defaulting to being a network without any authentication.
::: {.warning} Be aware that this will be written to the nix store in plaintext! Use an environment variable instead. :::
::: {.note}
Mutually exclusive with {var}psk.
:::
Type: null or string
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/wpa_supplicant.nix
networking.wireless.scanOnLowSignal
Whether to periodically scan for (better) networks when the signal of the current one is low. This will make roaming between access points faster, but will consume more power.
Type: boolean
Default
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/wpa_supplicant.nix
networking.wireless.userControlled.enable
Allow normal users to control wpa_supplicant through wpa_gui or wpa_cli. This is useful for laptop users that switch networks a lot and don't want to depend on a large package such as NetworkManager just to pick nearby access points.
When using a declarative network specification you cannot persist any settings via wpa_gui or wpa_cli.
Type: boolean
Default
false
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/wpa_supplicant.nix
networking.wireless.userControlled.group
Members of this group can control wpa_supplicant.
Type: string
Default
"wheel"
Example
"network"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/wpa_supplicant.nix