From 4dacf94c674b41c9c9da0a145ee7c6693c3f6c85 Mon Sep 17 00:00:00 2001
From: Michael Czechowski <mail@dailysh.it>
Date: Wed, 17 Sep 2025 08:57:19 +0200
Subject: [PATCH] refactor: replace WiFi service with declarative
 NetworkManager

- Remove unnecessary systemd.services.workshop-wifi-setup service
- Remove environment.etc."NetworkManager/workshop-wifi.env" file
- Add declarative networking.networkmanager.ensureProfiles configuration
- Remove redundant WiFi packages (wpa_supplicant, wirelesstools, iw)
- Update documentation to reflect automatic WiFi connection
- Clean up bash script references to old services

This simplifies the configuration and makes WiFi connection automatic on boot.
---
 README.md                     |   8 +-
 common.nix                    | 152 ++++++++++++++--------------------
 docs/MANUAL_NETWORK_SETUP.md  |  26 +++---
 docs/USB_BOOT_INSTRUCTIONS.md |   6 +-
 flake.nix                     |  21 +----
 5 files changed, 89 insertions(+), 124 deletions(-)

diff --git a/README.md b/README.md
index 5003ee7..4898d21 100644
--- a/README.md
+++ b/README.md
@@ -44,6 +44,7 @@ browser wordpress          # Open directly in Firefox
 ## 💾 USB Environment
 
 Pre-configured with:
+- **Automatic WiFi connection** to workshop network
 - Docker Swarm + abra installation
 - SSH client for cloud access
 - Wildcard DNS resolution (dnsmasq)
@@ -148,9 +149,9 @@ browser <TAB>              # Shows deployed applications
 ## 🔧 Prerequisites
 
 - Nix with flakes enabled
-- SSH key at `~/.ssh/id_ed25519.pub`
 - 2GB+ RAM for VM testing
 - USB drive (8GB+) for workshop distribution
+- SSH key at `~/.ssh/id_ed25519.pub` (for cloud deployment only)
 
 ## 🛠️ Development Tools
 
@@ -171,10 +172,13 @@ make clean         # Clean build artifacts (./build/ and ./result/)
 ## 🔍 Troubleshooting
 
 ```bash
+# Check WiFi connection (should connect automatically)
+nmcli connection show --active
+
 # Check DNS resolution
 dig @127.0.0.1 test.workshop.local
 
-# Check running services  
+# Check running services
 docker service ls
 
 # Check DNS service
diff --git a/common.nix b/common.nix
index 8b52b5b..9ad07e9 100644
--- a/common.nix
+++ b/common.nix
@@ -2,7 +2,6 @@
   pkgs,
   lib ? pkgs.lib,
   isLiveIso ? false,
-  ...
 }:
 
 let
@@ -245,6 +244,31 @@ isoConfig
       enable = true;
       wifi.backend = "wpa_supplicant"; # Standard backend for live ISOs
       dns = "none"; # We use dnsmasq
+      ensureProfiles = {
+        profiles = {
+          "CODE_CRISPIES" = {
+            connection = {
+              id = "CODE_CRISPIES";
+              type = "wifi";
+              autoconnect = true;
+            };
+            wifi = {
+              mode = "infrastructure";
+              ssid = "CODE_CRISPIES";
+            };
+            wifi-security = {
+              key-mgmt = "wpa-psk";
+              psk = "scienceinthecity2025";
+            };
+            ipv4 = {
+              method = "auto";
+            };
+            ipv6 = {
+              method = "auto";
+            };
+          };
+        };
+      };
     };
     hostName = if isLiveIso then "workshop-live" else "workshop-vm";
     hosts."127.0.0.1" = [
@@ -255,53 +279,6 @@ isoConfig
     firewall.enable = false; # Workshop environment
   };
 
-  # WiFi credentials file
-  environment.etc."NetworkManager/workshop-wifi.env" = {
-    text = ''
-      WORKSHOP_SSID="CODE_CRISPIES"
-      WORKSHOP_PSK="scienceinthecity2025"
-    '';
-    mode = "0600";
-  };
-
-  # WiFi connection setup service
-  systemd.services.workshop-wifi-setup = {
-    description = "Set up workshop WiFi connection";
-    wantedBy = [ "multi-user.target" ];
-    after = [ "NetworkManager.service" ];
-    wants = [ "NetworkManager.service" ];
-    path = with pkgs; [
-      networkmanager
-      coreutils
-      gnugrep
-    ];
-    script = ''
-      # Source credentials
-      source /etc/NetworkManager/workshop-wifi.env
-
-      # Check if connection already exists
-      if nmcli connection show | grep -q "CODE_CRISPIES"; then
-        echo "✅ Workshop WiFi connection already exists"
-        exit 0
-      fi
-
-      echo "📡 Setting up workshop WiFi connection..."
-      # Create WiFi connection
-      if nmcli device wifi connect "$WORKSHOP_SSID" password "$WORKSHOP_PSK" hidden no; then
-        echo "✅ Workshop WiFi connection created and connected"
-      else
-        echo "⚠️ Could not connect to workshop WiFi (network may not be available)"
-        echo "   SSID: $WORKSHOP_SSID"
-        echo "   Manual connection: nmcli device wifi connect '$WORKSHOP_SSID' password '$WORKSHOP_PSK'"
-      fi
-    '';
-    serviceConfig = {
-      Type = "oneshot";
-      User = "root";
-      RemainAfterExit = true;
-    };
-  };
-
   # DNS Configuration - Wildcard *.workshop.local -> 127.0.0.1
   services.dnsmasq = {
     enable = true;
@@ -375,26 +352,26 @@ isoConfig
       chown workshop:workshop $AUTH_KEYS_FILE
       chmod 600 $AUTH_KEYS_FILE
     '';
-     serviceConfig = {
-       Type = "oneshot";
-       User = "root";
-       RemainAfterExit = true;
-     };
-   };
+    serviceConfig = {
+      Type = "oneshot";
+      User = "root";
+      RemainAfterExit = true;
+    };
+  };
 
-   # Build timestamp service
-   systemd.services.workshop-build-info = {
-     description = "Write build timestamp to /etc/workshop-build-info";
-     wantedBy = [ "multi-user.target" ];
-     script = ''
-       echo "$(date '+%Y-%m-%d %H:%M:%S')" > /etc/workshop-build-info
-     '';
-     serviceConfig = {
-       Type = "oneshot";
-       User = "root";
-       RemainAfterExit = true;
-     };
-   };
+  # Build timestamp service
+  systemd.services.workshop-build-info = {
+    description = "Write build timestamp to /etc/workshop-build-info";
+    wantedBy = [ "multi-user.target" ];
+    script = ''
+      echo "$(date '+%Y-%m-%d %H:%M:%S')" > /etc/workshop-build-info
+    '';
+    serviceConfig = {
+      Type = "oneshot";
+      User = "root";
+      RemainAfterExit = true;
+    };
+  };
 
   services.getty.autologinUser = "workshop";
   security.sudo.wheelNeedsPassword = false;
@@ -407,9 +384,6 @@ isoConfig
     networkmanager
     networkmanagerapplet # Network Manager GUI for GNOME
     gnome-control-center # GNOME Settings (includes network panel)
-    wpa_supplicant # Standard WiFi supplicant
-    wirelesstools # Standard WiFi tools
-    iw # Modern WiFi tools
     docker
     docker-compose
     gnome-terminal
@@ -610,14 +584,14 @@ isoConfig
             export PATH="$PATH:/root/.local/bin"
           fi
 
-           # Check abra installation
-           if sudo abra >/dev/null 2>&1; then
-             echo "✅ abra ready: $(sudo which abra)"
-             source <(sudo abra autocomplete bash) 2>/dev/null || true
-             echo "✅ abra autocomplete enabled"
-           else
-             echo "⚠️ abra not found! Check: systemctl status workshop-abra-install"
-           fi
+             # Check abra installation
+             if sudo abra >/dev/null 2>&1; then
+               echo "✅ abra ready: $(sudo which abra)"
+               source <(sudo abra autocomplete bash) 2>/dev/null || true
+               echo "✅ abra autocomplete enabled"
+             else
+               echo "⚠️ abra not found! Install with: curl -fsSL https://install.abra.coopcloud.tech | bash"
+             fi
 
            # Build info
            echo "✅ Workshop ISO - NixOS $(nixos-version) - Built: $(cat /etc/workshop-build-info 2>/dev/null || echo 'unknown')"
@@ -681,14 +655,14 @@ isoConfig
                echo "   Current groups: $(id -nG)"
              fi
 
-             # Check if abra is available via sudo
-             if sudo abra --version >/dev/null 2>&1; then
-               echo "✅ abra available via sudo: $(sudo which abra)"
-             else
-               echo "❌ abra not available via sudo"
-               echo "   Check: systemctl status workshop-abra-install"
-               return 1
-             fi
+              # Check if abra is available via sudo
+              if sudo abra --version >/dev/null 2>&1; then
+                echo "✅ abra available via sudo: $(sudo which abra)"
+              else
+                echo "❌ abra not available via sudo"
+                echo "   Check: which abra && abra --version"
+                return 1
+              fi
 
              # Check abra server configuration
              if sudo abra server ls 2>/dev/null | grep -q "default"; then
@@ -1364,9 +1338,9 @@ isoConfig
 
   # Essential GNOME services for network integration
   services.gnome = {
-    glib-networking.enable = true;  # Critical for NetworkManager integration
-    gnome-settings-daemon.enable = true;  # Handles GNOME settings
-    gnome-keyring.enable = true;  # Optional but good practice
+    glib-networking.enable = true; # Critical for NetworkManager integration
+    gnome-settings-daemon.enable = true; # Handles GNOME settings
+    gnome-keyring.enable = true; # Optional but good practice
   };
 
   # Exclude unnecessary GNOME packages
diff --git a/docs/MANUAL_NETWORK_SETUP.md b/docs/MANUAL_NETWORK_SETUP.md
index 4ba9dae..3195149 100644
--- a/docs/MANUAL_NETWORK_SETUP.md
+++ b/docs/MANUAL_NETWORK_SETUP.md
@@ -79,11 +79,15 @@ echo "nameserver 8.8.8.8" | sudo tee /etc/resolv.conf
 
 ## Workshop-Specific Network Setup
 
-### Connect to Workshop WiFi
+### Workshop WiFi (Automatic)
+
+The workshop environment automatically connects to the "CODE_CRISPIES" WiFi network using declarative NetworkManager configuration. No manual setup is required.
+
+If you need to connect to a different network:
 
 ```bash
 # Connect to workshop hotspot (if available)
-nmcli device wifi connect "ziegel" password "1234567890"
+nmcli device wifi connect "CODE_CRISPIES" password "scienceinthecity2025"
 ```
 
 ### Configure Local DNS Resolution
@@ -101,17 +105,17 @@ nslookup traefik.workshop.local 127.0.0.1
 
 When internet is not available during workshop setup:
 
-1. **Configure Network Manually**
-   ```bash
-   # Use one of the methods above to get network connectivity
-   nmcli device wifi connect "YourNetwork" password "YourPassword"
-   ```
+1. **Network Connects Automatically**
+    ```bash
+    # WiFi connects automatically to "CODE_CRISPIES" on boot
+    # Check connection: nmcli connection show --active
+    ```
 
 2. **Skip Online Dependencies**
-   ```bash
-   # The setup script will work offline once network is configured
-   setup
-   ```
+    ```bash
+    # The setup script will work offline once network is configured
+    setup
+    ```
 
 3. **Manual abra Installation** (if needed)
    ```bash
diff --git a/docs/USB_BOOT_INSTRUCTIONS.md b/docs/USB_BOOT_INSTRUCTIONS.md
index 44c8f97..4cc1a4e 100644
--- a/docs/USB_BOOT_INSTRUCTIONS.md
+++ b/docs/USB_BOOT_INSTRUCTIONS.md
@@ -71,6 +71,7 @@
 ## Getting Started Commands
 
 ```bash
+# WiFi connects automatically - no manual setup needed!
 # Set up your local environment
 setup
 
@@ -116,5 +117,6 @@ Name: Android, Password: (ask facilitator)
 → Note: Terminal no longer auto-starts to prevent boot hangs
 
 **Can't connect to internet**
-→ Try different WiFi network
-→ Use mobile hotspot as backup
+→ WiFi should connect automatically to "CODE_CRISPIES"
+→ If not, use mobile hotspot as backup
+→ Check: nmcli connection show --active
diff --git a/flake.nix b/flake.nix
index 78268df..3183f24 100644
--- a/flake.nix
+++ b/flake.nix
@@ -19,32 +19,13 @@
       system = "x86_64-linux";
       pkgs = nixpkgs.legacyPackages.${system};
 
-      # Server names for cloud connections
-      cloudServerNames = [
-        "hopper"
-        "curie"
-        "lovelace"
-        "noether"
-        "hamilton"
-        "franklin"
-        "johnson"
-        "clarke"
-        "goldberg"
-        "liskov"
-        "wing"
-        "rosen"
-        "shaw"
-        "karp"
-        "rich"
-      ];
-
       # Common configuration
       commonConfig =
         {
           isLiveIso ? false,
         }:
         import ./common.nix {
-          inherit pkgs cloudServerNames isLiveIso;
+          inherit pkgs isLiveIso;
         };
     in
     {