├── flake.lock
├── universities.nix
├── flake.nix
├── update.py
└── README.md


/flake.lock:
--------------------------------------------------------------------------------
 1 | {
 2 |   "nodes": {
 3 |     "nixpkgs": {
 4 |       "locked": {
 5 |         "lastModified": 1726937504,
 6 |         "narHash": "sha256-bvGoiQBvponpZh8ClUcmJ6QnsNKw0EMrCQJARK3bI1c=",
 7 |         "owner": "nixos",
 8 |         "repo": "nixpkgs",
 9 |         "rev": "9357f4f23713673f310988025d9dc261c20e70c6",
10 |         "type": "github"
11 |       },
12 |       "original": {
13 |         "owner": "nixos",
14 |         "ref": "nixos-unstable",
15 |         "repo": "nixpkgs",
16 |         "type": "github"
17 |       }
18 |     },
19 |     "root": {
20 |       "inputs": {
21 |         "nixpkgs": "nixpkgs"
22 |       }
23 |     }
24 |   },
25 |   "root": "root",
26 |   "version": 7
27 | }
28 | 


--------------------------------------------------------------------------------
/universities.nix:
--------------------------------------------------------------------------------
 1 | # to add a new university:
 2 | # 1. add a new entry to the list (change the name and id)
 3 | # { name = "new"; id = 1; }
 4 | # 2. run `nix build .\#install-eduroam-new`
 5 | # 3. add the hash from the error to the list entry
 6 | [
 7 |   { name = "bonn"; id = 5133; hash = "sha256-X+eq9TXuCfy8Iea8MjFhk/hk+xRnjtpEPmLZgRCvv0E="; }
 8 |   { name = "flensburg"; id = 5188; hash = "sha256-cZecZECAkbzMc8vPOM0DsHh2HkbRxO/AyyOj0sQ7Gmg="; }
 9 |   { name = "koeln"; id = 5133; hash = "sha256-X+eq9TXuCfy8Iea8MjFhk/hk+xRnjtpEPmLZgRCvv0E="; }
10 |   { name = "leipzig"; id = 5674; hash = "sha256-75mHJNXiP+SOeoMQhmfbYm97TqYHVJejxCKeT5l5Qc8="; }
11 |   { name = "lund"; id = 1338; hash = "sha256-Nln7adqpalZkqSM5AOkN2U1CAQ/T3BmJkNEMeDU4YDg="; }
12 |   { name = "saarland"; id = 10315; hash = "sha256-4OvnApFKD3zz0Xh/y7S6C1uRvyhgPCKBYHd/bhnmeeo="; }
13 |   { name = "siegen"; id = 5356; hash = "sha256-qBGoeIWfYvDVZaxK6uEjPdIaKeBll0UYIEtoN8swInk="; }
14 |   { name = "vccs"; id = 11835; hash = "sha256-K57+R1cuubAGIyewy9kFWNxwbiuoxAxDecqM3zcv3KY="; }
15 |   { name = "strathclyde"; id = 2316; hash = "sha256-oumaKcSRF8RrdQ0dHbNXN8w6Y5YlLNXnuglVq9srvU0="; }
16 |   { name = "udl"; id = 5824; hash = "sha256-J4fJkCrncDWPJPoXFz3kC7Qwiz1ip/XpgBYVLafc8YM="; }
17 | ]
18 | 


--------------------------------------------------------------------------------
/flake.nix:
--------------------------------------------------------------------------------
 1 | {
 2 |   description = "Install eduroam on NixOS systems";
 3 | 
 4 |   inputs = {
 5 |     nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
 6 |   };
 7 | 
 8 |   outputs = { self, ... } @ inputs:
 9 |     with inputs; let
10 |       supportedSystems = [ "aarch64-linux" "x86_64-linux" ];
11 |       forAllSystems = nixpkgs.lib.genAttrs supportedSystems;
12 |       nixpkgsFor = forAllSystems (system: import nixpkgs { inherit system; overlays = [ ]; });
13 |       unis = import ./universities.nix;
14 |     in
15 |     {
16 |       formatter = forAllSystems (system: nixpkgsFor.${system}.nixpkgs-fmt);
17 |       packages = forAllSystems (system:
18 |         let
19 |           pkgs = nixpkgsFor.${system};
20 |           python-with-dbus = pkgs.python3.withPackages (p: with p; [ dbus-python ]);
21 |         in
22 |         builtins.listToAttrs
23 |           (builtins.map
24 |             (item: {
25 |               name = "install-eduroam-${item.name}";
26 |               value = ({ name, id, hash ? "", }:
27 |                 let
28 |                   script = pkgs.fetchurl {
29 |                     url = "https://cat.eduroam.org/user/API.php?action=downloadInstaller&lang=en&profile=${builtins.toString id}&device=linux&generatedfor=user&openroaming=0";
30 |                     sha256 = hash;
31 |                   };
32 |                 in
33 |                 pkgs.writeShellScriptBin "install-eduroam-${name}" ''
34 |                   ${python-with-dbus}/bin/python ${script}
35 |                 '') item;
36 |             })
37 |             unis)
38 |         //
39 |         {
40 |           # nix run .#list-eduroam-entityIDs
41 |           list-eduroam-entityIDs = pkgs.writeShellScriptBin "list-eduroam-entityIDs"
42 |             "${pkgs.curl}/bin/curl 'https://cat.eduroam.org/user/API.php?action=listAllIdentityProviders&api' | ${pkgs.jq}/bin/jq";
43 |         });
44 |     };
45 | }
46 | 


--------------------------------------------------------------------------------
/update.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env nix-shell
 2 | #! nix-shell -i python -p "python3.withPackages (ps: with ps; [ requests ])"
 3 | 
 4 | # This script updates the hashes in the universities.nix file
 5 | 
 6 | import subprocess
 7 | import hashlib
 8 | import base64
 9 | import json
10 | import requests
11 | 
12 | 
13 | def download_and_generate_sha256_hash(url: str) -> str | None:
14 |     """
15 |     Fetch the tarball from the given URL.
16 |     Then generate a sha256 hash of the tarball.
17 |     """
18 | 
19 |     try:
20 |         # Download the file from the URL
21 |         response = requests.get(url)
22 |         response.raise_for_status()
23 | 
24 |     except requests.exceptions.RequestException as e:
25 |         print(f"Error: {e}")
26 |         return None
27 | 
28 |     # Create a new SHA-256 hash object
29 |     sha256_hash = hashlib.sha256()
30 | 
31 |     # Update the hash object with chunks of the downloaded content
32 |     for byte_block in response.iter_content(4096):
33 |         sha256_hash.update(byte_block)
34 | 
35 |     # Get the hexadecimal representation of the hash
36 |     hash_value = sha256_hash.digest()
37 | 
38 |     # Encode the hash value in base64
39 |     base64_hash = base64.b64encode(hash_value).decode("utf-8")
40 | 
41 |     # Format it as "sha256-{base64_hash}"
42 |     sri_representation = f"sha256-{base64_hash}"
43 | 
44 |     return sri_representation
45 | 
46 | 
47 | universities = json.loads(
48 |     subprocess.check_output(
49 |         "nix eval --json --file ./universities.nix", shell=True
50 |     ).decode("utf-8")
51 | )
52 | 
53 | for university in universities:
54 |     print(f"Fetching data for {university['name']} ({university['id']})")
55 |     sri_hash = download_and_generate_sha256_hash(
56 |         f"https://cat.eduroam.org/user/API.php?action=downloadInstaller&lang=en&profile={university['id']}&device=linux&generatedfor=user&openroaming=0"
57 |     )
58 |     if university["hash"] is None:
59 |         continue
60 |     elif sri_hash != university["hash"]:
61 |         print(f"Hash mismatch for {university['name']} ({university['id']})")
62 |         print(f"Expected: {university['hash']}")
63 |         print(f"Actual: {sri_hash}")
64 |         print("-" * 80)
65 |         # search for university['hash'] in the file and replace it with sri_hash
66 |         with open("universities.nix", "r") as file:
67 |             filedata = file.read()
68 |         newdata = filedata.replace(university["hash"], sri_hash)
69 |         with open("universities.nix", "w") as file:
70 |             file.write(newdata)
71 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # eduroam-flake
  2 | 
  3 | Install Eduroam on NixOS.
  4 | 
  5 | ## TDLR for helpdesk people
  6 | 
  7 | Installing Eduroam on NixOS is not much different from installing it on other Linux distributions.
  8 | Users need to use network-manager and execute the python script provided by the cat.eduroam.org.
  9 | Main difference on NixOS: the way we manage dependencies is different.
 10 | 
 11 | In case you are not familiar with Nix, but you need to help a NixOS user to install Eduroam, here are two options:
 12 | 
 13 | ### Using this Nix Flake
 14 | 
 15 | Take a look at the `flake.nix` file. All this flake does:
 16 | 
 17 | 1. fetch the python script
 18 | 2. Execute it with Python3 and the dependencies needed
 19 | 
 20 | The URLs are generated from the eduroam ID corresponding to your institution.
 21 | 
 22 | Execute the script from GitHub directly:
 23 | 
 24 | ```sh
 25 | nix run 'github:mayniklas/eduroam-flake'#install-eduroam-bonn
 26 | ```
 27 | 
 28 | Execute the script from a local clone:
 29 | 
 30 | ```sh
 31 | git clone https://github.com/MayNiklas/eduroam-flake.git
 32 | cd eduroam-flake
 33 | nix run .#install-eduroam-bonn
 34 | ```
 35 | 
 36 | or list all available scripts with `nix flake show`
 37 | 
 38 | ### Using a Nix Shell
 39 | 
 40 | ```sh
 41 | # open a shell whith all the dependencies needed
 42 | nix-shell -p "python3.withPackages (ps: with ps; [ dbus-python ])"
 43 | 
 44 | # execute the script
 45 | python3 <your-eduroam.py>
 46 | 
 47 | # one liner
 48 | nix-shell -p "python3.withPackages (ps: with ps; [ dbus-python ])" --run python3 <your-eduroam.py>
 49 | ```
 50 | 
 51 | ## Disclaimer
 52 | 
 53 | This is technically completely overkill and unnecessary.
 54 | You don't need to create a package to execute a python script when using Nix.
 55 | 
 56 | ```sh
 57 | nix-shell -p "python3.withPackages (ps: with ps; [ dbus-python ])" --run python3 <your-eduroam.py>
 58 | ```
 59 | 
 60 | Would technically achieve the same result.
 61 | 
 62 | Next month I'm giving a talk about Nix and since we need to login into Eduroam during a live demo, I thought it would be a great and simple example to talk about flakes.
 63 | 
 64 | Also: it took me some time to figure out, you need to use `dbus-python` instead of `pydbus`. This repository might save people time in case they find it by googling `NixOS Eduroam`. This repository might be helpful for documentation purposes.
 65 | 
 66 | ## Usage
 67 | 
 68 | > This script assumes you are using NetworkManager.
 69 | 
 70 | Find your University's entityID:
 71 | 
 72 | ```sh
 73 | nix run .#list-eduroam-entityIDs
 74 | ```
 75 | 
 76 | Then add your university to the list using it's name and the id that is used to fetch the script.
 77 | 
 78 | Then run the `nix run` command.
 79 | 
 80 | The first run will fail, because the hash of the python script is not known yet.
 81 | The error message will tell you the hash of the python script.
 82 | Add the hash to the university's entry.
 83 | 
 84 | Nice to know:
 85 | To build a Nix package, just run `nix build .#install-eduroam-bonn`.
 86 | The result will be in `result`. You can run it with `./result/bin/install-eduroam-bonn`.
 87 | Reviewing this file manually tells us a lot about how Nix works!
 88 | 
 89 | ## Supported Universities:
 90 | 
 91 | | University                        | entityID | command                                |
 92 | | --------------------------------- | -------- | -------------------------------------- |
 93 | | Universität Bonn                  | 5138     | `nix run .#install-eduroam-bonn`       |
 94 | | Hochschule Flensburg              | 5188     | `nix run .#install-eduroam-flensburg`  |
 95 | | Universität Köln                  | 5133     | `nix run .#install-eduroam-koeln`      |
 96 | | Lund University                   | 1338     | `nix run .#install-eduroam-lund` |
 97 | | Universität Siegen                | 5356     | `nix run .#install-eduroam-siegen`     |
 98 | | University Leipzig                | 5674     | `nix run .#install-eduroam-leipzig`    |
 99 | | Virginia Community College System | 11835    | `nix run .#install-eduroam-vccs`       |
100 | | University of Strathclyde         | 2316     | `nix run .#install-eduroam-strathclyde`|
101 | | University of Lleida              | 5824     | `nix run .#install-eduroam-udl        `|
102 | 


--------------------------------------------------------------------------------