diff --git a/nix/networks/list.nix b/nix/networks/list.nix index 4ec25b95..aaeb1560 100644 --- a/nix/networks/list.nix +++ b/nix/networks/list.nix @@ -6,6 +6,7 @@ in [ { ssid = "~"; + bssid = "de:ad:de:ad:d0:d0"; # dead dead dodo priority = preferredPriority; hasPassword = true; } diff --git a/nix/networks/wpa_supplicant-compat.nix b/nix/networks/wpa_supplicant-compat.nix index 65f130a0..84f59504 100644 --- a/nix/networks/wpa_supplicant-compat.nix +++ b/nix/networks/wpa_supplicant-compat.nix @@ -13,31 +13,35 @@ let go = networkArgs@{ ssid, + bssid ? null, # Custom fields wrapping nixpkgs module options hasPassword ? false, scanOnLowSignal ? false, randomizeMac ? false, ... }: + let + uniqueKey = "${ssid}${lib.optionalString (bssid != null) bssid}"; + in { - ${ssid} = lib.mkMerge [ - (builtins.removeAttrs networkArgs [ - # We keep ssid, because it overrides the attrset name ssid - # "ssid" - "hasPassword" - "scanOnLowSignal" - "randomizeMac" - ]) - (lib.optionalAttrs hasPassword { - pskRaw = "ext:${escapePwdKey ssid}"; - }) - { - extraConfig = '' - ${lib.optionalString scanOnLowSignal "bgscan=\"simple:30:-70:3600\""} - ${lib.optionalString randomizeMac "mac_addr=1"} - ''; - } - ]; + ${uniqueKey} # we use a unique key here to make sure no "same ssid different bssid" networks collide in key. + = + lib.mkMerge [ + (builtins.removeAttrs networkArgs [ + "hasPassword" + "scanOnLowSignal" + "randomizeMac" + ]) + (lib.optionalAttrs hasPassword { + pskRaw = "ext:${escapePwdKey uniqueKey}"; # this implies changing the external password key if you set a bssid! + }) + { + extraConfig = '' + ${lib.optionalString scanOnLowSignal "bgscan=\"simple:30:-70:3600\""} + ${lib.optionalString randomizeMac "mac_addr=1"} + ''; + } + ]; }; in ns: lib.mkMerge (map go ns) diff --git a/nix/secrets/wpa_password.age b/nix/secrets/wpa_password.age index 17fe933a..511c4742 100644 Binary files a/nix/secrets/wpa_password.age and b/nix/secrets/wpa_password.age differ