From 076a4448e78a0224026e835c2782e7187dbb1df6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9ana=20=E6=B1=9F?= Date: Sun, 7 Dec 2025 16:01:51 +0800 Subject: [PATCH] networks: implement bssid support --- nix/networks/list.nix | 1 + nix/networks/wpa_supplicant-compat.nix | 40 ++++++++++++++----------- nix/secrets/wpa_password.age | Bin 920 -> 971 bytes 3 files changed, 23 insertions(+), 18 deletions(-) diff --git a/nix/networks/list.nix b/nix/networks/list.nix index 4ec25b95..aaeb1560 100644 --- a/nix/networks/list.nix +++ b/nix/networks/list.nix @@ -6,6 +6,7 @@ in [ { ssid = "~"; + bssid = "de:ad:de:ad:d0:d0"; # dead dead dodo priority = preferredPriority; hasPassword = true; } diff --git a/nix/networks/wpa_supplicant-compat.nix b/nix/networks/wpa_supplicant-compat.nix index 65f130a0..84f59504 100644 --- a/nix/networks/wpa_supplicant-compat.nix +++ b/nix/networks/wpa_supplicant-compat.nix @@ -13,31 +13,35 @@ let go = networkArgs@{ ssid, + bssid ? null, # Custom fields wrapping nixpkgs module options hasPassword ? false, scanOnLowSignal ? false, randomizeMac ? false, ... }: + let + uniqueKey = "${ssid}${lib.optionalString (bssid != null) bssid}"; + in { - ${ssid} = lib.mkMerge [ - (builtins.removeAttrs networkArgs [ - # We keep ssid, because it overrides the attrset name ssid - # "ssid" - "hasPassword" - "scanOnLowSignal" - "randomizeMac" - ]) - (lib.optionalAttrs hasPassword { - pskRaw = "ext:${escapePwdKey ssid}"; - }) - { - extraConfig = '' - ${lib.optionalString scanOnLowSignal "bgscan=\"simple:30:-70:3600\""} - ${lib.optionalString randomizeMac "mac_addr=1"} - ''; - } - ]; + ${uniqueKey} # we use a unique key here to make sure no "same ssid different bssid" networks collide in key. + = + lib.mkMerge [ + (builtins.removeAttrs networkArgs [ + "hasPassword" + "scanOnLowSignal" + "randomizeMac" + ]) + (lib.optionalAttrs hasPassword { + pskRaw = "ext:${escapePwdKey uniqueKey}"; # this implies changing the external password key if you set a bssid! + }) + { + extraConfig = '' + ${lib.optionalString scanOnLowSignal "bgscan=\"simple:30:-70:3600\""} + ${lib.optionalString randomizeMac "mac_addr=1"} + ''; + } + ]; }; in ns: lib.mkMerge (map go ns) diff --git a/nix/secrets/wpa_password.age b/nix/secrets/wpa_password.age index 17fe933a12c35c3483098c7731b9a81331bf2474..511c4742e7fc5182ddffe1887b03fe3ede23b115 100644 GIT binary patch delta 902 zcmV;119|+I2g?VLEPr=eO;|WWM^a)a|%;8R8w+Ed2v)hOnP)~a#CYLWLJ1KNKH>LXG1S|csN9ND_2r^acyF5V+t)k zAaiqQEoEdfH8n9gAZv3lYcN3|PGWaLq|0=Flb0gO-4a7L~n65Yhq7Rc2!C^ zWieH8bVY1+V@GOp3Q0?IYA<6^S8`EOcSUwIM=Mq@WlKhSLN`(~cu-9-Zfj6jab+|{ zSvY8Kk?|K-YF02aIW{?UHA`1ybxb!=WO7DiGgoqOW^HqKYDrNyM>9@UV>V+kWHLz# zIB-N)IZ+vaRdiEmVQoz^Rx(9HHBxj)D{N6%Gi*hZUjY|?FK}{G zGd4;yOK@XRQ+6*aK~ritFg7bsbWuu6cWF>iQfhKkcv5I=FfmmMY&kb%d1X;gP7YFhf&QT1#g!MR871Ry9INb7^R4D|JRtWmaPfEj}PRVlr%IEoX9NVRL05I$lOH zAU0!qb0RV}WeR#`b7fOXM@VUZLP2a!Z(49kY)^AIQ%i3~ZF+DqRA)_OQ8-I!I9Ebx zYBXecPH0(AQ*n4TOD}OkNqBT=T5&fDIAd@%N^43h3N0-yAZ2DUR%bJCVmMKGV>vQ- zaaUALH8)meF;04KL~vwpWh+N(LQ64qHc@163V&`lo0Dgo=lI{_xDoDu`#B(H>x4M; z%1Wo9&4V7jCM;6vq(j}Nyd}%l2IJ>~&|YIH@iQ?tm31ttydvpuoXG}!*NGB-NjWfW zl^*cV0vad7*rNIiTt4kFQpY>DT=q;Jl!l$&F)en4pkLi?eBDHqFa1Z6KMJNUdt{A; zAPoi;xm^VPL?QfCzIIf9;(Nz#6gzb`me|j5R+Rmoh&-zcbQuy>Ok`sl1*w@r3i zr6W;W6&+IMvBIqX*q1_7R|yJ$#M7Fk`Lg9tk|8Ef{0BA_QPCr8zFbk;vdk>YjAv^y zLvHYP9it*hIViwu_CL5SbefJxVljfxE}t}3FmbbheUveyeRz7%Dud5gCIA2c delta 851 zcmV-Z1FZbZ2bc$tEPqsFLq}#uMOrsFb7o66X*6wBL1aR2V>w!4FEw*lY&U6bN?Arn zR6#gLcM5n(OK3}CN-J1KL`iElR8MbZXI6M?H%B&bM`tiHR#Y%oL2hz-L2qX-O$seO zAaiqQEoEdfH8n9gAZv3lYcN3|IYm-+Phx0UMrm|0F?MWeMMhL{IBaroby;&TL1RU6 zGE_lwFjh4yPE%}m3OH6~Z+0>?cy?xUF-L7kOKDR$IBi8RG&5ytO?hQ@XirTrZBsLI zacFmQk?|K-QCdb-dNX5DT1r}1QBN;yD{WRuW^qVUZAC9xH)%Imcvo#SY;svwc}PhL zXGUdGZFzb#Y-4CgZhA*gWkqB(XfktfZFVq0Nj5iHNHI=rQBPWSGfh#GUjY|?T6b1d zGi+u;HE>#XPFHPWFHcTJQ#N-&G)yybXHhh4cXxPtMPp`XFL!SWMPo~HZ*)RyOG7z1 zN?JB|NHCYNR zEiE8eHBeAEX=h?;GEZ|eYItU6L{2hzGG$|0bYXLGPI6{KS~5Z~R4+(HMMVmqOV`L= zVuRVI&!-WO`{Jp2EC+**jo{(H