From 432efd430c50cd2855f87a9f335de51d6436b59f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?L=C3=A9ana=20=E6=B1=9F?= <leana.jiang+git@icloud.com>
Date: Sun, 2 Nov 2025 16:35:11 +0800
Subject: [PATCH] tree-wide: deduplicate network compat script

---
 .../hydrogen/nixos/connectivity.nix           | 40 ++-----------------
 .../vanadium/nixos/connectivity.nix           | 35 ++--------------
 .../networks.nix => networks/list.nix}        |  0
 .../universite_de_rennes.pem                  |  0
 nix/networks/wpa_supplicant-compat.nix        | 37 +++++++++++++++++
 5 files changed, 43 insertions(+), 69 deletions(-)
 rename nix/{connectivity/networks.nix => networks/list.nix} (100%)
 rename nix/{connectivity => networks}/universite_de_rennes.pem (100%)
 create mode 100644 nix/networks/wpa_supplicant-compat.nix

diff --git a/nix/configurations/hydrogen/nixos/connectivity.nix b/nix/configurations/hydrogen/nixos/connectivity.nix
index a71fc30c..6366ad80 100644
--- a/nix/configurations/hydrogen/nixos/connectivity.nix
+++ b/nix/configurations/hydrogen/nixos/connectivity.nix
@@ -26,45 +26,11 @@
       secretsFile = config.age.secrets.wpa_password.path;
       scanOnLowSignal = false;
       networks = let
-        # wpa_supplicant uses `strchr` to seek to the first `=`, so the only forbidden character is `=`.
-        escapePwdKey = lib.replaceStrings ["="] ["_"];
-
-        fromList = ns: let
-          go = networkArgs @ {
-            ssid,
-            # Custom fields wrapping nixpkgs module options
-            hasPassword ? false,
-            scanOnLowSignal ? false,
-            randomizeMac ? false,
-            ...
-          }: {
-            ${ssid} = lib.mkMerge [
-              (builtins.removeAttrs networkArgs ["ssid" "hasPassword" "scanOnLowSignal" "randomizeMac"])
-              (lib.optionalAttrs hasPassword {
-                pskRaw = "ext:${escapePwdKey ssid}";
-              })
-              (lib.optionalAttrs scanOnLowSignal {
-                extraConfig = ''
-                  bgscan="simple:30:-70:3600"
-                '';
-              })
-              (lib.optionalAttrs randomizeMac {
-                extraConfig = ''
-                  mac_addr=1
-                '';
-              })
-            ];
-          };
-        in
-          lib.mkMerge (map go ns);
-
-        allowList = builtins.filter (x: x.ssid == "~");
+        fromList = import ../../../networks/wpa_supplicant-compat.nix;
+        networks = import ../../../networks/list.nix;
       in
         fromList (
-          # We only want to use my own network
-          allowList (
-            import ../../../connectivity/networks.nix
-          )
+          builtins.filter (x: x.ssid == "~") networks
         );
     };
   };
diff --git a/nix/configurations/vanadium/nixos/connectivity.nix b/nix/configurations/vanadium/nixos/connectivity.nix
index 1c20f9ae..6beafb00 100644
--- a/nix/configurations/vanadium/nixos/connectivity.nix
+++ b/nix/configurations/vanadium/nixos/connectivity.nix
@@ -38,39 +38,10 @@
       secretsFile = config.age.secrets.wpa_password.path;
       scanOnLowSignal = false;
       networks = let
-        # wpa_supplicant uses `strchr` to seek to the first `=`, so the only forbidden character is `=`.
-        escapePwdKey = lib.replaceStrings ["="] ["_"];
-
-        fromList = ns: let
-          go = networkArgs @ {
-            ssid,
-            # Custom fields wrapping nixpkgs module options
-            hasPassword ? false,
-            scanOnLowSignal ? false,
-            randomizeMac ? false,
-            ...
-          }: {
-            ${ssid} = lib.mkMerge [
-              (builtins.removeAttrs networkArgs ["ssid" "hasPassword" "scanOnLowSignal" "randomizeMac"])
-              (lib.optionalAttrs hasPassword {
-                pskRaw = "ext:${escapePwdKey ssid}";
-              })
-              (lib.optionalAttrs scanOnLowSignal {
-                extraConfig = ''
-                  bgscan="simple:30:-70:3600"
-                '';
-              })
-              (lib.optionalAttrs randomizeMac {
-                extraConfig = ''
-                  mac_addr=1
-                '';
-              })
-            ];
-          };
-        in
-          lib.mkMerge (map go ns);
+        fromList = import ../../../networks/wpa_supplicant-compat.nix;
+        networks = import ../../../networks/list.nix;
       in
-        fromList (import ../../../connectivity/networks.nix);
+        fromList networks;
     };
   };
 
diff --git a/nix/connectivity/networks.nix b/nix/networks/list.nix
similarity index 100%
rename from nix/connectivity/networks.nix
rename to nix/networks/list.nix
diff --git a/nix/connectivity/universite_de_rennes.pem b/nix/networks/universite_de_rennes.pem
similarity index 100%
rename from nix/connectivity/universite_de_rennes.pem
rename to nix/networks/universite_de_rennes.pem
diff --git a/nix/networks/wpa_supplicant-compat.nix b/nix/networks/wpa_supplicant-compat.nix
new file mode 100644
index 00000000..7b4424a2
--- /dev/null
+++ b/nix/networks/wpa_supplicant-compat.nix
@@ -0,0 +1,37 @@
+#
+# This loads the list of networks as a NixOS wpa_supplicant compatible attrset
+#
+let
+  sources = import ../../npins;
+  lib = import (sources.nixpkgs + "/lib");
+
+  # wpa_supplicant uses `strchr` to seek to the first `=`, so the only forbidden character is `=`.
+  escapePwdKey = lib.replaceStrings ["="] ["_"];
+
+  go = networkArgs @ {
+    ssid,
+    # Custom fields wrapping nixpkgs module options
+    hasPassword ? false,
+    scanOnLowSignal ? false,
+    randomizeMac ? false,
+    ...
+  }: {
+    ${ssid} = lib.mkMerge [
+      (builtins.removeAttrs networkArgs ["ssid" "hasPassword" "scanOnLowSignal" "randomizeMac"])
+      (lib.optionalAttrs hasPassword {
+        pskRaw = "ext:${escapePwdKey ssid}";
+      })
+      (lib.optionalAttrs scanOnLowSignal {
+        extraConfig = ''
+          bgscan="simple:30:-70:3600"
+        '';
+      })
+      (lib.optionalAttrs randomizeMac {
+        extraConfig = ''
+          mac_addr=1
+        '';
+      })
+    ];
+  };
+in
+  ns: lib.mkMerge (map go ns)