From 6071c57007795e6889ff2ec33ddfaf68361eb674 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?L=C3=A9ana=20=E6=B1=9F?= <leana.jiang+git@icloud.com>
Date: Sun, 21 Sep 2025 12:04:19 +0800
Subject: [PATCH] vanadium: refactor network

Another week yet another useless refactor.
I think it's remarkable that I managed to write nix like lisp.
Parentheses yum yum.
---
 .../vanadium/nixos/connectivity.nix           | 129 ++++++++++--------
 1 file changed, 71 insertions(+), 58 deletions(-)

diff --git a/nix/configurations/vanadium/nixos/connectivity.nix b/nix/configurations/vanadium/nixos/connectivity.nix
index 0a5fd684..90574414 100644
--- a/nix/configurations/vanadium/nixos/connectivity.nix
+++ b/nix/configurations/vanadium/nixos/connectivity.nix
@@ -38,76 +38,89 @@
       secretsFile = config.age.secrets.wpa_password.path;
       scanOnLowSignal = false;
       networks = let
+        properties = lib.flip lib.pipe;
+        networks = lib.flip lib.genAttrs (_: {});
+
         # The higher the more preferred
-        prio = i: lib.mapAttrs (_: conf: conf // {priority = i;});
+        setPrio = i: lib.mapAttrs (_: conf: conf // {priority = i;});
+        private = setPrio 10;
+        limited = setPrio (-10);
 
-        privatePrio = prio 10;
-        limitedDataPrio = prio (-10);
+        extraConfig = value: conf: conf // {extraConfig = conf.extraConfig or "" + value;};
+        randomizeMac = lib.mapAttrs (_: extraConfig "mac_addr=1\n");
+        roaming = lib.mapAttrs (_: extraConfig "bgscan=\"simple:30:-70:3600\"\n");
 
-        openNetworks = lib.flip lib.genAttrs (_: {});
-        pskNetworks = let
+        hasPsk = let
           # wpa_supplicant uses `strchr` to seek to the first `=`, so the only forbidden character is `=`.
           escapePwdKey = lib.replaceStrings ["="] ["_"];
         in
-          lib.flip lib.genAttrs (name: {pskRaw = "ext:${escapePwdKey name}";});
+          lib.mapAttrs (name: conf: conf // {pskRaw = "ext:${escapePwdKey conf.ssid or name}";});
       in
         lib.mkMerge [
-          (privatePrio (pskNetworks [
-            "HiddenParadize@Earth2077"
-            "Pei’s Wifi"
-            "girlypop-net"
-            "annapurna"
-            "5526-1"
+          (properties [private hasPsk]
+            (networks [
+              "HiddenParadize@Earth2077"
+              "Pei’s Wifi"
+              "girlypop-net"
+            ]))
+          (properties [private roaming hasPsk]
+            (networks [
+              "annapurna"
+              "5526-1"
+            ]))
 
-            "A-WAY"
-            "CAT.jpgcafe"
-            # TODO: Figure out how to configure networks of "same password, different ssid".
-            #
-            # In the following documentation, bssid can be used to match
-            # Besides, is it possible to have duplicated SSID?
-            # https://man.freebsd.org/cgi/man.cgi?wpa_supplicant.conf%285%29
-            "LOUISA" # 區公所
-            "LouisaCoffee" # 七張
-            "MetroTaipei x Louisa" # 大安
-          ]))
+          #
+          # School
+          #
+          (properties [private roaming]
+            {
+              eduroam = {
+                authProtocols = ["WPA-EAP"];
+                auth = ''
+                  pairwise=CCMP
+                  group=CCMP TKIP
+                  eap=PEAP
+                  ca_cert="${./certs/universite_de_rennes.pem}"
+                  identity="ychiang@etudiant.univ-rennes.fr"
+                  altsubject_match="DNS:radius.univ-rennes1.fr;DNS:radius1.univ-rennes1.fr;DNS:radius2.univ-rennes1.fr;DNS:vmradius-psf1.univ-rennes1.fr;DNS:vmradius-psf2.univ-rennes1.fr"
+                  phase2="auth=MSCHAPV2"
+                  password=ext:EDUROAM
+                  anonymous_identity="anonymous@univ-rennes.fr"
+                '';
+              };
+            })
 
-          (limitedDataPrio (pskNetworks [
-            "iPhone de Léana 江"
-          ]))
+          #
+          # Cafés
+          #
+          (properties [private randomizeMac hasPsk]
+            (networks [
+              "A-WAY"
+              "CAT.jpgcafe"
+              "LOUISA" # 區公所
+              "LouisaCoffee" # 七張
+              "MetroTaipei x Louisa" # 大安
+            ]))
 
-          (openNetworks [
-            "_SNCF_WIFI_INOUI"
-            "_WIFI_LYRIA"
-            "EurostarTrainsWiFi"
-            "SBB-FREE"
-            "AOT Airport Free Wi-Fi by NT"
-          ])
+          #
+          # Transport
+          #
+          (properties [randomizeMac]
+            (networks [
+              "_SNCF_WIFI_INOUI"
+              "_WIFI_LYRIA"
+              "EurostarTrainsWiFi"
+              "SBB-FREE"
+              "AOT Airport Free Wi-Fi by NT"
+            ]))
 
-          # TODO: Delete this when my account is deactivated
-          {
-            eduroam = {
-              authProtocols = ["WPA-EAP"];
-              auth = ''
-                pairwise=CCMP
-                group=CCMP TKIP
-                eap=PEAP
-                ca_cert="${./certs/universite_de_rennes.pem}"
-                identity="ychiang@etudiant.univ-rennes.fr"
-                altsubject_match="DNS:radius.univ-rennes1.fr;DNS:radius1.univ-rennes1.fr;DNS:radius2.univ-rennes1.fr;DNS:vmradius-psf1.univ-rennes1.fr;DNS:vmradius-psf2.univ-rennes1.fr"
-                phase2="auth=MSCHAPV2"
-                password=ext:EDUROAM
-                anonymous_identity="anonymous@univ-rennes.fr"
-              '';
-            };
-          }
-
-          # Other per-network configuration
-          # bgscan has performance penalty so we don't enable it globally
-          {
-            "5526-1".extraConfig = ''
-              bgscan="simple:30:-70:3600"
-            '';
-          }
+          #
+          # Phones
+          #
+          (properties [limited hasPsk]
+            (networks [
+              "iPhone de Léana 江"
+            ]))
         ];
     };
   };