.files/nix/networks/wpa_supplicant-compat.nix

#
# This loads the list of networks as a NixOS wpa_supplicant compatible attrset
#
# View the example config
# less $(nix-build --no-out-link -E '(import <nixpkgs> {}).wpa_supplicant')/share/doc/wpa_supplicant/wpa_supplicant.conf.example
let
  sources = import ../../npins;
  lib = import (sources.nixpkgs + "/lib");

  # wpa_supplicant uses `strchr` to seek to the first `=`, so the only forbidden character is `=`.
  escapePwdKey = lib.replaceStrings [ "=" ] [ "_" ];

  go =
    networkArgs@{
      ssid,
      bssid ? null,
      # Custom fields wrapping nixpkgs module options
      hasPassword ? false,
      scanOnLowSignal ? false,
      randomizeMac ? false,
      ...
    }:
    let
      uniqueKey = "${ssid}${lib.optionalString (bssid != null) bssid}";
    in
    {
      ${uniqueKey} # we use a unique key here to make sure no "same ssid different bssid" networks collide in key.
        =
          lib.mkMerge [
            (builtins.removeAttrs networkArgs [
              "hasPassword"
              "scanOnLowSignal"
              "randomizeMac"
            ])
            (lib.optionalAttrs hasPassword {
              pskRaw = "ext:${escapePwdKey uniqueKey}"; # this implies changing the external password key if you set a bssid!
            })
            {
              extraConfig = ''
                ${lib.optionalString scanOnLowSignal "bgscan=\"simple:30:-70:3600\""}
                ${lib.optionalString randomizeMac "mac_addr=1"}
              '';
            }
          ];
    };
in
ns: lib.mkMerge (map go ns)