nixos/wpa_supplicant: add configFile option

nixos/modules/services/networking/wpa_supplicant.nix

@@ -4,28 +4,6 @@ with lib;
 
 let
   cfg = config.networking.wireless;
-  configFile = if cfg.networks != {} || cfg.extraConfig != "" || cfg.userControlled.enable then pkgs.writeText "wpa_supplicant.conf" ''
-    ${optionalString cfg.userControlled.enable ''
-      ctrl_interface=DIR=/run/wpa_supplicant GROUP=${cfg.userControlled.group}
-      update_config=1''}
-    ${cfg.extraConfig}
-    ${concatStringsSep "\n" (mapAttrsToList (ssid: config: with config; let
-      key = if psk != null
-        then ''"${psk}"''
-        else pskRaw;
-      baseAuth = if key != null
-        then ''psk=${key}''
-        else ''key_mgmt=NONE'';
-    in ''
-      network={
-        ssid="${ssid}"
-        ${optionalString (priority != null) ''priority=${toString priority}''}
-        ${optionalString hidden "scan_ssid=1"}
-        ${if (auth != null) then auth else baseAuth}
-        ${extraConfig}
-      }
-    '') cfg.networks)}
-  '' else "/etc/wpa_supplicant.conf";
 in {
   options = {
     networking.wireless = {
@@ -202,6 +180,15 @@ in {
           for available options.
         '';
       };
+
+      configFile = mkOption {
+        type = types.path;
+        default = "/etc/wpa_supplicant.conf";
+        description = ''
+          Path to the wpa_supplicant configuration file. Only used if the
+          configuration is not defined through other options in this module.
+        '';
+      };
     };
   };
 
@@ -211,6 +198,29 @@ in {
       message = ''options networking.wireless."${name}".{psk,pskRaw,auth} are mutually exclusive'';
     });
 
+    networking.wireless.configFile = mkIf (cfg.networks != {} || cfg.extraConfig != "" || cfg.userControlled.enable) (pkgs.writeText "wpa_supplicant.conf" ''
+      ${optionalString cfg.userControlled.enable ''
+        ctrl_interface=DIR=/run/wpa_supplicant GROUP=${cfg.userControlled.group}
+        update_config=1''}
+      ${cfg.extraConfig}
+      ${concatStringsSep "\n" (mapAttrsToList (ssid: config: with config; let
+        key = if psk != null
+          then ''"${psk}"''
+          else pskRaw;
+        baseAuth = if key != null
+          then ''psk=${key}''
+          else ''key_mgmt=NONE'';
+      in ''
+        network={
+          ssid="${ssid}"
+          ${optionalString (priority != null) ''priority=${toString priority}''}
+          ${optionalString hidden "scan_ssid=1"}
+          ${if (auth != null) then auth else baseAuth}
+          ${extraConfig}
+        }
+      '') cfg.networks)}
+    '');
+
     environment.systemPackages =  [ pkgs.wpa_supplicant ];
 
     services.dbus.packages = [ pkgs.wpa_supplicant ];
@@ -233,22 +243,22 @@ in {
       path = [ pkgs.wpa_supplicant ];
 
       script = ''
-        iface_args="-s -u -D${cfg.driver} -c ${configFile}"
+        iface_args=(-s -u -D${escapeShellArg cfg.driver} -c ${escapeShellArg cfg.configFile})
         ${if ifaces == [] then ''
           for i in $(cd /sys/class/net && echo *); do
             DEVTYPE=
-            UEVENT_PATH=/sys/class/net/$i/uevent
+            UEVENT_PATH="/sys/class/net/$i/uevent"
             if [ -e "$UEVENT_PATH" ]; then
               source "$UEVENT_PATH"
-              if [ "$DEVTYPE" = "wlan" -o -e /sys/class/net/$i/wireless ]; then
-                args+="''${args:+ -N} -i$i $iface_args"
+              if [ "$DEVTYPE" = wlan -o -e "/sys/class/net/$i/wireless" ]; then
+                args+=(''${args:+-N} -i"$i" "''${iface_args[@]}")
               fi
             fi
           done
         '' else ''
-          args="${concatMapStringsSep " -N " (i: "-i${i} $iface_args") ifaces}"
+          args=(${concatMapStringsSep " -N " (i: ''-i${escapeShellArg i} "''${iface_args[@]}"'') ifaces})
         ''}
-        exec wpa_supplicant $args
+        exec wpa_supplicant "''${args[@]}"
       '';
     };