/run/wpa_supplicant/wpa_supplicant.conf seems to get wiped after I suspend.
Hence, if you use wpa_cli to add a network, it will be gone after the suspend,
which is minorly annoying.
I assume it’s happening somewhere in NixOS given it makes little sense for wpa_supplicant itself to do this. I assume it’s getting reset to the configuration defined in NixOS somehow.
The question is where this is implemented so I can stop it.
/run/wpa_supplicant/wpa_supplicant.conf seems to get wiped after I suspend.
That’s correct, that file is generated from the NixOS configuration and spliced with your secrets whenever you restart the wpa_supplicant daemon.
The question is where this is implemented so I can stop it.
You can’t, unless you rewrite the networking.wireless module. However, if you want to preserve the networks you added at runtime, there’s networking.wireless.allowAuxiliaryImperativeNetworks.
With this enabled you can put extra networks in /etc/wpa_supplicant.conf (either manually or using wpa_cli), which will be read in addition to /run/wpa_supplicant/wpa_supplicant.conf.