Currently, we have

  (1) in-memory connections
  (2) keyfiles in user-config (/etc/NetworkManager/system-connections)

but we need more:

  (3) keyfiles generated for example during bootup, in
      /var/run/NetworkManager/connections.d/

  (4) keyfiles provisioned, say from RPM to
      /usr/lib/NetworkManager/connections.d/)


the new location (4) should be read-only to NetworkManager. Location (3) migth be read-only or not (still undecided).

When loading connection, we would load them in order (4) (3) (2).
I am not sure about whether to read (3) or (2) first, but first (3) seems better.

Connection equality is based on the UUID, thus connections from later locations hide/shadow connections from earlier locations.

When the user modifies/deletes a connection in (4), we should store to (2) the changed connection (or the fact that the connection is deleted/hidden).
Or maybe we should generally disallow modifying these connections(?).

When the user modifies a connection (3), we could either
  - change the file in location (3)
  - disallow changing/deleting operation for these connections
  - hide them via (2).



Use of (4) (/usr/lib/NetworkManager/connection.d)
-------------------------------------------------

The use of (4) are pre-installed connections. Say, a company distributes an RPM with the Wi-Fi settings.

Another use could be:
If we would be to allow one connection to activate on multiple devices, we could install a package that provides a default-wired-connection. We could thus re-design our default-wired-thing to instead have a keyfile installed.



Use of (3) (/var/run/NetworkManager/connection.d)
-------------------------------------------------

a generator script could run and create connections that only exist during the lifetime of the current boot. Say, connections from initrd could be persisted to /var/run/NetworkManager/connection.d for NetworkManager to use afterwards.