hosts/aubergine/networking/wifi.nix

   1 { pkgs, lib, hostName, ... }:
   2 with (import ./names-and-numbers.nix);
   3 {
   4   environment.systemPackages = [
   5     pkgs.iw
   6   ];
   7   networking.interfaces = {
   8     ${wifiIface} = {
   9       useDHCP = false;
  10       ipv4.addresses = [{ address = "${wifiIPv4}.1"; prefixLength = 24; }];
  11       ipv4.routes = [
  12         {
  13           address = "${wifiIPv4}.0";
  14           prefixLength = 24;
  15           options = { congctl = "westwood"; };
  16         }
  17       ];
  18     };
  19   };
  20   networking.nftables.ruleset = lib.mkAfter ''
  21     table inet filter {
  22       chain input {
  23         iifname ${wifiIface} jump input-lan
  24         iifname ${wifiIface} log level warn prefix "input-lan: " counter drop
  25       }
  26       chain output {
  27         oifname ${wifiIface} jump output-lan
  28         oifname ${wifiIface} log level warn prefix "output-lan: " counter drop
  29       }
  30     }
  31   '';
  32
  33   networking.networkmanager.unmanaged = [ wifiIface ];
  34   services.dnscrypt-proxy2.settings.listen_addresses = [ "${wifiIPv4}.1:53" ];
  35   systemd.services.dhcpd4.onFailure = [ "network-addresses-${wifiIface}.service" ];
  36   services.dhcpd4 = {
  37     enable = true;
  38     interfaces = [ wifiIface ];
  39     extraConfig = ''
  40       subnet ${wifiIPv4}.0 netmask 255.255.255.0 {
  41         range ${wifiIPv4}.100 ${wifiIPv4}.200;
  42         option broadcast-address ${wifiIPv4}.255;
  43         option domain-name-servers ${wifiIPv4}.1;
  44         option routers ${wifiIPv4}.1;
  45         option subnet-mask 255.255.255.0;
  46       }
  47     '';
  48   };
  49   # iw dev wlp5s0 station dump
  50   # DOC: https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf
  51   services.hostapd = {
  52     enable = true;
  53     logLevel = 2;
  54     interface = wifiIface;
  55     # 0 means the AP will search for the channel with the least interferences (ACS)
  56     channel = 1;
  57     hwMode = "g";
  58     ssid = hostName;
  59     wpa = false;
  60     #wpaPassphrase = "bidonpoissonmaisonronron";
  61     countryCode = "FR";
  62     extraConfig = ''
  63       # WLAN
  64       beacon_int=100
  65       dtim_period=2 # DTIM (delivery trafic information message)
  66       preamble=1
  67       # limit the frequencies used to those allowed in the country
  68       ieee80211d=1
  69
  70       # WPA2
  71       #wpa_key_mgmt=WPA-PSK
  72       #wpa_pairwise=CCMP
  73       #rsn_pairwise=CCMP
  74       #auth_algs=1 # 0=noauth, 1=wpa, 2=wep, 3=both
  75       macaddr_acl=0
  76       # QoS support, also required for full speed on 802.11n/ac/ax
  77       wmm_enabled=1
  78       eap_reauth_period=360000
  79       wpa_group_rekey=600
  80       wpa_ptk_rekey=600
  81       wpa_gmk_rekey=86400
  82
  83       # N-WLAN
  84       ieee80211n=1
  85       # See Capabilities in iw list
  86       #ht_capab=[HT40+][SHORT-GI-40][DSSS_CCK-40][MAX-AMSDU-3839]
  87       require_ht=1
  88       obss_interval=0
  89
  90       # 802.11ac support
  91       ieee80211ac=0
  92     '';
  93   };
  94
  95   services.openssh.listenAddresses = [
  96     { addr = "${wifiIPv4}.1"; port = 22; }
  97   ];
  98
  99 }