]> Git — Sourcephile - julm/julm-nix.git/blob - hosts/aubergine/networking/wifi.nix
systemd-creds: move to creds-{setup,encrypt,decrypt}.sh
[julm/julm-nix.git] / hosts / aubergine / networking / wifi.nix
1 { pkgs, lib, config, hostName, ... }:
2 with (import ./names-and-numbers.nix);
3 {
4 environment.systemPackages = [
5 pkgs.iw
6 ];
7 networking.interfaces = {
8 ${wifiIface} = {
9 useDHCP = false;
10 ipv4.addresses = [ { address = "${wifiIPv4}.1"; prefixLength = 24; } ];
11 ipv4.routes = [
12 { address = "${wifiIPv4}.0";
13 prefixLength = 24;
14 options = { congctl="westwood";};
15 }
16 ];
17 };
18 };
19 networking.nftables.ruleset = lib.mkAfter ''
20 table inet filter {
21 chain input {
22 iifname ${wifiIface} jump input-lan
23 iifname ${wifiIface} log level warn prefix "input-lan: " counter drop
24 }
25 chain output {
26 oifname ${wifiIface} jump output-lan
27 oifname ${wifiIface} log level warn prefix "output-lan: " counter drop
28 }
29 }
30 '';
31
32 networking.networkmanager.unmanaged = [ wifiIface ];
33 services.dnscrypt-proxy2.settings.listen_addresses = [ "${wifiIPv4}.1:53" ];
34 systemd.services.dhcpd4.onFailure = [ "network-addresses-${wifiIface}.service" ];
35 services.dhcpd4 = {
36 enable = true;
37 interfaces = [ wifiIface ];
38 extraConfig = ''
39 subnet ${wifiIPv4}.0 netmask 255.255.255.0 {
40 range ${wifiIPv4}.100 ${wifiIPv4}.200;
41 option broadcast-address ${wifiIPv4}.255;
42 option domain-name-servers ${wifiIPv4}.1;
43 option routers ${wifiIPv4}.1;
44 option subnet-mask 255.255.255.0;
45 }
46 '';
47 };
48 # iw dev wlp5s0 station dump
49 # DOC: https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf
50 services.hostapd = {
51 enable = true;
52 logLevel = 2;
53 interface = wifiIface;
54 # 0 means the AP will search for the channel with the least interferences (ACS)
55 channel = 1;
56 hwMode = "g";
57 ssid = hostName;
58 wpa = false;
59 #wpaPassphrase = "bidonpoissonmaisonronron";
60 countryCode = "FR";
61 extraConfig = ''
62 # WLAN
63 beacon_int=100
64 dtim_period=2 # DTIM (delivery trafic information message)
65 preamble=1
66 # limit the frequencies used to those allowed in the country
67 ieee80211d=1
68
69 # WPA2
70 #wpa_key_mgmt=WPA-PSK
71 #wpa_pairwise=CCMP
72 #rsn_pairwise=CCMP
73 #auth_algs=1 # 0=noauth, 1=wpa, 2=wep, 3=both
74 macaddr_acl=0
75 # QoS support, also required for full speed on 802.11n/ac/ax
76 wmm_enabled=1
77 eap_reauth_period=360000
78 wpa_group_rekey=600
79 wpa_ptk_rekey=600
80 wpa_gmk_rekey=86400
81
82 # N-WLAN
83 ieee80211n=1
84 # See Capabilities in iw list
85 #ht_capab=[HT40+][SHORT-GI-40][DSSS_CCK-40][MAX-AMSDU-3839]
86 require_ht=1
87 obss_interval=0
88
89 # 802.11ac support
90 ieee80211ac=0
91 '';
92 };
93
94 services.openssh.listenAddresses = [
95 { addr = "${wifiIPv4}.1"; port = 22; }
96 ];
97
98 }