hosts/aubergine/networking/wifi.nix

   1 { pkgs, lib, hostName, ... }:
   2 with (import ./names-and-numbers.nix);
   3 {
   4   environment.systemPackages = [
   5     pkgs.iw
   6   ];
   7   networking.interfaces = {
   8     ${wifiIface} = {
   9       useDHCP = false;
  10       ipv4.addresses = [{ address = "${wifiIPv4}.1"; prefixLength = 24; }];
  11       ipv4.routes = [
  12         {
  13           address = "${wifiIPv4}.0";
  14           prefixLength = 24;
  15           options = { congctl = "westwood"; };
  16         }
  17       ];
  18     };
  19   };
  20   networking.nftables.ruleset = lib.mkAfter ''
  21     table inet filter {
  22       chain input {
  23         iifname ${wifiIface} jump input-lan
  24         iifname ${wifiIface} log level warn prefix "input-lan: " counter drop
  25       }
  26       chain output {
  27         oifname ${wifiIface} jump output-lan
  28         oifname ${wifiIface} log level warn prefix "output-lan: " counter drop
  29       }
  30       chain forward-to-wifi {
  31         accept
  32       }
  33       chain forward-from-wifi {
  34         accept
  35       }
  36       chain forward {
  37         iifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } oifname ${wifiIface} goto forward-to-wifi
  38         iifname ${wifiIface} oifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } goto forward-from-wifi
  39       }
  40     }
  41   '';
  42
  43   networking.networkmanager.unmanaged = [ wifiIface ];
  44   systemd.services.dhcpd4.onFailure = [ "network-addresses-${wifiIface}.service" ];
  45   services.dhcpd4 = {
  46     enable = true;
  47     interfaces = [ wifiIface ];
  48     extraConfig = ''
  49       subnet ${wifiIPv4}.0 netmask 255.255.255.0 {
  50         range ${wifiIPv4}.100 ${wifiIPv4}.200;
  51         option broadcast-address ${wifiIPv4}.255;
  52         option domain-name-servers ${wifiIPv4}.1;
  53         option routers ${wifiIPv4}.1;
  54         option subnet-mask 255.255.255.0;
  55       }
  56     '';
  57   };
  58   # iw dev wlp5s0 station dump
  59   # DOC: https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf
  60   services.hostapd = {
  61     enable = true;
  62     logLevel = 2;
  63     interface = wifiIface;
  64     # 0 means the AP will search for the channel with the least interferences (ACS)
  65     channel = 1;
  66     hwMode = "g";
  67     ssid = hostName;
  68     wpa = false;
  69     #wpaPassphrase = "bidonpoissonmaisonronron";
  70     countryCode = "FR";
  71     extraConfig = ''
  72       # WLAN
  73       beacon_int=100
  74       dtim_period=2 # DTIM (delivery trafic information message)
  75       preamble=1
  76       # limit the frequencies used to those allowed in the country
  77       ieee80211d=1
  78
  79       # WPA2
  80       #wpa_key_mgmt=WPA-PSK
  81       #wpa_pairwise=CCMP
  82       #rsn_pairwise=CCMP
  83       #auth_algs=1 # 0=noauth, 1=wpa, 2=wep, 3=both
  84       macaddr_acl=0
  85       # QoS support, also required for full speed on 802.11n/ac/ax
  86       wmm_enabled=1
  87       eap_reauth_period=360000
  88       wpa_group_rekey=600
  89       wpa_ptk_rekey=600
  90       wpa_gmk_rekey=86400
  91
  92       # N-WLAN
  93       ieee80211n=1
  94       # See Capabilities in iw list
  95       #ht_capab=[HT40+][SHORT-GI-40][DSSS_CCK-40][MAX-AMSDU-3839]
  96       require_ht=1
  97       obss_interval=0
  98
  99       # 802.11ac support
 100       ieee80211ac=0
 101     '';
 102   };
 103
 104 }