]> Git — Sourcephile - julm/julm-nix.git/blob - hosts/aubergine/networking/wifi.nix
openvpn: calyx: fix after dependencies
[julm/julm-nix.git] / hosts / aubergine / networking / wifi.nix
1 { pkgs, lib, hostName, ... }:
2 with (import ./names-and-numbers.nix);
3 {
4 imports = [
5 ../../../nixos/profiles/networking/wifi.nix
6 ];
7 networking.interfaces = {
8 ${wifiIface} = {
9 useDHCP = false;
10 ipv4.addresses = [{ address = "${wifiIPv4}.1"; prefixLength = 24; }];
11 ipv4.routes = [
12 {
13 address = "${wifiIPv4}.0";
14 prefixLength = 24;
15 options = { congctl = "westwood"; };
16 }
17 ];
18 };
19 };
20 networking.nftables.ruleset = lib.mkAfter ''
21 table inet filter {
22 chain input {
23 iifname ${wifiIface} jump input-lan
24 iifname ${wifiIface} log level warn prefix "input-lan: " counter drop
25 }
26 chain output {
27 oifname ${wifiIface} jump output-lan
28 oifname ${wifiIface} log level warn prefix "output-lan: " counter drop
29 }
30 chain forward-to-wifi {
31 accept
32 }
33 chain forward-from-wifi {
34 accept
35 }
36 chain forward {
37 iifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } oifname ${wifiIface} goto forward-to-wifi
38 iifname ${wifiIface} oifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } goto forward-from-wifi
39 }
40 }
41 '';
42
43 networking.networkmanager.unmanaged = [ wifiIface ];
44 systemd.services.dhcpd4.onFailure = [ "network-addresses-${wifiIface}.service" ];
45 services.dhcpd4 = {
46 enable = true;
47 interfaces = [ wifiIface ];
48 extraConfig = ''
49 subnet ${wifiIPv4}.0 netmask 255.255.255.0 {
50 range ${wifiIPv4}.100 ${wifiIPv4}.200;
51 option broadcast-address ${wifiIPv4}.255;
52 option domain-name-servers ${wifiIPv4}.1;
53 option routers ${wifiIPv4}.1;
54 option subnet-mask 255.255.255.0;
55 }
56 '';
57 };
58 # iw dev wlp5s0 station dump
59 # DOC: https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf
60 services.hostapd = {
61 enable = true;
62 logLevel = 2;
63 interface = wifiIface;
64 # 0 means the AP will search for the channel with the least interferences (ACS)
65 channel = 0;
66 # a=5GHz, g=2.4GHz
67 hwMode = "g";
68 ssid = hostName;
69 wpa = false;
70 #wpaPassphrase = "bidonpoissonmaisonronron";
71 countryCode = "FR";
72 extraConfig = ''
73 driver=nl80211
74 # WLAN
75 beacon_int=100
76 dtim_period=2 # DTIM (delivery trafic information message)
77 preamble=1
78 # limit the frequencies used to those allowed in the country
79 ieee80211d=1
80 disassoc_low_ack=1
81 ignore_broadcast_ssid=0
82
83 # WPA2
84 #wpa_key_mgmt=WPA-PSK
85 #wpa_pairwise=CCMP
86 #rsn_pairwise=CCMP
87 #auth_algs=1 # 0=noauth, 1=wpa, 2=wep, 3=both
88 macaddr_acl=0
89 # QoS support, also required for full speed on 802.11n/ac/ax
90 wmm_enabled=1
91 eap_reauth_period=360000
92 wpa_group_rekey=600
93 wpa_ptk_rekey=600
94 wpa_gmk_rekey=86400
95
96 # N-WLAN
97 ieee80211n=1
98 # See per band "Capabilities:" section in iw list
99 ht_capab=[HT40+][SHORT-GI-40][MAX-AMSDU-3839][DSSS_CCK-40]
100 require_ht=1
101 obss_interval=0
102
103 # 802.11ac support
104 ieee80211ac=0
105 '';
106 };
107
108 }