{ pkgs, lib, hostName, ... }: with (import ./names-and-numbers.nix); { environment.systemPackages = [ pkgs.iw ]; networking.interfaces = { ${wifiIface} = { useDHCP = false; ipv4.addresses = [{ address = "${wifiIPv4}.1"; prefixLength = 24; }]; ipv4.routes = [ { address = "${wifiIPv4}.0"; prefixLength = 24; options = { congctl = "westwood"; }; } ]; }; }; networking.nftables.ruleset = lib.mkAfter '' table inet filter { chain input { iifname ${wifiIface} jump input-lan iifname ${wifiIface} log level warn prefix "input-lan: " counter drop } chain output { oifname ${wifiIface} jump output-lan oifname ${wifiIface} log level warn prefix "output-lan: " counter drop } chain forward-to-wifi { accept } chain forward-from-wifi { accept } chain forward { iifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } oifname ${wifiIface} goto forward-to-wifi iifname ${wifiIface} oifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } goto forward-from-wifi } } ''; networking.networkmanager.unmanaged = [ wifiIface ]; services.dnscrypt-proxy2.settings.listen_addresses = [ "${wifiIPv4}.1:53" ]; systemd.services.dhcpd4.onFailure = [ "network-addresses-${wifiIface}.service" ]; services.dhcpd4 = { enable = true; interfaces = [ wifiIface ]; extraConfig = '' subnet ${wifiIPv4}.0 netmask 255.255.255.0 { range ${wifiIPv4}.100 ${wifiIPv4}.200; option broadcast-address ${wifiIPv4}.255; option domain-name-servers ${wifiIPv4}.1; option routers ${wifiIPv4}.1; option subnet-mask 255.255.255.0; } ''; }; # iw dev wlp5s0 station dump # DOC: https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf services.hostapd = { enable = true; logLevel = 2; interface = wifiIface; # 0 means the AP will search for the channel with the least interferences (ACS) channel = 1; hwMode = "g"; ssid = hostName; wpa = false; #wpaPassphrase = "bidonpoissonmaisonronron"; countryCode = "FR"; extraConfig = '' # WLAN beacon_int=100 dtim_period=2 # DTIM (delivery trafic information message) preamble=1 # limit the frequencies used to those allowed in the country ieee80211d=1 # WPA2 #wpa_key_mgmt=WPA-PSK #wpa_pairwise=CCMP #rsn_pairwise=CCMP #auth_algs=1 # 0=noauth, 1=wpa, 2=wep, 3=both macaddr_acl=0 # QoS support, also required for full speed on 802.11n/ac/ax wmm_enabled=1 eap_reauth_period=360000 wpa_group_rekey=600 wpa_ptk_rekey=600 wpa_gmk_rekey=86400 # N-WLAN ieee80211n=1 # See Capabilities in iw list #ht_capab=[HT40+][SHORT-GI-40][DSSS_CCK-40][MAX-AMSDU-3839] require_ht=1 obss_interval=0 # 802.11ac support ieee80211ac=0 ''; }; }