{ pkgs, lib, hostName, ... }:
with (import ./names-and-numbers.nix);
+with (import ./names-and-numbers.nix.clear);
{
- environment.systemPackages = [
- pkgs.iw
+ imports = [
+ ../../../nixos/profiles/networking/wifi.nix
];
- networking.interfaces = {
- ${wifiIface} = {
- useDHCP = false;
- ipv4.addresses = [{ address = "${wifiIPv4}.1"; prefixLength = 24; }];
- ipv4.routes = [
- {
- address = "${wifiIPv4}.0";
- prefixLength = 24;
- options = { congctl = "westwood"; };
- }
- ];
+ systemd.network.networks = {
+ "20-${wifiIface}" = {
+ name = wifiIface;
+ networkConfig = {
+ Address = "${wifiIPv4}.1/24";
+ DHCPServer = true;
+ };
+ dhcpServerConfig = {
+ DNS = "${wifiIPv4}.1";
+ EmitDNS = true;
+ PoolOffset = 100;
+ PoolSize = 20;
+ };
+ linkConfig = {
+ RequiredForOnline = "no";
+ };
+ #routes = [
+ # {
+ # routeConfig = {
+ # Destination = "${wifiIPv4}.0/24";
+ # # FIXME: Not supported by nixos-23.11
+ # #TCPCongestionControlAlgorithm = "westwood";
+ # };
+ # }
+ #];
};
};
+ networking.networkmanager.unmanaged = [ wifiIface ];
+
networking.nftables.ruleset = lib.mkAfter ''
table inet filter {
chain input {
}
'';
- networking.networkmanager.unmanaged = [ wifiIface ];
- systemd.services.dhcpd4.onFailure = [ "network-addresses-${wifiIface}.service" ];
- services.dhcpd4 = {
- enable = true;
- interfaces = [ wifiIface ];
- extraConfig = ''
- subnet ${wifiIPv4}.0 netmask 255.255.255.0 {
- range ${wifiIPv4}.100 ${wifiIPv4}.200;
- option broadcast-address ${wifiIPv4}.255;
- option domain-name-servers ${wifiIPv4}.1;
- option routers ${wifiIPv4}.1;
- option subnet-mask 255.255.255.0;
- }
- '';
- };
# iw dev wlp5s0 station dump
# DOC: https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf
+ systemd.services.hostapd = {
+ unitConfig.StartLimitIntervalSec = 5;
+ serviceConfig.Restart = "always";
+ };
services.hostapd = {
enable = true;
- logLevel = 2;
- interface = wifiIface;
- # 0 means the AP will search for the channel with the least interferences (ACS)
- channel = 1;
- hwMode = "g";
- ssid = hostName;
- wpa = false;
- #wpaPassphrase = "bidonpoissonmaisonronron";
- countryCode = "FR";
- extraConfig = ''
+ radios = {
+ ${wifiIface} = {
+ band = "2g";
+ countryCode = "FR";
+ networks.${wifiIface} = {
+ ssid = hostName;
+ #ignoreBroadcastSsid = "clear";
+ authentication = {
+ # FIXME: use wpa3-sae
+ mode = "wpa2-sha256";
+ #mode = "none";
+ # FIXME: use wpaPasswordFile or saePasswordsFile
+ wpaPassword = wpaPassphrase;
+ };
+ logLevel = 2;
+ };
+ settings = {
+ disassoc_low_ack = true;
+ };
+ wifi4 = {
+ enable = true;
+ # See per band "Capabilities:" section in `iw list`
+ capabilities = [
+ "DSSS_CCK-40"
+ "HT40+"
+ "MAX-AMSDU-3839"
+ "SHORT-GI-40"
+ ];
+ require = false;
+ };
+ };
+ };
+ /*
+ extraConfig = ''
# WLAN
beacon_int=100
dtim_period=2 # DTIM (delivery trafic information message)
preamble=1
# limit the frequencies used to those allowed in the country
ieee80211d=1
+ ignore_broadcast_ssid=1
+ macaddr_acl=0
+ # 0 means the AP will search for the channel with the least interferences (ACS)
+ channel=1
# WPA2
- #wpa_key_mgmt=WPA-PSK
- #wpa_pairwise=CCMP
- #rsn_pairwise=CCMP
- #auth_algs=1 # 0=noauth, 1=wpa, 2=wep, 3=both
- macaddr_acl=0
+ #auth_algs=0 # 0=noauth, 1=wpa, 2=wep, 3=both
+ wpa_key_mgmt=WPA-PSK
+ wpa_pairwise=CCMP
+ rsn_pairwise=CCMP
# QoS support, also required for full speed on 802.11n/ac/ax
wmm_enabled=1
eap_reauth_period=360000
# N-WLAN
ieee80211n=1
- # See Capabilities in iw list
- #ht_capab=[HT40+][SHORT-GI-40][DSSS_CCK-40][MAX-AMSDU-3839]
+ # See per band "Capabilities:" section in iw list
+ ht_capab=[HT40+][SHORT-GI-40][MAX-AMSDU-3839][DSSS_CCK-40]
require_ht=1
obss_interval=0
# 802.11ac support
ieee80211ac=0
- '';
+ '';
+ */
};
}