inxi: add to essentials
[julm/julm-nix.git] / hosts / aubergine / networking / wifi.nix
index 1eaf33a02eddf4377bde661b4cb3f6e493e3e3d0..f7f697a7e7efbcafe5beeb9e2f16a79dabd08487 100644 (file)
@@ -1,22 +1,39 @@
 { pkgs, lib, hostName, ... }:
 with (import ./names-and-numbers.nix);
+with (import ./names-and-numbers.nix.clear);
 {
-  environment.systemPackages = [
-    pkgs.iw
+  imports = [
+    ../../../nixos/profiles/networking/wifi.nix
   ];
-  networking.interfaces = {
-    ${wifiIface} = {
-      useDHCP = false;
-      ipv4.addresses = [{ address = "${wifiIPv4}.1"; prefixLength = 24; }];
-      ipv4.routes = [
-        {
-          address = "${wifiIPv4}.0";
-          prefixLength = 24;
-          options = { congctl = "westwood"; };
-        }
-      ];
+  systemd.network.networks = {
+    "20-${wifiIface}" = {
+      name = wifiIface;
+      networkConfig = {
+        Address = "${wifiIPv4}.1/24";
+        DHCPServer = true;
+      };
+      dhcpServerConfig = {
+        DNS = "${wifiIPv4}.1";
+        EmitDNS = true;
+        PoolOffset = 100;
+        PoolSize = 20;
+      };
+      linkConfig = {
+        RequiredForOnline = "no";
+      };
+      #routes = [
+      #  {
+      #    routeConfig = {
+      #      Destination = "${wifiIPv4}.0/24";
+      #      # FIXME: Not supported by nixos-23.11
+      #      #TCPCongestionControlAlgorithm = "westwood";
+      #    };
+      #  }
+      #];
     };
   };
+  networking.networkmanager.unmanaged = [ wifiIface ];
+
   networking.nftables.ruleset = lib.mkAfter ''
     table inet filter {
       chain input {
@@ -40,48 +57,64 @@ with (import ./names-and-numbers.nix);
     }
   '';
 
-  networking.networkmanager.unmanaged = [ wifiIface ];
-  systemd.services.dhcpd4.onFailure = [ "network-addresses-${wifiIface}.service" ];
-  services.dhcpd4 = {
-    enable = true;
-    interfaces = [ wifiIface ];
-    extraConfig = ''
-      subnet ${wifiIPv4}.0 netmask 255.255.255.0 {
-        range ${wifiIPv4}.100 ${wifiIPv4}.200;
-        option broadcast-address ${wifiIPv4}.255;
-        option domain-name-servers ${wifiIPv4}.1;
-        option routers ${wifiIPv4}.1;
-        option subnet-mask 255.255.255.0;
-      }
-    '';
-  };
   # iw dev wlp5s0 station dump
   # DOC: https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf
+  systemd.services.hostapd = {
+    unitConfig.StartLimitIntervalSec = 5;
+    serviceConfig.Restart = "always";
+  };
   services.hostapd = {
     enable = true;
-    logLevel = 2;
-    interface = wifiIface;
-    # 0 means the AP will search for the channel with the least interferences (ACS)
-    channel = 1;
-    hwMode = "g";
-    ssid = hostName;
-    wpa = false;
-    #wpaPassphrase = "bidonpoissonmaisonronron";
-    countryCode = "FR";
-    extraConfig = ''
+    radios = {
+      ${wifiIface} = {
+        band = "2g";
+        countryCode = "FR";
+        networks.${wifiIface} = {
+          ssid = hostName;
+          #ignoreBroadcastSsid = "clear";
+          authentication = {
+            # FIXME: use wpa3-sae
+            mode = "wpa2-sha256";
+            #mode = "none";
+            # FIXME: use wpaPasswordFile or saePasswordsFile
+            wpaPassword = wpaPassphrase;
+          };
+          logLevel = 2;
+        };
+        settings = {
+          disassoc_low_ack = true;
+        };
+        wifi4 = {
+          enable = true;
+          # See per band "Capabilities:" section in `iw list`
+          capabilities = [
+            "DSSS_CCK-40"
+            "HT40+"
+            "MAX-AMSDU-3839"
+            "SHORT-GI-40"
+          ];
+          require = false;
+        };
+      };
+    };
+    /*
+      extraConfig = ''
       # WLAN
       beacon_int=100
       dtim_period=2 # DTIM (delivery trafic information message)
       preamble=1
       # limit the frequencies used to those allowed in the country
       ieee80211d=1
+      ignore_broadcast_ssid=1
+      macaddr_acl=0
+      # 0 means the AP will search for the channel with the least interferences (ACS)
+      channel=1
 
       # WPA2
-      #wpa_key_mgmt=WPA-PSK
-      #wpa_pairwise=CCMP
-      #rsn_pairwise=CCMP
-      #auth_algs=1 # 0=noauth, 1=wpa, 2=wep, 3=both
-      macaddr_acl=0
+      #auth_algs=0 # 0=noauth, 1=wpa, 2=wep, 3=both
+      wpa_key_mgmt=WPA-PSK
+      wpa_pairwise=CCMP
+      rsn_pairwise=CCMP
       # QoS support, also required for full speed on 802.11n/ac/ax
       wmm_enabled=1
       eap_reauth_period=360000
@@ -91,14 +124,15 @@ with (import ./names-and-numbers.nix);
 
       # N-WLAN
       ieee80211n=1
-      # See Capabilities in iw list
-      #ht_capab=[HT40+][SHORT-GI-40][DSSS_CCK-40][MAX-AMSDU-3839]
+      # See per band "Capabilities:" section in iw list
+      ht_capab=[HT40+][SHORT-GI-40][MAX-AMSDU-3839][DSSS_CCK-40]
       require_ht=1
       obss_interval=0
 
       # 802.11ac support
       ieee80211ac=0
-    '';
+      '';
+    */
   };
 
 }