5 #gwIface = config.networking.defaultGateway.interface;
8 environment.systemPackages = [
11 networking.interfaces.${wifiIface} = {
12 ipv4.addresses = [{ address = "192.168.2.1"; prefixLength = 24; }];
14 # Not merged, even though all are 1
15 #boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
16 boot.kernel.sysctl."net.ipv6.conf.${wifiIface}.addr_gen_mode" = 1;
17 networking.nftables.ruleset = ''
20 meta l4proto { udp, tcp } th dport domain counter accept comment "DNS"
21 tcp dport bootps counter accept comment "DHCP"
24 iifname ${wifiIface} goto input-lan
30 oifname ${wifiIface} goto output-lan
33 iifname ${wifiIface} oifname ${gwIface} counter accept
34 iifname ${gwIface} oifname ${wifiIface} counter accept
39 services.unbound.settings = {
41 interface = [ "192.168.2.1" ];
42 access-control = [ "192.168.2.0/24 allow" ];
44 "tracking.intl.miui.com always_refuse"
45 "sourcephile.fr typetransparent"
48 "\"bureau1.sourcephile.fr A 192.168.2.1\""
53 networking.wlanInterfaces.${wifiIface} = {
57 networking.networkmanager.unmanaged = [
61 # iw dev wlp4s0 station dump
62 # DOC: https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf
66 interface = wifiIface;
70 wpaPassphrase = "bidonpoissonmaisonronron";
75 dtim_period=2 # DTIM (delivery trafic information message)
77 # limit the frequencies used to those allowed in the country
79 # 0 means the AP will search for the channel with the least interferences (ACS)
86 auth_algs=1 # 0=noauth, 1=wpa, 2=wep, 3=both
88 # QoS support, also required for full speed on 802.11n/ac/ax
90 eap_reauth_period=360000
97 # See Capabilities in iw list
98 ht_capab=[HT40+][SHORT-GI-40][DSSS_CCK-40][MAX-AMSDU-7935]
106 systemd.services.dhcpd4 = {
107 after = [ "network-addresses-${wifiIface}.service" ];
109 "network-addresses-${wifiIface}.service"
110 "sys-subsystem-net-devices-${wifiIface}.device"
112 unitConfig.StartLimitIntervalSec = 0;
113 serviceConfig.RestartSec = 5;
117 interfaces = [ wifiIface ];
119 option subnet-mask 255.255.255.0;
120 option broadcast-address 192.168.2.255;
121 option routers 192.168.2.1;
122 option domain-name-servers 192.168.2.1;
123 subnet 192.168.2.0 netmask 255.255.255.0 {
124 range 192.168.2.100 192.168.2.200;
129 #networking.firewall.allowedUDPPorts = [ 53 67 ]; # DNS & DHCP
131 # Sometimes slow connection speeds are attributed to absence of haveged.
132 services.haveged.enable = true;
137 systemd.services.wifi-relay = let inherit (pkgs) iptables gnugrep;
139 description = "iptables rules for wifi-relay";
140 after = [ "dhcpd4.service" ];
141 wantedBy = [ "multi-user.target" ];
143 ${iptables}/bin/iptables -w -t nat -I POSTROUTING -s 192.168.2.0/24 ! -o wlan-ap0 -j MASQUERADE
144 ${iptables}/bin/iptables -w -I FORWARD -i wlan-ap0 -s 192.168.2.0/24 -j ACCEPT
145 ${iptables}/bin/iptables -w -I FORWARD -i wlan-station0 -d 192.168.2.0/24 -j ACCEPT