nix: update inputs

[sourcephile-nix.git] / hosts / losurdo / networking / wireless.nix

diff --git a/hosts/losurdo/networking/wireless.nix b/hosts/losurdo/networking/wireless.nix
index 37aed04ce5299ff15fe1a55ef05f081cd971723e..58e6f1b7460ca8651190db42c918976d8eb48b41 100644 (file)
--- a/hosts/losurdo/networking/wireless.nix
+++ b/hosts/losurdo/networking/wireless.nix
@@ -2,10 +2,16 @@
 let iface = "wlp4s0";
 in
 {
+environment.systemPackages = [
+  pkgs.iw
+];
 networking.interfaces.${iface} = {
-  ipv4.addresses = [
-    { address = "192.168.2.1"; prefixLength = 24; }
-  ];
+  ipv4.addresses = [ { address = "192.168.2.1"; prefixLength = 24; } ];
+};
+# Fix to set the address before starting dhcpd4.service
+systemd.services."network-addresses-${iface}" = {
+  before = ["network.target"];
+  wantedBy = ["network.target"];
 };
 boot.kernel.sysctl."net.ipv6.conf.${iface}.addr_gen_mode" = 1;
 networking.nftables.ruleset = ''
@@ -29,21 +35,24 @@ networking.nftables.ruleset = ''
 '';
 #boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
 
-services.unbound.extraConfig = ''
-  server:
-    interface: 192.168.2.1
-    access-control: 192.168.2.0/24 allow
-    local-zone: "tracking.intl.miui.com" always_refuse
-    local-zone: sourcephile.fr typetransparent
-    local-data: "bureau1.sourcephile.fr A 192.168.2.1"
-'';
-
-networking.wlanInterfaces = {
-  ${iface} = {
-    device = "phy0";
+services.unbound.settings = {
+  server = {
+    interface = [ "192.168.2.1" ];
+    access-control = ["192.168.2.0/24 allow"];
+    local-zone = [
+      "tracking.intl.miui.com always_refuse"
+      "sourcephile.fr typetransparent"
+    ];
+    local-data = [
+      "\"bureau1.sourcephile.fr A 192.168.2.1\""
+    ];
   };
 };
 
+networking.wlanInterfaces.${iface} = {
+  device = "phy0";
+};
+
 /*
 networking.networkmanager.unmanaged = [
   "interface-name:phy0"
@@ -51,6 +60,8 @@ networking.networkmanager.unmanaged = [
 ];
 */
 
+# iw dev wlp4s0 station dump
+# DOC: https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf
 services.hostapd = {
   enable = true;
   logLevel = 2;
@@ -61,6 +72,37 @@ services.hostapd = {
   wpaPassphrase = "bidonpoissonmaisonronron";
   countryCode = "FR";
   extraConfig = ''
+    # WLAN
+    beacon_int=100
+    dtim_period=2 # DTIM (delivery trafic information message)
+    preamble=1
+    # limit the frequencies used to those allowed in the country
+    ieee80211d=1
+    # 0 means the AP will search for the channel with the least interferences (ACS)
+    channel=1
+
+    # WPA2
+    wpa_key_mgmt=WPA-PSK
+    wpa_pairwise=CCMP
+    rsn_pairwise=CCMP
+    auth_algs=1 # 0=noauth, 1=wpa, 2=wep, 3=both
+    macaddr_acl=0
+    # QoS support, also required for full speed on 802.11n/ac/ax
+    wmm_enabled=1
+    eap_reauth_period=360000
+    wpa_group_rekey=600
+    wpa_ptk_rekey=600
+    wpa_gmk_rekey=86400
+
+    # N-WLAN
+    ieee80211n=1
+    # See Capabilities in iw list
+    ht_capab=[HT40+][SHORT-GI-40][DSSS_CCK-40][MAX-AMSDU-7935]
+    require_ht=1
+    obss_interval=0
+
+    # 802.11ac support
+    ieee80211ac=0
   '';
 };
 services.dhcpd4 = {
@@ -91,8 +133,8 @@ in {
   after = [ "dhcpd4.service" ];
   wantedBy = [ "multi-user.target" ];
   script = ''
-    ${iptables}/bin/iptables -w -t nat -I POSTROUTING -s 192.168.2.0/24 ! -o wlp4s0 -j MASQUERADE
-    ${iptables}/bin/iptables -w -I FORWARD -i wlp4s0 -s 192.168.2.0/24 -j ACCEPT
+    ${iptables}/bin/iptables -w -t nat -I POSTROUTING -s 192.168.2.0/24 ! -o wlan-ap0 -j MASQUERADE
+    ${iptables}/bin/iptables -w -I FORWARD -i wlan-ap0 -s 192.168.2.0/24 -j ACCEPT
     ${iptables}/bin/iptables -w -I FORWARD -i wlan-station0 -d 192.168.2.0/24 -j ACCEPT
   '';
 };