{ pkgs, ... }:
let
wifiIface = "wlp4s0";
+ wifiIPv4 = "192.168.2";
gwIface = "enp5s0";
#gwIface = config.networking.defaultGateway.interface;
in
{
+ systemd.network.networks = {
+ "10-${wifiIface}" = {
+ name = wifiIface;
+ networkConfig = {
+ Address = "${wifiIPv4}.1/24";
+ DHCPServer = true;
+ IPv6PrivacyExtensions = true;
+ IPForward = true;
+ };
+ dhcpServerConfig = {
+ DNS = "${wifiIPv4}.1";
+ EmitDNS = true;
+ PoolOffset = 100;
+ PoolSize = 20;
+ };
+ linkConfig = {
+ RequiredForOnline = "no";
+ };
+ };
+ };
environment.systemPackages = [
pkgs.iw
];
- networking.interfaces.${wifiIface} = {
- ipv4.addresses = [{ address = "192.168.2.1"; prefixLength = 24; }];
- };
- # Not merged, even though all are 1
- #boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
- boot.kernel.sysctl."net.ipv6.conf.${wifiIface}.addr_gen_mode" = 1;
networking.nftables.ruleset = ''
table inet filter {
chain input-lan {
services.unbound.settings = {
server = {
- interface = [ "192.168.2.1" ];
- access-control = [ "192.168.2.0/24 allow" ];
+ interface = [ "${wifiIPv4}.1" ];
+ access-control = [ "${wifiIPv4}.0/24 allow" ];
local-zone = [
- "tracking.intl.miui.com always_refuse"
"sourcephile.fr typetransparent"
+ "tracking.intl.miui.com always_refuse"
];
local-data = [
- "\"bureau1.sourcephile.fr A 192.168.2.1\""
+ "\"bureau1.sourcephile.fr A ${wifiIPv4}.1\""
];
};
};
- networking.wlanInterfaces.${wifiIface} = {
- device = "phy0";
- };
-
networking.networkmanager.unmanaged = [
wifiIface
];
# DOC: https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf
services.hostapd = {
enable = true;
- interface = wifiIface;
- hwMode = "g";
- ssid = "bureau1";
- wpa = true;
radios = {
${wifiIface} = {
- # countryCode = "US";
+ band = "2g";
+ countryCode = "FR";
networks.${wifiIface} = {
ssid = "bureau1";
authentication = {
mode = "wpa2-sha256";
# FIXME: use wpaPasswordFile or saePasswordsFile
wpaPassword = "bidonpoissonmaisonronron";
- logLevel = 2;
- band = "g";
};
+ logLevel = 2;
+ };
+ settings = {
+ disassoc_low_ack = true;
+ };
+ wifi4 = {
+ enable = true;
+ capabilities = [
+ "DSSS_CCK-40"
+ "HT40+"
+ "MAX-AMSDU-7935"
+ "SHORT-GI-40"
+ ];
+ require = false;
};
};
};
- countryCode = "FR";
- extraConfig = ''
+ /*
+ extraConfig = ''
# WLAN
beacon_int=100
dtim_period=2 # DTIM (delivery trafic information message)
# 802.11ac support
ieee80211ac=0
- '';
+ '';
+ */
};
- /*
- systemd.services.dhcpd4 = {
- after = [ "network-addresses-${wifiIface}.service" ];
- requires = [
- "network-addresses-${wifiIface}.service"
- "sys-subsystem-net-devices-${wifiIface}.device"
- ];
- unitConfig.StartLimitIntervalSec = 0;
- serviceConfig.RestartSec = 5;
- };
- services.dhcpd4 = {
- enable = true;
- interfaces = [ wifiIface ];
- extraConfig = ''
- option subnet-mask 255.255.255.0;
- option broadcast-address 192.168.2.255;
- option routers 192.168.2.1;
- option domain-name-servers 192.168.2.1;
- subnet 192.168.2.0 netmask 255.255.255.0 {
- range 192.168.2.100 192.168.2.200;
- }
- '';
- };
- */
- #networking.firewall.allowedUDPPorts = [ 53 67 ]; # DNS & DHCP
/*
# Sometimes slow connection speeds are attributed to absence of haveged.
services.haveged.enable = true;
*/
/*
-
systemd.services.wifi-relay = let inherit (pkgs) iptables gnugrep;
in {
description = "iptables rules for wifi-relay";
after = [ "dhcpd4.service" ];
wantedBy = [ "multi-user.target" ];
script = ''
- ${iptables}/bin/iptables -w -t nat -I POSTROUTING -s 192.168.2.0/24 ! -o wlan-ap0 -j MASQUERADE
- ${iptables}/bin/iptables -w -I FORWARD -i wlan-ap0 -s 192.168.2.0/24 -j ACCEPT
- ${iptables}/bin/iptables -w -I FORWARD -i wlan-station0 -d 192.168.2.0/24 -j ACCEPT
+ ${iptables}/bin/iptables -w -t nat -I POSTROUTING -s ${wifiIPv4}.0/24 ! -o wlan-ap0 -j MASQUERADE
+ ${iptables}/bin/iptables -w -I FORWARD -i wlan-ap0 -s ${wifiIPv4}.0/24 -j ACCEPT
+ ${iptables}/bin/iptables -w -I FORWARD -i wlan-station0 -d ${wifiIPv4}.0/24 -j ACCEPT
'';
};
*/
sourcephile / git / sourcephile-nix.git / blobdiff