nixos-config/configs/pepe/wifi-access-point.nix

77 lines
1.9 KiB
Nix
Raw Normal View History

2019-12-20 05:54:26 +01:00
{ lib, pkgs, ... }:
2019-10-24 02:20:38 +02:00
let
2020-04-10 11:36:58 +02:00
wifi = "wlp0s29u1u1";
2020-04-08 16:43:09 +02:00
ipAddress = "10.23.45.1";
2019-10-24 02:20:38 +02:00
prefixLength = 24;
2020-04-08 16:43:09 +02:00
servedAddressRange = "10.23.45.2,10.23.45.150,12h";
ssid = "palosiot";
wifiPassword = lib.fileContents <secrets/iot_wifi>;
2019-10-24 02:20:38 +02:00
2019-12-20 05:54:26 +01:00
in {
2020-04-08 16:43:09 +02:00
2019-10-24 02:20:38 +02:00
# todo only open needed ports
networking.firewall.trustedInterfaces = [ wifi ];
networking.networkmanager.unmanaged = [ wifi ];
networking.dhcpcd.denyInterfaces = [ wifi ];
2019-12-20 05:54:26 +01:00
networking.interfaces."${wifi}".ipv4.addresses = [{
2019-10-24 02:20:38 +02:00
address = ipAddress;
prefixLength = prefixLength;
}];
systemd.services.hostapd = {
description = "hostapd wireless AP";
path = [ pkgs.hostapd ];
2020-04-08 16:43:09 +02:00
wantedBy = [ "network.target" ];
2019-10-24 02:20:38 +02:00
2019-12-20 05:54:26 +01:00
after = [
"${wifi}-cfg.service"
"nat.service"
"bind.service"
"dhcpd.service"
"sys-subsystem-net-devices-${wifi}.device"
];
2019-10-24 02:20:38 +02:00
serviceConfig = {
2019-12-20 05:54:26 +01:00
ExecStart = "${pkgs.hostapd}/bin/hostapd ${
pkgs.writeText "hostapd.conf" ''
interface=${wifi}
hw_mode=g
channel=10
ieee80211d=1
country_code=DE
ieee80211n=1
wmm_enabled=1
2019-10-24 02:20:38 +02:00
2019-12-20 05:54:26 +01:00
ssid=${ssid}
auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
wpa_passphrase=${wifiPassword}
''
}";
2019-10-24 02:20:38 +02:00
Restart = "always";
};
};
services.dnsmasq = {
enable = true;
extraConfig = ''
# Only listen to routers' LAN NIC. Doing so opens up tcp/udp port 53 to
# localhost and udp port 67 to world:
interface=${wifi}
# Explicitly specify the address to listen on
listen-address=${ipAddress}
# Dynamic range of IPs to make available to LAN PC and the lease time.
# Ideally set the lease time to 5m only at first to test everything works okay before you set long-lasting records.
dhcp-range=${servedAddressRange}
'';
};
}