add home-wifi

This commit is contained in:
Ingolf Wagner 2023-05-28 21:54:01 +02:00
parent 9413ff053f
commit 3f7246622b
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
3 changed files with 86 additions and 8 deletions

View file

@ -669,11 +669,11 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1685043448,
"narHash": "sha256-U3BwyDc2OzBcZ8tD09qXibyivgOtOQFTFCVgFyJ+6MM=",
"lastModified": 1685215858,
"narHash": "sha256-IRMFoDXA6cYx3ifVw3B2JcC4JrjT5v7tRAx2vro2Ffs=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "9886352ec9ab3945896ee8a4185e961fe29df209",
"rev": "ba6e4ddeb3e8ad3f3e3bec63dafbc9fe558729bb",
"type": "github"
},
"original": {
@ -954,11 +954,11 @@
"secrets": {
"flake": false,
"locked": {
"lastModified": 1683831888,
"narHash": "sha256-VsUdQXrxMmYGtqOrsk7CbQUM9RJ/DcF+/UqSXAVHwqU=",
"lastModified": 1685300533,
"narHash": "sha256-4c8uc5a1K8YcgOD/URVKomTHbVmwLVGKyDiTM1vCVAc=",
"ref": "main",
"rev": "e389aecbbef02cb9f0ae448a635dbb25607abc37",
"revCount": 51,
"rev": "6b2dce79889e21dd469de56e8c1cb8ffdb45cf4e",
"revCount": 52,
"type": "git",
"url": "ssh://gitea@git.ingolf-wagner.de/palo/nixos-secrets.git"
},

View file

@ -13,7 +13,7 @@
./hass.nix
./hass-zigbee2mqtt.nix
./hass-mqtt.nix
#./hass-wifi.nix
./hass-wifi.nix
#./mail-fetcher.nix

View file

@ -0,0 +1,78 @@
{ lib, pkgs, config, ... }:
let
# you find this device using `ifconfig -a` or `ip link`
wifi = "wlp3s0";
ipAddress = "10.23.45.1";
prefixLength = 24;
servedAddressRange = "10.23.45.2,10.23.45.150,12h";
ssid = "home/wifi";
in
{
# todo only open needed ports
networking.firewall.trustedInterfaces = [ wifi ];
networking.networkmanager.unmanaged = [ wifi ];
networking.dhcpcd.denyInterfaces = [ wifi ];
networking.interfaces."${wifi}".ipv4.addresses = [{
address = ipAddress;
prefixLength = prefixLength;
}];
systemd.services.hostapd = {
description = "hostapd wireless AP";
path = [ pkgs.hostapd ];
wantedBy = [ "network.target" ];
after = [
"${wifi}-cfg.service"
"nat.service"
"bind.service"
"dhcpd.service"
"sys-subsystem-net-devices-${wifi}.device"
];
serviceConfig = {
ExecStart = "${pkgs.hostapd}/bin/hostapd ${
pkgs.writeText "hostapd.conf" ''
interface=${wifi}
hw_mode=g
channel=10
ieee80211d=1
country_code=DE
ieee80211n=1
wmm_enabled=1
ssid=${ssid}
auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
wpa_psk_file=${config.sops.secrets.hostapd_wpa_psk.path}
''
}";
Restart = "always";
};
};
sops.secrets.hostapd_wpa_psk = { };
services.dnsmasq = {
enable = true;
extraConfig = ''
# Only listen to routers' LAN NIC. Doing so opens up tcp/udp port 53 to
# localhost and udp port 67 to world:
interface=${wifi}
# Explicitly specify the address to listen on
listen-address=${ipAddress}
# Dynamic range of IPs to make available to LAN PC and the lease time.
# Ideally set the lease time to 5m only at first to test everything works okay before you set long-lasting records.
dhcp-range=${servedAddressRange}
'';
};
}