{ lib, pkgs, ... }: let wifi = "wlp0s29u1u2"; ipAddress = "10.123.145.1"; prefixLength = 24; servedAddressRange = "10.123.145.2,10.123.145.150,12h"; ssid = "bumbumbum"; wifiPassword = lib.fileContents ; in { # todo only open needed ports networking.firewall.trustedInterfaces = [ wifi ]; networking.networkmanager.unmanaged = [ wifi ]; networking.dhcpcd.denyInterfaces = [ wifi ]; networking.interfaces."${wifi}".ipv4.addresses = [{ address = ipAddress; prefixLength = prefixLength; }]; # forward traffic coming in trough the access point => provide internet and vpn network access # todo : forward to own servers boot.kernel.sysctl = { "net.ipv4.conf.${wifi}.forwarding" = true; "net.ipv6.conf.${wifi}.forwarding" = true; }; systemd.services.hostapd = { description = "hostapd wireless AP"; path = [ pkgs.hostapd ]; # start manual # wantedBy = [ "network.target" ]; after = [ "${wifi}-cfg.service" "nat.service" "bind.service" "dhcpd.service" "sys-subsystem-net-devices-${wifi}.device" ]; serviceConfig = { ExecStart = "${pkgs.hostapd}/bin/hostapd ${ pkgs.writeText "hostapd.conf" '' interface=${wifi} hw_mode=g channel=10 ieee80211d=1 country_code=DE ieee80211n=1 wmm_enabled=1 ssid=${ssid} auth_algs=1 wpa=2 wpa_key_mgmt=WPA-PSK rsn_pairwise=CCMP wpa_passphrase=${wifiPassword} '' }"; Restart = "always"; }; }; services.dnsmasq = { enable = true; extraConfig = '' # Only listen to routers' LAN NIC. Doing so opens up tcp/udp port 53 to # localhost and udp port 67 to world: interface=${wifi} # Explicitly specify the address to listen on listen-address=${ipAddress} # Dynamic range of IPs to make available to LAN PC and the lease time. # Ideally set the lease time to 5m only at first to test everything works okay before you set long-lasting records. dhcp-range=${servedAddressRange} ''; }; }