77 lines
2.1 KiB
Nix
77 lines
2.1 KiB
Nix
{lib, pkgs, ... }:
|
|
|
|
let
|
|
wifi = "wlp0s29u1u2";
|
|
ipAddress = "10.123.145.1";
|
|
prefixLength = 24;
|
|
servedAddressRange = "10.123.145.2,10.123.145.150,12h";
|
|
ssid="bumbumbum";
|
|
wifiPassword=lib.fileContents <secrets/wifi-access-point>;
|
|
in
|
|
|
|
{
|
|
# todo only open needed ports
|
|
networking.firewall.trustedInterfaces = [ wifi ];
|
|
|
|
networking.networkmanager.unmanaged = [ wifi ];
|
|
networking.dhcpcd.denyInterfaces = [ wifi ];
|
|
|
|
networking.interfaces."${wifi}".ipv4.addresses = [ {
|
|
address = ipAddress;
|
|
prefixLength = prefixLength;
|
|
}];
|
|
|
|
# forward traffic coming in trough the access point => provide internet and vpn network access
|
|
# todo : forward to own servers
|
|
boot.kernel.sysctl = {
|
|
"net.ipv4.conf.${wifi}.forwarding" = true;
|
|
"net.ipv6.conf.${wifi}.forwarding" = true;
|
|
};
|
|
|
|
systemd.services.hostapd = {
|
|
description = "hostapd wireless AP";
|
|
path = [ pkgs.hostapd ];
|
|
|
|
# start manual
|
|
# wantedBy = [ "network.target" ];
|
|
|
|
after = [ "${wifi}-cfg.service" "nat.service" "bind.service" "dhcpd.service" "sys-subsystem-net-devices-${wifi}.device" ];
|
|
|
|
serviceConfig = {
|
|
ExecStart = "${pkgs.hostapd}/bin/hostapd ${pkgs.writeText "hostapd.conf" ''
|
|
interface=${wifi}
|
|
hw_mode=g
|
|
channel=10
|
|
ieee80211d=1
|
|
country_code=DE
|
|
ieee80211n=1
|
|
wmm_enabled=1
|
|
|
|
ssid=${ssid}
|
|
auth_algs=1
|
|
wpa=2
|
|
wpa_key_mgmt=WPA-PSK
|
|
rsn_pairwise=CCMP
|
|
wpa_passphrase=${wifiPassword}
|
|
''}";
|
|
Restart = "always";
|
|
};
|
|
};
|
|
|
|
services.dnsmasq = {
|
|
enable = true;
|
|
extraConfig = ''
|
|
# Only listen to routers' LAN NIC. Doing so opens up tcp/udp port 53 to
|
|
# localhost and udp port 67 to world:
|
|
interface=${wifi}
|
|
|
|
# Explicitly specify the address to listen on
|
|
listen-address=${ipAddress}
|
|
|
|
# Dynamic range of IPs to make available to LAN PC and the lease time.
|
|
# Ideally set the lease time to 5m only at first to test everything works okay before you set long-lasting records.
|
|
dhcp-range=${servedAddressRange}
|
|
'';
|
|
};
|
|
|
|
}
|