feat(agb02): enable hostapd

This commit is contained in:
catvayor 2024-10-11 12:56:05 +02:00
parent fee3314add
commit 58fe7351c9
Signed by: lbailly
GPG key ID: CE3E645251AC63F3
2 changed files with 58 additions and 27 deletions

View file

@ -4,13 +4,11 @@
pkgs, pkgs,
... ...
}: { }: {
networking.useDHCP = false; boot.kernel.sysctl."net.ipv4.ip_forward" = true;
networking.wireless.userControlled.enable = true;
networking.wireless.enable = true;
systemd.network = { systemd.network = {
enable = true; enable = true;
wait-online.anyInterface = true;
networks = { networks = {
"10-uplink" = { "10-uplink" = {
@ -25,12 +23,10 @@
}; };
"10-wifi" = { "10-wifi" = {
name = "wlan0"; name = "wlan0";
DHCP = "yes"; networkConfig.DHCPServer = "yes";
networkConfig = { address = [
}; "192.168.55.1/24"
dhcpV4Config = { ];
RouteMetric = 2000;
};
}; };
}; };
netdevs = { netdevs = {
@ -39,30 +35,64 @@
Name = "wg0"; Name = "wg0";
Kind = "wireguard"; Kind = "wireguard";
}; };
wireguardConfig = { wireguardConfig.PrivateKeyFile = config.age.secrets."wg".path;
PrivateKeyFile = config.age.secrets."wg".path;
};
wireguardPeers = [ wireguardPeers = [
{ {
wireguardPeerConfig = {
AllowedIPs = [ AllowedIPs = [
"10.10.10.1/24" "10.10.10.0/24"
]; ];
PublicKey = "CzUK0RPHsoG9N1NisOG0u7xwyGhTZnjhl7Cus3X76Es="; PublicKey = lib.trim (builtins.readFile ../../wg-keys/hackens-org.pub);
Endpoint="129.199.129.76:1194"; Endpoint = "129.199.129.76:1194";
PersistentKeepalive = 5; PersistentKeepalive = 5;
};
} }
]; ];
}; };
}; };
}; };
networking.nameservers = [ networking = {
useDHCP = false;
nameservers = [
"2620:fe::fe" "2620:fe::fe"
"2620:fe::9" "2620:fe::9"
"9.9.9.9" "9.9.9.9"
"149.112.112.112" "149.112.112.112"
]; ];
nftables = {
enable = true;
tables.nat = {
family = "ip";
content = ''
chain postrouting {
type nat hook postrouting priority 100;
ip saddr 192.168.55.0/24 masquerade
}
'';
};
};
firewall.allowedUDPPorts = [ 67 ];
};
services.hostapd = {
enable = true;
radios.wlan0 = {
# countryCode = "FR";
wifi4.enable = false;
wifi5.enable = false;
channel = 7; # ACS doesn't work
networks.wlan0 = {
settings = {
ieee80211w = 0;
wmm_enabled = false;
};
ssid = "agb - wifi";
logLevel = 0;
authentication = {
mode = "wpa2-sha1";
wpaPasswordFile = pkgs.writeText "psk" "azertyuiop"; # TODO : secret
};
};
};
};
} }

1
wg-keys/agb01.pub Normal file
View file

@ -0,0 +1 @@
JpUHFiavhlQfiHfOdUffQP3HLLeStttheACCaqlXAF8=