feat(agb02): enable hostapd

This commit is contained in:
catvayor 2024-10-11 12:56:05 +02:00
parent fee3314add
commit 58fe7351c9
Signed by: lbailly
GPG key ID: CE3E645251AC63F3
2 changed files with 58 additions and 27 deletions

View file

@ -4,13 +4,11 @@
pkgs,
...
}: {
networking.useDHCP = false;
networking.wireless.userControlled.enable = true;
networking.wireless.enable = true;
boot.kernel.sysctl."net.ipv4.ip_forward" = true;
systemd.network = {
enable = true;
wait-online.anyInterface = true;
networks = {
"10-uplink" = {
@ -25,12 +23,10 @@
};
"10-wifi" = {
name = "wlan0";
DHCP = "yes";
networkConfig = {
};
dhcpV4Config = {
RouteMetric = 2000;
};
networkConfig.DHCPServer = "yes";
address = [
"192.168.55.1/24"
];
};
};
netdevs = {
@ -39,30 +35,64 @@
Name = "wg0";
Kind = "wireguard";
};
wireguardConfig = {
PrivateKeyFile = config.age.secrets."wg".path;
};
wireguardConfig.PrivateKeyFile = config.age.secrets."wg".path;
wireguardPeers = [
{
wireguardPeerConfig = {
AllowedIPs = [
"10.10.10.1/24"
"10.10.10.0/24"
];
PublicKey = "CzUK0RPHsoG9N1NisOG0u7xwyGhTZnjhl7Cus3X76Es=";
Endpoint="129.199.129.76:1194";
PublicKey = lib.trim (builtins.readFile ../../wg-keys/hackens-org.pub);
Endpoint = "129.199.129.76:1194";
PersistentKeepalive = 5;
};
}
];
};
};
};
networking.nameservers = [
networking = {
useDHCP = false;
nameservers = [
"2620:fe::fe"
"2620:fe::9"
"9.9.9.9"
"149.112.112.112"
];
nftables = {
enable = true;
tables.nat = {
family = "ip";
content = ''
chain postrouting {
type nat hook postrouting priority 100;
ip saddr 192.168.55.0/24 masquerade
}
'';
};
};
firewall.allowedUDPPorts = [ 67 ];
};
services.hostapd = {
enable = true;
radios.wlan0 = {
# countryCode = "FR";
wifi4.enable = false;
wifi5.enable = false;
channel = 7; # ACS doesn't work
networks.wlan0 = {
settings = {
ieee80211w = 0;
wmm_enabled = false;
};
ssid = "agb - wifi";
logLevel = 0;
authentication = {
mode = "wpa2-sha1";
wpaPasswordFile = pkgs.writeText "psk" "azertyuiop"; # TODO : secret
};
};
};
};
}

1
wg-keys/agb01.pub Normal file
View file

@ -0,0 +1 @@
JpUHFiavhlQfiHfOdUffQP3HLLeStttheACCaqlXAF8=