feat(agb02): enable hostapd
This commit is contained in:
parent
fee3314add
commit
58fe7351c9
2 changed files with 58 additions and 27 deletions
|
@ -4,13 +4,11 @@
|
|||
pkgs,
|
||||
...
|
||||
}: {
|
||||
networking.useDHCP = false;
|
||||
|
||||
networking.wireless.userControlled.enable = true;
|
||||
networking.wireless.enable = true;
|
||||
boot.kernel.sysctl."net.ipv4.ip_forward" = true;
|
||||
|
||||
systemd.network = {
|
||||
enable = true;
|
||||
wait-online.anyInterface = true;
|
||||
|
||||
networks = {
|
||||
"10-uplink" = {
|
||||
|
@ -25,12 +23,10 @@
|
|||
};
|
||||
"10-wifi" = {
|
||||
name = "wlan0";
|
||||
DHCP = "yes";
|
||||
networkConfig = {
|
||||
};
|
||||
dhcpV4Config = {
|
||||
RouteMetric = 2000;
|
||||
};
|
||||
networkConfig.DHCPServer = "yes";
|
||||
address = [
|
||||
"192.168.55.1/24"
|
||||
];
|
||||
};
|
||||
};
|
||||
netdevs = {
|
||||
|
@ -39,30 +35,64 @@
|
|||
Name = "wg0";
|
||||
Kind = "wireguard";
|
||||
};
|
||||
wireguardConfig = {
|
||||
PrivateKeyFile = config.age.secrets."wg".path;
|
||||
};
|
||||
wireguardConfig.PrivateKeyFile = config.age.secrets."wg".path;
|
||||
|
||||
wireguardPeers = [
|
||||
{
|
||||
wireguardPeerConfig = {
|
||||
AllowedIPs = [
|
||||
"10.10.10.1/24"
|
||||
"10.10.10.0/24"
|
||||
];
|
||||
PublicKey = "CzUK0RPHsoG9N1NisOG0u7xwyGhTZnjhl7Cus3X76Es=";
|
||||
Endpoint="129.199.129.76:1194";
|
||||
PublicKey = lib.trim (builtins.readFile ../../wg-keys/hackens-org.pub);
|
||||
Endpoint = "129.199.129.76:1194";
|
||||
PersistentKeepalive = 5;
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
networking.nameservers = [
|
||||
networking = {
|
||||
useDHCP = false;
|
||||
nameservers = [
|
||||
"2620:fe::fe"
|
||||
"2620:fe::9"
|
||||
"9.9.9.9"
|
||||
"149.112.112.112"
|
||||
];
|
||||
nftables = {
|
||||
enable = true;
|
||||
tables.nat = {
|
||||
family = "ip";
|
||||
content = ''
|
||||
chain postrouting {
|
||||
type nat hook postrouting priority 100;
|
||||
ip saddr 192.168.55.0/24 masquerade
|
||||
}
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
firewall.allowedUDPPorts = [ 67 ];
|
||||
};
|
||||
|
||||
services.hostapd = {
|
||||
enable = true;
|
||||
radios.wlan0 = {
|
||||
# countryCode = "FR";
|
||||
wifi4.enable = false;
|
||||
wifi5.enable = false;
|
||||
channel = 7; # ACS doesn't work
|
||||
networks.wlan0 = {
|
||||
settings = {
|
||||
ieee80211w = 0;
|
||||
wmm_enabled = false;
|
||||
};
|
||||
ssid = "agb - wifi";
|
||||
logLevel = 0;
|
||||
authentication = {
|
||||
mode = "wpa2-sha1";
|
||||
wpaPasswordFile = pkgs.writeText "psk" "azertyuiop"; # TODO : secret
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
1
wg-keys/agb01.pub
Normal file
1
wg-keys/agb01.pub
Normal file
|
@ -0,0 +1 @@
|
|||
JpUHFiavhlQfiHfOdUffQP3HLLeStttheACCaqlXAF8=
|
Loading…
Reference in a new issue