98 lines
2 KiB
Nix
98 lines
2 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}: {
|
|
boot.kernel.sysctl."net.ipv4.ip_forward" = true;
|
|
|
|
systemd.network = {
|
|
enable = true;
|
|
wait-online.anyInterface = true;
|
|
|
|
networks = {
|
|
"10-uplink" = {
|
|
name = "enu1u1";
|
|
DHCP = "yes";
|
|
};
|
|
"50-wg0" = {
|
|
name = "wg0";
|
|
address = [
|
|
"10.10.10.5/24"
|
|
];
|
|
};
|
|
"10-wifi" = {
|
|
name = "wlan0";
|
|
networkConfig.DHCPServer = "yes";
|
|
address = [
|
|
"192.168.55.1/24"
|
|
];
|
|
};
|
|
};
|
|
netdevs = {
|
|
"50-wg0" = {
|
|
netdevConfig = {
|
|
Name = "wg0";
|
|
Kind = "wireguard";
|
|
};
|
|
wireguardConfig.PrivateKeyFile = config.age.secrets."wg".path;
|
|
|
|
wireguardPeers = [
|
|
{
|
|
AllowedIPs = [
|
|
"10.10.10.0/24"
|
|
];
|
|
PublicKey = lib.trim (builtins.readFile ../../wg-keys/hackens-org.pub);
|
|
Endpoint = "129.199.129.76:1194";
|
|
PersistentKeepalive = 5;
|
|
}
|
|
];
|
|
};
|
|
};
|
|
};
|
|
networking = {
|
|
useDHCP = false;
|
|
nameservers = [
|
|
"2620:fe::fe"
|
|
"2620:fe::9"
|
|
"9.9.9.9"
|
|
"149.112.112.112"
|
|
];
|
|
nftables = {
|
|
enable = true;
|
|
tables.nat = {
|
|
family = "ip";
|
|
content = ''
|
|
chain postrouting {
|
|
type nat hook postrouting priority 100;
|
|
ip saddr 192.168.55.0/24 masquerade
|
|
}
|
|
'';
|
|
};
|
|
};
|
|
|
|
firewall.allowedUDPPorts = [ 67 ];
|
|
};
|
|
|
|
services.hostapd = {
|
|
enable = true;
|
|
radios.wlan0 = {
|
|
# countryCode = "FR";
|
|
wifi4.enable = false;
|
|
wifi5.enable = false;
|
|
channel = 7; # ACS doesn't work
|
|
networks.wlan0 = {
|
|
settings = {
|
|
ieee80211w = 0;
|
|
wmm_enabled = false;
|
|
};
|
|
ssid = "agb - wifi";
|
|
logLevel = 0;
|
|
authentication = {
|
|
mode = "wpa2-sha1";
|
|
wpaPasswordFile = pkgs.writeText "psk" "azertyuiop"; # TODO : secret
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|