# SPDX-FileCopyrightText: 2024 Ryan Lahfa <ryan.lahfa@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2

{ config, pkgs, ... }:
let
  svc = config.system.service;
  secrets-1 = {
    ssid = "DGNum 2G (N)";
  };
  secrets-2 = {
    ssid = "DGNum 5G (AX)";
  };
  baseParams = {
    country_code = "FR";
    hw_mode = "g";
    channel = 6;
    wmm_enabled = 1;
    ieee80211n = 1;
    ht_capab = "[LDPC][GF][HT40-][HT40+][SHORT-GI-40][MAX-AMSDU-7935][TX-STBC]";
    auth_algs = 1;
    wpa = 2;
    wpa_pairwise = "TKIP CCMP";
    rsn_pairwise = "CCMP";
  };

  radiusKeyMgmt = {
    wpa_key_mgmt = "WPA-EAP";
  };

  modernParams = {
    hw_mode = "a";
    he_su_beamformer = 1;
    he_su_beamformee = 1;
    he_mu_beamformer = 1;
    preamble = 1;
    # Allow radar detection.
    ieee80211d = 1;
    ieee80211h = 1;
    ieee80211ac = 1;
    ieee80211ax = 1;
    vht_capab = "[MAX-MPDU-7991][SU-BEAMFORMEE][SU-BEAMFORMER][RXLDPC][SHORT-GI-80][MAX-A-MPDU-LEN-EXP3][RX-ANTENNA-PATTERN][TX-ANTENNA-PATTERN][TX-STBC-2BY1][RX-STBC-1][MU-BEAMFORMER]";
    vht_oper_chwidth = 1;
    he_oper_chwidth = 1;
    channel = 36;
    vht_oper_centr_freq_seg0_idx = 42;
    he_oper_centr_freq_seg0_idx = 42;
    require_vht = 1;
  };

  clientRadius = {
    ieee8021x = 1;
    eapol_version = 2;
    use_pae_group_addr = 1;
    dynamic_vlan = 0;
    vlan_tagged_interface = "lan";
  };

  externalRadius = {
    # TODO: when we have proper IPAM, set the right value here.
    own_ip_addr = "127.0.0.1";
    nas_identifier = "ap01.dgnum.eu";

    # No DNS here, hostapd do not support this mode.
    auth_server_addr = "129.199.195.129";
    auth_server_port = 1812;
    auth_server_shared_secret = "read it online";
  };

  mkWifiSta =
    params: interface: secrets:
    svc.hostapd.build {
      inherit interface;
      package = pkgs.hostapd-radius;
      params = params // secrets;
      dependencies = [ config.services.jitter ];
    };
in
{
  services = {
    # wlan0 is the 2.4GHz interface.
    hostap-1 = mkWifiSta (
      baseParams // radiusKeyMgmt
    ) config.hardware.networkInterfaces.wlan0 secrets-1;
    hostap-1-ready = svc.hostapd-ready.build {
      interface = config.hardware.networkInterfaces.wlan0;
    };
    # wlan1 is the 5GHz interface, e.g. AX capable.
    hostap-2 = mkWifiSta (
      baseParams // clientRadius // externalRadius // radiusKeyMgmt // modernParams
    ) config.hardware.networkInterfaces.wlan1 secrets-2;
    # Oneshot that waits until the hostapd has set the interface in operational state. 
    hostap-2-ready = svc.hostapd-ready.build {
      interface = config.hardware.networkInterfaces.wlan1;
    };
  };
}