diff options
| author | quentin@aristote.fr <quentin@aristote.fr> | 2023-03-25 16:08:07 +0100 |
|---|---|---|
| committer | quentin@aristote.fr <quentin@aristote.fr> | 2023-03-26 23:10:57 +0200 |
| commit | 102dd41888bfae9e86233d384613756407b4ce57 (patch) | |
| tree | 14b07cdae72b680cdbd0a55ae7a2721f180aeb09 /config/networking/default.nix | |
| parent | 27baf9433f65d1f645a4899faa08922edb6147fb (diff) | |
add basic ap stuff: hostapd, dhcpd
Diffstat (limited to 'config/networking/default.nix')
| -rw-r--r-- | config/networking/default.nix | 108 |
1 files changed, 100 insertions, 8 deletions
diff --git a/config/networking/default.nix b/config/networking/default.nix index 9dac00f..330ba3b 100644 --- a/config/networking/default.nix +++ b/config/networking/default.nix @@ -1,13 +1,105 @@ -{ pkgs, ... }: +# https://skogsbrus.xyz/blog/2022/06/12/router/ +# https://blog.fraggod.net/2017/04/27/wifi-hostapd-configuration-for-80211ac-networks.html +{ config, lib, pkgs, secrets, ... }: -{ - personal.networking = { - enable = true; - ssh.enable = true; +let + ifaces = config.personal.networking.interfaces; + publicSubnet = "192.168.1"; + privateSubnet = "192.168.2"; +in { + imports = [ ./hostapd.nix ]; + + options.personal.networking = { + interfaces = let + makeInterfaceOption = type: + lib.mkOption { + type = lib.types.str; + description = "Network device for the ${type} interface."; + example = "enp4s0"; + }; + in { + eth = makeInterfaceOption "ethernet"; + wlp2ghz = makeInterfaceOption "2 GHz WiFi"; + wlp5ghz = makeInterfaceOption "5 GHz WiFi"; + }; }; - networking = { - hostName = "kerberos"; - domain = "local"; + config = { + personal.networking = { + enable = true; + ssh.enable = true; + interfaces = { + eth = "enp4s0"; + wlp2ghz = "wlp5s0"; + wlp5ghz = "wlp1s0"; + }; + }; + + networking = { + hostName = "kerberos"; + domain = "local"; + + defaultGateway = { + address = "${publicSubnet}.1"; + interface = ifaces.eth; + }; + + dhcpcd.enable = false; + interfaces = { + "${ifaces.eth}" = { + ipv4.addresses = [{ + address = "${publicSubnet}.2"; + prefixLength = 24; + }]; + }; + "${ifaces.wlp5ghz}" = { + ipv4.addresses = [{ + address = "${privateSubnet}.1"; + prefixLength = 24; + }]; + }; + }; + + nat = { + enable = true; + externalInterface = ifaces.eth; + internalInterfaces = [ + # ifaces.wlp2ghz + ifaces.wlp5ghz + ]; + }; + + firewall.interfaces."${ifaces.wlp5ghz}" = { + allowedTCPPorts = [ 53 ]; + allowedUDPPorts = [ 53 ]; + }; + }; + + services.dhcpd4 = { + enable = true; + extraConfig = '' + option subnet-mask 255.255.255.0; + option routers ${privateSubnet}.1; + option domain-name-servers ${privateSubnet}.1, 9.9.9.9; + subnet ${privateSubnet}.0 netmask 255.255.255.0 { + range ${privateSubnet}.10 ${privateSubnet}.99; + } + ''; + interfaces = [ ifaces.wlp5ghz ]; + }; + + services.unbound = { + enable = true; + settings = { + server = { + interface = [ "127.0.0.1" "${privateSubnet}.1" ]; + access-control = [ + "0.0.0.0/0 refuse" + "127.0.0.0/8 allow" + "${privateSubnet}.0/24 allow" + ]; + }; + }; + }; }; } |