Remove WiFi AP configuration

Author: pinkisemils

ci/ios/test-router/README.md

@@ -1,15 +1,13 @@
 # Router setup
 ## Installing on a new router/computer
-- Obtain an x86 computer with 2 ethernet and 1 WiFi interface.
+- Obtain an x86 computer with 2 ethernet interfaces.
 - Install NixOS on the hardware following the [NixOS installation guide]
 - Copy the generated `/etc/nixos/hardware-config.nix` file to the flake repo, add it to git.
 - Add a new _nixosConfiguration_ entry in `flake.nix`, following `app-team-ios-lab` as an example, making sure to import
     the hardware config.
     * Be sure to include the `hardware-config.nix` file as it contains the mount config for the partitions.
     * Set the appropriate args for the `./router-config.nix` import, as to not clash with existing SSIDs.
 
-- Create `/wifi-password` and `/wifi-sae-passwords` files on the router, they should contain an ASCII password of 8-63
-    characters in length.
 - Apply the new configuration either via SSH or by copying the flake over to the nix machine
   * `nixos-reubild switch .#$newMachine --target-host root@$newMachine-ip` if one can SSH into the machine
   * `nixos-reubild switch .$pathToFlake#$newMachine` if flake is copied to nix machine, with `$pathToFlake` being the
@@ -29,7 +27,6 @@ To do this, add a `nixosConfiguration` with an extra import of the installer ISO
           ssid = "app-team-ios-tests";
           lanMac = "48:21:0b:36:bb:52";
           wanMac = "48:21:0b:36:43:a3";
-          wifiMac = "bc:6e:e2:a8:38:51";
           lanIp = "192.168.105.1/24";
         })
         "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix"
@@ -49,9 +46,4 @@ And build it like so:
   dialog, TCP connections to `8.8.8.8:80` are NAT'ed to the gateway address.
 
 
-
-
 [NixOS installation guide]: https://nixos.org/manual/nixos/stable/#sec-installation-graphical
-[`wifi-password`]: https://search.nixos.org/options?channel=23.11&show=services.hostapd.radios.%3Cname%3E.networks.%3Cname%3E.authentication.wpaPasswordFile&from=0&size=50&sort=relevance&type=packages&query=hostapd+password
-[`wifi-sae-password`]: https://search.nixos.org/options?channel=23.11&show=services.hostapd.radios.%3Cname%3E.networks.%3Cname%3E.authentication.saePasswordsFile&from=0&size=50&sort=relevance&type=packages&query=hostapd+password
-

ci/ios/test-router/router-config.nix

@@ -1,8 +1,6 @@
 args@{ hostname
 , # hostname of the router
   lanMac ? null
-, # MAC address of the local area network interface
-  wifiMac ? null
 , # MAC address of the local area network interface
   wanMac
 , # MAC address of the upstream interface
@@ -50,10 +48,6 @@ in
       linkConfig.Name = "lanEth";
     };
 
-    "1-wifiIface" = ifNotNull wifiMac {
-      matchConfig.PermanentMACAddress = args.wifiMac;
-      linkConfig.Name = "wifi";
-    };
     "1-wanIface" = {
       matchConfig.PermanentMACAddress = args.wanMac;
       linkConfig.Name = "wan";
@@ -141,11 +135,6 @@ in
   #  "/org/freedesktop/network1/link/${link_id}" \
   #  org.freedesktop.network1.DHCPServer \
   #  Leases
-  systemd.network.networks."wifi" = ifNotNull wifiMac {
-    matchConfig.Name = "wifi";
-    networkConfig.Bridge = "lan";
-    linkConfig.RequiredForOnline = "enslaved";
-  };
 
   systemd.network.networks."lanEth" = ifNotNull lanMac {
     matchConfig.Name = "lanEth";
@@ -235,45 +224,6 @@ in
       '';
     };
 
-  # WiFi is only enabled if a MAC address is supplied
-  services.hostapd.enable = !builtins.isNull wifiMac;
-  systemd.services.hostapd = ifNotNull wifiMac {
-    bindsTo = [ "sys-subsystem-net-devices-wifi.device" ];
-  };
-
-  services.hostapd.radios.wifi = ifNotNull wifiMac {
-    wifi5.enable = false;
-    wifi4.capabilities = [ "HT40+" "HT40-" "HT20" "SHORT-GI-20" "SHORT-GI-40" "SHORT-GI-80" ];
-
-    countryCode = "SE";
-    band = "2g";
-    networks.wifi = {
-      # the regular NixOS config is too strict w.r.t. to old WPA standards, so for increased compatibility we should use this.
-      settings = {
-        "channel" = lib.mkForce "7";
-        "driver" = lib.mkForce "nl80211";
-        "ht_capab" =
-          lib.mkForce "[HT40+][HT40-][HT20][SHORT-GI-20][SHORT-GI-40]";
-        "hw_mode" = lib.mkForce "g";
-        "ieee80211w" = lib.mkForce "1";
-        "ieee80211d" = lib.mkForce "1";
-        "ieee80211h" = lib.mkForce "1";
-        "ieee80211n" = lib.mkForce "1";
-        "noscan" = lib.mkForce "0";
-        "require_ht" = lib.mkForce "0";
-        "wpa_key_mgmt" = lib.mkForce "WPA-PSK WPA-PSK-SHA256 SAE";
-        "group_mgmt_cipher" = lib.mkForce "AES-128-CMAC";
-      };
-      ssid = args.hostname;
-      authentication = {
-        mode = "wpa2-sha256";
-        # ¡¡¡ CREATE THESE FILES WITH THE NECESSARY PASSWORD !!!
-        wpaPasswordFile = "/wifi-password";
-        saePasswordsFile = "/wifi-sae-passwords";
-      };
-    };
-  };
-
   services.shadowsocks = {
     enable = true;
     port = 443;