|
1 | 1 | args@{ hostname |
2 | 2 | , # hostname of the router |
3 | 3 | lanMac ? null |
4 | | -, # MAC address of the local area network interface |
5 | | - wifiMac ? null |
6 | 4 | , # MAC address of the local area network interface |
7 | 5 | wanMac |
8 | 6 | , # MAC address of the upstream interface |
|
50 | 48 | linkConfig.Name = "lanEth"; |
51 | 49 | }; |
52 | 50 |
|
53 | | - "1-wifiIface" = ifNotNull wifiMac { |
54 | | - matchConfig.PermanentMACAddress = args.wifiMac; |
55 | | - linkConfig.Name = "wifi"; |
56 | | - }; |
57 | 51 | "1-wanIface" = { |
58 | 52 | matchConfig.PermanentMACAddress = args.wanMac; |
59 | 53 | linkConfig.Name = "wan"; |
|
141 | 135 | # "/org/freedesktop/network1/link/${link_id}" \ |
142 | 136 | # org.freedesktop.network1.DHCPServer \ |
143 | 137 | # Leases |
144 | | - systemd.network.networks."wifi" = ifNotNull wifiMac { |
145 | | - matchConfig.Name = "wifi"; |
146 | | - networkConfig.Bridge = "lan"; |
147 | | - linkConfig.RequiredForOnline = "enslaved"; |
148 | | - }; |
149 | 138 |
|
150 | 139 | systemd.network.networks."lanEth" = ifNotNull lanMac { |
151 | 140 | matchConfig.Name = "lanEth"; |
|
235 | 224 | ''; |
236 | 225 | }; |
237 | 226 |
|
238 | | - # WiFi is only enabled if a MAC address is supplied |
239 | | - services.hostapd.enable = !builtins.isNull wifiMac; |
240 | | - systemd.services.hostapd = ifNotNull wifiMac { |
241 | | - bindsTo = [ "sys-subsystem-net-devices-wifi.device" ]; |
242 | | - }; |
243 | | - |
244 | | - services.hostapd.radios.wifi = ifNotNull wifiMac { |
245 | | - wifi5.enable = false; |
246 | | - wifi4.capabilities = [ "HT40+" "HT40-" "HT20" "SHORT-GI-20" "SHORT-GI-40" "SHORT-GI-80" ]; |
247 | | - |
248 | | - countryCode = "SE"; |
249 | | - band = "2g"; |
250 | | - networks.wifi = { |
251 | | - # the regular NixOS config is too strict w.r.t. to old WPA standards, so for increased compatibility we should use this. |
252 | | - settings = { |
253 | | - "channel" = lib.mkForce "7"; |
254 | | - "driver" = lib.mkForce "nl80211"; |
255 | | - "ht_capab" = |
256 | | - lib.mkForce "[HT40+][HT40-][HT20][SHORT-GI-20][SHORT-GI-40]"; |
257 | | - "hw_mode" = lib.mkForce "g"; |
258 | | - "ieee80211w" = lib.mkForce "1"; |
259 | | - "ieee80211d" = lib.mkForce "1"; |
260 | | - "ieee80211h" = lib.mkForce "1"; |
261 | | - "ieee80211n" = lib.mkForce "1"; |
262 | | - "noscan" = lib.mkForce "0"; |
263 | | - "require_ht" = lib.mkForce "0"; |
264 | | - "wpa_key_mgmt" = lib.mkForce "WPA-PSK WPA-PSK-SHA256 SAE"; |
265 | | - "group_mgmt_cipher" = lib.mkForce "AES-128-CMAC"; |
266 | | - }; |
267 | | - ssid = args.hostname; |
268 | | - authentication = { |
269 | | - mode = "wpa2-sha256"; |
270 | | - # ¡¡¡ CREATE THESE FILES WITH THE NECESSARY PASSWORD !!! |
271 | | - wpaPasswordFile = "/wifi-password"; |
272 | | - saePasswordsFile = "/wifi-sae-passwords"; |
273 | | - }; |
274 | | - }; |
275 | | - }; |
276 | | - |
277 | 227 | services.shadowsocks = { |
278 | 228 | enable = true; |
279 | 229 | port = 443; |
|
0 commit comments