nix-config/hosts/nucnix/hostapd.nix

{
  globals,
  config,
  pkgs,
  lib,
  ...
}:
{
  hardware.firmware = with pkgs; [
    linux-firmware
    intel2200BGFirmware
  ];
  #boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
  age.secrets = {
    homeWlan = {
      generator.script = "alnum";
    };
    iotWlan = {
      generator.script = "alnum";
    };
  };
  # Hostapd tries to delete any bridges it uses when restarting
  # If any other service dares also using the bridges, thats too bad
  # Have fun resetting your server because they're not coming back
  systemd.services.hostapd.stopIfChanged = false;
  systemd.services.hostapd.restartIfChanged = false;
  systemd.services.hostapd.reloadTriggers = lib.mkForce [ ];

  # networking.nftables.firewall.zones.wlan.interfaces = [ "wlan1" ];
  # networking.nftables.firewall.zones.home.interfaces = [ "br-home" ];
  # networking.nftables.firewall.rules.wifi-forward = {
  #   from = [ "wlan" ];
  #   to = [ "home" ];
  #   verdict = "accept";
  # };
  services.hostapd = {
    enable = true;
    radios.wlan01 = {
      band = "2g";
      countryCode = "DE";
      channel = 5;
      wifi4.capabilities = [
        "LDPC"
        "HT40+"
        "HT40-"
        "SHORT-GI-20"
        "SHORT-GI-40"
        "TX-STBC"
        "RX-STBC1"
      ];
      wifi5.capabilities = [
        "LDPC"
        "HT40+"
        "HT40-"
        "SHORT-GI-20"
        "SHORT-GI-40"
        "TX-STBC"
        "RX-STBC1"
      ];
      wifi6.enable = true;
      wifi7.enable = true;
      networks.wlan01 = {
        inherit (globals.hostapd) ssid;
        apIsolate = true;
        #logLevel = 0;
        settings = {
          bridge = "br-iot";
        };
        authentication = {
          mode = "wpa2-sha1";
          wpaPasswordFile = config.age.secrets.iotWlan.path;
          # saePasswords = [
          #   {
          #     passwordFile = config.age.secrets.iotWlan.path;
          #   }
          # ];
          pairwiseCiphers = [
            "CCMP"
            # "GCMP"
            # "GCMP-256"
          ];
          #enableRecommendedPairwiseCiphers = true;
        };
        bssid = "44:38:e8:db:a5:b5";
      };
    };
  };
}
feat: hostapd back on bare 2025-01-04 23:25:48 +01:00			`{`
			`globals,`
WIP: homeassistant 2025-01-05 22:27:49 +01:00			`config,`
feat: hostapd back on bare 2025-01-04 23:25:48 +01:00			`pkgs,`
fix: hostapd broke again 2025-01-10 16:36:41 +01:00			`lib,`
feat: hostapd back on bare 2025-01-04 23:25:48 +01:00			`...`
			`}:`
			`{`
			`hardware.firmware = with pkgs; [`
			`linux-firmware`
			`intel2200BGFirmware`
			`];`
			`#boot.kernel.sysctl."net.ipv4.ip_forward" = 1;`
WIP: homeassistant 2025-01-05 22:27:49 +01:00			`age.secrets = {`
			`homeWlan = {`
			`generator.script = "alnum";`
			`};`
fix: hostapd broke again 2025-01-10 16:36:41 +01:00			`iotWlan = {`
			`generator.script = "alnum";`
			`};`
WIP: homeassistant 2025-01-05 22:27:49 +01:00			`};`
fix: hostapd works again 2025-01-11 19:00:41 +01:00			`# Hostapd tries to delete any bridges it uses when restarting`
			`# If any other service dares also using the bridges, thats too bad`
			`# Have fun resetting your server because they're not coming back`
fix: hostapd broke again 2025-01-10 16:36:41 +01:00			`systemd.services.hostapd.stopIfChanged = false;`
			`systemd.services.hostapd.restartIfChanged = false;`
			`systemd.services.hostapd.reloadTriggers = lib.mkForce [ ];`
feat: hostapd back on bare 2025-01-04 23:25:48 +01:00
fix: hostapd broke again 2025-01-10 16:36:41 +01:00			`# networking.nftables.firewall.zones.wlan.interfaces = [ "wlan1" ];`
			`# networking.nftables.firewall.zones.home.interfaces = [ "br-home" ];`
			`# networking.nftables.firewall.rules.wifi-forward = {`
			`# from = [ "wlan" ];`
			`# to = [ "home" ];`
			`# verdict = "accept";`
			`# };`
feat: hostapd back on bare 2025-01-04 23:25:48 +01:00			`services.hostapd = {`
			`enable = true;`
			`radios.wlan01 = {`
			`band = "2g";`
			`countryCode = "DE";`
			`channel = 5;`
			`wifi4.capabilities = [`
			`"LDPC"`
			`"HT40+"`
			`"HT40-"`
			`"SHORT-GI-20"`
			`"SHORT-GI-40"`
			`"TX-STBC"`
			`"RX-STBC1"`
			`];`
			`wifi5.capabilities = [`
			`"LDPC"`
			`"HT40+"`
			`"HT40-"`
			`"SHORT-GI-20"`
			`"SHORT-GI-40"`
			`"TX-STBC"`
			`"RX-STBC1"`
			`];`
			`wifi6.enable = true;`
			`wifi7.enable = true;`
			`networks.wlan01 = {`
			`inherit (globals.hostapd) ssid;`
			`apIsolate = true;`
feat: allow smb access from fritz-vlan 2025-01-14 22:19:27 +01:00			`#logLevel = 0;`
fix: hostapd works again 2025-01-11 19:00:41 +01:00			`settings = {`
feat: tasmota with hme assistant 2025-01-13 21:28:06 +01:00			`bridge = "br-iot";`
fix: hostapd works again 2025-01-11 19:00:41 +01:00			`};`
feat: hostapd back on bare 2025-01-04 23:25:48 +01:00			`authentication = {`
feat: tasmota with hme assistant 2025-01-13 21:28:06 +01:00			`mode = "wpa2-sha1";`
			`wpaPasswordFile = config.age.secrets.iotWlan.path;`
			`# saePasswords = [`
			`# {`
			`# passwordFile = config.age.secrets.iotWlan.path;`
			`# }`
			`# ];`
feat: hostapd back on bare 2025-01-04 23:25:48 +01:00			`pairwiseCiphers = [`
			`"CCMP"`
feat: tasmota with hme assistant 2025-01-13 21:28:06 +01:00			`# "GCMP"`
			`# "GCMP-256"`
feat: hostapd back on bare 2025-01-04 23:25:48 +01:00			`];`
			`#enableRecommendedPairwiseCiphers = true;`
			`};`
			`bssid = "44:38:e8:db:a5:b5";`
			`};`
			`};`
			`};`
			`}`