WIP: wifi still not working

2024-12-23 19:22:45 +01:00 · 2024-12-23 19:22:45 +01:00 · 4a8d074627
parent 1f8d44514d
commit 4a8d074627
3 changed files with 63 additions and 31 deletions
--- a/config/services/hostapd.nix
+++ b/config/services/hostapd.nix
@ -1,4 +1,9 @@
-{ globals, pkgs, ... }:
+{
+  globals,
+  pkgs,
+  lib,
+  ...
+}:
 {
  microvm.devices = [
    {
@ -6,27 +11,53 @@
      path = "0000:01:00.0";
    }
  ];
+  hardware.firmware = with pkgs; [
+    linux-firmware
+    intel2200BGFirmware
+  ];
+  boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
  networking.nftables.firewall.zones.untrusted.interfaces = [ "lan-services" ];
  hardware.wirelessRegulatoryDatabase = true;
-  systemd.network = {
-    netdevs."40-wifi-home" = {
-      netdevConfig = {
-        Name = "br-home";
-        Kind = "bridge";
-      };
-    };
-    networks."10-home-bridge" = {
-      matchConfig.Name = "lan-home";
-      DHCP = "no";
-      extraConfig = ''
-        [Network]
-        Bridge=br-home
-      '';
-    };
-    networks."10-home-" = {
-      matchConfig.Name = "br-home";
-      DHCP = "yes";
-    };
+  # systemd.network = {
+  #   netdevs."40-wifi-home" = {
+  #     netdevConfig = {
+  #       Name = "br-home";
+  #       Kind = "bridge";
+  #     };
+  #   };
+  #   networks."10-home-bridge" = {
+  #     networkConfig.LinkLocalAddressing = "no";
+  #     matchConfig.Name = "lan-home";
+  #     DHCP = "no";
+  #     extraConfig = ''
+  #       [Network]
+  #       Bridge=br-home
+  #     '';
+  #   };
+  #   networks."10-home-" = {
+  #     matchConfig.Name = "br-home";
+  #     DHCP = "yes";
+  #   };
+  # };
+
+  networking.nftables.firewall.zones.wlan.interfaces = [ "wlan1" ];
+  networking.nftables.firewall.zones.home.interfaces = [ "lan-home" ];
+  networking.nftables.firewall.rules.wifi-forward = {
+    from = [ "wlan" ];
+    to = [ "lan-home" ];
+    verdict = "accept";
+  };
+  systemd.network.networks."40-wifi" = {
+    matchConfig.Name = "lan-home";
+    address = [
+      (lib.net.cidr.hostCidr (globals.services.hostapd.ip + 1) globals.net.vlans.home.cidrv4)
+      (lib.net.cidr.hostCidr (globals.services.hostapd.ip + 1) globals.net.vlans.home.cidrv6)
+    ];
+    gateway = [
+      (lib.net.cidr.host 1 globals.net.vlans.home.cidrv4)
+      (lib.net.cidr.host 1 globals.net.vlans.home.cidrv6)
+    ];
+
  };

  services.hostapd = {
@ -58,20 +89,20 @@
      networks.wlan1 = {
        inherit (globals.hostapd) ssid;
        apIsolate = true;
-        settings.vlan_file = "${pkgs.writeText "hostaps.vlans" ''
-          10 wifi-home br-home
-          50 wifi-guest br-guest
-        ''}";
+        # settings.vlan_file = "${pkgs.writeText "hostaps.vlans" ''
+        #   10 wifi-home br-home
+        #   50 wifi-guest br-guest
+        # ''}";
        authentication = {
          saePasswords = [
            {
-              password = "lol";
-              vlanid = 10;
-            }
-            {
-              password = "lel";
-              vlanid = 50;
+              password = "ctiectie";
+              # vlanid = 10;
            }
+            # {
+            #   password = "nrsgnrsg";
+            #   vlanid = 50;
+            # }
          ];
          pairwiseCiphers = [
            "CCMP"
--- a/globals.nix
+++ b/globals.nix
@ -136,6 +136,7 @@ in
      };
      hostapd = {
        host = "nucnix-hostapd";
+        ip = 19;
      };
      murmur = {
        domain = "ts.${globals.domains.web}";
--- a/hosts/nucnix/net.nix
+++ b/hosts/nucnix/net.nix
@ -25,7 +25,7 @@ in
      fritz.interfaces = [ "vlan-fritz" ];
      wg-services.interfaces = [ "services" ];
      printer.ipv4Addresses = [
-        (lib.net.cidr.host 32 globals.net.vlans.device.cidrv4)
+        (lib.net.cidr.host 32 globals.net.vlans.devices.cidrv4)
      ];
      adguard.ipv4Addresses = [
        (lib.net.cidr.host globals.services.adguardhome.ip globals.net.vlans.services.cidrv4)