From d2702099b0efbd5093205d89e809b0fe4d812c53 Mon Sep 17 00:00:00 2001 From: Patrick Date: Thu, 2 Jan 2025 23:35:11 +0100 Subject: [PATCH] WIP: wifi --- config/basic/net.nix | 28 -------------------------- config/services/hostapd.nix | 39 ++++++++++++++++++------------------- hosts/nucnix/guests.nix | 1 - hosts/nucnix/mdns.nix | 2 +- 4 files changed, 20 insertions(+), 50 deletions(-) diff --git a/config/basic/net.nix b/config/basic/net.nix index 51ff6f1..110d04a 100644 --- a/config/basic/net.nix +++ b/config/basic/net.nix @@ -1,7 +1,6 @@ { lib, config, - pkgs, ... }: { @@ -42,31 +41,4 @@ MulticastDNS=true ''; }; - networking.nftables.ruleset = '' - table inet mdns { - set OWN_IPS { - typeof ip saddr - elements = { 127.0.0.1 } - } - chain prerouting { - type filter hook prerouting priority mangle; policy accept; - udp dport 5353 ip saddr @OWN_IPS drop; - } - } - ''; - services.networkd-dispatcher = { - enable = true; - rules = { - disable-mdns = { - onState = [ "configured" ]; - script = '' - ADDRS=$(${lib.getExe' pkgs.iproute2 "ip"} -j -o addr | ${lib.getExe pkgs.jq} -r ".[] | .addr_info[] | select(.dev != \"lo\") | .local") - for i in $ADDRS; do - ${lib.getExe pkgs.nftables} add element inet mdns OWN_IPS "{ $i }" - done - ''; - }; - }; - }; - } diff --git a/config/services/hostapd.nix b/config/services/hostapd.nix index 626d915..c269ddc 100644 --- a/config/services/hostapd.nix +++ b/config/services/hostapd.nix @@ -17,7 +17,6 @@ ]; boot.kernel.sysctl."net.ipv4.ip_forward" = 1; networking.nftables.firewall.zones.untrusted.interfaces = [ - "lan-services" "lan-home" ]; hardware.wirelessRegulatoryDatabase = true; @@ -45,26 +44,26 @@ # networking.nftables.firewall.zones.wlan.interfaces = [ "wlan1" ]; # networking.nftables.firewall.zones.home.interfaces = [ "lan-home" ]; - # networking.nftables.firewall.rules.wifi-forward = { - # from = [ "wlan" ]; - # to = [ "home" ]; - # verdict = "accept"; - # }; - # systemd.network.networks."40-wifi" = { - # matchConfig.Name = "wlan1"; - # address = [ - # (lib.net.cidr.hostCidr (globals.services.hostapd.ip + 1) globals.net.vlans.home.cidrv4) - # (lib.net.cidr.hostCidr (globals.services.hostapd.ip + 1) globals.net.vlans.home.cidrv6) - # ]; - # gateway = [ - # (lib.net.cidr.host 1 globals.net.vlans.home.cidrv4) - # (lib.net.cidr.host 1 globals.net.vlans.home.cidrv6) - # ]; - # - # }; - # + networking.nftables.firewall.rules.wifi-forward = { + from = [ "wlan" ]; + to = [ "home" ]; + verdict = "accept"; + }; + systemd.network.networks."40-wifi" = { + matchConfig.Name = "wlan1"; + address = [ + (lib.net.cidr.hostCidr (globals.services.hostapd.ip + 1) globals.net.vlans.home.cidrv4) + (lib.net.cidr.hostCidr (globals.services.hostapd.ip + 1) globals.net.vlans.home.cidrv6) + ]; + gateway = [ + (lib.net.cidr.host 1 globals.net.vlans.home.cidrv4) + (lib.net.cidr.host 1 globals.net.vlans.home.cidrv6) + ]; + + }; + services.hostapd = { - # enable = true; + enable = true; radios.wlan1 = { band = "2g"; countryCode = "DE"; diff --git a/hosts/nucnix/guests.nix b/hosts/nucnix/guests.nix index fcf0220..cc14e3a 100644 --- a/hosts/nucnix/guests.nix +++ b/hosts/nucnix/guests.nix @@ -114,7 +114,6 @@ in vlans = [ # "guests" "home" - "services" ]; }; } diff --git a/hosts/nucnix/mdns.nix b/hosts/nucnix/mdns.nix index 1c7a795..c13ec7e 100644 --- a/hosts/nucnix/mdns.nix +++ b/hosts/nucnix/mdns.nix @@ -34,7 +34,7 @@ in wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; - #environment.RUST_LOG = "debug"; + environment.RUST_LOG = "debug"; serviceConfig = { Restart = "on-failure";