patrick/nix-config
1
1
Fork 0
Code Issues Pull requests Projects Wiki Activity

WIP: wifi

Browse source
This commit is contained in:
Patrick 2025-01-02 23:35:11 +01:00
parent 690f98b0a6
commit d2702099b0
Signed by: patrick
GPG key ID: 451F95EFB8BECD0F
4 changed files with 20 additions and 50 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
config/basic/net.nix
View file

@ -1,7 +1,6 @@
{ {
lib, lib,
config, config,
pkgs,
... ...
}: }:
{ {
@ -42,31 +41,4 @@
MulticastDNS=true MulticastDNS=true
''; '';
}; };
networking.nftables.ruleset = ''
table inet mdns {
set OWN_IPS {
typeof ip saddr
elements = { 127.0.0.1 }
}
chain prerouting {
type filter hook prerouting priority mangle; policy accept;
udp dport 5353 ip saddr @OWN_IPS drop;
}
}
'';
services.networkd-dispatcher = {
enable = true;
rules = {
disable-mdns = {
onState = [ "configured" ];
script = ''
ADDRS=$(${lib.getExe' pkgs.iproute2 "ip"} -j -o addr | ${lib.getExe pkgs.jq} -r ".[] | .addr_info[] | select(.dev != \"lo\") | .local")
for i in $ADDRS; do
${lib.getExe pkgs.nftables} add element inet mdns OWN_IPS "{ $i }"
done
'';
};
};
};
} }

39
config/services/hostapd.nix
View file

@ -17,7 +17,6 @@
]; ];
boot.kernel.sysctl."net.ipv4.ip_forward" = 1; boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
networking.nftables.firewall.zones.untrusted.interfaces = [ networking.nftables.firewall.zones.untrusted.interfaces = [
"lan-services"
"lan-home" "lan-home"
]; ];
hardware.wirelessRegulatoryDatabase = true; hardware.wirelessRegulatoryDatabase = true;
@ -45,26 +44,26 @@
# networking.nftables.firewall.zones.wlan.interfaces = [ "wlan1" ]; # networking.nftables.firewall.zones.wlan.interfaces = [ "wlan1" ];
# networking.nftables.firewall.zones.home.interfaces = [ "lan-home" ]; # networking.nftables.firewall.zones.home.interfaces = [ "lan-home" ];
# networking.nftables.firewall.rules.wifi-forward = { networking.nftables.firewall.rules.wifi-forward = {
# from = [ "wlan" ]; from = [ "wlan" ];
# to = [ "home" ]; to = [ "home" ];
# verdict = "accept"; verdict = "accept";
# }; };
# systemd.network.networks."40-wifi" = { systemd.network.networks."40-wifi" = {
# matchConfig.Name = "wlan1"; matchConfig.Name = "wlan1";
# address = [ address = [
# (lib.net.cidr.hostCidr (globals.services.hostapd.ip + 1) globals.net.vlans.home.cidrv4) (lib.net.cidr.hostCidr (globals.services.hostapd.ip + 1) globals.net.vlans.home.cidrv4)
# (lib.net.cidr.hostCidr (globals.services.hostapd.ip + 1) globals.net.vlans.home.cidrv6) (lib.net.cidr.hostCidr (globals.services.hostapd.ip + 1) globals.net.vlans.home.cidrv6)
# ]; ];
# gateway = [ gateway = [
# (lib.net.cidr.host 1 globals.net.vlans.home.cidrv4) (lib.net.cidr.host 1 globals.net.vlans.home.cidrv4)
# (lib.net.cidr.host 1 globals.net.vlans.home.cidrv6) (lib.net.cidr.host 1 globals.net.vlans.home.cidrv6)
# ]; ];
#
# }; };
#
services.hostapd = { services.hostapd = {
# enable = true; enable = true;
radios.wlan1 = { radios.wlan1 = {
band = "2g"; band = "2g";
countryCode = "DE"; countryCode = "DE";

1
hosts/nucnix/guests.nix
View file

@ -114,7 +114,6 @@ in
vlans = [ vlans = [
# "guests" # "guests"
"home" "home"
"services"
]; ];
}; };
} }

2
hosts/nucnix/mdns.nix
View file

@ -34,7 +34,7 @@ in
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = [ "network.target" ]; after = [ "network.target" ];
#environment.RUST_LOG = "debug"; environment.RUST_LOG = "debug";
serviceConfig = { serviceConfig = {
Restart = "on-failure"; Restart = "on-failure";