WIP: wifi

2025-01-02 23:35:11 +01:00 · 2025-01-02 23:35:11 +01:00 · d2702099b0
parent 690f98b0a6
commit d2702099b0
4 changed files with 20 additions and 50 deletions
--- a/config/basic/net.nix
+++ b/config/basic/net.nix
@ -1,7 +1,6 @@
 {
  lib,
  config,
-  pkgs,
  ...
 }:
 {
@ -42,31 +41,4 @@
      MulticastDNS=true
    '';
  };
-  networking.nftables.ruleset = ''
-    table inet mdns {
-       set OWN_IPS {
-         typeof ip saddr
-         elements = { 127.0.0.1 }
-       }
-      chain prerouting {
-          type filter hook prerouting priority mangle; policy accept;
-          udp dport 5353 ip saddr @OWN_IPS drop;
-      }
-    }
-  '';
-  services.networkd-dispatcher = {
-    enable = true;
-    rules = {
-      disable-mdns = {
-        onState = [ "configured" ];
-        script = ''
-          ADDRS=$(${lib.getExe' pkgs.iproute2 "ip"} -j -o addr | ${lib.getExe pkgs.jq} -r ".[] | .addr_info[] | select(.dev != \"lo\") | .local")
-          for i in $ADDRS; do
-            ${lib.getExe pkgs.nftables} add element inet mdns OWN_IPS "{ $i }"
-          done
-        '';
-      };
-    };
-  };
-
 }
--- a/config/services/hostapd.nix
+++ b/config/services/hostapd.nix
@ -17,7 +17,6 @@
  ];
  boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
  networking.nftables.firewall.zones.untrusted.interfaces = [
-    "lan-services"
    "lan-home"
  ];
  hardware.wirelessRegulatoryDatabase = true;
@ -45,26 +44,26 @@

  # networking.nftables.firewall.zones.wlan.interfaces = [ "wlan1" ];
  # networking.nftables.firewall.zones.home.interfaces = [ "lan-home" ];
-  # networking.nftables.firewall.rules.wifi-forward = {
-  #   from = [ "wlan" ];
-  #   to = [ "home" ];
-  #   verdict = "accept";
-  # };
-  # systemd.network.networks."40-wifi" = {
-  #   matchConfig.Name = "wlan1";
-  #   address = [
-  #     (lib.net.cidr.hostCidr (globals.services.hostapd.ip + 1) globals.net.vlans.home.cidrv4)
-  #     (lib.net.cidr.hostCidr (globals.services.hostapd.ip + 1) globals.net.vlans.home.cidrv6)
-  #   ];
-  #   gateway = [
-  #     (lib.net.cidr.host 1 globals.net.vlans.home.cidrv4)
-  #     (lib.net.cidr.host 1 globals.net.vlans.home.cidrv6)
-  #   ];
-  #
-  # };
-  #
+  networking.nftables.firewall.rules.wifi-forward = {
+    from = [ "wlan" ];
+    to = [ "home" ];
+    verdict = "accept";
+  };
+  systemd.network.networks."40-wifi" = {
+    matchConfig.Name = "wlan1";
+    address = [
+      (lib.net.cidr.hostCidr (globals.services.hostapd.ip + 1) globals.net.vlans.home.cidrv4)
+      (lib.net.cidr.hostCidr (globals.services.hostapd.ip + 1) globals.net.vlans.home.cidrv6)
+    ];
+    gateway = [
+      (lib.net.cidr.host 1 globals.net.vlans.home.cidrv4)
+      (lib.net.cidr.host 1 globals.net.vlans.home.cidrv6)
+    ];
+
+  };
+
  services.hostapd = {
-    # enable = true;
+    enable = true;
    radios.wlan1 = {
      band = "2g";
      countryCode = "DE";
--- a/hosts/nucnix/guests.nix
+++ b/hosts/nucnix/guests.nix
@ -114,7 +114,6 @@ in
      vlans = [
        # "guests"
        "home"
-        "services"
      ];
    };
 }
--- a/hosts/nucnix/mdns.nix
+++ b/hosts/nucnix/mdns.nix
@ -34,7 +34,7 @@ in
    wantedBy = [ "multi-user.target" ];
    after = [ "network.target" ];

-    #environment.RUST_LOG = "debug";
+    environment.RUST_LOG = "debug";

    serviceConfig = {
      Restart = "on-failure";