patrick/nix-config
1
1
Fork 0
Code Issues Pull requests Projects Wiki Activity

fix: hostapd broke again

Browse source
This commit is contained in:
Patrick 2025-01-10 16:36:41 +01:00
parent 7d6e959d90
commit f961ee9b17
Signed by: patrick
GPG key ID: 451F95EFB8BECD0F
2 changed files with 22 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
hosts/nucnix/hostapd.nix
View file

@ -2,6 +2,7 @@
globals, globals,
config, config,
pkgs, pkgs,
lib,
... ...
}: }:
{ {
@ -17,15 +18,21 @@
guestWlan = { guestWlan = {
generator.script = "alnum"; generator.script = "alnum";
}; };
iotWlan = {
generator.script = "alnum";
};
}; };
systemd.services.hostapd.stopIfChanged = false;
systemd.services.hostapd.restartIfChanged = false;
systemd.services.hostapd.reloadTriggers = lib.mkForce [ ];
networking.nftables.firewall.zones.wlan.interfaces = [ "wlan1" ]; # networking.nftables.firewall.zones.wlan.interfaces = [ "wlan1" ];
networking.nftables.firewall.zones.home.interfaces = [ "br-home" ]; # networking.nftables.firewall.zones.home.interfaces = [ "br-home" ];
networking.nftables.firewall.rules.wifi-forward = { # networking.nftables.firewall.rules.wifi-forward = {
from = [ "wlan" ]; # from = [ "wlan" ];
to = [ "home" ]; # to = [ "home" ];
verdict = "accept"; # verdict = "accept";
}; # };
services.hostapd = { services.hostapd = {
enable = true; enable = true;
radios.wlan01 = { radios.wlan01 = {
@ -57,10 +64,10 @@
apIsolate = true; apIsolate = true;
# not supporte by laptop :( # not supporte by laptop :(
# settings.ieee80211w = 0; # settings.ieee80211w = 0;
settings.bridge = "br-home";
settings.vlan_file = "${pkgs.writeText "hostaps.vlans" '' settings.vlan_file = "${pkgs.writeText "hostaps.vlans" ''
10 wifi-home br-home 10 wifi-home br-home
50 wifi-guest br-guest 40 wifi-iot br-iot
50 wifi-guests br-guests
''}"; ''}";
authentication = { authentication = {
saePasswords = [ saePasswords = [
@ -68,6 +75,10 @@
passwordFile = config.age.secrets.homeWlan.path; passwordFile = config.age.secrets.homeWlan.path;
vlanid = 10; vlanid = 10;
} }
{
passwordFile = config.age.secrets.iotWlan.path;
vlanid = 40;
}
{ {
passwordFile = config.age.secrets.guestWlan.path; passwordFile = config.age.secrets.guestWlan.path;
vlanid = 50; vlanid = 50;

4
patches/PR/365727.diff
View file

@ -1,5 +1,5 @@
diff --git a/nixos/modules/services/networking/hostapd.nix b/nixos/modules/services/networking/hostapd.nix diff --git a/nixos/modules/services/networking/hostapd.nix b/nixos/modules/services/networking/hostapd.nix
index 8635dea738ce2..12821fc9f07c1 100644 index 8635dea738ce2..28dd6db874bc4 100644
--- a/nixos/modules/services/networking/hostapd.nix --- a/nixos/modules/services/networking/hostapd.nix
+++ b/nixos/modules/services/networking/hostapd.nix +++ b/nixos/modules/services/networking/hostapd.nix
@@ -1,4 +1,10 @@ @@ -1,4 +1,10 @@
@ -2000,7 +2000,7 @@ index 8635dea738ce2..12821fc9f07c1 100644
+ ( + (
+ echo -n 'sae_password=' + echo -n 'sae_password='
+ ${optionalString (entry.passwordFile != null) ''tr -d '\n' < ${entry.passwordFile}''} + ${optionalString (entry.passwordFile != null) ''tr -d '\n' < ${entry.passwordFile}''}
+ cat <<< '${escapeShellArg lineSuffix}' + echo ${escapeShellArg lineSuffix}
+ ) >> "$HOSTAPD_CONFIG_FILE" + ) >> "$HOSTAPD_CONFIG_FILE"
+ '' + ''
+ ) bssCfg.authentication.saePasswords + ) bssCfg.authentication.saePasswords