nixfiles/extras/shenanigans-hotspot.nix

{
  lib,
  pkgs,
  nixpkgs,
  config,
  ...
}: let
  wifiInterface = "shenanigans0";
  wifiMac = "00:0F:55:A8:2B:8E";

  usbethInterface = "shenanigans1";
  usbethMac = "d0:37:45:88:9a:49";

  ssid = "Shenanigans";
  password = "password123";
in {
  boot.extraModulePackages = with config.boot.kernelPackages; [rtl8812au];
  nixpkgs.config.allowBroken = true;

  services.udev.extraRules = ''
    KERNEL=="wlan*", ATTR{address}=="${
      lib.toLower wifiMac
    }", NAME="${wifiInterface}"
    KERNEL=="eth*", ACTION=="add", ATTR{address}=="${
      lib.toLower usbethMac
    }", NAME="${usbethInterface}"
  '';

  networking.interfaces."${wifiInterface}".ipv4.addresses = [
    {
      address = "192.168.2.1";
      prefixLength = 24;
    }
  ];

  networking.interfaces."${usbethInterface}".ipv4.addresses = [
    {
      address = "192.168.2.1";
      prefixLength = 24;
    }
  ];

  networking.networkmanager.unmanaged = [
    # Wifi
    "interface-name:${wifiInterface}"
    "mac:${wifiMac}"
    "interface-name:${usbethInterface}"
    "mac:${usbethMac}"
  ];

  systemd.services.wifi-relay = let
    inherit (pkgs) iptables;
  in {
    description = "iptables rules for wifi-relay";
    after = ["dhcpd4.service"];
    wantedBy = ["multi-user.target"];
    script = ''
      ${iptables}/bin/iptables -w -t nat -I POSTROUTING -s 192.168.2.0/24 ! -o ${wifiInterface} -j MASQUERADE
      ${iptables}/bin/iptables -w -I FORWARD -i ${wifiInterface} -s 192.168.2.0/24 -j ACCEPT
      ${iptables}/bin/iptables -w -t nat -I POSTROUTING -s 192.168.2.0/24 ! -o ${usbethInterface} -j MASQUERADE
      ${iptables}/bin/iptables -w -I FORWARD -i ${usbethInterface} -s 192.168.2.0/24 -j ACCEPT
      #${iptables}/bin/iptables -t nat -A PREROUTING -i ${wifiInterface} -p tcp --dport 80 -j REDIRECT --to-port 8080
      #${iptables}/bin/iptables -t nat -A PREROUTING -i ${wifiInterface} -p tcp --dport 443 -j REDIRECT --to-port 8080
    '';
  };

  networking.firewall = {
    trustedInterfaces = [wifiInterface usbethInterface];
    checkReversePath = lib.mkForce false;
    allowedTCPPorts = [53 80 443];
  };

  boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
  networking.firewall.allowedUDPPorts = [53 67];

  services.hostapd = {
    enable = true;
    interface = wifiInterface;
    inherit ssid;
    wpaPassphrase = password;
  };

  services.dhcpd4 = {
    enable = true;
    interfaces = ["${usbethInterface}"];
    extraConfig = ''
      subnet 192.168.2.0 netmask 255.255.255.0 {
        range 192.168.2.100 192.168.2.200;
        option subnet-mask 255.255.255.0;
        option broadcast-address 192.168.2.255;
        option routers 192.168.2.1;
        option domain-name-servers 192.168.2.1;
      }
    '';
  };
}
tidy files, switch to alejandra for formatting, add private aliases to mailserver 2022-12-04 13:45:43 +00:00			`{`
			`lib,`
			`pkgs,`
			`nixpkgs,`
			`config,`
			`...`
			`}: let`
nix 2022-05-09 09:03:00 +01:00			`wifiInterface = "shenanigans0";`
			`wifiMac = "00:0F:55:A8:2B:8E";`
start mailserver work 2022-06-22 15:51:22 +01:00
			`usbethInterface = "shenanigans1";`
			`usbethMac = "d0:37:45:88:9a:49";`

nix 2022-05-09 09:03:00 +01:00			`ssid = "Shenanigans";`
			`password = "password123";`
			`in {`
tidy files, switch to alejandra for formatting, add private aliases to mailserver 2022-12-04 13:45:43 +00:00			`boot.extraModulePackages = with config.boot.kernelPackages; [rtl8812au];`
start mailserver work 2022-06-22 15:51:22 +01:00			`nixpkgs.config.allowBroken = true;`

nix 2022-05-09 09:03:00 +01:00			`services.udev.extraRules = ''`
			`KERNEL=="wlan*", ATTR{address}=="${`
			`lib.toLower wifiMac`
			`}", NAME="${wifiInterface}"`
start mailserver work 2022-06-22 15:51:22 +01:00			`KERNEL=="eth*", ACTION=="add", ATTR{address}=="${`
			`lib.toLower usbethMac`
			`}", NAME="${usbethInterface}"`
nix 2022-05-09 09:03:00 +01:00			`'';`

tidy files, switch to alejandra for formatting, add private aliases to mailserver 2022-12-04 13:45:43 +00:00			`networking.interfaces."${wifiInterface}".ipv4.addresses = [`
			`{`
			`address = "192.168.2.1";`
			`prefixLength = 24;`
			`}`
			`];`
nix 2022-05-09 09:03:00 +01:00
tidy files, switch to alejandra for formatting, add private aliases to mailserver 2022-12-04 13:45:43 +00:00			`networking.interfaces."${usbethInterface}".ipv4.addresses = [`
			`{`
			`address = "192.168.2.1";`
			`prefixLength = 24;`
			`}`
			`];`
start mailserver work 2022-06-22 15:51:22 +01:00
nix 2022-05-09 09:03:00 +01:00			`networking.networkmanager.unmanaged = [`
			`# Wifi`
			`"interface-name:${wifiInterface}"`
			`"mac:${wifiMac}"`
start mailserver work 2022-06-22 15:51:22 +01:00			`"interface-name:${usbethInterface}"`
			`"mac:${usbethMac}"`
nix 2022-05-09 09:03:00 +01:00			`];`

tidy files, switch to alejandra for formatting, add private aliases to mailserver 2022-12-04 13:45:43 +00:00			`systemd.services.wifi-relay = let`
run deadnix on nixfiles 2022-12-04 16:10:00 +00:00			`inherit (pkgs) iptables;`
start mailserver work 2022-06-22 15:51:22 +01:00			`in {`
			`description = "iptables rules for wifi-relay";`
tidy files, switch to alejandra for formatting, add private aliases to mailserver 2022-12-04 13:45:43 +00:00			`after = ["dhcpd4.service"];`
			`wantedBy = ["multi-user.target"];`
start mailserver work 2022-06-22 15:51:22 +01:00			`script = ''`
			`${iptables}/bin/iptables -w -t nat -I POSTROUTING -s 192.168.2.0/24 ! -o ${wifiInterface} -j MASQUERADE`
			`${iptables}/bin/iptables -w -I FORWARD -i ${wifiInterface} -s 192.168.2.0/24 -j ACCEPT`
			`${iptables}/bin/iptables -w -t nat -I POSTROUTING -s 192.168.2.0/24 ! -o ${usbethInterface} -j MASQUERADE`
			`${iptables}/bin/iptables -w -I FORWARD -i ${usbethInterface} -s 192.168.2.0/24 -j ACCEPT`
			`#${iptables}/bin/iptables -t nat -A PREROUTING -i ${wifiInterface} -p tcp --dport 80 -j REDIRECT --to-port 8080`
			`#${iptables}/bin/iptables -t nat -A PREROUTING -i ${wifiInterface} -p tcp --dport 443 -j REDIRECT --to-port 8080`
			`'';`
			`};`
nix 2022-05-09 09:03:00 +01:00
			`networking.firewall = {`
tidy files, switch to alejandra for formatting, add private aliases to mailserver 2022-12-04 13:45:43 +00:00			`trustedInterfaces = [wifiInterface usbethInterface];`
nix 2022-05-09 09:03:00 +01:00			`checkReversePath = lib.mkForce false;`
tidy files, switch to alejandra for formatting, add private aliases to mailserver 2022-12-04 13:45:43 +00:00			`allowedTCPPorts = [53 80 443];`
nix 2022-05-09 09:03:00 +01:00			`};`

			`boot.kernel.sysctl."net.ipv4.ip_forward" = 1;`
tidy files, switch to alejandra for formatting, add private aliases to mailserver 2022-12-04 13:45:43 +00:00			`networking.firewall.allowedUDPPorts = [53 67];`
nix 2022-05-09 09:03:00 +01:00
			`services.hostapd = {`
			`enable = true;`
			`interface = wifiInterface;`
			`inherit ssid;`
			`wpaPassphrase = password;`
			`};`

			`services.dhcpd4 = {`
			`enable = true;`
tidy files, switch to alejandra for formatting, add private aliases to mailserver 2022-12-04 13:45:43 +00:00			`interfaces = ["${usbethInterface}"];`
nix 2022-05-09 09:03:00 +01:00			`extraConfig = ''`
			`subnet 192.168.2.0 netmask 255.255.255.0 {`
			`range 192.168.2.100 192.168.2.200;`
start mailserver work 2022-06-22 15:51:22 +01:00			`option subnet-mask 255.255.255.0;`
			`option broadcast-address 192.168.2.255;`
			`option routers 192.168.2.1;`
			`option domain-name-servers 192.168.2.1;`
nix 2022-05-09 09:03:00 +01:00			`}`
			`'';`
			`};`
			`}`