chaos/nixfiles
1
0
Fork 0
Code Issues 2 Releases Activity
nixfiles/extras/shenanigans-hotspot.nix

87 lines
2.6 KiB
Nix
Raw Normal View History

start mailserver work
2022-06-22 15:51:22 +01:00
{ lib, pkgs, nixpkgs, config, tree, ... }:
nix
2022-05-09 09:03:00 +01:00
let
wifiInterface = "shenanigans0";
wifiMac = "00:0F:55:A8:2B:8E";
start mailserver work
2022-06-22 15:51:22 +01:00
usbethInterface = "shenanigans1";
usbethMac = "d0:37:45:88:9a:49";
nix
2022-05-09 09:03:00 +01:00
ssid = "Shenanigans";
password = "password123";
in {
start mailserver work
2022-06-22 15:51:22 +01:00
boot.extraModulePackages = with config.boot.kernelPackages; [ rtl8812au ];
nixpkgs.config.allowBroken = true;
nix
2022-05-09 09:03:00 +01:00
services.udev.extraRules = ''
KERNEL=="wlan*", ATTR{address}=="${
lib.toLower wifiMac
}", NAME="${wifiInterface}"
start mailserver work
2022-06-22 15:51:22 +01:00
KERNEL=="eth*", ACTION=="add", ATTR{address}=="${
lib.toLower usbethMac
}", NAME="${usbethInterface}"
nix
2022-05-09 09:03:00 +01:00
'';
networking.interfaces."${wifiInterface}".ipv4.addresses = [{
address = "192.168.2.1";
prefixLength = 24;
}];
start mailserver work
2022-06-22 15:51:22 +01:00
networking.interfaces."${usbethInterface}".ipv4.addresses = [{
address = "192.168.2.1";
prefixLength = 24;
}];
nix
2022-05-09 09:03:00 +01:00
networking.networkmanager.unmanaged = [
# Wifi
"interface-name:${wifiInterface}"
"mac:${wifiMac}"
start mailserver work
2022-06-22 15:51:22 +01:00
"interface-name:${usbethInterface}"
"mac:${usbethMac}"
nix
2022-05-09 09:03:00 +01:00
];
start mailserver work
2022-06-22 15:51:22 +01:00
systemd.services.wifi-relay = let inherit (pkgs) iptables gnugrep;
in {
description = "iptables rules for wifi-relay";
after = [ "dhcpd4.service" ];
wantedBy = [ "multi-user.target" ];
script = ''
${iptables}/bin/iptables -w -t nat -I POSTROUTING -s 192.168.2.0/24 ! -o ${wifiInterface} -j MASQUERADE
${iptables}/bin/iptables -w -I FORWARD -i ${wifiInterface} -s 192.168.2.0/24 -j ACCEPT
${iptables}/bin/iptables -w -t nat -I POSTROUTING -s 192.168.2.0/24 ! -o ${usbethInterface} -j MASQUERADE
${iptables}/bin/iptables -w -I FORWARD -i ${usbethInterface} -s 192.168.2.0/24 -j ACCEPT
#${iptables}/bin/iptables -t nat -A PREROUTING -i ${wifiInterface} -p tcp --dport 80 -j REDIRECT --to-port 8080
#${iptables}/bin/iptables -t nat -A PREROUTING -i ${wifiInterface} -p tcp --dport 443 -j REDIRECT --to-port 8080
'';
};
nix
2022-05-09 09:03:00 +01:00
networking.firewall = {
start mailserver work
2022-06-22 15:51:22 +01:00
trustedInterfaces = [ wifiInterface usbethInterface ];
nix
2022-05-09 09:03:00 +01:00
checkReversePath = lib.mkForce false;
allowedTCPPorts = [ 53 80 443 ];
};
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
networking.firewall.allowedUDPPorts = [ 53 67 ];
services.hostapd = {
enable = true;
interface = wifiInterface;
inherit ssid;
wpaPassphrase = password;
};
services.dhcpd4 = {
enable = true;
start mailserver work
2022-06-22 15:51:22 +01:00
interfaces = [ "${usbethInterface}" ];
nix
2022-05-09 09:03:00 +01:00
extraConfig = ''
subnet 192.168.2.0 netmask 255.255.255.0 {
range 192.168.2.100 192.168.2.200;
start mailserver work
2022-06-22 15:51:22 +01:00
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.2.255;
option routers 192.168.2.1;
option domain-name-servers 192.168.2.1;
nix
2022-05-09 09:03:00 +01:00
}
'';
};
}
Reference in a new issue Copy permalink