add test wifi

home/base/ssh.nix

@@ -2,12 +2,16 @@
   programs.ssh.enable = true;
   programs.ssh.matchBlocks = {
     "lappy" = {
-      user = "lappy.tailscale-internal.owo.monster";
+      user = "lappy.tailscale-internal.genderfucked.monster";
       hostname = "100.115.10.34";
     };
     "hetzner-vm" = {
       user = "root";
-      hostname = "hetzner-vm.tailscale-internal.owo.monster";
+      hostname = "hetzner-vm.tailscale-internal.genderfucked.monster";
+    };
+    "raspberry" = {
+      user = "root";
+      hostname = "raspberry.tailscale-internal.genderfucked.monster";
     };
   };
 }

hosts/raspberry/raspberry.nix

@@ -4,15 +4,17 @@
   imports = with tree; [
     users.root
     users.chaoticryptidz
+
     profiles.tailscale
     profiles.sshd
+
+    hosts.raspberry.services.router
+
     (modulesPath + "/installer/sd-card/sd-image-aarch64.nix")
   ];
 
-  home-manager.users.root = { imports = with tree; [ home.base home.dev ]; };
-  home-manager.users.chaoticryptidz = { imports = with tree; [ home.base home.dev ]; };
-
-
+  home-manager.users.root = { imports = with tree; [ home.base home.dev.small ]; };
+  home-manager.users.chaoticryptidz = { imports = with tree; [ home.base home.dev.small ]; };
 
   boot.kernelPackages = pkgs.linuxPackages_latest;
   networking.hostName = "raspberry";
@@ -20,7 +22,7 @@
 
   networking.useDHCP = true;
   networking.wireless = {
-    enable = true;
+    enable = false;
     environmentFile = "/secrets/wifi-env";
     networks.BT-JGA898.psk = "@PSK_HOME@";
   };

hosts/raspberry/services/router.nix

@@ -0,0 +1,50 @@
+{ lib, tree, ... }:
+let
+  externalInterface = "eth0";
+  wifiInterface = "wlan0";
+  ssid = "Test Wifi";
+  password = "UwUPassUwU";
+in {
+  imports = with tree; [
+    profiles.dnscrypt
+  ];
+  
+  services.dnscrypt-proxy2.settings."listen_addresses" = ["0.0.0.0:53" "[::]:53"];
+
+  services.hostapd = {
+    enable = true;
+    interface = wifiInterface;
+    ssid = ssid;
+    wpaPassphrase = password;
+  };
+
+  networking.interfaces = {
+    wlan0 = {
+      ipAddress = "192.168.2.1";
+      prefixLength = 24;
+    };
+  };
+
+  networking.firewall = {
+    trustedInterfaces = [ wifiInterface ];
+    checkReversePath = false;
+    allowedTCPPorts = [53];
+  };
+
+  networking.nat = {
+    enable = true;
+    internalIPs = [ "192.168.2.0/24" ];
+    externalInterface = externalInterface;
+  };
+
+  services.dnsmasq = {
+    enable = true;
+    servers = [ "192.168.2.1" ];
+    extraConfig = ''
+      domain=lan
+      interface=wlan0
+      bind-interfaces
+      dhcp-range=192.168.2.10,192.168.2.254,24h
+    '';
+  };
+}

profiles/dnscrypt/dnscrypt.nix

@@ -22,14 +22,14 @@
 
       server_names = [
         "cloudflare"
-        "acsacsar-ams-ipv4"
-        "acsacsar-ams-ipv6"
-        "dnscrypt.eu-dk"
-        "dnscrypt.eu-dk-ipv6"
-        "dnscrypt.eu-nl"
-        "dnscrypt.eu-nl-ipv6"
-        "meganerd"
-        "meganerd-ipv6"
+        #"acsacsar-ams-ipv4"
+        #"acsacsar-ams-ipv6"
+        #"dnscrypt.eu-dk"
+        #"dnscrypt.eu-dk-ipv6"
+        #"dnscrypt.eu-nl"
+        #"dnscrypt.eu-nl-ipv6"
+        #"meganerd"
+        #"meganerd-ipv6"
       ];
     };
   };