50 lines
984 B
Nix
50 lines
984 B
Nix
{ lib, tree, ... }:
|
|
let
|
|
externalInterface = "eth0";
|
|
wifiInterface = "wlan0";
|
|
ssid = "Test Wifi";
|
|
password = "UwUPassUwU";
|
|
in {
|
|
imports = with tree; [ profiles.dnscrypt ];
|
|
|
|
services.dnscrypt-proxy2.settings."listen_addresses" =
|
|
[ "0.0.0.0:53" "[::]:53" ];
|
|
|
|
services.hostapd = {
|
|
enable = true;
|
|
interface = wifiInterface;
|
|
inherit ssid;
|
|
wpaPassphrase = password;
|
|
};
|
|
|
|
networking.interfaces = {
|
|
wlan0 = {
|
|
ipAddress = "192.168.2.1";
|
|
prefixLength = 24;
|
|
};
|
|
};
|
|
|
|
networking.firewall = {
|
|
trustedInterfaces = [ wifiInterface ];
|
|
checkReversePath = false;
|
|
allowedTCPPorts = [ 53 ];
|
|
};
|
|
|
|
networking.nat = {
|
|
enable = true;
|
|
internalIPs = [ "192.168.2.0/24" ];
|
|
inherit externalInterface;
|
|
};
|
|
|
|
services.dnsmasq = {
|
|
enable = true;
|
|
servers = [ "192.168.2.1" ];
|
|
extraConfig = ''
|
|
domain=lan
|
|
interface=wlan0
|
|
bind-interfaces
|
|
dhcp-range=192.168.2.10,192.168.2.254,24h
|
|
'';
|
|
};
|
|
}
|