ipv6

author: Kjetil Orbekk <kjetil.orbekk@gmail.com> 2019-10-11 21:43:00 -0400
committer: Kjetil Orbekk <kjetil.orbekk@gmail.com> 2019-10-11 21:44:44 -0400
commit: 1f4724fe048a15ac5f3568c0ca93d7ef3c4c8679 (patch)
tree: 9c3a9acdb95482c95e930b269a3ce52bf2a72a0c
parent: 9c5463ac8eae520b4a8d027332d74b9ad8c435ee (diff)
1 files changed, 37 insertions, 16 deletions
diff --git a/config/ap.nix b/config/ap.nix
index 9721e9b..59d79de 100644
--- a/config/ap.nix
+++ b/config/ap.nix
@@ -1,15 +1,19 @@
 { config, lib, pkgs, ... }:
+let
+  wan-dev = "enp0s25";
+  lan-dev = "wlp4s0";
+in
 {
   networking.networkmanager.enable = lib.mkForce false;
 
   networking.firewall = {
     enable = lib.mkForce true;
-    allowedTCPPorts = [ 53 22 ];
-    allowedUDPPorts = [ 53 67 68 ];
+    allowedTCPPorts = lib.mkForce [ ];
+    allowedUDPPorts = lib.mkForce [ ];
     allowPing = true;
     logRefusedConnections = false;
     checkReversePath = false;
-    trustedInterfaces = [ "wlp3s0" ];
+    trustedInterfaces = [ "${lan-dev}" ];
   };
 
   services = {
@@ -17,13 +21,21 @@
     openssh.passwordAuthentication = false;
   };
 
+  boot.kernel.sysctl = {
+    "net.ipv4.conf.all.forwarding" = true;
+    "net.ipv4.conf.default.forwarding" = true;
+    "net.ipv6.conf.all.forwarding" = true;
+    "net.ipv6.conf.default.forwarding" = true;
+  };
+
   services.hostapd = {
     enable = true;
-    ssid = "donkey kong";
-    wpaPassphrase = "bananaicecream";
-    interface = "wlp3s0";
+    # driver = "iwlwifi";
+    ssid = "2c";
+    wpaPassphrase = "mintchip";
+    interface = "${lan-dev}";
     hwMode = "g";
-    channel = 1;
+    channel = 11;
     extraConfig = ''
       country_code=US
       wpa_key_mgmt=WPA-PSK  
@@ -31,6 +43,17 @@
     '';
   };
 
+  networking.dhcpcd = {
+    extraConfig = ''
+      debug
+      noipv6rs
+      interface ${wan-dev}
+        ipv6rs
+        ia_na 1
+        ia_pd 2 ${lan-dev}/0
+    '';
+  };
+
   services.dnsmasq = {
     enable = true;
     servers = [ "8.8.8.8" "8.8.4.4" ];
@@ -39,29 +62,27 @@
       dhcp-option=option:router,10.64.30.1
       dhcp-option=option:dns-server,10.64.30.1
       dhcp-option=option:netmask,255.255.255.0
+
+      dhcp-range=::,constructor:${lan-dev},slaac
     '';
   };
 
   networking.nat = {
     enable = true;
-    externalInterface = "enp0s25";    
-    internalInterfaces = [ "wlp3s0" ];
+    externalInterface = "${wan-dev}";    
+    internalInterfaces = [ "${lan-dev}" ];
     # internalIPs = [ "10.0.0.0/24" ];
   };
 
-  networking.interfaces.enp0s25 = {
+  networking.interfaces.${wan-dev} = {
+    macAddress = "3c:97:0e:19:7e:5c";
     useDHCP = true;
   };
 
-  networking.interfaces.wlp3s0 = {
+  networking.interfaces."${lan-dev}" = {
     ipv4.addresses = [ {
       address = "10.64.30.1";
       prefixLength = 24;
     } ];
   };
-
-  system.requiredKernelConfig = 
-    with config.lib.kernelConfig; [
-      (isEnabled "CONFIG_DRIVER_NL80211")
-    ];
 }
author	Kjetil Orbekk <kjetil.orbekk@gmail.com>	2019-10-11 21:43:00 -0400
committer	Kjetil Orbekk <kjetil.orbekk@gmail.com>	2019-10-11 21:44:44 -0400
commit	1f4724fe048a15ac5f3568c0ca93d7ef3c4c8679 (patch)
tree	9c3a9acdb95482c95e930b269a3ce52bf2a72a0c
parent	9c5463ac8eae520b4a8d027332d74b9ad8c435ee (diff)