1 files changed, 67 insertions, 0 deletions

diff --git a/config/ap.nix b/config/ap.nix
new file mode 100644
index 0000000..9721e9b
--- /dev/null
+++ b/config/ap.nix
@@ -0,0 +1,67 @@
+{ config, lib, pkgs, ... }:
+{
+  networking.networkmanager.enable = lib.mkForce false;
+
+  networking.firewall = {
+    enable = lib.mkForce true;
+    allowedTCPPorts = [ 53 22 ];
+    allowedUDPPorts = [ 53 67 68 ];
+    allowPing = true;
+    logRefusedConnections = false;
+    checkReversePath = false;
+    trustedInterfaces = [ "wlp3s0" ];
+  };
+
+  services = {
+    openssh.enable = lib.mkDefault true;
+    openssh.passwordAuthentication = false;
+  };
+
+  services.hostapd = {
+    enable = true;
+    ssid = "donkey kong";
+    wpaPassphrase = "bananaicecream";
+    interface = "wlp3s0";
+    hwMode = "g";
+    channel = 1;
+    extraConfig = ''
+      country_code=US
+      wpa_key_mgmt=WPA-PSK  
+      rsn_pairwise=CCMP
+    '';
+  };
+
+  services.dnsmasq = {
+    enable = true;
+    servers = [ "8.8.8.8" "8.8.4.4" ];
+    extraConfig = ''
+      dhcp-range=10.64.30.100,10.64.30.255,255.255.255.0,24h
+      dhcp-option=option:router,10.64.30.1
+      dhcp-option=option:dns-server,10.64.30.1
+      dhcp-option=option:netmask,255.255.255.0
+    '';
+  };
+
+  networking.nat = {
+    enable = true;
+    externalInterface = "enp0s25";    
+    internalInterfaces = [ "wlp3s0" ];
+    # internalIPs = [ "10.0.0.0/24" ];
+  };
+
+  networking.interfaces.enp0s25 = {
+    useDHCP = true;
+  };
+
+  networking.interfaces.wlp3s0 = {
+    ipv4.addresses = [ {
+      address = "10.64.30.1";
+      prefixLength = 24;
+    } ];
+  };
+
+  system.requiredKernelConfig = 
+    with config.lib.kernelConfig; [
+      (isEnabled "CONFIG_DRIVER_NL80211")
+    ];
+}