{ config, lib, pkgs, ... }: let wan-dev = "enp0s25"; lan-dev = "wlp4s0"; in { networking.networkmanager.enable = lib.mkForce false; networking.firewall = { enable = lib.mkForce true; allowedTCPPorts = lib.mkForce [ ]; allowedUDPPorts = lib.mkForce [ ]; allowPing = true; logRefusedConnections = false; checkReversePath = false; trustedInterfaces = [ "${lan-dev}" ]; }; services = { openssh.enable = lib.mkDefault true; openssh.passwordAuthentication = false; }; boot.kernel.sysctl = { "net.ipv4.conf.all.forwarding" = true; "net.ipv4.conf.default.forwarding" = true; "net.ipv6.conf.all.forwarding" = true; "net.ipv6.conf.default.forwarding" = true; }; services.hostapd = { enable = true; # driver = "iwlwifi"; ssid = "2c"; wpaPassphrase = "mintchip"; interface = "${lan-dev}"; hwMode = "g"; channel = 11; extraConfig = '' country_code=US wpa_key_mgmt=WPA-PSK rsn_pairwise=CCMP ''; }; networking.dhcpcd = { extraConfig = '' debug noipv6rs interface ${wan-dev} ipv6rs ia_na 1 ia_pd 2 ${lan-dev}/0 ''; }; services.dnsmasq = { enable = true; servers = [ "8.8.8.8" "8.8.4.4" ]; extraConfig = '' dhcp-range=10.64.30.100,10.64.30.255,255.255.255.0,24h dhcp-option=option:router,10.64.30.1 dhcp-option=option:dns-server,10.64.30.1 dhcp-option=option:netmask,255.255.255.0 dhcp-range=::,constructor:${lan-dev},slaac ''; }; networking.nat = { enable = true; externalInterface = "${wan-dev}"; internalInterfaces = [ "${lan-dev}" ]; # internalIPs = [ "10.0.0.0/24" ]; }; networking.interfaces.${wan-dev} = { macAddress = "3c:97:0e:19:7e:5c"; useDHCP = true; }; networking.interfaces."${lan-dev}" = { ipv4.addresses = [ { address = "10.64.30.1"; prefixLength = 24; } ]; }; }