Update dnsmasq and hostapd config
This commit is contained in:
parent
9ac8c89417
commit
88d5e65b66
2 changed files with 625 additions and 619 deletions
|
|
@ -43,12 +43,13 @@ in
|
|||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
services.dnsmasq.enable = true;
|
||||
services.dnsmasq.extraConfig = ''
|
||||
services.dnsmasq = {
|
||||
enable = true;
|
||||
settings = {
|
||||
# Listen on this specific port instead of the standard DNS port
|
||||
# (53). Setting this to zero completely disables DNS function,
|
||||
# leaving only DHCP and/or TFTP.
|
||||
port=${toString cfg.localDnsPort}
|
||||
port = cfg.localDnsPort;
|
||||
|
||||
# The following two options make you a better netizen, since they
|
||||
# tell dnsmasq to filter out queries which the public DNS cannot
|
||||
|
|
@ -57,10 +58,9 @@ in
|
|||
# these requests from bringing up the link unnecessarily.
|
||||
|
||||
# Never forward plain names (without a dot or domain part)
|
||||
domain-needed
|
||||
domain-needed = true;
|
||||
# Never forward addresses in the non-routed address spaces.
|
||||
bogus-priv
|
||||
|
||||
bogus-priv = true;
|
||||
|
||||
# Uncomment this to filter useless windows-originated DNS requests
|
||||
# which can trigger dial-on-demand links needlessly.
|
||||
|
|
@ -88,7 +88,7 @@ in
|
|||
|
||||
# If you don't want dnsmasq to poll /etc/resolv.conf or other resolv
|
||||
# files for changes and re-read them then uncomment this.
|
||||
no-poll
|
||||
no-poll = true;
|
||||
|
||||
# Add other name servers here, with domain specs if they are for
|
||||
# non-public domains.
|
||||
|
|
@ -100,13 +100,13 @@ in
|
|||
|
||||
# Add local-only domains here, queries in these domains are answered
|
||||
# from /etc/hosts or DHCP only.
|
||||
local=/${config.networking.hostName}/
|
||||
local = "/${config.networking.hostName}/";
|
||||
|
||||
# Add domains which you want to force to an IP address here.
|
||||
# The example below send any host in double-click.net to a local
|
||||
# web-server.
|
||||
#address=/double-click.net/127.0.0.1
|
||||
address=/${config.networking.hostName}.${cfg.localDomain}/${routerCfg.internalRouterIP}
|
||||
address = "/${config.networking.hostName}.${cfg.localDomain}/${routerCfg.internalRouterIP}";
|
||||
|
||||
# --address (and --server) work with IPv6 addresses too.
|
||||
#address=/www.thekelleys.org.uk/fe80::20d:60ff:fe36:f83
|
||||
|
|
@ -129,8 +129,10 @@ in
|
|||
# specified interfaces (and the loopback) give the name of the
|
||||
# interface (eg eth0) here.
|
||||
# Repeat the line for more than one interface.
|
||||
interface=${routerCfg.internalBridgeInterfaceName}
|
||||
interface=lo
|
||||
interface = [
|
||||
routerCfg.internalBridgeInterfaceName
|
||||
"lo"
|
||||
];
|
||||
# Or you can specify which interface _not_ to listen on
|
||||
#except-interface=
|
||||
# Or which to listen on by address (remember to include 127.0.0.1 if
|
||||
|
|
@ -139,7 +141,7 @@ in
|
|||
# If you want dnsmasq to provide only DNS service on an interface,
|
||||
# configure it as shown above, and then use the following line to
|
||||
# disable DHCP and TFTP on it.
|
||||
no-dhcp-interface=lo
|
||||
no-dhcp-interface = "lo";
|
||||
|
||||
# On systems which support it, dnsmasq binds the wildcard address,
|
||||
# even when it is listening on only some interfaces. It then discards
|
||||
|
|
@ -148,18 +150,18 @@ in
|
|||
# want dnsmasq to really bind only the interfaces it is listening on,
|
||||
# uncomment this option. About the only time you may need this is when
|
||||
# running another nameserver on the same machine.
|
||||
bind-interfaces
|
||||
bind-interfaces = true;
|
||||
|
||||
# If you don't want dnsmasq to read /etc/hosts, uncomment the
|
||||
# following line.
|
||||
no-hosts
|
||||
no-hosts = true;
|
||||
# or if you want it to read another file, as well as /etc/hosts, use
|
||||
# this.
|
||||
#addn-hosts=/etc/banner_add_hosts
|
||||
|
||||
# Set this (and domain: see below) if you want to have a domain
|
||||
# automatically added to simple names in a hosts-file.
|
||||
expand-hosts
|
||||
expand-hosts = true;
|
||||
|
||||
# Set the domain for dnsmasq. this is optional, but if it is set, it
|
||||
# does the following things.
|
||||
|
|
@ -168,7 +170,7 @@ in
|
|||
# 2) Sets the "domain" DHCP option thereby potentially setting the
|
||||
# domain of all systems configured by DHCP
|
||||
# 3) Provides the domain part for "expand-hosts"
|
||||
domain=${cfg.localDomain}
|
||||
domain = cfg.localDomain;
|
||||
|
||||
# Set a different domain for a particular subnet
|
||||
#domain=wireless.thekelleys.org.uk,192.168.2.0/24
|
||||
|
|
@ -181,7 +183,7 @@ in
|
|||
# a lease time. If you have more than one network, you will need to
|
||||
# repeat this for each network on which you want to supply DHCP
|
||||
# service.
|
||||
dhcp-range=${cfg.dhcpRange},48h
|
||||
dhcp-range = "${cfg.dhcpRange},48h";
|
||||
|
||||
# This is an example of a DHCP range where the netmask is given. This
|
||||
# is needed for networks we reach the dnsmasq DHCP server via a relay
|
||||
|
|
@ -346,10 +348,17 @@ in
|
|||
# are some options which are recommended, they are detailed at the
|
||||
# end of this section.
|
||||
|
||||
dhcp-option = [
|
||||
# Override the default route supplied by dnsmasq, which assumes the
|
||||
# router is the same machine as the one running dnsmasq.
|
||||
#dhcp-option=3,1.2.3.4
|
||||
dhcp-option=6,${routerCfg.internalRouterIP}
|
||||
"6,${routerCfg.internalRouterIP}"
|
||||
|
||||
# Send RFC-3397 DNS domain search DHCP option. WARNING: Your DHCP client
|
||||
# probably doesn't support this......
|
||||
"option:domain-search,${cfg.localDomain}"
|
||||
|
||||
];
|
||||
|
||||
# Do the same thing, but using the option name
|
||||
#dhcp-option=option:router,1.2.3.4
|
||||
|
|
@ -407,10 +416,6 @@ in
|
|||
# Send an empty WPAD option. This may be REQUIRED to get windows 7 to behave.
|
||||
#dhcp-option=252,"\n"
|
||||
|
||||
# Send RFC-3397 DNS domain search DHCP option. WARNING: Your DHCP client
|
||||
# probably doesn't support this......
|
||||
dhcp-option=option:domain-search,${cfg.localDomain}
|
||||
|
||||
# Send RFC-3442 classless static routes (note the netmask encoding)
|
||||
#dhcp-option=121,192.168.1.0/24,1.2.3.4,10.0.0.0/8,5.6.7.8
|
||||
|
||||
|
|
@ -504,7 +509,6 @@ in
|
|||
# to 5. See page 19 of
|
||||
# http://download.intel.com/design/archives/wfm/downloads/pxespec.pdf
|
||||
|
||||
|
||||
# Enable dnsmasq's built-in TFTP server
|
||||
#enable-tftp
|
||||
|
||||
|
|
@ -552,7 +556,7 @@ in
|
|||
# server for your campus/company accidentally. The ISC server uses
|
||||
# the same option, and this URL provides more information:
|
||||
# http://www.isc.org/files/auth.html
|
||||
dhcp-authoritative
|
||||
dhcp-authoritative = true;
|
||||
|
||||
# Run an executable when a DHCP lease is created or destroyed.
|
||||
# The arguments sent to the script are "add" or "del",
|
||||
|
|
@ -661,7 +665,8 @@ in
|
|||
|
||||
# Log lots of extra information about DHCP transactions.
|
||||
#log-dhcp
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.dnsmasq = {
|
||||
bindsTo = [ "network-addresses-${routerCfg.internalBridgeInterfaceName}.service" ];
|
||||
|
|
|
|||
|
|
@ -63,6 +63,7 @@ in
|
|||
enable = wle24GhzEnabled;
|
||||
|
||||
radios.${cfg.wleInterface24Ghz} = {
|
||||
channel = 6;
|
||||
wifi4.enable = true;
|
||||
wifi4.capabilities = [
|
||||
"HT40-"
|
||||
|
|
|
|||
Loading…
Reference in a new issue