feat(router0-dmz0): tune wifi for compatibility with x13s windows
This commit is contained in:
parent
786d789082
commit
f8eea2b6c7
1 changed files with 54 additions and 13 deletions
|
|
@ -1,3 +1,4 @@
|
|||
# TODO: don't pull in bluez (or any bluetooth components)
|
||||
{
|
||||
repoFlake,
|
||||
pkgs,
|
||||
|
|
@ -904,13 +905,53 @@ in {
|
|||
wlan0 = {
|
||||
band = "2g";
|
||||
countryCode = "CH";
|
||||
channel = 0; # ACS
|
||||
channel = 0; # 0 would mean Automatic Channel Selection
|
||||
|
||||
settings = {
|
||||
# TODO: with 1 the x13s on windows can't connect, however this slows the AP down.
|
||||
# ieee80211n = 1;
|
||||
|
||||
# Exclude DFS channels from ACS
|
||||
# This option can be used to exclude all DFS channels from the ACS channel list
|
||||
# in cases where the driver supports DFS channels.
|
||||
acs_exclude_dfs = 0;
|
||||
|
||||
# Disassociate stations based on excessive transmission failures or other
|
||||
# indications of connection loss. This depends on the driver capabilities and
|
||||
# may not be available with all drivers.
|
||||
disassoc_low_ack = 0;
|
||||
};
|
||||
|
||||
# use 'iw phy#1 info' to determine your VHT capabilities
|
||||
wifi4 = {
|
||||
enable = true;
|
||||
capabilities = ["HT40+" "LDPC" "SHORT-GI-20" "SHORT-GI-40" "TX-STBC" "RX-STBC1" "MAX-AMSDU-7935"];
|
||||
require = false;
|
||||
capabilities = [
|
||||
"HT20"
|
||||
"HT40+"
|
||||
"LDPC"
|
||||
"SHORT-GI-20"
|
||||
"SHORT-GI-40"
|
||||
"TX-STBC"
|
||||
"RX-STBC1"
|
||||
"MAX-AMSDU-7935"
|
||||
|
||||
# "DELAYED-BA"
|
||||
# "DSSS_CCK-40"
|
||||
"40-INTOLERANT"
|
||||
];
|
||||
};
|
||||
|
||||
wifi5 = {
|
||||
enable = false;
|
||||
require = false;
|
||||
};
|
||||
|
||||
wifi6 = {
|
||||
enable = false;
|
||||
require = false;
|
||||
};
|
||||
|
||||
networks = {
|
||||
wlan0 = let
|
||||
iface = "wlan0";
|
||||
|
|
@ -918,6 +959,9 @@ in {
|
|||
ssid = "mlsia";
|
||||
bssid = mkBssid 0;
|
||||
|
||||
# enables debug logging
|
||||
logLevel = 0;
|
||||
|
||||
authentication.mode =
|
||||
"wpa2-sha256"
|
||||
# "wpa3-sae-transition"
|
||||
|
|
@ -931,23 +975,20 @@ in {
|
|||
|
||||
# see https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf for reference
|
||||
settings = {
|
||||
# disable syslog because it duplicates stdout
|
||||
logger_syslog = lib.mkForce 0;
|
||||
|
||||
# bridge = bridgeInterfaceName;
|
||||
|
||||
# wpa_psk_file = config.sops.secrets.wlan0_wpaPskFile.path;
|
||||
# not yet supported on hostapd 2.10
|
||||
# sae_password_file = config.sops.secrets.wlan0_saePasswordsFile.path;
|
||||
|
||||
# enables debug logging
|
||||
logger_stdout_level = lib.mkForce 0;
|
||||
logger_stdout = -1;
|
||||
# logger_syslog_level= lib.mkForce 0;
|
||||
|
||||
# resources on vlan tagging
|
||||
# https://wireless.wiki.kernel.org/en/users/Documentation/hostapd#dynamic_vlan_tagging
|
||||
# https://forum.openwrt.org/t/individual-per-passphrase-wifi-vlans-using-wpa-psk-file-no-radius-required/161696/4
|
||||
|
||||
dynamic_vlan = 1;
|
||||
|
||||
# this option currently requires a patch to hostapd
|
||||
vlan_no_bridge = 1;
|
||||
|
||||
|
|
@ -997,15 +1038,15 @@ in {
|
|||
|
||||
# IEEE 802.11i (authentication) related configuration
|
||||
# Encrypt management frames to protect against deauthentication and similar attacks
|
||||
ieee80211w = 0;
|
||||
sae_require_mfp = 0;
|
||||
ieee80211w = 1;
|
||||
# sae_require_mfp = 1;
|
||||
# sae_groups = "19 20 21";
|
||||
|
||||
# [ENABLE-TLSv1.3] = enable TLSv1.3 (experimental - disabled by default)
|
||||
tls_flags = "[ENABLE-TLSv1.3]";
|
||||
|
||||
ieee8021x = 0;
|
||||
eap_server = 0;
|
||||
ieee8021x = 1;
|
||||
eap_server = 1;
|
||||
};
|
||||
};
|
||||
|
||||
|
|
@ -1276,7 +1317,7 @@ in {
|
|||
|
||||
environment.systemPackages = [
|
||||
pkgs.ethtool
|
||||
pkgs.neovim
|
||||
pkgs.vim
|
||||
|
||||
pkgs.wireguard-tools
|
||||
pkgs.tshark
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue