{ config, inputs, lib, pkgs, ... }: with lib; let bash = "${pkgs.bash}/bin/bash"; cat = "${pkgs.coreutils}/bin/cat"; sleep = "${pkgs.coreutils}/bin/sleep"; create_ap = "${ config.home-manager.users.${config.custom.username}.services.create_ap.package }/bin/create_ap"; cfg = config.custom.services.create_ap; in { options.custom.services.create_ap = { enable = mkOption { default = false; }; internet = mkOption { default = "eth0"; }; wifi = mkOption { default = "wlan0"; }; }; config = mkIf cfg.enable { age.secrets = let secret = filename: { file = "${inputs.self}/secrets/${filename}"; }; in { "${config.custom.profile}/create_ap/passphrase" = secret "${config.custom.profile}/create_ap/passphrase"; "${config.custom.profile}/create_ap/ssid" = secret "${config.custom.profile}/create_ap/ssid"; }; # https://github.com/lakinduakash/linux-wifi-hotspot services.create_ap = { enable = true; #!! Declare defaults, enable with interfaces and secrets in machine config # https://github.com/lakinduakash/linux-wifi-hotspot/blob/master/src/scripts/create_ap.conf settings = { COUNTRY = "US"; FREQ_BAND = 5; IEEE80211AC = 1; IEEE80211AX = 1; IEEE80211N = 1; NO_HAVEGED = 1; # Obsolete since kernel v5.6 NO_VIRT = 1; }; }; # Override service command with decrypted passphrase # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/services/networking/create_ap.nix systemd.services.create_ap.serviceConfig = { ExecStartPre = "${sleep} 15s"; # Some cards like Intel force regulatory domain discovery ExecStart = let configFile = pkgs.writeText "create_ap.conf" ( generators.toKeyValue { } config.services.create_ap.settings ); in mkForce ( concatStringsSep " " [ "${bash} -c" "'${create_ap}" "--config ${configFile}" "${cfg.wifi}" "${cfg.internet}" "$(${cat} ${config.age.secrets."${config.custom.profile}/create_ap/ssid".path})" "$(${cat} ${config.age.secrets."${config.custom.profile}/create_ap/passphrase".path})'" ] ); }; }; }