1 files changed, 30 insertions, 7 deletions

diff --git a/router.nix b/router.nix
index ad58ba8..3c75169 100644
--- a/router.nix
+++ b/router.nix
@@ -1,6 +1,7 @@
 { ... }:
 let
   lanInterface = "enp5s0f0u2";
+  wifiInterface = "wlp9s0";
 in
 {
   boot.kernel.sysctl."net.ipv4.conf.all.forwarding" = true;
@@ -9,13 +10,14 @@ in
   networking.nat = {
     enable = true;
     externalInterface = "enp8s0";
-    internalInterfaces = [ lanInterface ];
-    forwardPorts = [{
-      sourcePort = 1234;
-      destination = "10.69.0.2:12345";
-    }];
+    internalInterfaces = [ "br0" ];
+    # forwardPorts = [{
+    #   sourcePort = 1234;
+    #   destination = "10.69.0.2:12345";
+    # }];
   };
-  networking.interfaces.${lanInterface}.ipv4.addresses = [{
+  networking.bridges.br0.interfaces = [ lanInterface wifiInterface ];
+  networking.interfaces.br0.ipv4.addresses = [{
     address = "10.69.0.1";
     prefixLength = 16;
   }];
@@ -23,7 +25,7 @@ in
     enable = true;
     settings = {
       interfaces-config = {
-        interfaces = [ lanInterface ];
+        interfaces = [ "br0" ];
         service-sockets-max-retries = 200000;
         service-sockets-retry-wait-time = 5000;
       };
@@ -47,4 +49,25 @@ in
       }];
     };
   };
+  networking.networkmanager = {
+    enable = true;
+    unmanaged = [ "interface-name:${lanInterface}" "interface-name:${wifiInterface}" ];
+  };
+  services.hostapd = {
+    enable = true;
+    radios.${wifiInterface} = {
+      countryCode = "SE";
+      band = "2g";
+      channel = 12;
+      networks.${wifiInterface} = {
+        ssid = "Heidrun";
+        authentication = {
+          mode = "wpa3-sae";
+          saePasswords = [
+            { password = "REDACTED"; }
+          ];
+        };
+      };
+    };
+  };
 }