I am using the code below
It allows to configure “shared connection” declaratively, and disallow network-manager to use the virtual interface used by hostapd
# "wlp3s0" is the hardware device, "wlan-station0" is for wifi-client managed by network manager, "wlan-ap0" is for hostap
networking.wlanInterfaces = {
"wlan-station0" = { device = "wlp3s0"; };
"wlan-ap0" = { device = "wlp3s0"; mac = "08:11:96:0e:08:0a"; };
};
networking.networkmanager.unmanaged = [ "interface-name:wlp*" ]
++ lib.optional config.services.hostapd.enable "interface-name:${config.services.hostapd.interface}";
services.hostapd = {
enable = true;
interface = "wlan-ap0";
hwMode = "g";
ssid = "nix";
wpaPassphrase = "mysekret";
};
networking.interfaces."wlan-ap0".ipv4.addresses =
lib.optionals config.services.hostapd.enable [{ address = "192.168.12.1"; prefixLength = 24; }];
services.dnsmasq = lib.optionalAttrs config.services.hostapd.enable {
enable = true;
extraConfig = ''
interface=wlan-ap0
bind-interfaces
dhcp-range=192.168.12.10,192.168.12.254,24h
'';
};
networking.firewall.allowedUDPPorts = lib.optionals config.services.hostapd.enable [53 67]; # DNS & DHCP
services.haveged.enable = config.services.hostapd.enable;
And there is also NAT settings