linux-wifi-network is basically a script that simplifies all the network configuration so you don’t have to do any of the dnsmasq setup or whatever.
hostapd is definitely the sane option if you have more complex requirements. You’ll likely want to combine it with systemd-networkd or iptables to configure the firewall/NAT. You may also need to host your own DNS server depending on whether you set up bridge networking.
wpa_supplicant and iwd aren’t really designed to do this, so neither is the networking option.
I suspected that but wasn’t sure. They can only do the client configuration I suppose?
wpa_supplicant and hostapd are literally the same project: the former is the client, the latter the “server”. So, yes, you want to use hostapd. I’m not even aware of any other AP implementation for Linux…
By the way, I’ve recently built a home router using only NixOS and I maintain the networking.wireless module, so if you’ve got any question you can ask me.
Thanks a lot for your help. That clears things up a lot.
If you have your config public that would be a great place to “steal” some inspiration. As a home router is exactly what I’m doing.
I’m still waiting for the hardware. I live on Morocco at the moment, shipping is a nightmare. Not before October I suspect.
I think I will have some low level issues to solve before I jump in head first. I’m using the banana-pi rp4. There is a board support package for it already but the extremely new WiFi 7 card could still give me a few surprises…
Ah for the lulz. NetworkManager can set up access points too. (Supposedly native but maybe it’s also just hostapd under the hood)
But I’m staying as far away from that as I can. If it were systemd-network I would consider it.
If you have your config public that would be a great place to “steal” some inspiration. As a home router is exactly what I’m doing.
Here you go: https://maxwell.ydns.eu/~rnhmjoj/router.nix. I must warn you that it’s very unconventional, so I don’t think you will be able to reuse much besides the wireless AP. The setup is:
IPv6-only LAN (IPv4 masquerade is on, though, you could easily add RFC1918 addresses)
IPv4 is provided to the router via a 4in6 tunnel
local NAT64 service
WAN addresses and routes are statically configured (there is only a script to send a fake DHCPv6 packet to appease the ISP)
The more standard part is:
local DNS resolver
zone-based firewall using nftables
three VLANs: home, guest, botnet (read IoT devices)
hostapd to create access points (2.4, 5GHz) for each VLAN
I think I misunderstood what this project wants to achieve when I looked at it before. I thought they just generate a WRT style set of env variables via Nix. But it seems to be a bunch more.
But modern SoC have so much resources. I guess enough for NixOS.
Not my little travel routers, sadly, but yeah, I can see building a router with NixOS if you have the hardware for it.
Liminix is purpose-built and therefore may become more convenient in the long term, though, so I’ll always bring it up when people talk about nix-based routers.