Raspberry Pi 0 W as a WiFi Access Point
                ---------------------------------------
                
1. Install a couple tools:

sudo apt-get install dnsmasq hostapd dnsutils

2. Run this script as "apctl on" or "apctl off":

#!/bin/sh

if [ "x$1" = "xon" ]
then
    set -x
    # stop dnsmasq, hostapd
    sudo systemctl stop dnsmasq
    sudo systemctl stop hostapd

    # Copy new configuration to /etc
    cd New
    find . -type f -print | while read line
    do
        sudo cp $line /$line
    done
    
    # /etc/hostapd/accept needs 0600 access
    sudo chmod 0600 /etc/hostapd/accept

    # restart dhcpcd
    sudo service dhcpcd restart
    
    # cycle wlan0 to reconfigure
    sudo ifdown wlan0
    sudo ifup wlan0

    # sudo service hostapd start
    # sudo service dnsmasq start

    # start hostapd, dnsmasq
    sudo systemctl enable hostapd
    sudo systemctl enable dnsmasq
    sudo systemctl start hostapd
    sudo systemctl start dnsmasq
    sync

    exit 0
fi

if [ "x$1" = "xoff" ]
then
    set -x
    
    # stop dnsmasq, hostapd
    sudo systemctl stop dnsmasq
    sudo systemctl stop hostapd

    # restore original configuration
    cd Orig
    find . -type f -print | while read line
    do
        sudo cp $line /$line
    done

    # restart dhcpcd
    sudo service dhcpcd restart
    
    # cycle wlan0 to reconfigure
    sudo ifdown wlan0
    sudo ifup wlan0

    # sudo service hostapd start
    # sudo service dnsmasq start

    # make sure hostapd, dnsmasq stay dead
    sudo systemctl disable hostapd
    sudo systemctl disable dnsmasq

    sudo service dhcpcd restart
    sudo ifdown wlan0
    sudo ifup wlan0
    
    # find a WiFi access point
    wpa_cli reconfigure
    wpa_cli reassociate
    sudo service dhcpcd restart
    sleep 10
    
    # grab wlan0's IP address and netmask
    ipAddr=`sudo dhcpcd -U wlan0 2> /dev/null | grep ip_address | cut -f2 -d= | tr -d "\'"`
    netMask=`sudo   dhcpcd   -U  wlan0  2>   /dev/null   |  grep
    subnet_mask | cut -f2 -d= | tr -d "\'"`
    
    # without this wlan0 sometimes loses its
    # IP?
    sudo ifconfig wlan0 $ipAddr netmask $netMask up
    
    # any routes refering to the AP's IP address for
    # wlan0 need to go
    sudo route del -net 192.168.50.0 netmask 255.255.255.0
    sync

    exit 0
fi

echo "Usage: $0 [on|off]"
exit 1

3. Files to modify.  Make sure to keep copies of the  originals,
in case of a back-out.

---------------------------------------------------------------

/etc/dhcpcd.conf:

Add

denyinterfaces wlan0

at the end, to keep  dhcpcd  from trying to obtain an IP address
for an interface already configured with a static one.


---------------------------------------------------------------

/etc/dnsmasq.conf:

Add this:

# Delays sending DHCPOFFER and proxydhcp replies for at least the specified number of seconds.
dhcp-mac=set:client_is_a_pi,B8:27:EB:*:*:*
dhcp-reply-delay=tag:client_is_a_pi,2
interface=wlan0      # Use the require wireless interface - usually wlan0
  dhcp-range=192.168.50.100,192.168.50.200,255.255.255.0,24h

# assign IP addresses to well-known MACs:
#  dhcp-host=xx:xx:xx:xx:xx:xx,192.168.50.108
#  dhcp-host=xx:xx:xx:xx:xx:xx,192.168.50.103
#  dhcp-host=xx:xx:xx:xx:xx:xx,192.168.50.105
#  dhcp-host=xx:xx:xx:xx:xx:xx,192.168.50.110
# Reject clients without IP-address-assignment
#  dhcp-ignore=tag:!known

to the end. Only  "interface=wlan0"  is  mandatory, to configure
lease address range, netmask and duration. To permanently assign
IP addresses to hosts, use

dhcp-host=MAC-Address,IP-Address

To reject unknown hosts, uncomment

dhcp-ignore=tag:!unknown.

These two lines:

# Delays sending DHCPOFFER and proxydhcp replies for at least the specified number of seconds.
dhcp-mac=set:client_is_a_pi,B8:27:EB:*:*:*
dhcp-reply-delay=tag:client_is_a_pi,2

delay  the  reply  to older  PIs by two  seconds.  Shouldn't  be
necessary in real life.

---------------------------------------------------------------

/etc/network/interfaces

Remove wlan0 from wpa_supplicant's  control. Comment out the two
standard lines, replace with a static IP address configuration:


allow-hotplug wlan0
# iface wlan0 inet manual
#     wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
iface wlan0 inet static
    address 192.168.50.1
    netmask 255.255.255.0
    network 192.168.50.0

In case of a WiFi  uplink, add this to allow  wpa_supplicant  to
maintain that link:

allow-hotplug wlan1
iface wlan1 inet manual
    wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

---------------------------------------------------------------

Create/modify /etc/hostapd/hostapd.conf:

# Interface to use
interface=wlan0
# driver=nl80211
ssid=NameOfNetwork
# mode and channel
hw_mode=g
channel=7
# we don't want wmm
wmm_enabled=0
# we don't want restriction by MAC
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
# We want WPA2 with a preshared key
# and the usual wpa encryption stuff
# Might have to review for WPA3
wpa=2
wpa_passphrase=AardvarkBadgerHedgehog
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
# on second thought, we want to only
# accept certain MACs.
macaddr_acl=1
accept_mac_file=/etc/hostapd/accept

---------------------------------------------------------------

Since macaddr_acl is set to 1 (one), we need to put acceptable
MAC addresses in /etc/hostapd/access:

# cat accept
01:23:45:67:89:ab
# 

---------------------------------------------------------------

/etc/default/hostapd  needs to be modified to tell hostapd where
to find its configuration file. Change DAEMON_CONF accordingly:

#DAEMON_OPTS=""
DAEMON_CONF="/etc/hostapd/hostapd.conf"