diff options
author | Karel Kočí <cynerd@email.cz> | 2024-02-20 21:34:43 +0100 |
---|---|---|
committer | Karel Kočí <cynerd@email.cz> | 2024-02-20 21:34:43 +0100 |
commit | c014ef4360ebc9fe23d5abf253141f44a94160ca (patch) | |
tree | 19300ce3effeca6b435cb5c8c2891e5a0c7f8656 /nixos/routers | |
parent | c9c4f84bd1303281d7520c2a519d7be7d678c83c (diff) | |
download | nixos-personal-c014ef4360ebc9fe23d5abf253141f44a94160ca.tar.gz nixos-personal-c014ef4360ebc9fe23d5abf253141f44a94160ca.tar.bz2 nixos-personal-c014ef4360ebc9fe23d5abf253141f44a94160ca.zip |
nixos: merge router to normal modules
Diffstat (limited to 'nixos/routers')
-rw-r--r-- | nixos/routers/default.nix | 6 | ||||
-rw-r--r-- | nixos/routers/router.nix | 171 | ||||
-rw-r--r-- | nixos/routers/switch.nix | 65 | ||||
-rw-r--r-- | nixos/routers/wifi-adm.nix | 190 | ||||
-rw-r--r-- | nixos/routers/wifi-spt.nix | 171 |
5 files changed, 0 insertions, 603 deletions
diff --git a/nixos/routers/default.nix b/nixos/routers/default.nix deleted file mode 100644 index dfc1266..0000000 --- a/nixos/routers/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - cynerd-router = import ./router.nix; - cynerd-switch = import ./switch.nix; - cynerd-wifi-adm = import ./wifi-adm.nix; - cynerd-wifi-spt = import ./wifi-spt.nix; -} diff --git a/nixos/routers/router.nix b/nixos/routers/router.nix deleted file mode 100644 index ed634b1..0000000 --- a/nixos/routers/router.nix +++ /dev/null @@ -1,171 +0,0 @@ -{ - config, - lib, - ... -}: let - inherit (lib) mkOption types mkIf mapAttrsToList; - cnf = config.cynerd.router; -in { - options = { - cynerd.router = { - enable = mkOption { - type = types.bool; - default = false; - description = "Enable router support"; - }; - wan = mkOption { - type = types.str; - description = "Interface for the router's WAN"; - }; - lanIP = mkOption { - type = types.str; - description = "LAN IP address"; - }; - dynIPStart = mkOption { - type = types.ints.between 0 256; - default = 100; - description = "Offset for the dynamic IPv4 addresses"; - }; - dynIPCount = mkOption { - type = types.ints.between 0 256; - default = 100; - description = "Number of dynamically assigned IPv4 addresses"; - }; - lanPrefix = mkOption { - type = types.ints.between 0 32; - default = 24; - description = "LAN IP network prefix length"; - }; - staticLeases = mkOption { - type = with types; attrsOf str; - default = {}; - example = '' - {"xx:xx:xx:xx:xx:xx" = "10.8.1.30";} - ''; - description = "Mapping of MAC address to IP address"; - }; - }; - }; - - config = mkIf cnf.enable { - networking = { - useNetworkd = true; - nftables.enable = true; - firewall = { - logRefusedConnections = false; - interfaces = { - "home" = {allowedUDPPorts = [67 68];}; - "guest" = {allowedUDPPorts = [67 68];}; - }; - rejectPackets = true; - filterForward = true; - }; - nat = { - enable = true; - externalInterface = cnf.wan; - internalInterfaces = ["home" "guest"]; - }; - }; - - systemd.network = { - netdevs = { - "brlan" = { - netdevConfig = { - Kind = "bridge"; - Name = "brlan"; - }; - extraConfig = '' - [Bridge] - DefaultPVID=none - VLANFiltering=yes - ''; - }; - "home" = { - netdevConfig = { - Kind = "vlan"; - Name = "home"; - }; - vlanConfig.Id = 1; - }; - "guest" = { - netdevConfig = { - Kind = "vlan"; - Name = "guest"; - }; - vlanConfig.Id = 2; - }; - }; - networks = { - "brlan" = { - matchConfig.Name = "brlan"; - networkConfig.VLAN = ["home" "guest"]; - bridgeVLANs = [ - {bridgeVLANConfig.VLAN = 1;} - {bridgeVLANConfig.VLAN = 2;} - ]; - }; - "home" = { - matchConfig.Name = "home"; - networkConfig = { - Address = "${cnf.lanIP}/${toString cnf.lanPrefix}"; - IPForward = "yes"; - DHCPServer = "yes"; - DHCPPrefixDelegation = "yes"; - IPv6SendRA = "yes"; - IPv6AcceptRA = "no"; - }; - dhcpServerConfig = { - UplinkInterface = cnf.wan; - PoolOffset = cnf.dynIPStart; - PoolSize = cnf.dynIPCount; - EmitDNS = "yes"; - DNS = "1.1.1.1"; - }; - dhcpServerStaticLeases = - mapAttrsToList (n: v: { - dhcpServerStaticLeaseConfig = { - MACAddress = n; - Address = v; - }; - }) - cnf.staticLeases; - dhcpPrefixDelegationConfig = { - UplinkInterface = cnf.wan; - SubnetId = 1; - Announce = "yes"; - }; - }; - "guest" = { - matchConfig.Name = "guest"; - networkConfig = { - Address = "192.168.1.1/24"; - IPForward = "yes"; - DHCPServer = "yes"; - DHCPPrefixDelegation = "yes"; - IPv6SendRA = "yes"; - IPv6AcceptRA = "no"; - }; - dhcpServerConfig = { - UplinkInterface = cnf.wan; - PoolOffset = cnf.dynIPStart; - PoolSize = cnf.dynIPCount; - EmitDNS = "yes"; - DNS = "1.1.1.1"; - }; - dhcpPrefixDelegationConfig = { - UplinkInterface = cnf.wan; - SubnetId = 2; - Announce = "yes"; - }; - }; - }; - wait-online.anyInterface = true; - }; - - services.resolved = { - enable = true; - dnssec = "true"; - fallbackDns = ["1.1.1.1" "8.8.8.8"]; - }; - }; -} diff --git a/nixos/routers/switch.nix b/nixos/routers/switch.nix deleted file mode 100644 index 16d57bc..0000000 --- a/nixos/routers/switch.nix +++ /dev/null @@ -1,65 +0,0 @@ -{ - config, - lib, - ... -}: -with lib; let - cnf = config.cynerd.switch; -in { - options = { - cynerd.switch = { - enable = mkEnableOption "Enable switch support"; - lanAddress = mkOption { - type = types.str; - description = "LAN IP address"; - }; - lanGateway = mkOption { - type = types.str; - description = "LAN IP address of the gateway"; - }; - }; - }; - - config = mkIf cnf.enable { - networking = { - useNetworkd = true; - nftables.enable = true; - }; - - systemd.network = { - netdevs = { - "brlan" = { - netdevConfig = { - Kind = "bridge"; - Name = "brlan"; - }; - extraConfig = '' - [Bridge] - DefaultPVID=none - VLANFiltering=yes - ''; - }; - }; - networks = { - "brlan" = { - matchConfig.Name = "brlan"; - bridgeVLANs = [ - { - bridgeVLANConfig = { - PVID = 1; - EgressUntagged = 1; - }; - } - ]; - networkConfig = { - Address = cnf.lanAddress; - Gateway = cnf.lanGateway; - DNS = "1.1.1.1"; - IPv6AcceptRA = "yes"; - }; - }; - }; - wait-online.anyInterface = true; - }; - }; -} diff --git a/nixos/routers/wifi-adm.nix b/nixos/routers/wifi-adm.nix deleted file mode 100644 index 733f167..0000000 --- a/nixos/routers/wifi-adm.nix +++ /dev/null @@ -1,190 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; let - cnf = config.cynerd.wifiAP.adm; - - wOptions = card: channelDefault: { - interface = mkOption { - type = with types; nullOr str; - default = null; - description = "Specify interface for ${card}"; - }; - bssids = mkOption { - type = with types; listOf str; - default = []; - description = "BSSIDs for networks."; - }; - channel = mkOption { - type = types.ints.positive; - default = channelDefault; - description = "Channel to be used for ${card}"; - }; - }; -in { - options = { - cynerd.wifiAP.adm = { - enable = mkEnableOption "Enable Wi-Fi Access Point support"; - ar9287 = wOptions "Qualcom Atheros AR9287" 7; - qca988x = wOptions "Qualcom Atheros QCA988x" 36; - }; - }; - - config = mkIf cnf.enable { - services.hostapd = { - enable = true; - radios = { - "${cnf.ar9287.interface}" = mkIf (cnf.ar9287.interface != null) { - countryCode = "CZ"; - inherit (cnf.ar9287) channel; - wifi4 = { - enable = true; - inherit (hostapd.qualcomAtherosAR9287.wifi4) capabilities; - }; - networks = { - "${cnf.ar9287.interface}" = { - bssid = elemAt cnf.ar9287.bssids 0; - ssid = "TurrisAdamkovi"; - authentication = { - mode = "wpa2-sha256"; - wpaPasswordFile = "/run/secrets/hostapd-TurrisAdamkovi.pass"; - }; - }; - "${cnf.ar9287.interface}-nela" = { - bssid = elemAt cnf.ar9287.bssids 1; - ssid = "Nela"; - authentication = { - mode = "wpa2-sha256"; - wpaPasswordFile = "/run/secrets/hostapd-Nela.pass"; - }; - }; - "${cnf.ar9287.interface}.milan" = { - bssid = elemAt cnf.ar9287.bssids 2; - ssid = "MILAN-AC"; - authentication = { - mode = "wpa2-sha256"; - wpaPasswordFile = "/run/secrets/hostapd-MILAN-AC.pass"; - }; - }; - }; - }; - "${cnf.qca988x.interface}" = mkIf (cnf.qca988x.interface != null) { - countryCode = "CZ"; - inherit (cnf.qca988x) channel; - band = "5g"; - wifi4 = { - enable = true; - inherit (hostapd.qualcomAtherosQCA988x.wifi4) capabilities; - }; - wifi5 = { - enable = true; - inherit (hostapd.qualcomAtherosQCA988x.wifi5) capabilities; - }; - networks = { - "${cnf.qca988x.interface}" = { - bssid = elemAt cnf.qca988x.bssids 0; - ssid = "TurrisAdamkovi"; - authentication = { - mode = "wpa2-sha256"; - wpaPasswordFile = "/run/secrets/hostapd-TurrisAdamkovi.pass"; - }; - }; - "${cnf.qca988x.interface}-nela" = { - bssid = elemAt cnf.qca988x.bssids 1; - ssid = "Nela"; - authentication = { - mode = "wpa2-sha256"; - wpaPasswordFile = "/run/secrets/hostapd-Nela.pass"; - }; - }; - "${cnf.qca988x.interface}.milan" = { - bssid = elemAt cnf.qca988x.bssids 2; - ssid = "MILAN-AC"; - authentication = { - mode = "wpa2-sha256"; - wpaPasswordFile = "/run/secrets/hostapd-MILAN-AC.pass"; - }; - }; - }; - }; - }; - }; - systemd.network.networks = { - "lan-${cnf.ar9287.interface}" = { - matchConfig.Name = cnf.ar9287.interface; - networkConfig.Bridge = "brlan"; - bridgeVLANs = [ - { - bridgeVLANConfig = { - EgressUntagged = 1; - PVID = 1; - }; - } - ]; - }; - "lan-${cnf.ar9287.interface}-nela" = { - matchConfig.Name = "${cnf.ar9287.interface}-nela"; - networkConfig.Bridge = "brlan"; - bridgeVLANs = [ - { - bridgeVLANConfig = { - EgressUntagged = 2; - PVID = 2; - }; - } - ]; - }; - "lan-${cnf.ar9287.interface}.milan" = { - matchConfig.Name = "${cnf.ar9287.interface}.milan"; - networkConfig.Bridge = "brlan"; - bridgeVLANs = [ - { - bridgeVLANConfig = { - EgressUntagged = 2; - PVID = 2; - }; - } - ]; - }; - "lan-${cnf.qca988x.interface}" = { - matchConfig.Name = cnf.qca988x.interface; - networkConfig.Bridge = "brlan"; - bridgeVLANs = [ - { - bridgeVLANConfig = { - EgressUntagged = 1; - PVID = 1; - }; - } - ]; - }; - "lan-${cnf.qca988x.interface}-nela" = { - matchConfig.Name = "${cnf.qca988x.interface}-nela"; - networkConfig.Bridge = "brlan"; - bridgeVLANs = [ - { - bridgeVLANConfig = { - EgressUntagged = 2; - PVID = 2; - }; - } - ]; - }; - "lan-${cnf.qca988x.interface}.milan" = { - matchConfig.Name = "${cnf.qca988x.interface}.milan"; - networkConfig.Bridge = "brlan"; - bridgeVLANs = [ - { - bridgeVLANConfig = { - EgressUntagged = 2; - PVID = 2; - }; - } - ]; - }; - }; - }; -} diff --git a/nixos/routers/wifi-spt.nix b/nixos/routers/wifi-spt.nix deleted file mode 100644 index 769449d..0000000 --- a/nixos/routers/wifi-spt.nix +++ /dev/null @@ -1,171 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: let - inherit (lib) mkOption mkEnableOption types mkIf mkMerge hostapd elemAt; - cnf = config.cynerd.wifiAP.spt; - - wOptions = card: channelDefault: { - interface = mkOption { - type = with types; nullOr str; - default = null; - description = "Specify interface for ${card}"; - }; - bssids = mkOption { - type = with types; listOf str; - default = []; - description = "BSSIDs for networks."; - }; - channel = mkOption { - type = types.ints.positive; - default = channelDefault; - description = "Channel to be used for ${card}"; - }; - }; -in { - options = { - cynerd.wifiAP.spt = { - enable = mkEnableOption "Enable Wi-Fi Access Point support"; - ar9287 = wOptions "Qualcom Atheros AR9287" 7; - qca988x = wOptions "Qualcom Atheros QCA988x" 36; - }; - }; - - config = mkIf cnf.enable { - # TODO regdom doesn't work for some reason - boot.extraModprobeConfig = '' - options cfg80211 ieee80211_regdom="CZ" - ''; - services.hostapd = { - enable = true; - radios = mkMerge [ - (mkIf (cnf.ar9287.interface != null) { - "${cnf.ar9287.interface}" = { - inherit (cnf.ar9287) channel; - countryCode = "CZ"; - wifi4 = { - enable = true; - inherit (hostapd.qualcomAtherosAR9287.wifi4) capabilities; - }; - networks = { - "${cnf.ar9287.interface}" = { - bssid = elemAt cnf.ar9287.bssids 0; - ssid = "TurrisRules"; - authentication = { - mode = "wpa2-sha256"; - wpaPasswordFile = "/run/secrets/hostapd-TurrisRules.pass"; - }; - }; - #"${cnf.ar9287.interface}.guest" = { - # bssid = elemAt cnf.ar9287.bssids 1; - # ssid = "Kocovi"; - # authentication = { - # mode = "wpa2-sha256"; - # wpaPasswordFile = "/run/secrets/hostapd-Kocovi.pass"; - # }; - #}; - }; - }; - }) - (mkIf (cnf.qca988x.interface != null) { - "${cnf.qca988x.interface}" = let - is2g = cnf.qca988x.channel <= 14; - in { - inherit (cnf.qca988x) channel; - countryCode = "CZ"; - band = - if is2g - then "2g" - else "5g"; - wifi4 = { - enable = true; - inherit (hostapd.qualcomAtherosQCA988x.wifi4) capabilities; - }; - wifi5 = { - enable = !is2g; - inherit (hostapd.qualcomAtherosQCA988x.wifi5) capabilities; - }; - networks = { - "${cnf.qca988x.interface}" = { - bssid = elemAt cnf.qca988x.bssids 0; - ssid = "TurrisRules${ - if is2g - then "" - else "5" - }"; - authentication = { - mode = "wpa2-sha256"; - wpaPasswordFile = "/run/secrets/hostapd-TurrisRules.pass"; - }; - }; - #"${cnf.qca988x.interface}.guest" = { - # bssid = elemAt cnf.qca988x.bssids 1; - # ssid = "Kocovi"; - # authentication = { - # mode = "wpa2-sha256"; - # wpaPasswordFile = "/run/secrets/hostapd-Kocovi.pass"; - # }; - #}; - }; - }; - }) - ]; - }; - systemd.network.networks = mkMerge [ - (mkIf (cnf.ar9287.interface != null) { - "lan-${cnf.ar9287.interface}" = { - matchConfig.Name = cnf.ar9287.interface; - networkConfig.Bridge = "brlan"; - bridgeVLANs = [ - { - bridgeVLANConfig = { - EgressUntagged = 1; - PVID = 1; - }; - } - ]; - }; - #"lan-${cnf.ar9287.interface}-guest" = { - # matchConfig.Name = "${cnf.ar9287.interface}.guest"; - # networkConfig.Bridge = "brlan"; - # bridgeVLANs = [ - # { - # bridgeVLANConfig = { - # EgressUntagged = 2; - # PVID = 2; - # }; - # } - # ]; - #}; - }) - (mkIf (cnf.qca988x.interface != null) { - "lan-${cnf.qca988x.interface}" = { - matchConfig.Name = cnf.qca988x.interface; - networkConfig.Bridge = "brlan"; - bridgeVLANs = [ - { - bridgeVLANConfig = { - EgressUntagged = 1; - PVID = 1; - }; - } - ]; - }; - #"lan-${cnf.qca988x.interface}-guest" = { - # matchConfig.Name = "${cnf.qca988x.interface}.guest"; - # networkConfig.Bridge = "brlan"; - # bridgeVLANs = [ - # { - # bridgeVLANConfig = { - # EgressUntagged = 2; - # PVID = 2; - # }; - # } - # ]; - #}; - }) - ]; - }; -} |