aboutsummaryrefslogtreecommitdiff
path: root/nixos/routers
diff options
context:
space:
mode:
authorKarel Kočí <cynerd@email.cz>2024-02-20 21:34:43 +0100
committerKarel Kočí <cynerd@email.cz>2024-02-20 21:34:43 +0100
commitc014ef4360ebc9fe23d5abf253141f44a94160ca (patch)
tree19300ce3effeca6b435cb5c8c2891e5a0c7f8656 /nixos/routers
parentc9c4f84bd1303281d7520c2a519d7be7d678c83c (diff)
downloadnixos-personal-c014ef4360ebc9fe23d5abf253141f44a94160ca.tar.gz
nixos-personal-c014ef4360ebc9fe23d5abf253141f44a94160ca.tar.bz2
nixos-personal-c014ef4360ebc9fe23d5abf253141f44a94160ca.zip
nixos: merge router to normal modules
Diffstat (limited to 'nixos/routers')
-rw-r--r--nixos/routers/default.nix6
-rw-r--r--nixos/routers/router.nix171
-rw-r--r--nixos/routers/switch.nix65
-rw-r--r--nixos/routers/wifi-adm.nix190
-rw-r--r--nixos/routers/wifi-spt.nix171
5 files changed, 0 insertions, 603 deletions
diff --git a/nixos/routers/default.nix b/nixos/routers/default.nix
deleted file mode 100644
index dfc1266..0000000
--- a/nixos/routers/default.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-{
- cynerd-router = import ./router.nix;
- cynerd-switch = import ./switch.nix;
- cynerd-wifi-adm = import ./wifi-adm.nix;
- cynerd-wifi-spt = import ./wifi-spt.nix;
-}
diff --git a/nixos/routers/router.nix b/nixos/routers/router.nix
deleted file mode 100644
index ed634b1..0000000
--- a/nixos/routers/router.nix
+++ /dev/null
@@ -1,171 +0,0 @@
-{
- config,
- lib,
- ...
-}: let
- inherit (lib) mkOption types mkIf mapAttrsToList;
- cnf = config.cynerd.router;
-in {
- options = {
- cynerd.router = {
- enable = mkOption {
- type = types.bool;
- default = false;
- description = "Enable router support";
- };
- wan = mkOption {
- type = types.str;
- description = "Interface for the router's WAN";
- };
- lanIP = mkOption {
- type = types.str;
- description = "LAN IP address";
- };
- dynIPStart = mkOption {
- type = types.ints.between 0 256;
- default = 100;
- description = "Offset for the dynamic IPv4 addresses";
- };
- dynIPCount = mkOption {
- type = types.ints.between 0 256;
- default = 100;
- description = "Number of dynamically assigned IPv4 addresses";
- };
- lanPrefix = mkOption {
- type = types.ints.between 0 32;
- default = 24;
- description = "LAN IP network prefix length";
- };
- staticLeases = mkOption {
- type = with types; attrsOf str;
- default = {};
- example = ''
- {"xx:xx:xx:xx:xx:xx" = "10.8.1.30";}
- '';
- description = "Mapping of MAC address to IP address";
- };
- };
- };
-
- config = mkIf cnf.enable {
- networking = {
- useNetworkd = true;
- nftables.enable = true;
- firewall = {
- logRefusedConnections = false;
- interfaces = {
- "home" = {allowedUDPPorts = [67 68];};
- "guest" = {allowedUDPPorts = [67 68];};
- };
- rejectPackets = true;
- filterForward = true;
- };
- nat = {
- enable = true;
- externalInterface = cnf.wan;
- internalInterfaces = ["home" "guest"];
- };
- };
-
- systemd.network = {
- netdevs = {
- "brlan" = {
- netdevConfig = {
- Kind = "bridge";
- Name = "brlan";
- };
- extraConfig = ''
- [Bridge]
- DefaultPVID=none
- VLANFiltering=yes
- '';
- };
- "home" = {
- netdevConfig = {
- Kind = "vlan";
- Name = "home";
- };
- vlanConfig.Id = 1;
- };
- "guest" = {
- netdevConfig = {
- Kind = "vlan";
- Name = "guest";
- };
- vlanConfig.Id = 2;
- };
- };
- networks = {
- "brlan" = {
- matchConfig.Name = "brlan";
- networkConfig.VLAN = ["home" "guest"];
- bridgeVLANs = [
- {bridgeVLANConfig.VLAN = 1;}
- {bridgeVLANConfig.VLAN = 2;}
- ];
- };
- "home" = {
- matchConfig.Name = "home";
- networkConfig = {
- Address = "${cnf.lanIP}/${toString cnf.lanPrefix}";
- IPForward = "yes";
- DHCPServer = "yes";
- DHCPPrefixDelegation = "yes";
- IPv6SendRA = "yes";
- IPv6AcceptRA = "no";
- };
- dhcpServerConfig = {
- UplinkInterface = cnf.wan;
- PoolOffset = cnf.dynIPStart;
- PoolSize = cnf.dynIPCount;
- EmitDNS = "yes";
- DNS = "1.1.1.1";
- };
- dhcpServerStaticLeases =
- mapAttrsToList (n: v: {
- dhcpServerStaticLeaseConfig = {
- MACAddress = n;
- Address = v;
- };
- })
- cnf.staticLeases;
- dhcpPrefixDelegationConfig = {
- UplinkInterface = cnf.wan;
- SubnetId = 1;
- Announce = "yes";
- };
- };
- "guest" = {
- matchConfig.Name = "guest";
- networkConfig = {
- Address = "192.168.1.1/24";
- IPForward = "yes";
- DHCPServer = "yes";
- DHCPPrefixDelegation = "yes";
- IPv6SendRA = "yes";
- IPv6AcceptRA = "no";
- };
- dhcpServerConfig = {
- UplinkInterface = cnf.wan;
- PoolOffset = cnf.dynIPStart;
- PoolSize = cnf.dynIPCount;
- EmitDNS = "yes";
- DNS = "1.1.1.1";
- };
- dhcpPrefixDelegationConfig = {
- UplinkInterface = cnf.wan;
- SubnetId = 2;
- Announce = "yes";
- };
- };
- };
- wait-online.anyInterface = true;
- };
-
- services.resolved = {
- enable = true;
- dnssec = "true";
- fallbackDns = ["1.1.1.1" "8.8.8.8"];
- };
- };
-}
diff --git a/nixos/routers/switch.nix b/nixos/routers/switch.nix
deleted file mode 100644
index 16d57bc..0000000
--- a/nixos/routers/switch.nix
+++ /dev/null
@@ -1,65 +0,0 @@
-{
- config,
- lib,
- ...
-}:
-with lib; let
- cnf = config.cynerd.switch;
-in {
- options = {
- cynerd.switch = {
- enable = mkEnableOption "Enable switch support";
- lanAddress = mkOption {
- type = types.str;
- description = "LAN IP address";
- };
- lanGateway = mkOption {
- type = types.str;
- description = "LAN IP address of the gateway";
- };
- };
- };
-
- config = mkIf cnf.enable {
- networking = {
- useNetworkd = true;
- nftables.enable = true;
- };
-
- systemd.network = {
- netdevs = {
- "brlan" = {
- netdevConfig = {
- Kind = "bridge";
- Name = "brlan";
- };
- extraConfig = ''
- [Bridge]
- DefaultPVID=none
- VLANFiltering=yes
- '';
- };
- };
- networks = {
- "brlan" = {
- matchConfig.Name = "brlan";
- bridgeVLANs = [
- {
- bridgeVLANConfig = {
- PVID = 1;
- EgressUntagged = 1;
- };
- }
- ];
- networkConfig = {
- Address = cnf.lanAddress;
- Gateway = cnf.lanGateway;
- DNS = "1.1.1.1";
- IPv6AcceptRA = "yes";
- };
- };
- };
- wait-online.anyInterface = true;
- };
- };
-}
diff --git a/nixos/routers/wifi-adm.nix b/nixos/routers/wifi-adm.nix
deleted file mode 100644
index 733f167..0000000
--- a/nixos/routers/wifi-adm.nix
+++ /dev/null
@@ -1,190 +0,0 @@
-{
- config,
- lib,
- pkgs,
- ...
-}:
-with lib; let
- cnf = config.cynerd.wifiAP.adm;
-
- wOptions = card: channelDefault: {
- interface = mkOption {
- type = with types; nullOr str;
- default = null;
- description = "Specify interface for ${card}";
- };
- bssids = mkOption {
- type = with types; listOf str;
- default = [];
- description = "BSSIDs for networks.";
- };
- channel = mkOption {
- type = types.ints.positive;
- default = channelDefault;
- description = "Channel to be used for ${card}";
- };
- };
-in {
- options = {
- cynerd.wifiAP.adm = {
- enable = mkEnableOption "Enable Wi-Fi Access Point support";
- ar9287 = wOptions "Qualcom Atheros AR9287" 7;
- qca988x = wOptions "Qualcom Atheros QCA988x" 36;
- };
- };
-
- config = mkIf cnf.enable {
- services.hostapd = {
- enable = true;
- radios = {
- "${cnf.ar9287.interface}" = mkIf (cnf.ar9287.interface != null) {
- countryCode = "CZ";
- inherit (cnf.ar9287) channel;
- wifi4 = {
- enable = true;
- inherit (hostapd.qualcomAtherosAR9287.wifi4) capabilities;
- };
- networks = {
- "${cnf.ar9287.interface}" = {
- bssid = elemAt cnf.ar9287.bssids 0;
- ssid = "TurrisAdamkovi";
- authentication = {
- mode = "wpa2-sha256";
- wpaPasswordFile = "/run/secrets/hostapd-TurrisAdamkovi.pass";
- };
- };
- "${cnf.ar9287.interface}-nela" = {
- bssid = elemAt cnf.ar9287.bssids 1;
- ssid = "Nela";
- authentication = {
- mode = "wpa2-sha256";
- wpaPasswordFile = "/run/secrets/hostapd-Nela.pass";
- };
- };
- "${cnf.ar9287.interface}.milan" = {
- bssid = elemAt cnf.ar9287.bssids 2;
- ssid = "MILAN-AC";
- authentication = {
- mode = "wpa2-sha256";
- wpaPasswordFile = "/run/secrets/hostapd-MILAN-AC.pass";
- };
- };
- };
- };
- "${cnf.qca988x.interface}" = mkIf (cnf.qca988x.interface != null) {
- countryCode = "CZ";
- inherit (cnf.qca988x) channel;
- band = "5g";
- wifi4 = {
- enable = true;
- inherit (hostapd.qualcomAtherosQCA988x.wifi4) capabilities;
- };
- wifi5 = {
- enable = true;
- inherit (hostapd.qualcomAtherosQCA988x.wifi5) capabilities;
- };
- networks = {
- "${cnf.qca988x.interface}" = {
- bssid = elemAt cnf.qca988x.bssids 0;
- ssid = "TurrisAdamkovi";
- authentication = {
- mode = "wpa2-sha256";
- wpaPasswordFile = "/run/secrets/hostapd-TurrisAdamkovi.pass";
- };
- };
- "${cnf.qca988x.interface}-nela" = {
- bssid = elemAt cnf.qca988x.bssids 1;
- ssid = "Nela";
- authentication = {
- mode = "wpa2-sha256";
- wpaPasswordFile = "/run/secrets/hostapd-Nela.pass";
- };
- };
- "${cnf.qca988x.interface}.milan" = {
- bssid = elemAt cnf.qca988x.bssids 2;
- ssid = "MILAN-AC";
- authentication = {
- mode = "wpa2-sha256";
- wpaPasswordFile = "/run/secrets/hostapd-MILAN-AC.pass";
- };
- };
- };
- };
- };
- };
- systemd.network.networks = {
- "lan-${cnf.ar9287.interface}" = {
- matchConfig.Name = cnf.ar9287.interface;
- networkConfig.Bridge = "brlan";
- bridgeVLANs = [
- {
- bridgeVLANConfig = {
- EgressUntagged = 1;
- PVID = 1;
- };
- }
- ];
- };
- "lan-${cnf.ar9287.interface}-nela" = {
- matchConfig.Name = "${cnf.ar9287.interface}-nela";
- networkConfig.Bridge = "brlan";
- bridgeVLANs = [
- {
- bridgeVLANConfig = {
- EgressUntagged = 2;
- PVID = 2;
- };
- }
- ];
- };
- "lan-${cnf.ar9287.interface}.milan" = {
- matchConfig.Name = "${cnf.ar9287.interface}.milan";
- networkConfig.Bridge = "brlan";
- bridgeVLANs = [
- {
- bridgeVLANConfig = {
- EgressUntagged = 2;
- PVID = 2;
- };
- }
- ];
- };
- "lan-${cnf.qca988x.interface}" = {
- matchConfig.Name = cnf.qca988x.interface;
- networkConfig.Bridge = "brlan";
- bridgeVLANs = [
- {
- bridgeVLANConfig = {
- EgressUntagged = 1;
- PVID = 1;
- };
- }
- ];
- };
- "lan-${cnf.qca988x.interface}-nela" = {
- matchConfig.Name = "${cnf.qca988x.interface}-nela";
- networkConfig.Bridge = "brlan";
- bridgeVLANs = [
- {
- bridgeVLANConfig = {
- EgressUntagged = 2;
- PVID = 2;
- };
- }
- ];
- };
- "lan-${cnf.qca988x.interface}.milan" = {
- matchConfig.Name = "${cnf.qca988x.interface}.milan";
- networkConfig.Bridge = "brlan";
- bridgeVLANs = [
- {
- bridgeVLANConfig = {
- EgressUntagged = 2;
- PVID = 2;
- };
- }
- ];
- };
- };
- };
-}
diff --git a/nixos/routers/wifi-spt.nix b/nixos/routers/wifi-spt.nix
deleted file mode 100644
index 769449d..0000000
--- a/nixos/routers/wifi-spt.nix
+++ /dev/null
@@ -1,171 +0,0 @@
-{
- config,
- lib,
- pkgs,
- ...
-}: let
- inherit (lib) mkOption mkEnableOption types mkIf mkMerge hostapd elemAt;
- cnf = config.cynerd.wifiAP.spt;
-
- wOptions = card: channelDefault: {
- interface = mkOption {
- type = with types; nullOr str;
- default = null;
- description = "Specify interface for ${card}";
- };
- bssids = mkOption {
- type = with types; listOf str;
- default = [];
- description = "BSSIDs for networks.";
- };
- channel = mkOption {
- type = types.ints.positive;
- default = channelDefault;
- description = "Channel to be used for ${card}";
- };
- };
-in {
- options = {
- cynerd.wifiAP.spt = {
- enable = mkEnableOption "Enable Wi-Fi Access Point support";
- ar9287 = wOptions "Qualcom Atheros AR9287" 7;
- qca988x = wOptions "Qualcom Atheros QCA988x" 36;
- };
- };
-
- config = mkIf cnf.enable {
- # TODO regdom doesn't work for some reason
- boot.extraModprobeConfig = ''
- options cfg80211 ieee80211_regdom="CZ"
- '';
- services.hostapd = {
- enable = true;
- radios = mkMerge [
- (mkIf (cnf.ar9287.interface != null) {
- "${cnf.ar9287.interface}" = {
- inherit (cnf.ar9287) channel;
- countryCode = "CZ";
- wifi4 = {
- enable = true;
- inherit (hostapd.qualcomAtherosAR9287.wifi4) capabilities;
- };
- networks = {
- "${cnf.ar9287.interface}" = {
- bssid = elemAt cnf.ar9287.bssids 0;
- ssid = "TurrisRules";
- authentication = {
- mode = "wpa2-sha256";
- wpaPasswordFile = "/run/secrets/hostapd-TurrisRules.pass";
- };
- };
- #"${cnf.ar9287.interface}.guest" = {
- # bssid = elemAt cnf.ar9287.bssids 1;
- # ssid = "Kocovi";
- # authentication = {
- # mode = "wpa2-sha256";
- # wpaPasswordFile = "/run/secrets/hostapd-Kocovi.pass";
- # };
- #};
- };
- };
- })
- (mkIf (cnf.qca988x.interface != null) {
- "${cnf.qca988x.interface}" = let
- is2g = cnf.qca988x.channel <= 14;
- in {
- inherit (cnf.qca988x) channel;
- countryCode = "CZ";
- band =
- if is2g
- then "2g"
- else "5g";
- wifi4 = {
- enable = true;
- inherit (hostapd.qualcomAtherosQCA988x.wifi4) capabilities;
- };
- wifi5 = {
- enable = !is2g;
- inherit (hostapd.qualcomAtherosQCA988x.wifi5) capabilities;
- };
- networks = {
- "${cnf.qca988x.interface}" = {
- bssid = elemAt cnf.qca988x.bssids 0;
- ssid = "TurrisRules${
- if is2g
- then ""
- else "5"
- }";
- authentication = {
- mode = "wpa2-sha256";
- wpaPasswordFile = "/run/secrets/hostapd-TurrisRules.pass";
- };
- };
- #"${cnf.qca988x.interface}.guest" = {
- # bssid = elemAt cnf.qca988x.bssids 1;
- # ssid = "Kocovi";
- # authentication = {
- # mode = "wpa2-sha256";
- # wpaPasswordFile = "/run/secrets/hostapd-Kocovi.pass";
- # };
- #};
- };
- };
- })
- ];
- };
- systemd.network.networks = mkMerge [
- (mkIf (cnf.ar9287.interface != null) {
- "lan-${cnf.ar9287.interface}" = {
- matchConfig.Name = cnf.ar9287.interface;
- networkConfig.Bridge = "brlan";
- bridgeVLANs = [
- {
- bridgeVLANConfig = {
- EgressUntagged = 1;
- PVID = 1;
- };
- }
- ];
- };
- #"lan-${cnf.ar9287.interface}-guest" = {
- # matchConfig.Name = "${cnf.ar9287.interface}.guest";
- # networkConfig.Bridge = "brlan";
- # bridgeVLANs = [
- # {
- # bridgeVLANConfig = {
- # EgressUntagged = 2;
- # PVID = 2;
- # };
- # }
- # ];
- #};
- })
- (mkIf (cnf.qca988x.interface != null) {
- "lan-${cnf.qca988x.interface}" = {
- matchConfig.Name = cnf.qca988x.interface;
- networkConfig.Bridge = "brlan";
- bridgeVLANs = [
- {
- bridgeVLANConfig = {
- EgressUntagged = 1;
- PVID = 1;
- };
- }
- ];
- };
- #"lan-${cnf.qca988x.interface}-guest" = {
- # matchConfig.Name = "${cnf.qca988x.interface}.guest";
- # networkConfig.Bridge = "brlan";
- # bridgeVLANs = [
- # {
- # bridgeVLANConfig = {
- # EgressUntagged = 2;
- # PVID = 2;
- # };
- # }
- # ];
- #};
- })
- ];
- };
-}