diff options
author | Karel Kočí <cynerd@email.cz> | 2022-08-18 08:43:38 +0200 |
---|---|---|
committer | Karel Kočí <cynerd@email.cz> | 2022-08-18 08:43:38 +0200 |
commit | a03996d7a11edc84e231f513ef134f9f58d44ccf (patch) | |
tree | 632b6e139d8c2d291353b40fc5f1f3757843c4f6 /nixos | |
parent | d558ed3b71a0c51338c1cffcf648dc6a0e3ecf5b (diff) | |
download | nixos-personal-a03996d7a11edc84e231f513ef134f9f58d44ccf.tar.gz nixos-personal-a03996d7a11edc84e231f513ef134f9f58d44ccf.tar.bz2 nixos-personal-a03996d7a11edc84e231f513ef134f9f58d44ccf.zip |
nixos: work little bit on routers
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/machine/adm-omnia.nix | 60 | ||||
-rw-r--r-- | nixos/machine/adm-omnia2.nix | 37 | ||||
-rw-r--r-- | nixos/machine/default.nix | 2 | ||||
-rw-r--r-- | nixos/machine/spt-mox2.nix | 48 | ||||
-rw-r--r-- | nixos/machine/spt-omnia.nix | 29 | ||||
-rw-r--r-- | nixos/modules/router.nix | 58 |
6 files changed, 208 insertions, 26 deletions
diff --git a/nixos/machine/adm-omnia.nix b/nixos/machine/adm-omnia.nix index f5ca827..c7c2063 100644 --- a/nixos/machine/adm-omnia.nix +++ b/nixos/machine/adm-omnia.nix @@ -6,7 +6,65 @@ with lib; config = { cynerd = { - openvpn.oldpersonal = true; + #openvpn.oldpersonal = true; + }; + + networking = { + # TODO we need vlan filtering to filter out guest and adm network + bridges = { + brlan = { + interfaces = [ + "lan0" "lan1" "lan2" "lan3" "lan4" + ]; + }; + #brguest = { + # interfaces = [ + # "brlan.2" #"mlan0host" "wlp1s0host" + # ]; + #}; + }; + interfaces.brlan = { + ipv4 = { + addresses = [{ + address = config.cynerd.hosts.adm.omnia; + prefixLength = 24; + }]; + }; + }; + # TODO localhost + nameservers = [ "1.1.1.1" "8.8.8.8" ]; + dhcpcd.allowInterfaces = [ "eth2" ]; + }; + + networking.wirelessAP = { + enable = true; + environmentFile = "/run/secrets/hostapd.env"; + interfaces = { + "mlan0" = { + countryCode = "CZ"; + ssid = "TurrisRules"; + wpa = true; + wpaPassphrase = "@PASS_TURRIS_RULES@"; + }; + "wlp1s0" = { + countryCode = "CZ"; + hwMode = "a"; + channel = 36; + ieee80211ac = true; + ht_capab = ["HT40+" "LDPC" "SHORT-GI-20" "SHORT-GI-40" "TX-STBC" "RX-STBC1" "MAX-AMSDU-7935" "DSSS_CCK-40"]; + vht_capab = ["RXLDPC" "SHORT-GI-80" "TX-STBC-2BY1" "RX-ANTENNA-PATTERN" "TX-ANTENNA-PATTERN" "RX-STBC-1" "MAX-MPDU-11454" "MAX-A-MPDU-LEN-EXP7"]; + ssid = "TurrisRules5"; + wpa = true; + wpaPassphrase = "@PASS_TURRIS_RULES@"; + bss = { + "wlp1s0host" = { + ssid = "KocoviGuest"; + wpa = true; + wpaPassphrase = "@PASS_KOCOVI@"; + }; + }; + }; + }; }; }; diff --git a/nixos/machine/adm-omnia2.nix b/nixos/machine/adm-omnia2.nix index 21bfeb6..0bdc3bc 100644 --- a/nixos/machine/adm-omnia2.nix +++ b/nixos/machine/adm-omnia2.nix @@ -5,6 +5,43 @@ with lib; { config = { + networking = { + bridges = { + brlan = { + interfaces = [ + "eth2" "lan0" "lan1" "lan2" "lan3" "lan4" + ]; + }; + }; + localCommands = '' + ip link set brlan type bridge vlan_filtering 1 + bridge vlan add dev eth2 vid 1 pvid untagged + bridge vlan add dev eth2 vid 2 + bridge vlan add dev lan0 vid 2 pvid untagged + bridge vlan add dev lan1 vid 2 pvid untagged + bridge vlan add dev lan2 vid 2 pvid untagged + bridge vlan add dev lan3 vid 2 pvid untagged + bridge vlan add dev lan4 vid 1 pvid untagged + bridge vlan add dev lan4 vid 2 + ''; + vlans = { + "lan" = { + id = 1; + interface = "brlan"; + }; + }; + interfaces.lan = { + ipv4 = { + addresses = [{ + address = config.cynerd.hosts.adm.omnia2; + prefixLength = 24; + }]; + }; + }; + defaultGateway = config.cynerd.hosts.adm.omnia; + nameservers = [ config.cynerd.hosts.adm.omnia "1.1.1.1" "8.8.8.8" ]; + dhcpcd.allowInterfaces = [ "lan" ]; + }; }; } diff --git a/nixos/machine/default.nix b/nixos/machine/default.nix index 32ad5ab..4286d06 100644 --- a/nixos/machine/default.nix +++ b/nixos/machine/default.nix @@ -7,6 +7,8 @@ machine-ridcully = import ./ridcully.nix; machine-susan = import ./susan.nix; + machine-gaspode = import ./gaspode.nix; + machine-spt-omnia = import ./spt-omnia.nix; machine-spt-mox = import ./spt-mox.nix; machine-spt-mox2 = import ./spt-mox2.nix; diff --git a/nixos/machine/spt-mox2.nix b/nixos/machine/spt-mox2.nix index 5922278..a3de15d 100644 --- a/nixos/machine/spt-mox2.nix +++ b/nixos/machine/spt-mox2.nix @@ -20,28 +20,32 @@ with lib; # ''; #}]; - networking.hostapd = { - "mlan0" = { - countryCode = "CZ"; - ssid = "TurrisRules"; - wpa = true; - wpaPskFile = "/run/secrets/wifi/TurrisRules.psk"; - }; - "wlp1s0" = { - countryCode = "CZ"; - hwMode = "a"; - channel = 36; - ieee80211ac = true; - ht_capab = ["HT40+" "LDPC" "SHORT-GI-20" "SHORT-GI-40" "TX-STBC" "RX-STBC1" "MAX-AMSDU-7935" "DSSS_CCK-40"]; - vht_capab = ["RXLDPC" "SHORT-GI-80" "TX-STBC-2BY1" "RX-ANTENNA-PATTERN" "TX-ANTENNA-PATTERN" "RX-STBC-1" "MAX-MPDU-11454" "MAX-A-MPDU-LEN-EXP7"]; - ssid = "TurrisRules5"; - wpa = true; - wpaPskFile = "/run/secrets/wifi/TurrisRules5.psk"; - bss = { - "wlp1s0host" = { - ssid = "NixTurris5Guest"; - wpa = true; - wpaPassphrase = "somepassword"; + networking.wirelessAP = { + enable = true; + environmentFile = "/run/secrets/hostapd.env"; + interfaces = { + "mlan0" = { + countryCode = "CZ"; + ssid = "TurrisRules"; + wpa = true; + wpaPassphrase = "@PASS_TURRIS_RULES@"; + }; + "wlp1s0" = { + countryCode = "CZ"; + hwMode = "a"; + channel = 36; + ieee80211ac = true; + ht_capab = ["HT40+" "LDPC" "SHORT-GI-20" "SHORT-GI-40" "TX-STBC" "RX-STBC1" "MAX-AMSDU-7935" "DSSS_CCK-40"]; + vht_capab = ["RXLDPC" "SHORT-GI-80" "TX-STBC-2BY1" "RX-ANTENNA-PATTERN" "TX-ANTENNA-PATTERN" "RX-STBC-1" "MAX-MPDU-11454" "MAX-A-MPDU-LEN-EXP7"]; + ssid = "TurrisRules5"; + wpa = true; + wpaPassphrase = "@PASS_TURRIS_RULES@"; + bss = { + "wlp1s0host" = { + ssid = "KocoviGuest"; + wpa = true; + wpaPassphrase = "@PASS_KOCOVI@"; + }; }; }; }; diff --git a/nixos/machine/spt-omnia.nix b/nixos/machine/spt-omnia.nix index 4cb80c4..d2c4a96 100644 --- a/nixos/machine/spt-omnia.nix +++ b/nixos/machine/spt-omnia.nix @@ -9,17 +9,40 @@ with lib; openvpn.oldpersonal = true; }; + networking = { + # TODO we need vlan filtering to filter out guest network + bridges = { + brlan = { + interfaces = [ + "lan0" "lan1" "lan2" "lan3" "lan4" + ]; + }; + #brguest = { + # interfaces = [ + # "brlan.2" #"mlan0host" "wlp1s0host" + # ]; + #}; + }; + interfaces.brlan = { + ipv4 = { + addresses = [{ + address = config.cynerd.hosts.spt.omnia; + prefixLength = 24; + }]; + }; + }; + nameservers = [ "127.0.0.1" "1.1.1.1" "8.8.8.8" ]; + dhcpcd.allowInterfaces = [ "eth2" ]; + }; + services.syncthing = { enable = true; - #user = mkDefault "cynerd"; - #group = mkDefault "cynerd"; openDefaultPorts = true; overrideDevices = false; overrideFolders = false; dataDir = "/data"; - configDir = "/srv/syncthing"; }; }; diff --git a/nixos/modules/router.nix b/nixos/modules/router.nix new file mode 100644 index 0000000..e65ef10 --- /dev/null +++ b/nixos/modules/router.nix @@ -0,0 +1,58 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + + cnf = config.cynerd.router; + +in { + + options = { + cynerd.router = { + enable = mkOption { + type = types.bool; + default = false; + description = "Enable router support"; + }; + wan = mkOption { + type = types.string; + description = "Interface for the router's WAN"; + }; + brlan = mkOption { + type = types.string; + default = "brlan"; + description = "LAN interface (commonly some bridge)"; + }; + # TODO IP range and so on + }; + }; + + config = mkIf cnf { + + # TODO firewall NAT + networking = { + + }; + + services.dhcpd4 = { + enable = true; + authoritative = true; + interfaces = [ "brlan" ]; + extraConfig = '' + ''; + }; + + services.dhcpd6 = { + enable = true; + authoritative = true; + interfaces = [ "brlan" ]; + extraConfig = '' + ''; + }; + + services.kresd = { + enable = true; + }; + + }; +} |