aboutsummaryrefslogtreecommitdiff
path: root/nixos
diff options
context:
space:
mode:
authorKarel Kočí <cynerd@email.cz>2022-08-18 08:43:38 +0200
committerKarel Kočí <cynerd@email.cz>2022-08-18 08:43:38 +0200
commita03996d7a11edc84e231f513ef134f9f58d44ccf (patch)
tree632b6e139d8c2d291353b40fc5f1f3757843c4f6 /nixos
parentd558ed3b71a0c51338c1cffcf648dc6a0e3ecf5b (diff)
downloadnixos-personal-a03996d7a11edc84e231f513ef134f9f58d44ccf.tar.gz
nixos-personal-a03996d7a11edc84e231f513ef134f9f58d44ccf.tar.bz2
nixos-personal-a03996d7a11edc84e231f513ef134f9f58d44ccf.zip
nixos: work little bit on routers
Diffstat (limited to 'nixos')
-rw-r--r--nixos/machine/adm-omnia.nix60
-rw-r--r--nixos/machine/adm-omnia2.nix37
-rw-r--r--nixos/machine/default.nix2
-rw-r--r--nixos/machine/spt-mox2.nix48
-rw-r--r--nixos/machine/spt-omnia.nix29
-rw-r--r--nixos/modules/router.nix58
6 files changed, 208 insertions, 26 deletions
diff --git a/nixos/machine/adm-omnia.nix b/nixos/machine/adm-omnia.nix
index f5ca827..c7c2063 100644
--- a/nixos/machine/adm-omnia.nix
+++ b/nixos/machine/adm-omnia.nix
@@ -6,7 +6,65 @@ with lib;
config = {
cynerd = {
- openvpn.oldpersonal = true;
+ #openvpn.oldpersonal = true;
+ };
+
+ networking = {
+ # TODO we need vlan filtering to filter out guest and adm network
+ bridges = {
+ brlan = {
+ interfaces = [
+ "lan0" "lan1" "lan2" "lan3" "lan4"
+ ];
+ };
+ #brguest = {
+ # interfaces = [
+ # "brlan.2" #"mlan0host" "wlp1s0host"
+ # ];
+ #};
+ };
+ interfaces.brlan = {
+ ipv4 = {
+ addresses = [{
+ address = config.cynerd.hosts.adm.omnia;
+ prefixLength = 24;
+ }];
+ };
+ };
+ # TODO localhost
+ nameservers = [ "1.1.1.1" "8.8.8.8" ];
+ dhcpcd.allowInterfaces = [ "eth2" ];
+ };
+
+ networking.wirelessAP = {
+ enable = true;
+ environmentFile = "/run/secrets/hostapd.env";
+ interfaces = {
+ "mlan0" = {
+ countryCode = "CZ";
+ ssid = "TurrisRules";
+ wpa = true;
+ wpaPassphrase = "@PASS_TURRIS_RULES@";
+ };
+ "wlp1s0" = {
+ countryCode = "CZ";
+ hwMode = "a";
+ channel = 36;
+ ieee80211ac = true;
+ ht_capab = ["HT40+" "LDPC" "SHORT-GI-20" "SHORT-GI-40" "TX-STBC" "RX-STBC1" "MAX-AMSDU-7935" "DSSS_CCK-40"];
+ vht_capab = ["RXLDPC" "SHORT-GI-80" "TX-STBC-2BY1" "RX-ANTENNA-PATTERN" "TX-ANTENNA-PATTERN" "RX-STBC-1" "MAX-MPDU-11454" "MAX-A-MPDU-LEN-EXP7"];
+ ssid = "TurrisRules5";
+ wpa = true;
+ wpaPassphrase = "@PASS_TURRIS_RULES@";
+ bss = {
+ "wlp1s0host" = {
+ ssid = "KocoviGuest";
+ wpa = true;
+ wpaPassphrase = "@PASS_KOCOVI@";
+ };
+ };
+ };
+ };
};
};
diff --git a/nixos/machine/adm-omnia2.nix b/nixos/machine/adm-omnia2.nix
index 21bfeb6..0bdc3bc 100644
--- a/nixos/machine/adm-omnia2.nix
+++ b/nixos/machine/adm-omnia2.nix
@@ -5,6 +5,43 @@ with lib;
{
config = {
+ networking = {
+ bridges = {
+ brlan = {
+ interfaces = [
+ "eth2" "lan0" "lan1" "lan2" "lan3" "lan4"
+ ];
+ };
+ };
+ localCommands = ''
+ ip link set brlan type bridge vlan_filtering 1
+ bridge vlan add dev eth2 vid 1 pvid untagged
+ bridge vlan add dev eth2 vid 2
+ bridge vlan add dev lan0 vid 2 pvid untagged
+ bridge vlan add dev lan1 vid 2 pvid untagged
+ bridge vlan add dev lan2 vid 2 pvid untagged
+ bridge vlan add dev lan3 vid 2 pvid untagged
+ bridge vlan add dev lan4 vid 1 pvid untagged
+ bridge vlan add dev lan4 vid 2
+ '';
+ vlans = {
+ "lan" = {
+ id = 1;
+ interface = "brlan";
+ };
+ };
+ interfaces.lan = {
+ ipv4 = {
+ addresses = [{
+ address = config.cynerd.hosts.adm.omnia2;
+ prefixLength = 24;
+ }];
+ };
+ };
+ defaultGateway = config.cynerd.hosts.adm.omnia;
+ nameservers = [ config.cynerd.hosts.adm.omnia "1.1.1.1" "8.8.8.8" ];
+ dhcpcd.allowInterfaces = [ "lan" ];
+ };
};
}
diff --git a/nixos/machine/default.nix b/nixos/machine/default.nix
index 32ad5ab..4286d06 100644
--- a/nixos/machine/default.nix
+++ b/nixos/machine/default.nix
@@ -7,6 +7,8 @@
machine-ridcully = import ./ridcully.nix;
machine-susan = import ./susan.nix;
+ machine-gaspode = import ./gaspode.nix;
+
machine-spt-omnia = import ./spt-omnia.nix;
machine-spt-mox = import ./spt-mox.nix;
machine-spt-mox2 = import ./spt-mox2.nix;
diff --git a/nixos/machine/spt-mox2.nix b/nixos/machine/spt-mox2.nix
index 5922278..a3de15d 100644
--- a/nixos/machine/spt-mox2.nix
+++ b/nixos/machine/spt-mox2.nix
@@ -20,28 +20,32 @@ with lib;
# '';
#}];
- networking.hostapd = {
- "mlan0" = {
- countryCode = "CZ";
- ssid = "TurrisRules";
- wpa = true;
- wpaPskFile = "/run/secrets/wifi/TurrisRules.psk";
- };
- "wlp1s0" = {
- countryCode = "CZ";
- hwMode = "a";
- channel = 36;
- ieee80211ac = true;
- ht_capab = ["HT40+" "LDPC" "SHORT-GI-20" "SHORT-GI-40" "TX-STBC" "RX-STBC1" "MAX-AMSDU-7935" "DSSS_CCK-40"];
- vht_capab = ["RXLDPC" "SHORT-GI-80" "TX-STBC-2BY1" "RX-ANTENNA-PATTERN" "TX-ANTENNA-PATTERN" "RX-STBC-1" "MAX-MPDU-11454" "MAX-A-MPDU-LEN-EXP7"];
- ssid = "TurrisRules5";
- wpa = true;
- wpaPskFile = "/run/secrets/wifi/TurrisRules5.psk";
- bss = {
- "wlp1s0host" = {
- ssid = "NixTurris5Guest";
- wpa = true;
- wpaPassphrase = "somepassword";
+ networking.wirelessAP = {
+ enable = true;
+ environmentFile = "/run/secrets/hostapd.env";
+ interfaces = {
+ "mlan0" = {
+ countryCode = "CZ";
+ ssid = "TurrisRules";
+ wpa = true;
+ wpaPassphrase = "@PASS_TURRIS_RULES@";
+ };
+ "wlp1s0" = {
+ countryCode = "CZ";
+ hwMode = "a";
+ channel = 36;
+ ieee80211ac = true;
+ ht_capab = ["HT40+" "LDPC" "SHORT-GI-20" "SHORT-GI-40" "TX-STBC" "RX-STBC1" "MAX-AMSDU-7935" "DSSS_CCK-40"];
+ vht_capab = ["RXLDPC" "SHORT-GI-80" "TX-STBC-2BY1" "RX-ANTENNA-PATTERN" "TX-ANTENNA-PATTERN" "RX-STBC-1" "MAX-MPDU-11454" "MAX-A-MPDU-LEN-EXP7"];
+ ssid = "TurrisRules5";
+ wpa = true;
+ wpaPassphrase = "@PASS_TURRIS_RULES@";
+ bss = {
+ "wlp1s0host" = {
+ ssid = "KocoviGuest";
+ wpa = true;
+ wpaPassphrase = "@PASS_KOCOVI@";
+ };
};
};
};
diff --git a/nixos/machine/spt-omnia.nix b/nixos/machine/spt-omnia.nix
index 4cb80c4..d2c4a96 100644
--- a/nixos/machine/spt-omnia.nix
+++ b/nixos/machine/spt-omnia.nix
@@ -9,17 +9,40 @@ with lib;
openvpn.oldpersonal = true;
};
+ networking = {
+ # TODO we need vlan filtering to filter out guest network
+ bridges = {
+ brlan = {
+ interfaces = [
+ "lan0" "lan1" "lan2" "lan3" "lan4"
+ ];
+ };
+ #brguest = {
+ # interfaces = [
+ # "brlan.2" #"mlan0host" "wlp1s0host"
+ # ];
+ #};
+ };
+ interfaces.brlan = {
+ ipv4 = {
+ addresses = [{
+ address = config.cynerd.hosts.spt.omnia;
+ prefixLength = 24;
+ }];
+ };
+ };
+ nameservers = [ "127.0.0.1" "1.1.1.1" "8.8.8.8" ];
+ dhcpcd.allowInterfaces = [ "eth2" ];
+ };
+
services.syncthing = {
enable = true;
- #user = mkDefault "cynerd";
- #group = mkDefault "cynerd";
openDefaultPorts = true;
overrideDevices = false;
overrideFolders = false;
dataDir = "/data";
- configDir = "/srv/syncthing";
};
};
diff --git a/nixos/modules/router.nix b/nixos/modules/router.nix
new file mode 100644
index 0000000..e65ef10
--- /dev/null
+++ b/nixos/modules/router.nix
@@ -0,0 +1,58 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+
+ cnf = config.cynerd.router;
+
+in {
+
+ options = {
+ cynerd.router = {
+ enable = mkOption {
+ type = types.bool;
+ default = false;
+ description = "Enable router support";
+ };
+ wan = mkOption {
+ type = types.string;
+ description = "Interface for the router's WAN";
+ };
+ brlan = mkOption {
+ type = types.string;
+ default = "brlan";
+ description = "LAN interface (commonly some bridge)";
+ };
+ # TODO IP range and so on
+ };
+ };
+
+ config = mkIf cnf {
+
+ # TODO firewall NAT
+ networking = {
+
+ };
+
+ services.dhcpd4 = {
+ enable = true;
+ authoritative = true;
+ interfaces = [ "brlan" ];
+ extraConfig = ''
+ '';
+ };
+
+ services.dhcpd6 = {
+ enable = true;
+ authoritative = true;
+ interfaces = [ "brlan" ];
+ extraConfig = ''
+ '';
+ };
+
+ services.kresd = {
+ enable = true;
+ };
+
+ };
+}