aboutsummaryrefslogtreecommitdiff
path: root/nixos
diff options
context:
space:
mode:
authorKarel Kočí <cynerd@email.cz>2024-07-18 09:01:49 +0200
committerKarel Kočí <cynerd@email.cz>2024-07-18 09:01:49 +0200
commita184ad849f060dd24840ddc3d3dd61ade12d1980 (patch)
tree661d3ad8933fcdf186aeb293fe529379fd0472b5 /nixos
parent632f8c5cc19be6d7ccd975f825d534627d0cbeff (diff)
downloadnixos-personal-a184ad849f060dd24840ddc3d3dd61ade12d1980.tar.gz
nixos-personal-a184ad849f060dd24840ddc3d3dd61ade12d1980.tar.bz2
nixos-personal-a184ad849f060dd24840ddc3d3dd61ade12d1980.zip
nixos: update adm-omnia setup for deployment
Diffstat (limited to 'nixos')
-rw-r--r--nixos/configurations/adm-omnia.nix88
-rw-r--r--nixos/modules/hosts.nix1
-rw-r--r--nixos/modules/router.nix14
-rw-r--r--nixos/modules/wifi-spt.nix8
4 files changed, 86 insertions, 25 deletions
diff --git a/nixos/configurations/adm-omnia.nix b/nixos/configurations/adm-omnia.nix
index dad595b..069dfb0 100644
--- a/nixos/configurations/adm-omnia.nix
+++ b/nixos/configurations/adm-omnia.nix
@@ -1,35 +1,77 @@
-{config, ...}: {
+{config, ...}: let
+ hosts = config.cynerd.hosts.adm;
+in {
turris.board = "omnia";
+ deploy = {
+ enable = false;
+ ssh.host = "omnia.adm";
+ };
cynerd = {
router = {
enable = true;
wan = "pppoe-wan";
- lanIP = config.cynerd.hosts.adm.omnia;
+ lanIP = hosts.omnia;
+ staticLeases = {
+ "70:85:c2:4a:59:f2" = hosts.ridcully;
+ "7c:b0:c2:bb:9c:ca" = hosts.albert;
+ "4c:d5:77:0d:85:d9" = hosts.binky;
+ "b8:27:eb:49:54:5a" = hosts.mpd;
+ };
+ guestStaticLeases = {
+ "f4:a9:97:a4:bd:59" = hosts.printer;
+ };
};
wifiAP.adm = {
- enable = true;
- ar9287.interface = "wlp3s0";
- qca988x.interface = "wlp2s0";
+ enable = false;
+ ar9287 = {
+ interface = "wlp1s0";
+ bssids = ["04:f0:21:23:3d:ce" "08:f0:21:23:3d:ce" "0c:f0:21:23:3d:ce"];
+ channel = 11;
+ };
+ qca988x = {
+ interface = "wlp3s0";
+ bssids = ["04:f0:21:24:0b:4e" "08:f0:21:24:0b:4e" "0c:f0:21:24:0b:4e"];
+ channel = 36;
+ };
};
+ wireguard = true;
monitoring.speedtest = true;
};
- networking.useDHCP = false;
+ services.journald.extraConfig = ''
+ SystemMaxUse=8G
+ '';
+
+ services.btrfs.autoScrub = {
+ enable = true;
+ fileSystems = ["/"];
+ };
+
+ networking = {
+ useNetworkd = true;
+ useDHCP = false;
+ };
systemd.network = {
networks = {
- "end2" = {
- matchConfig.Name = "end2";
- #networkConfig = {
- # DHCP = "ipv6";
- # IPv6AcceptRA = "yes";
- # DHCPPrefixDelegation = "yes";
- #};
- #dhcpPrefixDelegationConfig = {
- # UplinkInterface = ":self";
- # SubnetId = 0;
- # Announce = "no";
- #};
+ "pppoe-wan" = {
+ matchConfig.Name = "pppoe-wan";
+ networkConfig = {
+ BindCarrier = "end2";
+ DHCP = "ipv6";
+ IPv6AcceptRA = "no";
+ DHCPPrefixDelegation = "yes";
+ DNS = "1.1.1.1";
+ };
+ dhcpV6Config = {
+ PrefixDelegationHint = "::/56";
+ UseDNS = "no";
+ };
+ dhcpPrefixDelegationConfig = {
+ UplinkInterface = ":self";
+ SubnetId = 0;
+ Announce = "no";
+ };
linkConfig.RequiredForOnline = "routable";
};
"lan-brlan" = {
@@ -43,7 +85,7 @@
{VLAN = 2;}
];
};
- "lan0-guest" = {
+ "lan-guest" = {
matchConfig.Name = "lan0";
networkConfig.Bridge = "brlan";
bridgeVLANs = [
@@ -64,14 +106,18 @@
lcp-echo-interval 1
lcp-echo-failure 5
lcp-echo-adaptive
- +ipv6
defaultroute
defaultroute6
- usepeerdns
+ #usepeerdns
maxfail 1
user O2
password 02
'';
};
systemd.services."pppd-wan".after = ["sys-subsystem-net-devices-end2.device"];
+ # TODO limit NSS clamping to just pppoe-wan
+ networking.firewall.extraForwardRules = ''
+ tcp flags syn tcp option maxseg size set rt mtu comment "Needed for PPPoE to fix IPv4"
+ iifname {"home", "personalvpn", "wg"} oifname {"home", "personalvpn", "wg"} accept
+ '';
}
diff --git a/nixos/modules/hosts.nix b/nixos/modules/hosts.nix
index e7ad76b..f53fd8c 100644
--- a/nixos/modules/hosts.nix
+++ b/nixos/modules/hosts.nix
@@ -64,6 +64,7 @@ in {
"ridcully" = "10.8.3.60";
"3dprint" = "10.8.3.80";
"mpd" = "10.8.3.51";
+ "printer" = "192.168.0.20";
# Portable
"albert" = "10.8.3.61";
"binky" = "10.8.3.63";
diff --git a/nixos/modules/router.nix b/nixos/modules/router.nix
index a658515..cd37d8b 100644
--- a/nixos/modules/router.nix
+++ b/nixos/modules/router.nix
@@ -44,6 +44,14 @@ in {
'';
description = "Mapping of MAC address to IP address";
};
+ guestStaticLeases = mkOption {
+ type = with types; attrsOf str;
+ default = {};
+ example = ''
+ {"xx:xx:xx:xx:xx:xx" = "10.8.1.30";}
+ '';
+ description = "Mapping of MAC address to IP address";
+ };
};
};
@@ -148,6 +156,12 @@ in {
EmitDNS = "yes";
DNS = "192.168.1.1";
};
+ dhcpServerStaticLeases =
+ mapAttrsToList (n: v: {
+ MACAddress = n;
+ Address = v;
+ })
+ cnf.guestStaticLeases;
dhcpPrefixDelegationConfig = {
UplinkInterface = cnf.wan;
SubnetId = 2;
diff --git a/nixos/modules/wifi-spt.nix b/nixos/modules/wifi-spt.nix
index a74440d..d013473 100644
--- a/nixos/modules/wifi-spt.nix
+++ b/nixos/modules/wifi-spt.nix
@@ -140,8 +140,8 @@ in {
networkConfig.Bridge = "brlan";
bridgeVLANs = [
{
- EgressUntagged = 2;
- PVID = 2;
+ EgressUntagged = 2;
+ PVID = 2;
}
];
};
@@ -165,8 +165,8 @@ in {
networkConfig.Bridge = "brlan";
bridgeVLANs = [
{
- EgressUntagged = 2;
- PVID = 2;
+ EgressUntagged = 2;
+ PVID = 2;
}
];
};