aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--flake.lock20
-rw-r--r--nixos/machine/adm-omnia.nix45
-rw-r--r--nixos/machine/adm-omnia2.nix77
-rw-r--r--nixos/machine/spt-omnia.nix83
-rw-r--r--nixos/modules/router.nix20
5 files changed, 148 insertions, 97 deletions
diff --git a/flake.lock b/flake.lock
index 21c8f72..7c24a42 100644
--- a/flake.lock
+++ b/flake.lock
@@ -93,11 +93,11 @@
"nixpkgs-regression": "nixpkgs-regression"
},
"locked": {
- "lastModified": 1674048395,
- "narHash": "sha256-v1Mud0JhcemjfFfZJJr4miviET6DiwkBX2IAezvldNM=",
+ "lastModified": 1674061467,
+ "narHash": "sha256-yvLbQusfeOizDwHFfTRtVwrUU15q2oaeDzImRGxoTs4=",
"owner": "NixOS",
"repo": "nix",
- "rev": "ee1372d2467bba3f40fc849c4a5a9e1d782ee502",
+ "rev": "2513eba46a20578f54fd3ac3cb0d25aeb0d0b310",
"type": "github"
},
"original": {
@@ -251,11 +251,11 @@
]
},
"locked": {
- "lastModified": 1673981871,
- "narHash": "sha256-2PM+UojDHK0CV8m5oKAdumKSImOwcW8qNf81iY4IEbA=",
+ "lastModified": 1674078000,
+ "narHash": "sha256-MJyqqUE6zzgHoNtsozITuenkSeX8l+4xkHiv/XQg+xo=",
"owner": "cynerd",
"repo": "nixturris",
- "rev": "ebe1b615dbd982f6eaf179f09ae3d0e34e184747",
+ "rev": "2c90afe1d4c16020744c1730980e6d2d422dea67",
"type": "github"
},
"original": {
@@ -266,11 +266,11 @@
},
"personal-secret": {
"locked": {
- "lastModified": 1673965615,
- "narHash": "sha256-zTdEymT6KUtiM/yvmb3v7lBBbWKF/6NWDpN2z9qMdBc=",
+ "lastModified": 1674075125,
+ "narHash": "sha256-LUsUUp8dtgLNbUak1EwPUA+XXWGUQ4iYtH3ED//K4BI=",
"ref": "refs/heads/master",
- "rev": "4af47d275942e9d55c2859badea481264d5529f1",
- "revCount": 61,
+ "rev": "50cc85d6ab8f86b0b39216f012b2e0db9633461c",
+ "revCount": 62,
"type": "git",
"url": "ssh://git@cynerd.cz/nixos-personal-secret"
},
diff --git a/nixos/machine/adm-omnia.nix b/nixos/machine/adm-omnia.nix
index c704b58..96e936f 100644
--- a/nixos/machine/adm-omnia.nix
+++ b/nixos/machine/adm-omnia.nix
@@ -9,12 +9,31 @@ with lib; {
cynerd = {
router = {
enable = true;
- wan = "end2";
+ wan = "end2"; # TODO pppoe-wan
lanIP = config.cynerd.hosts.adm.omnia;
};
openvpn.oldpersonal = false;
};
+ # TODO pppd service requires end2 interface
+ services.pppd = {
+ enable = false;
+ peers."wan".config = ''
+ plugin pppoe.so end2
+ ifname pppoe-wan
+ lcp-echo-interval 1
+ lcp-echo-failure 5
+ lcp-echo-adaptive
+ +ipv6
+ defaultroute
+ defaultroute6
+ usepeerdns
+ maxfail 1
+ user O2
+ password 02
+ '';
+ };
+
networking.bridges = {
brlan.interfaces = ["lan0" "lan1" "lan2" "lan3" "lan4"];
};
@@ -23,23 +42,27 @@ with lib; {
enable = true;
environmentFile = "/run/secrets/hostapd.env";
interfaces = {
- "wlp1s0" = {
+ "wlp2s0" = {
countryCode = "CZ";
hwMode = "a";
channel = 36;
ieee80211ac = true;
ht_capab = ["HT40+" "LDPC" "SHORT-GI-20" "SHORT-GI-40" "TX-STBC" "RX-STBC1" "MAX-AMSDU-7935" "DSSS_CCK-40"];
vht_capab = ["RXLDPC" "SHORT-GI-80" "TX-STBC-2BY1" "RX-ANTENNA-PATTERN" "TX-ANTENNA-PATTERN" "RX-STBC-1" "MAX-MPDU-11454" "MAX-A-MPDU-LEN-EXP7"];
- ssid = "TurrisRules5";
+ ssid = "TurrisAdamkovi5";
+ wpa = 2;
+ wpaPassphrase = "@PASS_TURRIS_ADAMKOVI@";
+ bridge = "brlan";
+ };
+ "wlp3s0" = {
+ countryCode = "CZ";
+ hwMode = "g";
+ channel = 7;
+ ht_capab = ["HT40+" "SHORT-GI-20" "SHORT-GI-40" "TX-STBC" "RX-STBC1" "DSSS_CCK-40"];
+ ssid = "TurrisAdamkovi";
wpa = 2;
- wpaPassphrase = "@PASS_TURRIS_RULES@";
- bss = {
- "wlp1s0host" = {
- ssid = "KocoviGuest";
- wpa = 2;
- wpaPassphrase = "@PASS_KOCOVI@";
- };
- };
+ wpaPassphrase = "@PASS_TURRIS_ADAMKOVI@";
+ bridge = "brlan";
};
};
};
diff --git a/nixos/machine/adm-omnia2.nix b/nixos/machine/adm-omnia2.nix
index cf6de9f..3a47a84 100644
--- a/nixos/machine/adm-omnia2.nix
+++ b/nixos/machine/adm-omnia2.nix
@@ -7,48 +7,47 @@
with lib; {
config = {
networking = {
- bridges = {
- brlan = {
- interfaces = [
- "end2"
- "lan0"
- "lan1"
- "lan2"
- "lan3"
- "lan4"
- ];
- };
- };
- localCommands = ''
- ip link set brlan type bridge vlan_filtering 1
- bridge vlan add dev eth2 vid 1 pvid untagged
- bridge vlan add dev eth2 vid 2
- bridge vlan add dev lan0 vid 2 pvid untagged
- bridge vlan add dev lan1 vid 2 pvid untagged
- bridge vlan add dev lan2 vid 2 pvid untagged
- bridge vlan add dev lan3 vid 2 pvid untagged
- bridge vlan add dev lan4 vid 1 pvid untagged
- bridge vlan add dev lan4 vid 2
- '';
- vlans = {
- "lan" = {
- id = 1;
- interface = "brlan";
+ bridges.brlan.interfaces = [
+ "end2" "lan0" "lan1" "lan2" "lan3" "lan4"
+ ];
+ interfaces.brlan.ipv4.addresses = [
+ {
+ address = config.cynerd.hosts.adm.omnia2;
+ prefixLength = 24;
+ }
+ ];
+ defaultGateway = config.cynerd.hosts.adm.omnia;
+ nameservers = ["1.1.1.1" "8.8.8.8"];
+ dhcpcd.allowInterfaces = ["lan"];
+ };
+
+ networking.wirelessAP = {
+ enable = true;
+ environmentFile = "/run/secrets/hostapd.env";
+ interfaces = {
+ "wlp2s0" = {
+ countryCode = "CZ";
+ hwMode = "a";
+ channel = 36;
+ ieee80211ac = true;
+ ht_capab = ["HT40+" "LDPC" "SHORT-GI-20" "SHORT-GI-40" "TX-STBC" "RX-STBC1" "MAX-AMSDU-7935" "DSSS_CCK-40"];
+ vht_capab = ["RXLDPC" "SHORT-GI-80" "TX-STBC-2BY1" "RX-ANTENNA-PATTERN" "TX-ANTENNA-PATTERN" "RX-STBC-1" "MAX-MPDU-11454" "MAX-A-MPDU-LEN-EXP7"];
+ ssid = "TurrisAdamkovi5";
+ wpa = 2;
+ wpaPassphrase = "@PASS_TURRIS_ADAMKOVI@";
+ bridge = "brlan";
};
- };
- interfaces.lan = {
- ipv4 = {
- addresses = [
- {
- address = config.cynerd.hosts.adm.omnia2;
- prefixLength = 24;
- }
- ];
+ "wlp3s0" = {
+ countryCode = "CZ";
+ hwMode = "g";
+ channel = 7;
+ ht_capab = ["HT40+" "SHORT-GI-20" "SHORT-GI-40" "TX-STBC" "RX-STBC1" "DSSS_CCK-40"];
+ ssid = "TurrisAdamkovi";
+ wpa = 2;
+ wpaPassphrase = "@PASS_TURRIS_ADAMKOVI@";
+ bridge = "brlan";
};
};
- defaultGateway = config.cynerd.hosts.adm.omnia;
- nameservers = [config.cynerd.hosts.adm.omnia "1.1.1.1" "8.8.8.8"];
- dhcpcd.allowInterfaces = ["lan"];
};
};
}
diff --git a/nixos/machine/spt-omnia.nix b/nixos/machine/spt-omnia.nix
index 6db1f7b..0c14e8c 100644
--- a/nixos/machine/spt-omnia.nix
+++ b/nixos/machine/spt-omnia.nix
@@ -7,39 +7,68 @@
with lib; {
config = {
cynerd = {
+ router = {
+ enable = true;
+ wan = "pppoe-wan";
+ lanIP = config.cynerd.hosts.spt.omnia;
+ };
openvpn.oldpersonal = true;
};
- networking = {
- # TODO we need vlan filtering to filter out guest network
- bridges = {
- brlan = {
- interfaces = [
- "lan0"
- "lan1"
- "lan2"
- "lan3"
- "lan4"
- ];
+ networking.vlan."end2.848" = {
+ id = "848";
+ interface = "end2";
+ };
+ # TODO pppd service requires end2.848 interface
+ services.pppd = {
+ enable = true;
+ peers."wan".config = ''
+ plugin pppoe.so end2.848
+ ifname pppoe-wan
+ lcp-echo-interval 1
+ lcp-echo-failure 5
+ lcp-echo-adaptive
+ +ipv6
+ defaultroute
+ defaultroute6
+ usepeerdns
+ maxfail 1
+ user metronet
+ password metronet
+ '';
+ };
+
+ networking.bridges = {
+ brlan.interfaces = ["lan0" "lan1" "lan2" "lan3" "lan4"];
+ };
+
+ networking.wirelessAP = {
+ enable = true;
+ environmentFile = "/run/secrets/hostapd.env";
+ interfaces = {
+ "wlp2s0" = {
+ countryCode = "CZ";
+ hwMode = "a";
+ channel = 36;
+ ieee80211ac = true;
+ ht_capab = ["HT40+" "LDPC" "SHORT-GI-20" "SHORT-GI-40" "TX-STBC" "RX-STBC1" "MAX-AMSDU-7935" "DSSS_CCK-40"];
+ vht_capab = ["RXLDPC" "SHORT-GI-80" "TX-STBC-2BY1" "RX-ANTENNA-PATTERN" "TX-ANTENNA-PATTERN" "RX-STBC-1" "MAX-MPDU-11454" "MAX-A-MPDU-LEN-EXP7"];
+ ssid = "TurrisRules5";
+ wpa = 2;
+ wpaPassphrase = "@PASS_TURRIS_RULES@";
+ bridge = "brlan";
};
- #brguest = {
- # interfaces = [
- # "brlan.2" #"mlan0host" "wlp1s0host"
- # ];
- #};
- };
- interfaces.brlan = {
- ipv4 = {
- addresses = [
- {
- address = config.cynerd.hosts.spt.omnia;
- prefixLength = 24;
- }
- ];
+ "wlp3s0" = {
+ countryCode = "CZ";
+ hwMode = "g";
+ channel = 7;
+ ht_capab = ["HT40+" "SHORT-GI-20" "SHORT-GI-40" "TX-STBC" "RX-STBC1" "DSSS_CCK-40"];
+ ssid = "TurrisRules";
+ wpa = 2;
+ wpaPassphrase = "@PASS_TURRIS_RULES@";
+ bridge = "brlan";
};
};
- nameservers = ["127.0.0.1" "1.1.1.1" "8.8.8.8"];
- dhcpcd.allowInterfaces = ["end2"];
};
services.syncthing = {
diff --git a/nixos/modules/router.nix b/nixos/modules/router.nix
index cd7841e..e149633 100644
--- a/nixos/modules/router.nix
+++ b/nixos/modules/router.nix
@@ -47,15 +47,14 @@ in {
config = mkIf cnf.enable {
networking = {
- interfaces."${cnf.brlan}" = {
- ipv4.addresses = [
- {
- address = cnf.lanIP;
- prefixLength = cnf.lanPrefix;
- }
- ];
- };
+ interfaces."${cnf.brlan}".ipv4.addresses = [
+ {
+ address = cnf.lanIP;
+ prefixLength = cnf.lanPrefix;
+ }
+ ];
nat = {
+ enable = true;
externalInterface = cnf.wan;
internalInterfaces = [cnf.brlan];
};
@@ -68,7 +67,7 @@ in {
authoritative = true;
interfaces = [cnf.brlan];
extraConfig = ''
- option domain-name-servers 1.1.1.1 8.8.8.8;
+ option domain-name-servers 1.1.1.1, 8.8.8.8;
subnet ${ipv4.prefix2ip cnf.lanIP cnf.lanPrefix} netmask ${ipv4.prefix2netmask cnf.lanPrefix} {
range ${
ipv4.ipAdd cnf.lanIP cnf.lanPrefix cnf.dynIPStart
@@ -83,7 +82,8 @@ in {
};
services.dhcpd6 = {
- enable = true;
+ # TODO
+ enable = false;
authoritative = true;
interfaces = [cnf.brlan];
extraConfig = ''
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-22 16:11:41 +0000