diff options
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/configurations/adm-omnia.nix | 1 | ||||
| -rw-r--r-- | nixos/configurations/dean.nix | 14 | ||||
| -rw-r--r-- | nixos/configurations/errol.nix | 40 | ||||
| -rw-r--r-- | nixos/configurations/lipwig.nix | 37 | ||||
| -rw-r--r-- | nixos/configurations/ridcully.nix | 10 | ||||
| -rw-r--r-- | nixos/configurations/spt-mox.nix | 31 | ||||
| -rw-r--r-- | nixos/configurations/spt-mox2.nix | 16 | ||||
| -rw-r--r-- | nixos/configurations/spt-omnia.nix | 56 | ||||
| -rw-r--r-- | nixos/configurations/zd-mox.nix | 128 | ||||
| -rw-r--r-- | nixos/modules/desktop.nix | 10 | ||||
| -rw-r--r-- | nixos/modules/develop.nix | 3 | ||||
| -rw-r--r-- | nixos/modules/gaming.nix | 9 | ||||
| -rw-r--r-- | nixos/modules/generic.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/homeassistant.nix | 57 | ||||
| -rw-r--r-- | nixos/modules/hosts.nix | 23 | ||||
| -rw-r--r-- | nixos/modules/packages.nix | 1 | ||||
| -rw-r--r-- | nixos/modules/wifi-zd.nix | 137 |
17 files changed, 423 insertions, 152 deletions
diff --git a/nixos/configurations/adm-omnia.nix b/nixos/configurations/adm-omnia.nix index 55ee733..2b80bbc 100644 --- a/nixos/configurations/adm-omnia.nix +++ b/nixos/configurations/adm-omnia.nix @@ -15,7 +15,6 @@ in { wan = "pppoe-wan"; lanIP = hosts.omnia; staticLeases = { - "70:85:c2:4a:59:f2" = hosts.ridcully; "7c:b0:c2:bb:9c:ca" = hosts.albert; "4c:d5:77:0d:85:d9" = hosts.binky; "b8:27:eb:49:54:5a" = hosts.mpd; diff --git a/nixos/configurations/dean.nix b/nixos/configurations/dean.nix index dfb03e1..a95d9f1 100644 --- a/nixos/configurations/dean.nix +++ b/nixos/configurations/dean.nix @@ -11,6 +11,20 @@ }; }; + boot.initrd.availableKernelModules = ["dm-mod"]; + + hardware.enableAllFirmware = false; # No wifi so we do not need firmwares + services = { + journald.extraConfig = '' + SystemMaxUse=512M + ''; + + btrfs.autoScrub = { + enable = true; + fileSystems = ["/"]; + }; + }; + networking = { useNetworkd = true; useDHCP = false; diff --git a/nixos/configurations/errol.nix b/nixos/configurations/errol.nix index f986631..defacf3 100644 --- a/nixos/configurations/errol.nix +++ b/nixos/configurations/errol.nix @@ -1,11 +1,4 @@ -{ - config, - lib, - pkgs, - ... -}: let - inherit (lib) mkDefault; -in { +{pkgs, ...}: { system.stateVersion = "24.05"; nixpkgs.hostPlatform.system = "x86_64-linux"; deploy.enable = true; @@ -96,36 +89,5 @@ in { enable = true; dataDir = "/home/cynerd"; }; - - home-assistant = { - enable = true; - openFirewall = true; - configDir = "/var/lib/hass"; - config = { - homeassistant = { - name = "SPT"; - latitude = "!secret latitude"; - longitude = "!secret longitude"; - elevation = "!secret elevation"; - time_zone = "Europe/Prague"; - country = "CZ"; - }; - http.server_port = 8808; - mqtt = { - sensor = import ../home-assistant/sensors.nix; - light = import ../home-assistant/light.nix; - }; - default_config = {}; - automation = "!include automations.yaml"; - }; - extraComponents = ["met"]; - package = pkgs.home-assistant.override { - extraPackages = pkgs: - with pkgs; [ - securetar - pyipp - ]; - }; - }; }; } diff --git a/nixos/configurations/lipwig.nix b/nixos/configurations/lipwig.nix index 5855b6d..2f5e242 100644 --- a/nixos/configurations/lipwig.nix +++ b/nixos/configurations/lipwig.nix @@ -107,10 +107,6 @@ forceSSL = true; useACMEHost = "cynerd.cz"; }; - "office.cynerd.cz" = { - forceSSL = true; - useACMEHost = "cynerd.cz"; - }; "grafana.cynerd.cz" = { forceSSL = true; useACMEHost = "cynerd.cz"; @@ -245,9 +241,9 @@ forms groupfolders impersonate + maps memories notes - onlyoffice phonetrack previewgenerator spreed @@ -255,15 +251,20 @@ twofactor_webauthn ; # Additional modules can be fetched with: - # NEXTCLOUD_VERSIONS=30 nix run nixpkgs#nc4nix -- -apps "passwords,money,integration_github,integration_gitlab" + # NEXTCLOUD_VERSIONS=31 nix run nixpkgs#nc4nix -- -apps "passwords,money,integration_github,integration_gitlab" + fileslibreofficeedit = pkgs.fetchNextcloudApp { + url = "https://github.com/allotropia/nextcloud_files_libreoffice_edit/releases/download/v2.0.1/fileslibreofficeedit.tar.gz"; + hash = "sha256-Xqx5snQWintYJG3Q1Crw22TkNw18DdADXkurMQqt3X8="; + license = "agpl3Plus"; + }; integration_github = pkgs.fetchNextcloudApp { - url = "https://github.com/nextcloud-releases/integration_github/releases/download/v3.1.1/integration_github-v3.1.1.tar.gz"; - hash = "sha256-nm463H33WyXTJkb7+OSsunARNuSl5nc3uGClgwkVvhM="; + url = "https://github.com/nextcloud-releases/integration_github/releases/download/v3.2.1/integration_github-v3.2.1.tar.gz"; + hash = "sha256-iBWphFaXmQHNxgoi9qkfV7vCTChwtk6yg0aVr9Lhn4c="; license = "agpl3Plus"; }; integration_gitlab = pkgs.fetchNextcloudApp { - url = "https://github.com/nextcloud-releases/integration_gitlab/releases/download/v3.1.2/integration_gitlab-v3.1.2.tar.gz"; - hash = "sha256-nCH0DqYmr4T856sOU5PhSK6WAHIF9mnYThgytxEbkNA="; + url = "https://github.com/nextcloud-releases/integration_gitlab/releases/download/v3.2.0/integration_gitlab-v3.2.0.tar.gz"; + hash = "sha256-BDDuqQIDV3pn1mYutjA7Z3L2nib2wW6DlZgyqU46f8Q="; license = "agpl3Plus"; }; money = pkgs.fetchNextcloudApp { @@ -272,22 +273,12 @@ license = "agpl3Plus"; }; passwords = pkgs.fetchNextcloudApp { - url = "https://git.mdns.eu/api/v4/projects/45/packages/generic/passwords/2025.5.1/passwords.tar.gz"; - hash = "sha256-v4IVpqbTN3TKORESFX+sJsiSrLkUc0b5Stj8CmznSIw="; - license = "agpl3Plus"; - }; - maps = pkgs.fetchNextcloudApp { - url = "https://github.com/nextcloud/maps/releases/download/v1.6.0-3-nightly/maps-1.6.0-3-nightly.tar.gz"; - hash = "sha256-E0S/CwXyye19lcuiONEQCyHJqlL0ZG1A9Q7oOTEZH1g="; + url = "https://git.mdns.eu/api/v4/projects/45/packages/generic/passwords/2025.7.0/passwords.tar.gz"; + hash = "sha256-SVItAtFRO/CbZ203ZS86inCZ+ZpGy0NUS3y2Xj1b+LI="; license = "agpl3Plus"; }; }; }; - # OnlyOffice ############################################################### - services.onlyoffice = { - enable = true; - hostname = "office.cynerd.cz"; - }; # Postgresql ############################################################### services.postgresql = { @@ -370,7 +361,7 @@ } ]; }; - runInUwsgi = true; + configureUwsgi = true; uwsgiConfig = { socket = "/run/searx/searx.sock"; chmod-socket = "660"; diff --git a/nixos/configurations/ridcully.nix b/nixos/configurations/ridcully.nix index 0b2705c..3dd9beb 100644 --- a/nixos/configurations/ridcully.nix +++ b/nixos/configurations/ridcully.nix @@ -1,10 +1,4 @@ -{ - lib, - pkgs, - ... -}: let - inherit (lib) mkDefault; -in { +{pkgs, ...}: { system.stateVersion = "24.05"; nixpkgs.hostPlatform.system = "x86_64-linux"; deploy.enable = true; @@ -79,5 +73,5 @@ in { }; # Force nix to use less jobs - nix.settings.max-jobs = 8; + nix.settings.max-jobs = 4; } diff --git a/nixos/configurations/spt-mox.nix b/nixos/configurations/spt-mox.nix index 8a842b7..4dfa2c8 100644 --- a/nixos/configurations/spt-mox.nix +++ b/nixos/configurations/spt-mox.nix @@ -28,13 +28,17 @@ }; }; - services.journald.extraConfig = '' - SystemMaxUse=512M - ''; + boot.initrd.availableKernelModules = ["dm-mod"]; - services.btrfs.autoScrub = { - enable = true; - fileSystems = ["/"]; + services = { + journald.extraConfig = '' + SystemMaxUse=512M + ''; + + btrfs.autoScrub = { + enable = true; + fileSystems = ["/"]; + }; }; networking = { @@ -73,25 +77,10 @@ acl = ["read bigclown/node/#"]; passwordFile = "/run/secrets/mosquitto.telegraf.pass"; }; - homeassistant = { - acl = [ - "readwrite homeassistant/#" - "readwrite bigclown/#" - "readwrite zigbee2mqtt/#" - ]; - passwordFile = "/run/secrets/mosquitto.homeassistant.pass"; - }; bigclown = { acl = ["readwrite bigclown/#"]; passwordFile = "/run/secrets/mosquitto.bigclown.pass"; }; - zigbee2mqtt = { - acl = [ - "readwrite homeassistant/#" - "readwrite zigbee2mqtt/#" - ]; - passwordFile = "/run/secrets/mosquitto.zigbee2mqtt.pass"; - }; }; } ]; diff --git a/nixos/configurations/spt-mox2.nix b/nixos/configurations/spt-mox2.nix index fd2c074..2e76449 100644 --- a/nixos/configurations/spt-mox2.nix +++ b/nixos/configurations/spt-mox2.nix @@ -23,13 +23,17 @@ }; }; - services.journald.extraConfig = '' - SystemMaxUse=512M - ''; + boot.initrd.availableKernelModules = ["dm-mod"]; - services.btrfs.autoScrub = { - enable = true; - fileSystems = ["/"]; + services = { + journald.extraConfig = '' + SystemMaxUse=512M + ''; + + btrfs.autoScrub = { + enable = true; + fileSystems = ["/"]; + }; }; networking = { diff --git a/nixos/configurations/spt-omnia.nix b/nixos/configurations/spt-omnia.nix index 1809b2a..8449f0d 100644 --- a/nixos/configurations/spt-omnia.nix +++ b/nixos/configurations/spt-omnia.nix @@ -15,6 +15,7 @@ in { lanIP = hosts.omnia; staticLeases = { "a8:a1:59:10:32:c4" = hosts.errol; + "70:85:c2:4a:59:f2" = hosts.ridcully; "7c:b0:c2:bb:9c:ca" = hosts.albert; "4c:d5:77:0d:85:d9" = hosts.binky; "b8:27:eb:57:a2:31" = hosts.mpd; @@ -38,18 +39,20 @@ in { monitoring.speedtest = true; }; - services.journald.extraConfig = '' - SystemMaxUse=8G - ''; + services = { + journald.extraConfig = '' + SystemMaxUse=8G + ''; - services.btrfs.autoScrub = { - enable = true; - fileSystems = ["/"]; - }; + btrfs.autoScrub = { + enable = true; + fileSystems = ["/"]; + }; - services.fail2ban = { - enable = true; - ignoreIP = ["10.8.1.0/24" "10.8.2.0/24"]; + fail2ban = { + enable = true; + ignoreIP = ["10.8.1.0/24" "10.8.2.0/24"]; + }; }; networking.useDHCP = false; @@ -133,32 +136,11 @@ in { ''; ############################################################################## - services = { - zigbee2mqtt = { - enable = true; - settings = { - serial.port = "/dev/serial/by-id/usb-ITEAD_SONOFF_Zigbee_3.0_USB_Dongle_Plus_V2_20220812153849-if00"; - mqtt = { - server = "mqtt://${config.cynerd.hosts.spt.mox}:1883"; - user = "zigbee2mqtt"; - password = "!secret.yaml mqtt_password"; - }; - advanced = { - network_key = "!secret.yaml network_key"; - homeassistant_legacy_entity_attributes = false; - legacy_api = false; - legacy_availability_payload = false; - last_seen = "epoch"; - }; - frontend = true; - availability = true; - homeassistant = { - legacy_triggers = false; - }; - device_options.legacy = false; - permit_join = false; - devices = config.secrets.zigbee2mqttDevices; - }; - }; + cynerd.ha = { + enable = true; + domain = "spt.cynerd.cz"; + extraOptions = [ + "--device=/dev/serial/by-id/usb-ITEAD_SONOFF_Zigbee_3.0_USB_Dongle_Plus_V2_20220812153849-if00:/dev/ttyACM0" + ]; }; } diff --git a/nixos/configurations/zd-mox.nix b/nixos/configurations/zd-mox.nix new file mode 100644 index 0000000..a6f327c --- /dev/null +++ b/nixos/configurations/zd-mox.nix @@ -0,0 +1,128 @@ +{config, ...}: let + hosts = config.cynerd.hosts.zd; +in { + system.stateVersion = "25.05"; + turris.board = "mox"; + deploy = { + enable = true; + ssh.host = "zd.cynerd.cz"; + }; + + cynerd = { + router = { + enable = true; + wan = "pppoe-wan"; + lanIP = hosts.mox; + staticLeases = { + "4c:d5:77:0d:85:d9" = hosts.binky; + }; + }; + wifiAP.zd = { + enable = false; + qca988x = { + interface = "wlp1s0"; + bssids = config.secrets.wifiMacs.zd-mox.qca988x; + channel = 36; + }; + }; + wireguard = true; + monitoring.speedtest = true; + }; + + boot.initrd.availableKernelModules = ["dm-mod"]; + + services = { + journald.extraConfig = '' + SystemMaxUse=512M + ''; + + btrfs.autoScrub = { + enable = true; + fileSystems = ["/"]; + }; + + fail2ban = { + enable = true; + ignoreIP = ["10.8.0.0/24" "10.8.1.0/24" "10.8.2.0/24"]; + }; + }; + + networking.useDHCP = false; + systemd.network = { + netdevs = { + "end2.848" = { + netdevConfig = { + Kind = "vlan"; + Name = "end2.848"; + }; + vlanConfig.Id = 848; + }; + }; + networks = { + "end2" = { + matchConfig.Name = "end2"; + networkConfig.VLAN = ["end2.848"]; + }; + "end2.848" = { + matchConfig.Name = "end2.848"; + networkConfig.BindCarrier = "end2"; + }; + "pppoe-wan" = { + matchConfig.Name = "pppoe-wan"; + networkConfig = { + BindCarrier = "end2.848"; + DHCP = "ipv6"; + IPv6AcceptRA = "no"; + DHCPPrefixDelegation = "yes"; + #DNS = ["84.19.64.3" "84.19.64.4" "1.1.1.1"]; + DNS = "1.1.1.1"; + }; + dhcpV6Config = { + PrefixDelegationHint = "::/56"; + UseDNS = "no"; + }; + dhcpPrefixDelegationConfig = { + UplinkInterface = ":self"; + SubnetId = 0; + Announce = "no"; + }; + linkConfig.RequiredForOnline = "routable"; + }; + "lan-brlan" = { + matchConfig.Name = "lan*"; + networkConfig.Bridge = "brlan"; + bridgeVLANs = [ + { + EgressUntagged = 1; + PVID = 1; + } + {VLAN = 2;} + ]; + }; + }; + }; + + services.pppd = { + enable = true; + peers."wan".config = '' + plugin pppoe.so end2.848 + ifname pppoe-wan + lcp-echo-interval 1 + lcp-echo-failure 5 + lcp-echo-adaptive + defaultroute + defaultroute6 + maxfail 1 + # user and password added in secrets + ''; + }; + systemd.services."pppd-wan" = { + after = ["sys-subsystem-net-devices-end2.848.device"]; + partOf = ["systemd-networkd.service"]; + }; + # TODO limit NSS clamping to just pppoe-wan + networking.firewall.extraForwardRules = '' + tcp flags syn tcp option maxseg size set rt mtu comment "Needed for PPPoE to fix IPv4" + iifname {"home", "wg"} oifname {"home", "wg"} accept + ''; +} diff --git a/nixos/modules/desktop.nix b/nixos/modules/desktop.nix index dfc9777..05a7b7b 100644 --- a/nixos/modules/desktop.nix +++ b/nixos/modules/desktop.nix @@ -69,7 +69,6 @@ in { isync msmtp notmuch - astroid dodo taskwarrior3 gnupg @@ -81,14 +80,19 @@ in { ])) chromium + tangram ferdium signal-desktop - libreoffice - onlyoffice-desktopeditors mupdf zathura pdfgrep + libreoffice-qt6-fresh + hunspell + hunspellDicts.en_US-large + hunspellDicts.en_GB-large + hunspellDicts.cs_CZ + xdg-utils xdg-launch mesa-demos diff --git a/nixos/modules/develop.nix b/nixos/modules/develop.nix index 6444473..4973a92 100644 --- a/nixos/modules/develop.nix +++ b/nixos/modules/develop.nix @@ -112,6 +112,9 @@ in { pylxd selenium + + pyvisa + pyvisa-py ])) ruff geckodriver diff --git a/nixos/modules/gaming.nix b/nixos/modules/gaming.nix index 6dce70d..4f957ed 100644 --- a/nixos/modules/gaming.nix +++ b/nixos/modules/gaming.nix @@ -18,7 +18,10 @@ in { config = mkIf cnf { cynerd.desktop.enable = true; - environment.systemPackages = [pkgs.heroic]; + environment.systemPackages = with pkgs; [ + heroic + prismlauncher + ]; nixpkgs.config.permittedInsecurePackages = [ "SDL_ttf-2.0.11" # TODO @@ -35,7 +38,7 @@ in { with pkgs; [ ncurses xorg.libXpm - #flac134 + flac134 libopus ]; }; @@ -44,7 +47,7 @@ in { with pkgs; [ ncurses xorg.libXpm - #flac134 + flac134 # For Nebuchadnezzar libopus SDL SDL2_image diff --git a/nixos/modules/generic.nix b/nixos/modules/generic.nix index e029058..e6e96a4 100644 --- a/nixos/modules/generic.nix +++ b/nixos/modules/generic.nix @@ -37,7 +37,7 @@ in { kernelPackages = mkOverride 1100 pkgs.linuxPackages_latest; kernelParams = ["boot.shell_on_fail"]; }; - hardware.enableAllFirmware = true; + hardware.enableAllFirmware = mkDefault true; services.fwupd.enable = mkDefault (pkgs.system == "x86_64-linux"); systemd.oomd.enable = false; diff --git a/nixos/modules/homeassistant.nix b/nixos/modules/homeassistant.nix new file mode 100644 index 0000000..f7ebe9c --- /dev/null +++ b/nixos/modules/homeassistant.nix @@ -0,0 +1,57 @@ +{ + config, + lib, + ... +}: let + inherit (lib) mkOption mkEnableOption types mkIf; + cnf = config.cynerd.ha; +in { + options.cynerd.ha = { + enable = mkEnableOption "Home assistant setup on the primary router."; + domain = mkOption { + type = with types; str; + description = "The domain name of the system."; + }; + extraOptions = mkOption { + type = with types; listOf str; + default = []; + description = "Extra options passed to the container."; + }; + }; + + config = mkIf cnf.enable { + virtualisation.oci-containers = { + backend = "podman"; + containers.homeassistant = { + volumes = ["home-assistant:/config" "/run/dbus:/run/dbus:ro"]; + environment.TZ = "Europe/Prague"; + image = "ghcr.io/home-assistant/armv7-homeassistant:latest"; + extraOptions = + ["--privileged" "--network=host"] + ++ cnf.extraOptions; + }; + }; + + services.nginx = { + enable = true; + virtualHosts = { + "${cnf.domain}" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://localhost:8123"; + proxyWebsockets = true; + recommendedProxySettings = true; + }; + }; + }; + }; + security.acme = { + acceptTerms = true; + defaults.email = "cynerd+acme@email.cz"; + certs."${cnf.domain}" = {}; + }; + + networking.firewall.allowedTCPPorts = [80 443]; + }; +} diff --git a/nixos/modules/hosts.nix b/nixos/modules/hosts.nix index 4b358b8..9affe19 100644 --- a/nixos/modules/hosts.nix +++ b/nixos/modules/hosts.nix @@ -19,7 +19,7 @@ in { default = true; description = "Use my personal static hosts"; }; - vpn = staticZoneOption; + zd = staticZoneOption; wg = staticZoneOption; spt = staticZoneOption; adm = staticZoneOption; @@ -28,9 +28,10 @@ in { config = { cynerd.hosts = { - vpn = { - "lipwig" = "10.8.0.1"; - "adm-omnia" = "10.8.0.51"; + zd = { + "mox" = "10.8.0.1"; + # Portable + "binky" = "10.8.0.63"; }; wg = { "lipwig" = "10.8.1.1"; @@ -40,6 +41,7 @@ in { # Endpoints "spt-omnia" = "10.8.1.50"; "adm-omnia" = "10.8.1.51"; + "zd-mox" = "10.8.1.52"; # Endpoints without routing "dean" = "10.8.1.59"; }; @@ -51,6 +53,7 @@ in { # Local "mpd" = "10.8.2.51"; "errol" = "10.8.2.60"; + "ridcully" = "10.8.2.59"; "printer" = "10.8.2.90"; # Portable "albert" = "10.8.2.61"; @@ -61,7 +64,6 @@ in { "omnia" = "10.8.3.1"; "omnia2" = "10.8.3.3"; # Local - "ridcully" = "10.8.3.60"; "3dprint" = "10.8.3.80"; "mpd" = "10.8.3.51"; "printer" = "192.168.1.20"; @@ -72,15 +74,16 @@ in { }; networking.hosts = mkIf cnf.enable { - # VPN - "${cnf.vpn.lipwig}" = ["lipwig.vpn"]; - "${cnf.vpn.adm-omnia}" = ["adm.vpn"]; + # Zd + "${cnf.zd.mox}" = ["mox.zd"]; + "${cnf.zd.binky}" = ["binky.zd"]; # Wireguard "${cnf.wg.lipwig}" = ["lipwig.wg"]; "${cnf.wg.binky}" = ["binky.wg"]; "${cnf.wg.android}" = ["android.wg"]; "${cnf.wg.spt-omnia}" = ["spt.wg"]; "${cnf.wg.adm-omnia}" = ["adm.wg"]; + "${cnf.wg.zd-mox}" = ["zd.wg"]; "${cnf.wg.dean}" = ["dean" "dean.wg"]; # Spt "${cnf.spt.omnia}" = ["omnia.spt"]; @@ -88,14 +91,14 @@ in { "${cnf.spt.mox2}" = ["mox2.spt"]; "10.8.2.4" = ["mi3g.spt"]; "${cnf.spt.mpd}" = ["mpd.spt"]; - "${cnf.spt.errol}" = ["errol" "desktop.spt"]; + "${cnf.spt.errol}" = ["errol"]; + "${cnf.spt.ridcully}" = ["ridcully"]; "${cnf.spt.albert}" = ["albert.spt"]; "${cnf.spt.binky}" = ["binky.spt"]; # Adm "${cnf.adm.omnia}" = ["omnia.adm"]; "10.8.3.2" = ["redmi.adm"]; "${cnf.adm.omnia2}" = ["omnia2.adm"]; - "${cnf.adm.ridcully}" = ["ridcully" "desktop.adm"]; "${cnf.adm.albert}" = ["albert.adm"]; "${cnf.adm.binky}" = ["binky.adm"]; "${cnf.adm."3dprint"}" = ["3dprint"]; diff --git a/nixos/modules/packages.nix b/nixos/modules/packages.nix index 155d8a5..c41e491 100644 --- a/nixos/modules/packages.nix +++ b/nixos/modules/packages.nix @@ -47,6 +47,7 @@ in { tree lsof strace + ripgrep sourceHighlight # Colors for less unrar diff --git a/nixos/modules/wifi-zd.nix b/nixos/modules/wifi-zd.nix new file mode 100644 index 0000000..107fdf4 --- /dev/null +++ b/nixos/modules/wifi-zd.nix @@ -0,0 +1,137 @@ +{ + config, + lib, + ... +}: let + inherit (lib) mkOption mkEnableOption types mkIf mkForce mkMerge hostapd elemAt; + cnf = config.cynerd.wifiAP.zd; + + wifi-networks = name: let + is2g = cnf."${name}".channel <= 14; + in { + "${cnf."${name}".interface}" = { + bssid = elemAt cnf."${name}".bssids 0; + ssid = "UNas${ + if is2g + then "" + else "5" + }"; + authentication = { + mode = "wpa2-sha256"; + wpaPasswordFile = "/run/secrets/hostapd-UNas.pass"; + }; + settings = mkIf is2g { + ieee80211w = 0; + wpa_key_mgmt = mkForce "WPA-PSK"; # force use without sha256 + }; + }; + "${cnf."${name}".interface}.guest" = { + bssid = elemAt cnf."${name}".bssids 1; + ssid = "Koci"; + authentication = { + mode = "wpa2-sha256"; + wpaPasswordFile = "/run/secrets/hostapd-Koci.pass"; + }; + }; + }; + + net-networks = name: { + "lan-${cnf."${name}".interface}" = { + matchConfig = { + Name = cnf."${name}".interface; + WLANInterfaceType = "ap"; + }; + networkConfig.Bridge = "brlan"; + bridgeVLANs = [ + { + EgressUntagged = 1; + PVID = 1; + } + ]; + }; + "lan-${cnf."${name}".interface}-guest" = { + matchConfig.Name = "${cnf."${name}".interface}.guest"; + networkConfig.Bridge = "brlan"; + bridgeVLANs = [ + { + EgressUntagged = 2; + PVID = 2; + } + ]; + }; + }; + + wOptions = card: channelDefault: { + interface = mkOption { + type = with types; nullOr str; + default = null; + description = "Specify interface for ${card}"; + }; + bssids = mkOption { + type = with types; listOf str; + default = []; + description = "BSSIDs for networks."; + }; + channel = mkOption { + type = types.ints.positive; + default = channelDefault; + description = "Channel to be used for ${card}"; + }; + }; +in { + options = { + cynerd.wifiAP.zd = { + enable = mkEnableOption "Enable Wi-Fi Access Point support"; + ar9287 = wOptions "Qualcom Atheros AR9287" 7; + qca988x = wOptions "Qualcom Atheros QCA988x" 36; + }; + }; + + config = mkIf cnf.enable { + # TODO regdom doesn't work for some reason + boot.extraModprobeConfig = '' + options cfg80211 ieee80211_regdom="CZ" + ''; + services.hostapd = { + enable = true; + radios = mkMerge [ + (mkIf (cnf.ar9287.interface != null) { + "${cnf.ar9287.interface}" = { + inherit (cnf.ar9287) channel; + countryCode = "CZ"; + wifi4 = { + enable = true; + inherit (hostapd.qualcomAtherosAR9287.wifi4) capabilities; + }; + networks = wifi-networks "ar9287"; + }; + }) + (mkIf (cnf.qca988x.interface != null) { + "${cnf.qca988x.interface}" = let + is2g = cnf.qca988x.channel <= 14; + in { + inherit (cnf.qca988x) channel; + countryCode = "CZ"; + band = + if is2g + then "2g" + else "5g"; + wifi4 = { + enable = true; + inherit (hostapd.qualcomAtherosQCA988x.wifi4) capabilities; + }; + wifi5 = { + enable = !is2g; + inherit (hostapd.qualcomAtherosQCA988x.wifi5) capabilities; + }; + networks = wifi-networks "qca988x"; + }; + }) + ]; + }; + systemd.network.networks = mkMerge [ + (mkIf (cnf.ar9287.interface != null) (net-networks "ar9287")) + (mkIf (cnf.qca988x.interface != null) (net-networks "qca988x")) + ]; + }; +} |