From c014ef4360ebc9fe23d5abf253141f44a94160ca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= Date: Tue, 20 Feb 2024 21:34:43 +0100 Subject: nixos: merge router to normal modules --- nixos/configurations.nix | 44 +++++------ nixos/default.nix | 3 +- nixos/modules/router.nix | 171 ++++++++++++++++++++++++++++++++++++++++ nixos/modules/switch.nix | 65 ++++++++++++++++ nixos/modules/wifi-adm.nix | 190 +++++++++++++++++++++++++++++++++++++++++++++ nixos/modules/wifi-spt.nix | 171 ++++++++++++++++++++++++++++++++++++++++ nixos/routers/default.nix | 6 -- nixos/routers/router.nix | 171 ---------------------------------------- nixos/routers/switch.nix | 65 ---------------- nixos/routers/wifi-adm.nix | 190 --------------------------------------------- nixos/routers/wifi-spt.nix | 171 ---------------------------------------- 11 files changed, 618 insertions(+), 629 deletions(-) create mode 100644 nixos/modules/router.nix create mode 100644 nixos/modules/switch.nix create mode 100644 nixos/modules/wifi-adm.nix create mode 100644 nixos/modules/wifi-spt.nix delete mode 100644 nixos/routers/default.nix delete mode 100644 nixos/routers/router.nix delete mode 100644 nixos/routers/switch.nix delete mode 100644 nixos/routers/wifi-adm.nix delete mode 100644 nixos/routers/wifi-spt.nix diff --git a/nixos/configurations.nix b/nixos/configurations.nix index 47f6ce2..7d9bc3d 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -1,7 +1,6 @@ -self: -with builtins; -with self.inputs.nixpkgs.lib; let +self: let inherit (self.inputs) nixpkgs nixos-hardware nixturris vpsadminos; + inherit (nixpkgs.lib) optional hasAttr composeManyExtensions; modules = hostname: [ @@ -15,23 +14,19 @@ with self.inputs.nixpkgs.lib; let ] ++ (optional (hasAttr "machine-${hostname}" self.nixosModules) self.nixosModules."machine-${hostname}"); specialArgs = { - lib = nixpkgs.lib.extend (prev: final: import ../lib prev); + lib = nixpkgs.lib.extend (composeManyExtensions [ + nixturris.overlays.lib + (prev: final: import ../lib prev) + ]); }; genericSystem = { - system ? "x86_64-linux", + platform ? {system = "x86_64-linux";}, extra_modules ? [], }: hostname: { ${hostname} = nixturris.lib.addBuildPlatform (nixpkgs.lib.nixosSystem { - inherit system specialArgs; - modules = - (modules hostname) - ++ extra_modules - ++ [ - { - nixpkgs.hostPlatform.system = system; - } - ]; + inherit specialArgs; + modules = (modules hostname) ++ extra_modules ++ [{nixpkgs.hostPlatform = platform;}]; }); }; amd64System = genericSystem {}; @@ -42,7 +37,7 @@ with self.inputs.nixpkgs.lib; let ]; }; raspi2System = genericSystem { - system = "armv7l-linux"; + platform.system = "armv7l-linux"; extra_modules = [ nixos-hardware.nixosModules.raspberry-pi-2 ({pkgs, ...}: { @@ -52,7 +47,7 @@ with self.inputs.nixpkgs.lib; let ]; }; raspi3System = genericSystem { - system = "aarch64-linux"; + platform.system = "aarch64-linux"; extra_modules = [ ({pkgs, ...}: { boot = { @@ -68,7 +63,7 @@ with self.inputs.nixpkgs.lib; let ]; }; beagleboneSystem = genericSystem { - system = "armv7l-linux"; + platform.system = "armv7l-linux"; extra_modules = [ { boot.loader = { @@ -82,10 +77,9 @@ with self.inputs.nixpkgs.lib; let vmSystem = system: hostSystem: genericSystem { - inherit system; + platform.system = system; extra_modules = [ { - nixpkgs.hostPlatform.system = system; boot.loader.systemd-boot.enable = false; virtualisation.qemu.package = self.nixosConfigurations."${hostSystem}".pkgs.qemu; } @@ -95,12 +89,14 @@ with self.inputs.nixpkgs.lib; let armv7lvmSystem = vmSystem "armv7l-linux"; aarch64vmSystem = vmSystem "aarch64-linux"; - turrisSystem = board: hostname: { - ${hostname} = nixturris.lib.nixturrisSystem { - inherit nixpkgs board specialArgs; - modules = [self.nixosModules.defaultRouters] ++ modules hostname; + turrisSystem = board: + genericSystem { + platform = nixturris.lib.boardPlatform.${board}; + extra_modules = [ + nixturris.nixosModules.default + {turris.board = board;} + ]; }; - }; turrisMoxSystem = turrisSystem "mox"; turrisOmniaSystem = turrisSystem "omnia"; in diff --git a/nixos/default.nix b/nixos/default.nix index 90d6b3a..8385b11 100644 --- a/nixos/default.nix +++ b/nixos/default.nix @@ -1,7 +1,6 @@ self: let machines = import ./machine self; modules = import ./modules self; - routers = import ./routers; in modules // machines @@ -9,11 +8,11 @@ in default = { imports = with self.inputs; [ + nixosdeploy.nixosModules.default shellrc.nixosModules.default usbkey.nixosModules.default nixbigclown.nixosModules.default ] ++ builtins.attrValues modules; }; - defaultRouters = {imports = builtins.attrValues routers;}; } diff --git a/nixos/modules/router.nix b/nixos/modules/router.nix new file mode 100644 index 0000000..ed634b1 --- /dev/null +++ b/nixos/modules/router.nix @@ -0,0 +1,171 @@ +{ + config, + lib, + ... +}: let + inherit (lib) mkOption types mkIf mapAttrsToList; + cnf = config.cynerd.router; +in { + options = { + cynerd.router = { + enable = mkOption { + type = types.bool; + default = false; + description = "Enable router support"; + }; + wan = mkOption { + type = types.str; + description = "Interface for the router's WAN"; + }; + lanIP = mkOption { + type = types.str; + description = "LAN IP address"; + }; + dynIPStart = mkOption { + type = types.ints.between 0 256; + default = 100; + description = "Offset for the dynamic IPv4 addresses"; + }; + dynIPCount = mkOption { + type = types.ints.between 0 256; + default = 100; + description = "Number of dynamically assigned IPv4 addresses"; + }; + lanPrefix = mkOption { + type = types.ints.between 0 32; + default = 24; + description = "LAN IP network prefix length"; + }; + staticLeases = mkOption { + type = with types; attrsOf str; + default = {}; + example = '' + {"xx:xx:xx:xx:xx:xx" = "10.8.1.30";} + ''; + description = "Mapping of MAC address to IP address"; + }; + }; + }; + + config = mkIf cnf.enable { + networking = { + useNetworkd = true; + nftables.enable = true; + firewall = { + logRefusedConnections = false; + interfaces = { + "home" = {allowedUDPPorts = [67 68];}; + "guest" = {allowedUDPPorts = [67 68];}; + }; + rejectPackets = true; + filterForward = true; + }; + nat = { + enable = true; + externalInterface = cnf.wan; + internalInterfaces = ["home" "guest"]; + }; + }; + + systemd.network = { + netdevs = { + "brlan" = { + netdevConfig = { + Kind = "bridge"; + Name = "brlan"; + }; + extraConfig = '' + [Bridge] + DefaultPVID=none + VLANFiltering=yes + ''; + }; + "home" = { + netdevConfig = { + Kind = "vlan"; + Name = "home"; + }; + vlanConfig.Id = 1; + }; + "guest" = { + netdevConfig = { + Kind = "vlan"; + Name = "guest"; + }; + vlanConfig.Id = 2; + }; + }; + networks = { + "brlan" = { + matchConfig.Name = "brlan"; + networkConfig.VLAN = ["home" "guest"]; + bridgeVLANs = [ + {bridgeVLANConfig.VLAN = 1;} + {bridgeVLANConfig.VLAN = 2;} + ]; + }; + "home" = { + matchConfig.Name = "home"; + networkConfig = { + Address = "${cnf.lanIP}/${toString cnf.lanPrefix}"; + IPForward = "yes"; + DHCPServer = "yes"; + DHCPPrefixDelegation = "yes"; + IPv6SendRA = "yes"; + IPv6AcceptRA = "no"; + }; + dhcpServerConfig = { + UplinkInterface = cnf.wan; + PoolOffset = cnf.dynIPStart; + PoolSize = cnf.dynIPCount; + EmitDNS = "yes"; + DNS = "1.1.1.1"; + }; + dhcpServerStaticLeases = + mapAttrsToList (n: v: { + dhcpServerStaticLeaseConfig = { + MACAddress = n; + Address = v; + }; + }) + cnf.staticLeases; + dhcpPrefixDelegationConfig = { + UplinkInterface = cnf.wan; + SubnetId = 1; + Announce = "yes"; + }; + }; + "guest" = { + matchConfig.Name = "guest"; + networkConfig = { + Address = "192.168.1.1/24"; + IPForward = "yes"; + DHCPServer = "yes"; + DHCPPrefixDelegation = "yes"; + IPv6SendRA = "yes"; + IPv6AcceptRA = "no"; + }; + dhcpServerConfig = { + UplinkInterface = cnf.wan; + PoolOffset = cnf.dynIPStart; + PoolSize = cnf.dynIPCount; + EmitDNS = "yes"; + DNS = "1.1.1.1"; + }; + dhcpPrefixDelegationConfig = { + UplinkInterface = cnf.wan; + SubnetId = 2; + Announce = "yes"; + }; + }; + }; + wait-online.anyInterface = true; + }; + + services.resolved = { + enable = true; + dnssec = "true"; + fallbackDns = ["1.1.1.1" "8.8.8.8"]; + }; + }; +} diff --git a/nixos/modules/switch.nix b/nixos/modules/switch.nix new file mode 100644 index 0000000..16d57bc --- /dev/null +++ b/nixos/modules/switch.nix @@ -0,0 +1,65 @@ +{ + config, + lib, + ... +}: +with lib; let + cnf = config.cynerd.switch; +in { + options = { + cynerd.switch = { + enable = mkEnableOption "Enable switch support"; + lanAddress = mkOption { + type = types.str; + description = "LAN IP address"; + }; + lanGateway = mkOption { + type = types.str; + description = "LAN IP address of the gateway"; + }; + }; + }; + + config = mkIf cnf.enable { + networking = { + useNetworkd = true; + nftables.enable = true; + }; + + systemd.network = { + netdevs = { + "brlan" = { + netdevConfig = { + Kind = "bridge"; + Name = "brlan"; + }; + extraConfig = '' + [Bridge] + DefaultPVID=none + VLANFiltering=yes + ''; + }; + }; + networks = { + "brlan" = { + matchConfig.Name = "brlan"; + bridgeVLANs = [ + { + bridgeVLANConfig = { + PVID = 1; + EgressUntagged = 1; + }; + } + ]; + networkConfig = { + Address = cnf.lanAddress; + Gateway = cnf.lanGateway; + DNS = "1.1.1.1"; + IPv6AcceptRA = "yes"; + }; + }; + }; + wait-online.anyInterface = true; + }; + }; +} diff --git a/nixos/modules/wifi-adm.nix b/nixos/modules/wifi-adm.nix new file mode 100644 index 0000000..733f167 --- /dev/null +++ b/nixos/modules/wifi-adm.nix @@ -0,0 +1,190 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cnf = config.cynerd.wifiAP.adm; + + wOptions = card: channelDefault: { + interface = mkOption { + type = with types; nullOr str; + default = null; + description = "Specify interface for ${card}"; + }; + bssids = mkOption { + type = with types; listOf str; + default = []; + description = "BSSIDs for networks."; + }; + channel = mkOption { + type = types.ints.positive; + default = channelDefault; + description = "Channel to be used for ${card}"; + }; + }; +in { + options = { + cynerd.wifiAP.adm = { + enable = mkEnableOption "Enable Wi-Fi Access Point support"; + ar9287 = wOptions "Qualcom Atheros AR9287" 7; + qca988x = wOptions "Qualcom Atheros QCA988x" 36; + }; + }; + + config = mkIf cnf.enable { + services.hostapd = { + enable = true; + radios = { + "${cnf.ar9287.interface}" = mkIf (cnf.ar9287.interface != null) { + countryCode = "CZ"; + inherit (cnf.ar9287) channel; + wifi4 = { + enable = true; + inherit (hostapd.qualcomAtherosAR9287.wifi4) capabilities; + }; + networks = { + "${cnf.ar9287.interface}" = { + bssid = elemAt cnf.ar9287.bssids 0; + ssid = "TurrisAdamkovi"; + authentication = { + mode = "wpa2-sha256"; + wpaPasswordFile = "/run/secrets/hostapd-TurrisAdamkovi.pass"; + }; + }; + "${cnf.ar9287.interface}-nela" = { + bssid = elemAt cnf.ar9287.bssids 1; + ssid = "Nela"; + authentication = { + mode = "wpa2-sha256"; + wpaPasswordFile = "/run/secrets/hostapd-Nela.pass"; + }; + }; + "${cnf.ar9287.interface}.milan" = { + bssid = elemAt cnf.ar9287.bssids 2; + ssid = "MILAN-AC"; + authentication = { + mode = "wpa2-sha256"; + wpaPasswordFile = "/run/secrets/hostapd-MILAN-AC.pass"; + }; + }; + }; + }; + "${cnf.qca988x.interface}" = mkIf (cnf.qca988x.interface != null) { + countryCode = "CZ"; + inherit (cnf.qca988x) channel; + band = "5g"; + wifi4 = { + enable = true; + inherit (hostapd.qualcomAtherosQCA988x.wifi4) capabilities; + }; + wifi5 = { + enable = true; + inherit (hostapd.qualcomAtherosQCA988x.wifi5) capabilities; + }; + networks = { + "${cnf.qca988x.interface}" = { + bssid = elemAt cnf.qca988x.bssids 0; + ssid = "TurrisAdamkovi"; + authentication = { + mode = "wpa2-sha256"; + wpaPasswordFile = "/run/secrets/hostapd-TurrisAdamkovi.pass"; + }; + }; + "${cnf.qca988x.interface}-nela" = { + bssid = elemAt cnf.qca988x.bssids 1; + ssid = "Nela"; + authentication = { + mode = "wpa2-sha256"; + wpaPasswordFile = "/run/secrets/hostapd-Nela.pass"; + }; + }; + "${cnf.qca988x.interface}.milan" = { + bssid = elemAt cnf.qca988x.bssids 2; + ssid = "MILAN-AC"; + authentication = { + mode = "wpa2-sha256"; + wpaPasswordFile = "/run/secrets/hostapd-MILAN-AC.pass"; + }; + }; + }; + }; + }; + }; + systemd.network.networks = { + "lan-${cnf.ar9287.interface}" = { + matchConfig.Name = cnf.ar9287.interface; + networkConfig.Bridge = "brlan"; + bridgeVLANs = [ + { + bridgeVLANConfig = { + EgressUntagged = 1; + PVID = 1; + }; + } + ]; + }; + "lan-${cnf.ar9287.interface}-nela" = { + matchConfig.Name = "${cnf.ar9287.interface}-nela"; + networkConfig.Bridge = "brlan"; + bridgeVLANs = [ + { + bridgeVLANConfig = { + EgressUntagged = 2; + PVID = 2; + }; + } + ]; + }; + "lan-${cnf.ar9287.interface}.milan" = { + matchConfig.Name = "${cnf.ar9287.interface}.milan"; + networkConfig.Bridge = "brlan"; + bridgeVLANs = [ + { + bridgeVLANConfig = { + EgressUntagged = 2; + PVID = 2; + }; + } + ]; + }; + "lan-${cnf.qca988x.interface}" = { + matchConfig.Name = cnf.qca988x.interface; + networkConfig.Bridge = "brlan"; + bridgeVLANs = [ + { + bridgeVLANConfig = { + EgressUntagged = 1; + PVID = 1; + }; + } + ]; + }; + "lan-${cnf.qca988x.interface}-nela" = { + matchConfig.Name = "${cnf.qca988x.interface}-nela"; + networkConfig.Bridge = "brlan"; + bridgeVLANs = [ + { + bridgeVLANConfig = { + EgressUntagged = 2; + PVID = 2; + }; + } + ]; + }; + "lan-${cnf.qca988x.interface}.milan" = { + matchConfig.Name = "${cnf.qca988x.interface}.milan"; + networkConfig.Bridge = "brlan"; + bridgeVLANs = [ + { + bridgeVLANConfig = { + EgressUntagged = 2; + PVID = 2; + }; + } + ]; + }; + }; + }; +} diff --git a/nixos/modules/wifi-spt.nix b/nixos/modules/wifi-spt.nix new file mode 100644 index 0000000..769449d --- /dev/null +++ b/nixos/modules/wifi-spt.nix @@ -0,0 +1,171 @@ +{ + config, + lib, + pkgs, + ... +}: let + inherit (lib) mkOption mkEnableOption types mkIf mkMerge hostapd elemAt; + cnf = config.cynerd.wifiAP.spt; + + wOptions = card: channelDefault: { + interface = mkOption { + type = with types; nullOr str; + default = null; + description = "Specify interface for ${card}"; + }; + bssids = mkOption { + type = with types; listOf str; + default = []; + description = "BSSIDs for networks."; + }; + channel = mkOption { + type = types.ints.positive; + default = channelDefault; + description = "Channel to be used for ${card}"; + }; + }; +in { + options = { + cynerd.wifiAP.spt = { + enable = mkEnableOption "Enable Wi-Fi Access Point support"; + ar9287 = wOptions "Qualcom Atheros AR9287" 7; + qca988x = wOptions "Qualcom Atheros QCA988x" 36; + }; + }; + + config = mkIf cnf.enable { + # TODO regdom doesn't work for some reason + boot.extraModprobeConfig = '' + options cfg80211 ieee80211_regdom="CZ" + ''; + services.hostapd = { + enable = true; + radios = mkMerge [ + (mkIf (cnf.ar9287.interface != null) { + "${cnf.ar9287.interface}" = { + inherit (cnf.ar9287) channel; + countryCode = "CZ"; + wifi4 = { + enable = true; + inherit (hostapd.qualcomAtherosAR9287.wifi4) capabilities; + }; + networks = { + "${cnf.ar9287.interface}" = { + bssid = elemAt cnf.ar9287.bssids 0; + ssid = "TurrisRules"; + authentication = { + mode = "wpa2-sha256"; + wpaPasswordFile = "/run/secrets/hostapd-TurrisRules.pass"; + }; + }; + #"${cnf.ar9287.interface}.guest" = { + # bssid = elemAt cnf.ar9287.bssids 1; + # ssid = "Kocovi"; + # authentication = { + # mode = "wpa2-sha256"; + # wpaPasswordFile = "/run/secrets/hostapd-Kocovi.pass"; + # }; + #}; + }; + }; + }) + (mkIf (cnf.qca988x.interface != null) { + "${cnf.qca988x.interface}" = let + is2g = cnf.qca988x.channel <= 14; + in { + inherit (cnf.qca988x) channel; + countryCode = "CZ"; + band = + if is2g + then "2g" + else "5g"; + wifi4 = { + enable = true; + inherit (hostapd.qualcomAtherosQCA988x.wifi4) capabilities; + }; + wifi5 = { + enable = !is2g; + inherit (hostapd.qualcomAtherosQCA988x.wifi5) capabilities; + }; + networks = { + "${cnf.qca988x.interface}" = { + bssid = elemAt cnf.qca988x.bssids 0; + ssid = "TurrisRules${ + if is2g + then "" + else "5" + }"; + authentication = { + mode = "wpa2-sha256"; + wpaPasswordFile = "/run/secrets/hostapd-TurrisRules.pass"; + }; + }; + #"${cnf.qca988x.interface}.guest" = { + # bssid = elemAt cnf.qca988x.bssids 1; + # ssid = "Kocovi"; + # authentication = { + # mode = "wpa2-sha256"; + # wpaPasswordFile = "/run/secrets/hostapd-Kocovi.pass"; + # }; + #}; + }; + }; + }) + ]; + }; + systemd.network.networks = mkMerge [ + (mkIf (cnf.ar9287.interface != null) { + "lan-${cnf.ar9287.interface}" = { + matchConfig.Name = cnf.ar9287.interface; + networkConfig.Bridge = "brlan"; + bridgeVLANs = [ + { + bridgeVLANConfig = { + EgressUntagged = 1; + PVID = 1; + }; + } + ]; + }; + #"lan-${cnf.ar9287.interface}-guest" = { + # matchConfig.Name = "${cnf.ar9287.interface}.guest"; + # networkConfig.Bridge = "brlan"; + # bridgeVLANs = [ + # { + # bridgeVLANConfig = { + # EgressUntagged = 2; + # PVID = 2; + # }; + # } + # ]; + #}; + }) + (mkIf (cnf.qca988x.interface != null) { + "lan-${cnf.qca988x.interface}" = { + matchConfig.Name = cnf.qca988x.interface; + networkConfig.Bridge = "brlan"; + bridgeVLANs = [ + { + bridgeVLANConfig = { + EgressUntagged = 1; + PVID = 1; + }; + } + ]; + }; + #"lan-${cnf.qca988x.interface}-guest" = { + # matchConfig.Name = "${cnf.qca988x.interface}.guest"; + # networkConfig.Bridge = "brlan"; + # bridgeVLANs = [ + # { + # bridgeVLANConfig = { + # EgressUntagged = 2; + # PVID = 2; + # }; + # } + # ]; + #}; + }) + ]; + }; +} diff --git a/nixos/routers/default.nix b/nixos/routers/default.nix deleted file mode 100644 index dfc1266..0000000 --- a/nixos/routers/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - cynerd-router = import ./router.nix; - cynerd-switch = import ./switch.nix; - cynerd-wifi-adm = import ./wifi-adm.nix; - cynerd-wifi-spt = import ./wifi-spt.nix; -} diff --git a/nixos/routers/router.nix b/nixos/routers/router.nix deleted file mode 100644 index ed634b1..0000000 --- a/nixos/routers/router.nix +++ /dev/null @@ -1,171 +0,0 @@ -{ - config, - lib, - ... -}: let - inherit (lib) mkOption types mkIf mapAttrsToList; - cnf = config.cynerd.router; -in { - options = { - cynerd.router = { - enable = mkOption { - type = types.bool; - default = false; - description = "Enable router support"; - }; - wan = mkOption { - type = types.str; - description = "Interface for the router's WAN"; - }; - lanIP = mkOption { - type = types.str; - description = "LAN IP address"; - }; - dynIPStart = mkOption { - type = types.ints.between 0 256; - default = 100; - description = "Offset for the dynamic IPv4 addresses"; - }; - dynIPCount = mkOption { - type = types.ints.between 0 256; - default = 100; - description = "Number of dynamically assigned IPv4 addresses"; - }; - lanPrefix = mkOption { - type = types.ints.between 0 32; - default = 24; - description = "LAN IP network prefix length"; - }; - staticLeases = mkOption { - type = with types; attrsOf str; - default = {}; - example = '' - {"xx:xx:xx:xx:xx:xx" = "10.8.1.30";} - ''; - description = "Mapping of MAC address to IP address"; - }; - }; - }; - - config = mkIf cnf.enable { - networking = { - useNetworkd = true; - nftables.enable = true; - firewall = { - logRefusedConnections = false; - interfaces = { - "home" = {allowedUDPPorts = [67 68];}; - "guest" = {allowedUDPPorts = [67 68];}; - }; - rejectPackets = true; - filterForward = true; - }; - nat = { - enable = true; - externalInterface = cnf.wan; - internalInterfaces = ["home" "guest"]; - }; - }; - - systemd.network = { - netdevs = { - "brlan" = { - netdevConfig = { - Kind = "bridge"; - Name = "brlan"; - }; - extraConfig = '' - [Bridge] - DefaultPVID=none - VLANFiltering=yes - ''; - }; - "home" = { - netdevConfig = { - Kind = "vlan"; - Name = "home"; - }; - vlanConfig.Id = 1; - }; - "guest" = { - netdevConfig = { - Kind = "vlan"; - Name = "guest"; - }; - vlanConfig.Id = 2; - }; - }; - networks = { - "brlan" = { - matchConfig.Name = "brlan"; - networkConfig.VLAN = ["home" "guest"]; - bridgeVLANs = [ - {bridgeVLANConfig.VLAN = 1;} - {bridgeVLANConfig.VLAN = 2;} - ]; - }; - "home" = { - matchConfig.Name = "home"; - networkConfig = { - Address = "${cnf.lanIP}/${toString cnf.lanPrefix}"; - IPForward = "yes"; - DHCPServer = "yes"; - DHCPPrefixDelegation = "yes"; - IPv6SendRA = "yes"; - IPv6AcceptRA = "no"; - }; - dhcpServerConfig = { - UplinkInterface = cnf.wan; - PoolOffset = cnf.dynIPStart; - PoolSize = cnf.dynIPCount; - EmitDNS = "yes"; - DNS = "1.1.1.1"; - }; - dhcpServerStaticLeases = - mapAttrsToList (n: v: { - dhcpServerStaticLeaseConfig = { - MACAddress = n; - Address = v; - }; - }) - cnf.staticLeases; - dhcpPrefixDelegationConfig = { - UplinkInterface = cnf.wan; - SubnetId = 1; - Announce = "yes"; - }; - }; - "guest" = { - matchConfig.Name = "guest"; - networkConfig = { - Address = "192.168.1.1/24"; - IPForward = "yes"; - DHCPServer = "yes"; - DHCPPrefixDelegation = "yes"; - IPv6SendRA = "yes"; - IPv6AcceptRA = "no"; - }; - dhcpServerConfig = { - UplinkInterface = cnf.wan; - PoolOffset = cnf.dynIPStart; - PoolSize = cnf.dynIPCount; - EmitDNS = "yes"; - DNS = "1.1.1.1"; - }; - dhcpPrefixDelegationConfig = { - UplinkInterface = cnf.wan; - SubnetId = 2; - Announce = "yes"; - }; - }; - }; - wait-online.anyInterface = true; - }; - - services.resolved = { - enable = true; - dnssec = "true"; - fallbackDns = ["1.1.1.1" "8.8.8.8"]; - }; - }; -} diff --git a/nixos/routers/switch.nix b/nixos/routers/switch.nix deleted file mode 100644 index 16d57bc..0000000 --- a/nixos/routers/switch.nix +++ /dev/null @@ -1,65 +0,0 @@ -{ - config, - lib, - ... -}: -with lib; let - cnf = config.cynerd.switch; -in { - options = { - cynerd.switch = { - enable = mkEnableOption "Enable switch support"; - lanAddress = mkOption { - type = types.str; - description = "LAN IP address"; - }; - lanGateway = mkOption { - type = types.str; - description = "LAN IP address of the gateway"; - }; - }; - }; - - config = mkIf cnf.enable { - networking = { - useNetworkd = true; - nftables.enable = true; - }; - - systemd.network = { - netdevs = { - "brlan" = { - netdevConfig = { - Kind = "bridge"; - Name = "brlan"; - }; - extraConfig = '' - [Bridge] - DefaultPVID=none - VLANFiltering=yes - ''; - }; - }; - networks = { - "brlan" = { - matchConfig.Name = "brlan"; - bridgeVLANs = [ - { - bridgeVLANConfig = { - PVID = 1; - EgressUntagged = 1; - }; - } - ]; - networkConfig = { - Address = cnf.lanAddress; - Gateway = cnf.lanGateway; - DNS = "1.1.1.1"; - IPv6AcceptRA = "yes"; - }; - }; - }; - wait-online.anyInterface = true; - }; - }; -} diff --git a/nixos/routers/wifi-adm.nix b/nixos/routers/wifi-adm.nix deleted file mode 100644 index 733f167..0000000 --- a/nixos/routers/wifi-adm.nix +++ /dev/null @@ -1,190 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; let - cnf = config.cynerd.wifiAP.adm; - - wOptions = card: channelDefault: { - interface = mkOption { - type = with types; nullOr str; - default = null; - description = "Specify interface for ${card}"; - }; - bssids = mkOption { - type = with types; listOf str; - default = []; - description = "BSSIDs for networks."; - }; - channel = mkOption { - type = types.ints.positive; - default = channelDefault; - description = "Channel to be used for ${card}"; - }; - }; -in { - options = { - cynerd.wifiAP.adm = { - enable = mkEnableOption "Enable Wi-Fi Access Point support"; - ar9287 = wOptions "Qualcom Atheros AR9287" 7; - qca988x = wOptions "Qualcom Atheros QCA988x" 36; - }; - }; - - config = mkIf cnf.enable { - services.hostapd = { - enable = true; - radios = { - "${cnf.ar9287.interface}" = mkIf (cnf.ar9287.interface != null) { - countryCode = "CZ"; - inherit (cnf.ar9287) channel; - wifi4 = { - enable = true; - inherit (hostapd.qualcomAtherosAR9287.wifi4) capabilities; - }; - networks = { - "${cnf.ar9287.interface}" = { - bssid = elemAt cnf.ar9287.bssids 0; - ssid = "TurrisAdamkovi"; - authentication = { - mode = "wpa2-sha256"; - wpaPasswordFile = "/run/secrets/hostapd-TurrisAdamkovi.pass"; - }; - }; - "${cnf.ar9287.interface}-nela" = { - bssid = elemAt cnf.ar9287.bssids 1; - ssid = "Nela"; - authentication = { - mode = "wpa2-sha256"; - wpaPasswordFile = "/run/secrets/hostapd-Nela.pass"; - }; - }; - "${cnf.ar9287.interface}.milan" = { - bssid = elemAt cnf.ar9287.bssids 2; - ssid = "MILAN-AC"; - authentication = { - mode = "wpa2-sha256"; - wpaPasswordFile = "/run/secrets/hostapd-MILAN-AC.pass"; - }; - }; - }; - }; - "${cnf.qca988x.interface}" = mkIf (cnf.qca988x.interface != null) { - countryCode = "CZ"; - inherit (cnf.qca988x) channel; - band = "5g"; - wifi4 = { - enable = true; - inherit (hostapd.qualcomAtherosQCA988x.wifi4) capabilities; - }; - wifi5 = { - enable = true; - inherit (hostapd.qualcomAtherosQCA988x.wifi5) capabilities; - }; - networks = { - "${cnf.qca988x.interface}" = { - bssid = elemAt cnf.qca988x.bssids 0; - ssid = "TurrisAdamkovi"; - authentication = { - mode = "wpa2-sha256"; - wpaPasswordFile = "/run/secrets/hostapd-TurrisAdamkovi.pass"; - }; - }; - "${cnf.qca988x.interface}-nela" = { - bssid = elemAt cnf.qca988x.bssids 1; - ssid = "Nela"; - authentication = { - mode = "wpa2-sha256"; - wpaPasswordFile = "/run/secrets/hostapd-Nela.pass"; - }; - }; - "${cnf.qca988x.interface}.milan" = { - bssid = elemAt cnf.qca988x.bssids 2; - ssid = "MILAN-AC"; - authentication = { - mode = "wpa2-sha256"; - wpaPasswordFile = "/run/secrets/hostapd-MILAN-AC.pass"; - }; - }; - }; - }; - }; - }; - systemd.network.networks = { - "lan-${cnf.ar9287.interface}" = { - matchConfig.Name = cnf.ar9287.interface; - networkConfig.Bridge = "brlan"; - bridgeVLANs = [ - { - bridgeVLANConfig = { - EgressUntagged = 1; - PVID = 1; - }; - } - ]; - }; - "lan-${cnf.ar9287.interface}-nela" = { - matchConfig.Name = "${cnf.ar9287.interface}-nela"; - networkConfig.Bridge = "brlan"; - bridgeVLANs = [ - { - bridgeVLANConfig = { - EgressUntagged = 2; - PVID = 2; - }; - } - ]; - }; - "lan-${cnf.ar9287.interface}.milan" = { - matchConfig.Name = "${cnf.ar9287.interface}.milan"; - networkConfig.Bridge = "brlan"; - bridgeVLANs = [ - { - bridgeVLANConfig = { - EgressUntagged = 2; - PVID = 2; - }; - } - ]; - }; - "lan-${cnf.qca988x.interface}" = { - matchConfig.Name = cnf.qca988x.interface; - networkConfig.Bridge = "brlan"; - bridgeVLANs = [ - { - bridgeVLANConfig = { - EgressUntagged = 1; - PVID = 1; - }; - } - ]; - }; - "lan-${cnf.qca988x.interface}-nela" = { - matchConfig.Name = "${cnf.qca988x.interface}-nela"; - networkConfig.Bridge = "brlan"; - bridgeVLANs = [ - { - bridgeVLANConfig = { - EgressUntagged = 2; - PVID = 2; - }; - } - ]; - }; - "lan-${cnf.qca988x.interface}.milan" = { - matchConfig.Name = "${cnf.qca988x.interface}.milan"; - networkConfig.Bridge = "brlan"; - bridgeVLANs = [ - { - bridgeVLANConfig = { - EgressUntagged = 2; - PVID = 2; - }; - } - ]; - }; - }; - }; -} diff --git a/nixos/routers/wifi-spt.nix b/nixos/routers/wifi-spt.nix deleted file mode 100644 index 769449d..0000000 --- a/nixos/routers/wifi-spt.nix +++ /dev/null @@ -1,171 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: let - inherit (lib) mkOption mkEnableOption types mkIf mkMerge hostapd elemAt; - cnf = config.cynerd.wifiAP.spt; - - wOptions = card: channelDefault: { - interface = mkOption { - type = with types; nullOr str; - default = null; - description = "Specify interface for ${card}"; - }; - bssids = mkOption { - type = with types; listOf str; - default = []; - description = "BSSIDs for networks."; - }; - channel = mkOption { - type = types.ints.positive; - default = channelDefault; - description = "Channel to be used for ${card}"; - }; - }; -in { - options = { - cynerd.wifiAP.spt = { - enable = mkEnableOption "Enable Wi-Fi Access Point support"; - ar9287 = wOptions "Qualcom Atheros AR9287" 7; - qca988x = wOptions "Qualcom Atheros QCA988x" 36; - }; - }; - - config = mkIf cnf.enable { - # TODO regdom doesn't work for some reason - boot.extraModprobeConfig = '' - options cfg80211 ieee80211_regdom="CZ" - ''; - services.hostapd = { - enable = true; - radios = mkMerge [ - (mkIf (cnf.ar9287.interface != null) { - "${cnf.ar9287.interface}" = { - inherit (cnf.ar9287) channel; - countryCode = "CZ"; - wifi4 = { - enable = true; - inherit (hostapd.qualcomAtherosAR9287.wifi4) capabilities; - }; - networks = { - "${cnf.ar9287.interface}" = { - bssid = elemAt cnf.ar9287.bssids 0; - ssid = "TurrisRules"; - authentication = { - mode = "wpa2-sha256"; - wpaPasswordFile = "/run/secrets/hostapd-TurrisRules.pass"; - }; - }; - #"${cnf.ar9287.interface}.guest" = { - # bssid = elemAt cnf.ar9287.bssids 1; - # ssid = "Kocovi"; - # authentication = { - # mode = "wpa2-sha256"; - # wpaPasswordFile = "/run/secrets/hostapd-Kocovi.pass"; - # }; - #}; - }; - }; - }) - (mkIf (cnf.qca988x.interface != null) { - "${cnf.qca988x.interface}" = let - is2g = cnf.qca988x.channel <= 14; - in { - inherit (cnf.qca988x) channel; - countryCode = "CZ"; - band = - if is2g - then "2g" - else "5g"; - wifi4 = { - enable = true; - inherit (hostapd.qualcomAtherosQCA988x.wifi4) capabilities; - }; - wifi5 = { - enable = !is2g; - inherit (hostapd.qualcomAtherosQCA988x.wifi5) capabilities; - }; - networks = { - "${cnf.qca988x.interface}" = { - bssid = elemAt cnf.qca988x.bssids 0; - ssid = "TurrisRules${ - if is2g - then "" - else "5" - }"; - authentication = { - mode = "wpa2-sha256"; - wpaPasswordFile = "/run/secrets/hostapd-TurrisRules.pass"; - }; - }; - #"${cnf.qca988x.interface}.guest" = { - # bssid = elemAt cnf.qca988x.bssids 1; - # ssid = "Kocovi"; - # authentication = { - # mode = "wpa2-sha256"; - # wpaPasswordFile = "/run/secrets/hostapd-Kocovi.pass"; - # }; - #}; - }; - }; - }) - ]; - }; - systemd.network.networks = mkMerge [ - (mkIf (cnf.ar9287.interface != null) { - "lan-${cnf.ar9287.interface}" = { - matchConfig.Name = cnf.ar9287.interface; - networkConfig.Bridge = "brlan"; - bridgeVLANs = [ - { - bridgeVLANConfig = { - EgressUntagged = 1; - PVID = 1; - }; - } - ]; - }; - #"lan-${cnf.ar9287.interface}-guest" = { - # matchConfig.Name = "${cnf.ar9287.interface}.guest"; - # networkConfig.Bridge = "brlan"; - # bridgeVLANs = [ - # { - # bridgeVLANConfig = { - # EgressUntagged = 2; - # PVID = 2; - # }; - # } - # ]; - #}; - }) - (mkIf (cnf.qca988x.interface != null) { - "lan-${cnf.qca988x.interface}" = { - matchConfig.Name = cnf.qca988x.interface; - networkConfig.Bridge = "brlan"; - bridgeVLANs = [ - { - bridgeVLANConfig = { - EgressUntagged = 1; - PVID = 1; - }; - } - ]; - }; - #"lan-${cnf.qca988x.interface}-guest" = { - # matchConfig.Name = "${cnf.qca988x.interface}.guest"; - # networkConfig.Bridge = "brlan"; - # bridgeVLANs = [ - # { - # bridgeVLANConfig = { - # EgressUntagged = 2; - # PVID = 2; - # }; - # } - # ]; - #}; - }) - ]; - }; -} -- cgit v1.2.3