From 89a605727649bb4599af04681e40a19bf24e69a4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= <cynerd@email.cz>
Date: Mon, 23 Jan 2023 21:23:23 +0100
Subject: nixos: improve wifi configuration

---
 nixos/modules/default.nix  |   2 -
 nixos/modules/router.nix   | 124 ---------------------------------------------
 nixos/modules/wifi-adm.nix |  98 -----------------------------------
 3 files changed, 224 deletions(-)
 delete mode 100644 nixos/modules/router.nix
 delete mode 100644 nixos/modules/wifi-adm.nix

(limited to 'nixos/modules')

diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix
index 7d12eef..72221d8 100644
--- a/nixos/modules/default.nix
+++ b/nixos/modules/default.nix
@@ -9,8 +9,6 @@
   cynerd-hosts = import ./hosts.nix;
   cynerd-monitoring = import ./monitoring.nix;
   cynerd-openvpn = import ./openvpn.nix;
-  cynerd-router = import ./router.nix;
   cynerd-syncthing = import ./syncthing.nix;
-  cynerd-wifi-adm = import ./wifi-adm.nix;
   cynerd-wifi-client = import ./wifi-client.nix;
 }
diff --git a/nixos/modules/router.nix b/nixos/modules/router.nix
deleted file mode 100644
index f5c8668..0000000
--- a/nixos/modules/router.nix
+++ /dev/null
@@ -1,124 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-with lib; let
-  cnf = config.cynerd.router;
-in {
-  options = {
-    cynerd.router = {
-      enable = mkOption {
-        type = types.bool;
-        default = false;
-        description = "Enable router support";
-      };
-      wan = mkOption {
-        type = types.str;
-        description = "Interface for the router's WAN";
-      };
-      lanIP = mkOption {
-        type = types.str;
-        description = "LAN IP address";
-      };
-      dynIPStart = mkOption {
-        type = types.ints.between 0 256;
-        default = 100;
-        description = "Offset for the dynamic IPv4 addresses";
-      };
-      dynIPCount = mkOption {
-        type = types.ints.between 0 256;
-        default = 100;
-        description = "Number of dynamically assigned IPv4 addresses";
-      };
-      lanPrefix = mkOption {
-        type = types.ints.between 0 32;
-        default = 24;
-        description = "LAN IP network prefix length";
-      };
-    };
-  };
-
-  config = mkIf cnf.enable {
-    networking = {
-      interfaces = {
-        brlan.ipv4.addresses = [
-          {
-            address = cnf.lanIP;
-            prefixLength = cnf.lanPrefix;
-          }
-        ];
-        brguest.ipv4.addresses = [
-          {
-            address = "192.168.1.1";
-            prefixLength = 24;
-          }
-        ];
-      };
-      vlans = {
-        "brlan.guest" = {
-          interface = "brlan";
-          id = 100;
-        };
-      };
-      bridges = {
-        brlan.interfaces = [];
-        brguest.interfaces = ["brlan.guest"];
-      };
-      nat = {
-        enable = true;
-        externalInterface = cnf.wan;
-        internalInterfaces = ["brlan" "brguest"];
-      };
-      dhcpcd.allowInterfaces = [cnf.wan];
-      nameservers = ["1.1.1.1" "8.8.8.8"];
-    };
-
-    services.dhcpd4 = {
-      enable = true;
-      authoritative = true;
-      interfaces = ["brlan" "brguest"];
-      extraConfig = ''
-        option domain-name-servers 1.1.1.1, 8.8.8.8;
-        subnet ${ipv4.prefix2ip cnf.lanIP cnf.lanPrefix} netmask ${ipv4.prefix2netmask cnf.lanPrefix} {
-            range ${
-          ipv4.ipAdd cnf.lanIP cnf.lanPrefix cnf.dynIPStart
-        } ${
-          ipv4.ipAdd cnf.lanIP cnf.lanPrefix (cnf.dynIPStart + cnf.dynIPCount)
-        };
-            option routers ${cnf.lanIP};
-            option subnet-mask ${ipv4.prefix2netmask cnf.lanPrefix};
-            option broadcast-address ${ipv4.prefix2broadcast cnf.lanIP cnf.lanPrefix};
-        }
-        subnet 192.168.1.0 netmask 255.255.255.0 {
-          range 192.168.1.50 192.168.1.254;
-          option routers 192.168.1.1;
-          option subnet-mask 255.255.255.0;
-          option broadcast-address 192.168.1.255;
-        }
-      '';
-    };
-
-    services.dhcpd6 = {
-      # TODO
-      enable = false;
-      authoritative = true;
-      interfaces = ["brlan"];
-      extraConfig = ''
-      '';
-    };
-
-    services.kresd = {
-      enable = false;
-    };
-
-    networking.nftables.enable = true;
-    networking.firewall = {
-      filterForward = true;
-      extraForwardRules = ''
-        iifname "brguest" oifname != "${cnf.wan}" drop comment "prevent guest to access lan"
-      '';
-    };
-  };
-}
diff --git a/nixos/modules/wifi-adm.nix b/nixos/modules/wifi-adm.nix
deleted file mode 100644
index 46476a3..0000000
--- a/nixos/modules/wifi-adm.nix
+++ /dev/null
@@ -1,98 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-with lib; let
-  cnf = config.cynerd.wifiAP.adm;
-
-  wOptions = band: channelDefault: {
-    interface = mkOption {
-      type = with types; nullOr str;
-      default = null;
-      description = "Specify interface for ${band}";
-    };
-    channel = mkOption {
-      type = types.ints.positive;
-      default = channelDefault;
-      description = "Channel to be used for ${band} range";
-    };
-  };
-in {
-  options = {
-    cynerd.wifiAP.adm = {
-      enable = mkEnableOption "Enable Wi-Fi Access Point support";
-      w24 = wOptions "2.4GHz" 7;
-      w5 = wOptions "5GHz" 36;
-    };
-  };
-
-  config = mkIf cnf.enable {
-    networking.wirelessAP = {
-      enable = true;
-      environmentFile = "/run/secrets/hostapd.env";
-      interfaces =
-        (optionalAttrs (cnf.w24.interface != null) {
-          "${cnf.w24.interface}" = {
-            bssid = "@BSSID_W24_0@";
-            countryCode = "CZ";
-            hwMode = "g";
-            channel = cnf.w24.channel;
-            ht_capab = ["HT40+" "SHORT-GI-20" "SHORT-GI-40" "TX-STBC" "RX-STBC1" "DSSS_CCK-40"];
-            ssid = "TurrisAdamkovi";
-            wpa = 2;
-            wpaPassphrase = "@PASS_TURRIS_ADAMKOVI@";
-            bridge = "brlan";
-            bss = {
-              "wlp3s0.nela" = {
-                bssid = "@BSSID_W24_1@";
-                ssid = "Nela";
-                wpa = 2;
-                wpaPassphrase = "@PASS_NELA@";
-                bridge = "brguest";
-              };
-              "wlp3s0.milan" = {
-                bssid = "@BSSID_W24_2@";
-                ssid = "MILAN-AC";
-                wpa = 2;
-                wpaPassphrase = "@PASS_MILAN_AC@";
-                bridge = "brguest";
-              };
-            };
-          };
-        })
-        // (optionalAttrs (cnf.w5.interface != null) {
-          "${cnf.w5.interface}" = {
-            bssid = "@BSSID_W5_0@";
-            countryCode = "CZ";
-            hwMode = "a";
-            channel = cnf.w5.channel;
-            ieee80211ac = true;
-            ht_capab = ["HT40+" "LDPC" "SHORT-GI-20" "SHORT-GI-40" "TX-STBC" "RX-STBC1" "MAX-AMSDU-7935" "DSSS_CCK-40"];
-            vht_capab = ["RXLDPC" "SHORT-GI-80" "TX-STBC-2BY1" "RX-ANTENNA-PATTERN" "TX-ANTENNA-PATTERN" "RX-STBC-1" "MAX-MPDU-11454" "MAX-A-MPDU-LEN-EXP7"];
-            ssid = "TurrisAdamkovi5";
-            wpa = 2;
-            wpaPassphrase = "@PASS_TURRIS_ADAMKOVI@";
-            bridge = "brlan";
-            bss = {
-              "wlp2s0.nela" = {
-                bssid = "@BSSID_W5_1@";
-                ssid = "Nela5";
-                wpa = 2;
-                wpaPassphrase = "@PASS_NELA@";
-                bridge = "brguest";
-              };
-              "wlp2s0.milan" = {
-                bssid = "@BSSID_W5_2@";
-                ssid = "MILAN-AC";
-                wpa = 2;
-                wpaPassphrase = "@PASS_MILAN_AC@";
-                bridge = "brguest";
-              };
-            };
-          };
-        });
-    };
-  };
-}
-- 
cgit v1.2.3