From 35733c66454cf0ce153a9730be77d51223397933 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= <cynerd@email.cz>
Date: Fri, 16 Feb 2024 00:09:45 +0100
Subject: nixos/spt-omnia: migrate to nixos
---
nixos/routers/router.nix | 123 +++++++++++++++++++++++----------------------
nixos/routers/wifi-spt.nix | 112 ++++++++++++++++++++---------------------
2 files changed, 120 insertions(+), 115 deletions(-)
(limited to 'nixos/routers')
diff --git a/nixos/routers/router.nix b/nixos/routers/router.nix
index 545f109..a3fc0c1 100644
--- a/nixos/routers/router.nix
+++ b/nixos/routers/router.nix
@@ -45,24 +45,24 @@ in {
nftables.enable = true;
firewall = {
interfaces = {
- "lan" = {
- allowedUDPPorts = [53 67 68];
- allowedTCPPorts = [53];
- };
- "guest" = {
+ "brlan" = {
allowedUDPPorts = [53 67 68];
allowedTCPPorts = [53];
};
+ #"guest" = {
+ # allowedUDPPorts = [53 67 68];
+ # allowedTCPPorts = [53];
+ #};
};
filterForward = true;
- extraForwardRules = ''
- iifname "guest" oifname != "${cnf.wan}" drop comment "prevent guest to access lan"
- '';
+ #extraForwardRules = ''
+ # iifname "guest" oifname != "${cnf.wan}" drop comment "prevent guest to access brlan"
+ #'';
};
nat = {
enable = true;
externalInterface = cnf.wan;
- internalInterfaces = ["lan" "guest"];
+ internalInterfaces = ["brlan"];
};
};
@@ -73,38 +73,43 @@ in {
Kind = "bridge";
Name = "brlan";
};
- extraConfig = ''
- [Bridge]
- DefaultPVID=none
- VLANFiltering=yes
- '';
- };
- "lan" = {
- netdevConfig = {
- Kind = "vlan";
- Name = "lan";
- };
- vlanConfig.Id = 1;
- };
- "guest" = {
- netdevConfig = {
- Kind = "vlan";
- Name = "guest";
- };
- vlanConfig.Id = 2;
+ #extraConfig = ''
+ # [Bridge]
+ # DefaultPVID=none
+ # VLANFiltering=yes
+ #'';
};
+ #"home" = {
+ # netdevConfig = {
+ # Kind = "vlan";
+ # Name = "home";
+ # };
+ # vlanConfig.Id = 1;
+ #};
+ #"guest" = {
+ # netdevConfig = {
+ # Kind = "vlan";
+ # Name = "guest";
+ # };
+ # vlanConfig.Id = 2;
+ #};
};
networks = {
"brlan" = {
matchConfig.Name = "brlan";
- networkConfig.VLAN = ["lan" "guest"];
- bridgeVLANs = [
- {bridgeVLANConfig.VLAN = 1;}
- {bridgeVLANConfig.VLAN = 2;}
- ];
- };
- "lan" = {
- matchConfig.Name = "lan";
+ #networkConfig.VLAN = ["home"];
+ #bridgeVLANs = [
+ # {
+ # bridgeVLANConfig = {
+ # EgressUntagged = 1;
+ # PVID = 1;
+ # };
+ # }
+ # {bridgeVLANConfig.VLAN = 2;}
+ #];
+ #};
+ #"home" = {
+ #matchConfig.Name = "home";
networkConfig = {
Address = "${cnf.lanIP}/${toString cnf.lanPrefix}";
IPForward = "yes";
@@ -126,29 +131,29 @@ in {
Announce = "yes";
};
};
- "guest" = {
- matchConfig.Name = "guest";
- networkConfig = {
- Address = "192.168.1.1/24";
- IPForward = "yes";
- DHCPServer = "yes";
- DHCPPrefixDelegation = "yes";
- IPv6SendRA = "yes";
- IPv6AcceptRA = "no";
- };
- dhcpServerConfig = {
- UplinkInterface = cnf.wan;
- PoolOffset = cnf.dynIPStart;
- PoolSize = cnf.dynIPCount;
- EmitDNS = "yes";
- DNS = "1.1.1.1";
- };
- dhcpPrefixDelegationConfig = {
- UplinkInterface = cnf.wan;
- SubnetId = 2;
- Announce = "yes";
- };
- };
+ #"guest" = {
+ # matchConfig.Name = "guest";
+ # networkConfig = {
+ # Address = "192.168.1.1/24";
+ # IPForward = "yes";
+ # DHCPServer = "yes";
+ # DHCPPrefixDelegation = "yes";
+ # IPv6SendRA = "yes";
+ # IPv6AcceptRA = "no";
+ # };
+ # dhcpServerConfig = {
+ # UplinkInterface = cnf.wan;
+ # PoolOffset = cnf.dynIPStart;
+ # PoolSize = cnf.dynIPCount;
+ # EmitDNS = "yes";
+ # DNS = "1.1.1.1";
+ # };
+ # dhcpPrefixDelegationConfig = {
+ # UplinkInterface = cnf.wan;
+ # SubnetId = 2;
+ # Announce = "yes";
+ # };
+ #};
};
wait-online.anyInterface = true;
};
diff --git a/nixos/routers/wifi-spt.nix b/nixos/routers/wifi-spt.nix
index 84527fd..0ebcaa1 100644
--- a/nixos/routers/wifi-spt.nix
+++ b/nixos/routers/wifi-spt.nix
@@ -54,14 +54,14 @@ in {
wpaPasswordFile = "/run/secrets/hostapd-TurrisRules.pass";
};
};
- "${cnf.ar9287.interface}.guest" = {
- bssid = elemAt cnf.ar9287.bssids 1;
- ssid = "Kocovi";
- authentication = {
- mode = "wpa2-sha256";
- wpaPasswordFile = "/run/secrets/hostapd-Kocovi.pass";
- };
- };
+ #"${cnf.ar9287.interface}.guest" = {
+ # bssid = elemAt cnf.ar9287.bssids 1;
+ # ssid = "Kocovi";
+ # authentication = {
+ # mode = "wpa2-sha256";
+ # wpaPasswordFile = "/run/secrets/hostapd-Kocovi.pass";
+ # };
+ #};
};
};
}
@@ -96,14 +96,14 @@ in {
wpaPasswordFile = "/run/secrets/hostapd-TurrisRules.pass";
};
};
- "${cnf.qca988x.interface}.guest" = {
- bssid = elemAt cnf.qca988x.bssids 1;
- ssid = "Kocovi";
- authentication = {
- mode = "wpa2-sha256";
- wpaPasswordFile = "/run/secrets/hostapd-Kocovi.pass";
- };
- };
+ #"${cnf.qca988x.interface}.guest" = {
+ # bssid = elemAt cnf.qca988x.bssids 1;
+ # ssid = "Kocovi";
+ # authentication = {
+ # mode = "wpa2-sha256";
+ # wpaPasswordFile = "/run/secrets/hostapd-Kocovi.pass";
+ # };
+ #};
};
};
};
@@ -113,53 +113,53 @@ in {
"lan-${cnf.ar9287.interface}" = {
matchConfig.Name = cnf.ar9287.interface;
networkConfig.Bridge = "brlan";
- bridgeVLANs = [
- {
- bridgeVLANConfig = {
- EgressUntagged = 1;
- PVID = 1;
- };
- }
- ];
- };
- "lan-${cnf.ar9287.interface}-guest" = {
- matchConfig.Name = "${cnf.ar9287.interface}.guest";
- networkConfig.Bridge = "brlan";
- bridgeVLANs = [
- {
- bridgeVLANConfig = {
- EgressUntagged = 2;
- PVID = 2;
- };
- }
- ];
+ #bridgeVLANs = [
+ # {
+ # bridgeVLANConfig = {
+ # EgressUntagged = 1;
+ # PVID = 1;
+ # };
+ # }
+ #];
};
+ #"lan-${cnf.ar9287.interface}-guest" = {
+ # matchConfig.Name = "${cnf.ar9287.interface}.guest";
+ # networkConfig.Bridge = "brlan";
+ # bridgeVLANs = [
+ # {
+ # bridgeVLANConfig = {
+ # EgressUntagged = 2;
+ # PVID = 2;
+ # };
+ # }
+ # ];
+ #};
}
// mkIf (cnf.qca988x.interface != null) {
"lan-${cnf.qca988x.interface}" = {
matchConfig.Name = cnf.qca988x.interface;
networkConfig.Bridge = "brlan";
- bridgeVLANs = [
- {
- bridgeVLANConfig = {
- EgressUntagged = 1;
- PVID = 1;
- };
- }
- ];
- };
- "lan-${cnf.qca988x.interface}-guest" = {
- matchConfig.Name = "${cnf.qca988x.interface}.guest";
- networkConfig.Bridge = "brlan";
- bridgeVLANs = [
- {
- bridgeVLANConfig = {
- EgressUntagged = 2;
- PVID = 2;
- };
- }
- ];
+ #bridgeVLANs = [
+ # {
+ # bridgeVLANConfig = {
+ # EgressUntagged = 1;
+ # PVID = 1;
+ # };
+ # }
+ #];
};
+ #"lan-${cnf.qca988x.interface}-guest" = {
+ # matchConfig.Name = "${cnf.qca988x.interface}.guest";
+ # networkConfig.Bridge = "brlan";
+ # bridgeVLANs = [
+ # {
+ # bridgeVLANConfig = {
+ # EgressUntagged = 2;
+ # PVID = 2;
+ # };
+ # }
+ # ];
+ #};
};
};
}
--
cgit v1.2.3