From 35733c66454cf0ce153a9730be77d51223397933 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= Date: Fri, 16 Feb 2024 00:09:45 +0100 Subject: nixos/spt-omnia: migrate to nixos --- nixos/machine/spt-omnia.nix | 40 +++++++------- nixos/routers/router.nix | 123 +++++++++++++++++++++++--------------------- nixos/routers/wifi-spt.nix | 112 ++++++++++++++++++++-------------------- 3 files changed, 142 insertions(+), 133 deletions(-) (limited to 'nixos') diff --git a/nixos/machine/spt-omnia.nix b/nixos/machine/spt-omnia.nix index 15cabb6..c0a6ec2 100644 --- a/nixos/machine/spt-omnia.nix +++ b/nixos/machine/spt-omnia.nix @@ -47,31 +47,35 @@ with lib; { }; "end2.848" = { matchConfig.Name = "end2.848"; + networkConfig.BindCarrier = "end2"; + }; + "pppoe-wan" = { + matchConfig.Name = "pppoe-wan"; networkConfig = { - BindCarrier = "end2"; - #DHCP = "ipv6"; - #IPv6AcceptRA = "yes"; - #DHCPPrefixDelegation = "yes"; + BindCarrier = "end2.848"; + DHCP = "ipv6"; + IPv6AcceptRA = "yes"; + DHCPPrefixDelegation = "yes"; + }; + dhcpPrefixDelegationConfig = { + UplinkInterface = ":self"; + SubnetId = 0; + Announce = "no"; }; - #dhcpPrefixDelegationConfig = { - # UplinkInterface = ":self"; - # SubnetId = 0; - # Announce = "no"; - #}; linkConfig.RequiredForOnline = "routable"; }; "lan-brlan" = { matchConfig.Name = "lan*"; networkConfig.Bridge = "brlan"; - bridgeVLANs = [ - { - bridgeVLANConfig = { - EgressUntagged = 1; - PVID = 1; - }; - } - {bridgeVLANConfig.VLAN = 2;} - ]; + #bridgeVLANs = [ + # { + # bridgeVLANConfig = { + # EgressUntagged = 1; + # PVID = 1; + # }; + # } + # {bridgeVLANConfig.VLAN = 2;} + #]; }; }; }; diff --git a/nixos/routers/router.nix b/nixos/routers/router.nix index 545f109..a3fc0c1 100644 --- a/nixos/routers/router.nix +++ b/nixos/routers/router.nix @@ -45,24 +45,24 @@ in { nftables.enable = true; firewall = { interfaces = { - "lan" = { - allowedUDPPorts = [53 67 68]; - allowedTCPPorts = [53]; - }; - "guest" = { + "brlan" = { allowedUDPPorts = [53 67 68]; allowedTCPPorts = [53]; }; + #"guest" = { + # allowedUDPPorts = [53 67 68]; + # allowedTCPPorts = [53]; + #}; }; filterForward = true; - extraForwardRules = '' - iifname "guest" oifname != "${cnf.wan}" drop comment "prevent guest to access lan" - ''; + #extraForwardRules = '' + # iifname "guest" oifname != "${cnf.wan}" drop comment "prevent guest to access brlan" + #''; }; nat = { enable = true; externalInterface = cnf.wan; - internalInterfaces = ["lan" "guest"]; + internalInterfaces = ["brlan"]; }; }; @@ -73,38 +73,43 @@ in { Kind = "bridge"; Name = "brlan"; }; - extraConfig = '' - [Bridge] - DefaultPVID=none - VLANFiltering=yes - ''; - }; - "lan" = { - netdevConfig = { - Kind = "vlan"; - Name = "lan"; - }; - vlanConfig.Id = 1; - }; - "guest" = { - netdevConfig = { - Kind = "vlan"; - Name = "guest"; - }; - vlanConfig.Id = 2; + #extraConfig = '' + # [Bridge] + # DefaultPVID=none + # VLANFiltering=yes + #''; }; + #"home" = { + # netdevConfig = { + # Kind = "vlan"; + # Name = "home"; + # }; + # vlanConfig.Id = 1; + #}; + #"guest" = { + # netdevConfig = { + # Kind = "vlan"; + # Name = "guest"; + # }; + # vlanConfig.Id = 2; + #}; }; networks = { "brlan" = { matchConfig.Name = "brlan"; - networkConfig.VLAN = ["lan" "guest"]; - bridgeVLANs = [ - {bridgeVLANConfig.VLAN = 1;} - {bridgeVLANConfig.VLAN = 2;} - ]; - }; - "lan" = { - matchConfig.Name = "lan"; + #networkConfig.VLAN = ["home"]; + #bridgeVLANs = [ + # { + # bridgeVLANConfig = { + # EgressUntagged = 1; + # PVID = 1; + # }; + # } + # {bridgeVLANConfig.VLAN = 2;} + #]; + #}; + #"home" = { + #matchConfig.Name = "home"; networkConfig = { Address = "${cnf.lanIP}/${toString cnf.lanPrefix}"; IPForward = "yes"; @@ -126,29 +131,29 @@ in { Announce = "yes"; }; }; - "guest" = { - matchConfig.Name = "guest"; - networkConfig = { - Address = "192.168.1.1/24"; - IPForward = "yes"; - DHCPServer = "yes"; - DHCPPrefixDelegation = "yes"; - IPv6SendRA = "yes"; - IPv6AcceptRA = "no"; - }; - dhcpServerConfig = { - UplinkInterface = cnf.wan; - PoolOffset = cnf.dynIPStart; - PoolSize = cnf.dynIPCount; - EmitDNS = "yes"; - DNS = "1.1.1.1"; - }; - dhcpPrefixDelegationConfig = { - UplinkInterface = cnf.wan; - SubnetId = 2; - Announce = "yes"; - }; - }; + #"guest" = { + # matchConfig.Name = "guest"; + # networkConfig = { + # Address = "192.168.1.1/24"; + # IPForward = "yes"; + # DHCPServer = "yes"; + # DHCPPrefixDelegation = "yes"; + # IPv6SendRA = "yes"; + # IPv6AcceptRA = "no"; + # }; + # dhcpServerConfig = { + # UplinkInterface = cnf.wan; + # PoolOffset = cnf.dynIPStart; + # PoolSize = cnf.dynIPCount; + # EmitDNS = "yes"; + # DNS = "1.1.1.1"; + # }; + # dhcpPrefixDelegationConfig = { + # UplinkInterface = cnf.wan; + # SubnetId = 2; + # Announce = "yes"; + # }; + #}; }; wait-online.anyInterface = true; }; diff --git a/nixos/routers/wifi-spt.nix b/nixos/routers/wifi-spt.nix index 84527fd..0ebcaa1 100644 --- a/nixos/routers/wifi-spt.nix +++ b/nixos/routers/wifi-spt.nix @@ -54,14 +54,14 @@ in { wpaPasswordFile = "/run/secrets/hostapd-TurrisRules.pass"; }; }; - "${cnf.ar9287.interface}.guest" = { - bssid = elemAt cnf.ar9287.bssids 1; - ssid = "Kocovi"; - authentication = { - mode = "wpa2-sha256"; - wpaPasswordFile = "/run/secrets/hostapd-Kocovi.pass"; - }; - }; + #"${cnf.ar9287.interface}.guest" = { + # bssid = elemAt cnf.ar9287.bssids 1; + # ssid = "Kocovi"; + # authentication = { + # mode = "wpa2-sha256"; + # wpaPasswordFile = "/run/secrets/hostapd-Kocovi.pass"; + # }; + #}; }; }; } @@ -96,14 +96,14 @@ in { wpaPasswordFile = "/run/secrets/hostapd-TurrisRules.pass"; }; }; - "${cnf.qca988x.interface}.guest" = { - bssid = elemAt cnf.qca988x.bssids 1; - ssid = "Kocovi"; - authentication = { - mode = "wpa2-sha256"; - wpaPasswordFile = "/run/secrets/hostapd-Kocovi.pass"; - }; - }; + #"${cnf.qca988x.interface}.guest" = { + # bssid = elemAt cnf.qca988x.bssids 1; + # ssid = "Kocovi"; + # authentication = { + # mode = "wpa2-sha256"; + # wpaPasswordFile = "/run/secrets/hostapd-Kocovi.pass"; + # }; + #}; }; }; }; @@ -113,53 +113,53 @@ in { "lan-${cnf.ar9287.interface}" = { matchConfig.Name = cnf.ar9287.interface; networkConfig.Bridge = "brlan"; - bridgeVLANs = [ - { - bridgeVLANConfig = { - EgressUntagged = 1; - PVID = 1; - }; - } - ]; - }; - "lan-${cnf.ar9287.interface}-guest" = { - matchConfig.Name = "${cnf.ar9287.interface}.guest"; - networkConfig.Bridge = "brlan"; - bridgeVLANs = [ - { - bridgeVLANConfig = { - EgressUntagged = 2; - PVID = 2; - }; - } - ]; + #bridgeVLANs = [ + # { + # bridgeVLANConfig = { + # EgressUntagged = 1; + # PVID = 1; + # }; + # } + #]; }; + #"lan-${cnf.ar9287.interface}-guest" = { + # matchConfig.Name = "${cnf.ar9287.interface}.guest"; + # networkConfig.Bridge = "brlan"; + # bridgeVLANs = [ + # { + # bridgeVLANConfig = { + # EgressUntagged = 2; + # PVID = 2; + # }; + # } + # ]; + #}; } // mkIf (cnf.qca988x.interface != null) { "lan-${cnf.qca988x.interface}" = { matchConfig.Name = cnf.qca988x.interface; networkConfig.Bridge = "brlan"; - bridgeVLANs = [ - { - bridgeVLANConfig = { - EgressUntagged = 1; - PVID = 1; - }; - } - ]; - }; - "lan-${cnf.qca988x.interface}-guest" = { - matchConfig.Name = "${cnf.qca988x.interface}.guest"; - networkConfig.Bridge = "brlan"; - bridgeVLANs = [ - { - bridgeVLANConfig = { - EgressUntagged = 2; - PVID = 2; - }; - } - ]; + #bridgeVLANs = [ + # { + # bridgeVLANConfig = { + # EgressUntagged = 1; + # PVID = 1; + # }; + # } + #]; }; + #"lan-${cnf.qca988x.interface}-guest" = { + # matchConfig.Name = "${cnf.qca988x.interface}.guest"; + # networkConfig.Bridge = "brlan"; + # bridgeVLANs = [ + # { + # bridgeVLANConfig = { + # EgressUntagged = 2; + # PVID = 2; + # }; + # } + # ]; + #}; }; }; } -- cgit v1.2.3