DGNum/infrastructure
13
6
Fork 3
Code Issues 20 Pull requests 8 Projects 1 Releases Packages Wiki Activity Actions

feat: init AP management via Colmena and Liminix #110

Open
rlahfa wants to merge 28 commits from colmena-liminix into main
pull from: colmena-liminix
merge into: DGNum:main
Conversation 0 Commits 28 Files changed 18 +33 -16
4 changed files with 33 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit 8b66b2b7c3 - Show all commits

17
machines/ap01/_configuration.nix
View file

@ -14,11 +14,11 @@ let
# inherit (pkgs) writeText; # inherit (pkgs) writeText;
svc = config.system.service; svc = config.system.service;
secrets-1 = { secrets-1 = {
ssid = "Zyxel 2G (N)"; ssid = "DGNum 2G prototype (N)";
wpa_passphrase = "diamond dogs"; wpa_passphrase = "diamond dogs";
}; };
secrets-2 = { secrets-2 = {
ssid = "Zyxel 5G (AX)"; ssid = "DGNum 5G prototype (AX)";
wpa_passphrase = "diamond dogs"; wpa_passphrase = "diamond dogs";
}; };
baseParams = { baseParams = {
@ -72,19 +72,20 @@ rec {
"${modulesPath}/ntp" "${modulesPath}/ntp"
"${modulesPath}/vlan" "${modulesPath}/vlan"
"${modulesPath}/bridge" "${modulesPath}/bridge"
../../modules/dgn-access-control.nix
# TODO: god that's so a fucking hack.
(import "${modulesPath}/../devices/zyxel-nwa50ax").module
]; ];
hostname = "zyxel"; hostname = "ap01-prototype";
# SSH keys are handled by the access control module.
dgn-access-control.enable = true;
users.root = { users.root = {
# EDIT: choose a root password and then use # EDIT: choose a root password and then use
# "mkpasswd -m sha512crypt" to determine the hash. # "mkpasswd -m sha512crypt" to determine the hash.
# It should start wirh $6$. # It should start wirh $6$.
passwd = "$y$j9T$f8GhLiqYmr3lc58eKhgyD0$z7P/7S9u.kq/cANZExxhS98bze/6i7aBxU6tbl7RMi."; passwd = "$6$jVXFFOp8HBYmgINR$lutB4kvw.W1jlXRby9ZYAgBitQ32RxQdYAGN.s2x4ris8J07vM6tzlRBQoeLELOIEMClDzbciQV0itfHQnTqd1";
openssh.authorizedKeys.keys = [
# EDIT: you can add your ssh pubkey here
# "ssh-rsa AAAAB3NzaC1....H6hKd user@example.com";
];
}; };
services.int = svc.bridge.primary.build { ifname = "int"; }; services.int = svc.bridge.primary.build { ifname = "int"; };

1
meta/nodes.nix
View file

@ -90,6 +90,7 @@
# Access points definition # Access points definition
ap01 = { ap01 = {
site = "unknown"; site = "unknown";
adminGroups = [ "fai" ];
system = "zyxel-nwa50ax"; system = "zyxel-nwa50ax";
}; };

6
meta/organization.nix
View file

@ -87,6 +87,12 @@
"fai" "fai"
]; ];
# AP administration DGNum
ap.adminGroups = [
"root"
"fai"
];
# Videos DGNum # Videos DGNum
peertube.admins = [ "thubrecht" ]; peertube.admins = [ "thubrecht" ];
}; };

25
modules/dgn-access-control.nix
View file

@ -44,6 +44,7 @@ let
mkDefault mkDefault
mkEnableOption mkEnableOption
mkIf mkIf
mkMerge
mkOption mkOption
types types
@ -78,12 +79,20 @@ in
}; };
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable (mkMerge [
# Admins have root access to the node {
dgn-access-control.users.root = mkDefault admins; # Admins have root access to the node
dgn-access-control.users.root = mkDefault admins;
users.users = builtins.mapAttrs (_: members: { }
openssh.authorizedKeys.keys = lib.extra.getAllKeys members; (mkIf (nodeMeta.system == "nixos") {
}) cfg.users; users.users = builtins.mapAttrs (_: members: {
}; openssh.authorizedKeys.keys = lib.extra.getAllKeys members;
}) cfg.users;
})
(mkIf (nodeMeta.system == "zyxel-nwa50ax") {
users = builtins.mapAttrs (_: members: {
openssh.authorizedKeys.keys = lib.extra.getAllKeys members;
}) cfg.users;
})
]);
} }