diff --git a/default.nix b/default.nix index 46daed7..885e7e2 100644 --- a/default.nix +++ b/default.nix @@ -36,6 +36,7 @@ let sources = import ./npins; pkgs = import sources.nixpkgs { }; + liminixHive = import ./liminix-hive.nix { inherit sources; }; pre-commit-check = (import sources.pre-commit-hooks).run { src = ./.; @@ -76,6 +77,7 @@ in npins colmena nixos-generators + liminixHive.liminix.pkgs.pkgsBuildBuild.min-copy-closure ] ++ (builtins.map (p: callPackage p { }) [ (sources.disko + "/package.nix") ]) ) diff --git a/liminix-hive.nix b/liminix-hive.nix new file mode 100644 index 0000000..a9be921 --- /dev/null +++ b/liminix-hive.nix @@ -0,0 +1,38 @@ +# This is a very rudimentary hive to deploy Liminix images. +{ + sources ? import ./npins, + nixpkgs ? sources.nixpkgs, + liminix ? sources.liminix, +}: +let + evalLiminix = + { config, device }: + { + primary = import liminix { + inherit device nixpkgs; + imageType = "primary"; + liminix-config = config; + }; + secondary = import liminix { + inherit device nixpkgs; + imageType = "secondary"; + liminix-config = config; + }; + }; + zyxel = { + nwa50ax = import "${liminix}/devices/zyxel-nwa50ax"; + }; +in +{ + liminix.pkgs = + (import liminix { + device = zyxel.nwa50ax; + imageType = "primary"; + liminix-config = ./machines/ap/configuration.nix; + }).pkgs; + devices = zyxel; + ap-test = evalLiminix { + config = ./machines/ap/configuration.nix; + device = zyxel.nwa50ax; + }; +} diff --git a/liminix-rebuild.nix b/liminix-rebuild.nix new file mode 100644 index 0000000..1bca642 --- /dev/null +++ b/liminix-rebuild.nix @@ -0,0 +1 @@ +{ liminix-system }: (import ./liminix-hive.nix { }).${liminix-system}.primary diff --git a/machines/ap/configuration.nix b/machines/ap/configuration.nix new file mode 100644 index 0000000..a98a93c --- /dev/null +++ b/machines/ap/configuration.nix @@ -0,0 +1,140 @@ +{ + config, + pkgs, + modulesPath, + ... +}: +let + # inherit (pkgs.liminix.services) + # oneshot + # longrun + # bundle + # target + # ; + # inherit (pkgs) writeText; + svc = config.system.service; + secrets-1 = { + ssid = "Zyxel 2G (N)"; + wpa_passphrase = "diamond dogs"; + }; + secrets-2 = { + ssid = "Zyxel 5G (AX)"; + wpa_passphrase = "diamond dogs"; + }; + baseParams = { + country_code = "FR"; + hw_mode = "g"; + channel = 6; + wmm_enabled = 1; + ieee80211n = 1; + ht_capab = "[LDPC][GF][HT40-][HT40+][SHORT-GI-40][MAX-AMSDU-7935][TX-STBC]"; + auth_algs = 1; + wpa = 2; + wpa_key_mgmt = "WPA-PSK"; + wpa_pairwise = "TKIP CCMP"; + rsn_pairwise = "CCMP"; + }; + + modernParams = { + hw_mode = "a"; + he_su_beamformer = 1; + he_su_beamformee = 1; + he_mu_beamformer = 1; + preamble = 1; + # Allow radar detection. + ieee80211d = 1; + ieee80211h = 1; + ieee80211ac = 1; + ieee80211ax = 1; + vht_capab = "[MAX-MPDU-7991][SU-BEAMFORMEE][SU-BEAMFORMER][RXLDPC][SHORT-GI-80][MAX-A-MPDU-LEN-EXP3][RX-ANTENNA-PATTERN][TX-ANTENNA-PATTERN][TX-STBC-2BY1][RX-STBC-1][MU-BEAMFORMER]"; + vht_oper_chwidth = 1; + he_oper_chwidth = 1; + channel = 36; + vht_oper_centr_freq_seg0_idx = 42; + he_oper_centr_freq_seg0_idx = 42; + require_vht = 1; + }; + mkWifiSta = + params: interface: secrets: + svc.hostapd.build { + inherit interface; + params = params // { + inherit (secrets) ssid wpa_passphrase; + }; + }; +in +rec { + imports = [ + "${modulesPath}/wlan.nix" + "${modulesPath}/network" + "${modulesPath}/hostapd" + "${modulesPath}/ssh" + "${modulesPath}/ntp" + "${modulesPath}/vlan" + "${modulesPath}/bridge" + ]; + + hostname = "zyxel"; + + users.root = { + # EDIT: choose a root password and then use + # "mkpasswd -m sha512crypt" to determine the hash. + # It should start wirh $6$. + passwd = "$y$j9T$f8GhLiqYmr3lc58eKhgyD0$z7P/7S9u.kq/cANZExxhS98bze/6i7aBxU6tbl7RMi."; + openssh.authorizedKeys.keys = [ + # EDIT: you can add your ssh pubkey here + # "ssh-rsa AAAAB3NzaC1....H6hKd user@example.com"; + ]; + }; + + services.int = svc.bridge.primary.build { ifname = "int"; }; + + services.bridge = svc.bridge.members.build { + primary = services.int; + members = with config.hardware.networkInterfaces; [ + lan + wlan0 + wlan1 + ]; + }; + + services.dhcpv4 = + let + iface = services.int; + in + svc.network.dhcp.client.build { interface = iface; }; + + services.defaultroute4 = svc.network.route.build { + via = "$(output ${services.dhcpv4} address)"; + target = "default"; + dependencies = [ services.dhcpv4 ]; + }; + + services.packet_forwarding = svc.network.forward.build { }; + services.sshd = svc.ssh.build { allowRoot = true; }; + + services.ntp = config.system.service.ntp.build { + pools = { + "pool.ntp.org" = [ "iburst" ]; + }; + }; + + boot.tftp = { + serverip = "192.0.2.10"; + ipaddr = "192.0.2.12"; + }; + + # wlan0 is the 2.4GHz interface. + services.hostap-1 = mkWifiSta baseParams config.hardware.networkInterfaces.wlan0 secrets-1; + # wlan1 is the 5GHz interface, e.g. AX capable. + services.hostap-2 = + mkWifiSta (baseParams // modernParams) config.hardware.networkInterfaces.wlan1 + secrets-2; + + defaultProfile.packages = with pkgs; [ + zyxel-bootconfig + iw + min-collect-garbage + mtdutils + ]; +} diff --git a/npins/sources.json b/npins/sources.json index 3e1f4cd..0147266 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -48,9 +48,9 @@ "repo": "liminix" }, "branch": "nwa50ax", - "revision": "baf3cf741301e696a5f614f8fb98d182a0ab0f1d", - "url": "https://github.com/RaitoBezarius/liminix/archive/baf3cf741301e696a5f614f8fb98d182a0ab0f1d.tar.gz", - "hash": "1k29bz7gxlv12pq9rqji4s27rxwg4zx93l8f7n7c0s5wza9cyzdp" + "revision": "a4aa10dcc30225a8bb8eb465abfe908629175f2c", + "url": "https://github.com/RaitoBezarius/liminix/archive/a4aa10dcc30225a8bb8eb465abfe908629175f2c.tar.gz", + "hash": "1m1sc6agg5z65lmyjl48i7sddlwm8d0zgvs8z81iammfy4jpy7qd" }, "linkal": { "type": "Git",