HackENS/hackens-org-configurations
5
0
Fork 0
Code Issues 2 Pull requests 1 Projects Releases Packages Wiki Activity
hackens-org-configurations/machines/router/configuration.nix

153 lines
4.6 KiB
Nix
Raw Normal View History

big refactor
2023-12-04 17:42:06 +01:00
# This is an example configuration for a "typical" small office/home
# router and wifi access point.
# You need to copy it to another filename and change the configuration
# wherever the text "EDIT" appears - please consult the tutorial
# documentation for details.
router: clean up and fix it
2024-01-11 01:25:59 +01:00
{ config, pkgs, lib, modulesPath, ... } :
big refactor
2023-12-04 17:42:06 +01:00
let
router: clean up and fix it
2024-01-11 01:25:59 +01:00
liminix = (import ./npins).liminix;
big refactor
2023-12-04 17:42:06 +01:00
inherit (pkgs.liminix.services) bundle oneshot longrun;
inherit (pkgs) serviceFns;
# EDIT: you can pick your preferred RFC1918 address space
# for NATted connections, if you don't like this one.
router: clean up and fix it
2024-01-11 01:25:59 +01:00
ipv4LocalNet = "192.168.1";
big refactor
2023-12-04 17:42:06 +01:00
svc = config.system.service;
in rec {
boot = {
tftp = {
freeSpaceBytes = 3 * 1024 * 1024;
serverip = "10.0.0.1";
ipaddr = "10.0.0.8";
};
};
router: clean up and fix it
2024-01-11 01:25:59 +01:00
hardware.flash.eraseBlockSize = 126976;
big refactor
2023-12-04 17:42:06 +01:00
imports = [
router: clean up and fix it
2024-01-11 01:25:59 +01:00
"${liminix}/modules/bridge"
"${liminix}/modules/dhcp6c"
"${liminix}/modules/dnsmasq"
"${liminix}/modules/firewall"
"${liminix}/modules/hostapd"
"${liminix}/modules/network"
"${liminix}/modules/ntp"
"${liminix}/modules/ssh"
"${liminix}/modules/vlan"
"${liminix}/modules/wlan.nix"
"${liminix}/modules/outputs/ubimage.nix"
big refactor
2023-12-04 17:42:06 +01:00
];
rootfsType = "ubifs";
router: clean up and fix it
2024-01-11 01:25:59 +01:00
hostname = "hackens-router"; # EDIT
big refactor
2023-12-04 17:42:06 +01:00
services.hostap = svc.hostapd.build {
interface = config.hardware.networkInterfaces.wlan;
# EDIT: you will want to change the obvious things
# here to values of your choice
params = {
router: clean up and fix it
2024-01-11 01:25:59 +01:00
ssid = "The_Game";
big refactor
2023-12-04 17:42:06 +01:00
channel = "1";
country_code = "FR";
router: clean up and fix it
2024-01-11 01:25:59 +01:00
wpa_passphrase = "putainmauricetueschiant";
big refactor
2023-12-04 17:42:06 +01:00
hw_mode="g";
ieee80211n = 1;
auth_algs = 1; # 1=wpa2, 2=wep, 3=both
wpa = 2; # 1=wpa, 2=wpa2, 3=both
wpa_key_mgmt = "WPA-PSK";
wpa_pairwise = "TKIP CCMP"; # auth for wpa (may not need this?)
rsn_pairwise = "CCMP"; # auth for wpa2
wmm_enabled = 1;
};
};
services.int = svc.network.address.build {
interface = svc.bridge.primary.build { ifname = "int"; };
family = "inet"; address = "${ipv4LocalNet}.1"; prefixLength = 16;
};
router: clean up and fix it
2024-01-11 01:25:59 +01:00
services.bridge = svc.bridge.members.build {
big refactor
2023-12-04 17:42:06 +01:00
primary = services.int;
members = with config.hardware.networkInterfaces;
router: clean up and fix it
2024-01-11 01:25:59 +01:00
[ lan ];
big refactor
2023-12-04 17:42:06 +01:00
};
services.ntp = svc.ntp.build {
pools = { "pool.ntp.org" = ["iburst"]; };
makestep = { threshold = 1.0; limit = 3; };
};
services.sshd = svc.ssh.build { };
users.root = {
# EDIT: choose a root password and then use
# "mkpasswd -m sha512crypt" to determine the hash.
# It should start wirh $6$.
router: clean up and fix it
2024-01-11 01:25:59 +01:00
passwd = "$6$UnjSEEpbfVAtIs8H$6xLsdpdpc/XvmxiiUtbHLkItuG/jTJuGm9omOLVZnpXzDThyRb6jeGS6W0LqHfNjfeErRwsZQVsvucMG4Iyda1";
big refactor
2023-12-04 17:42:06 +01:00
openssh.authorizedKeys.keys = [
router: clean up and fix it
2024-01-11 01:25:59 +01:00
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiXXYkhRh+s7ixZ8rvG8ntIqd6FELQ9hh7HoaHQJRPU Thorkell"
big refactor
2023-12-04 17:42:06 +01:00
];
};
services.dns =
let interface = services.int;
in svc.dnsmasq.build {
router: clean up and fix it
2024-01-11 01:25:59 +01:00
# resolvconf = services.resolvconf;
big refactor
2023-12-04 17:42:06 +01:00
inherit interface;
ranges = [
"${ipv4LocalNet}.10,${ipv4LocalNet}.249"
# EDIT: ... maybe. In this example we use "ra-stateless",
# meaning dnsmasq sends router advertisements with the O and A
# bits set, and provides a stateless DHCP service. The client
# will use a SLAAC address, and use DHCP for other
# configuration information.
# If you didn't understand the preceding sentence then
# the default is _probably_ fine, but if you need
# a DHCP-only IPv6 network or some other different
# configuration, this is the place to change it.
"::,constructor:$(output ${interface} ifname),ra-stateless"
];
# EDIT: choose a domain name for the DNS names issued for your
# DHCP-issued hosts
router: clean up and fix it
2024-01-11 01:25:59 +01:00
domain = "lan.hackens.org";
big refactor
2023-12-04 17:42:06 +01:00
};
router: clean up and fix it
2024-01-11 01:25:59 +01:00
#services.resolvconf = oneshot rec {
# dependencies = [ services.wan ];
# name = "resolvconf";
# up = ''
# . ${serviceFns}
# ( in_outputs ${name}
# echo "nameserver $(output ${services.wan} ns1)" > resolv.conf
# echo "nameserver $(output ${services.wan} ns2)" >> resolv.conf
# chmod 0444 resolv.conf
# )
# '';
#};
#filesystem =
# let inherit (pkgs.pseudofile) dir symlink;
# in dir {
# etc = dir {
# "resolv.conf" = symlink "${services.resolvconf}/.outputs/resolv.conf";
# };
# };
#services.defaultroute4 = svc.network.route.build {
# via = "$(output ${services.wan} address)";
# target = "default";
# dependencies = [ services.wan ];
#};
# 4A:3D:B6:7F:44:F0
# 129.199.146.30
big refactor
2023-12-04 17:42:06 +01:00
services.packet_forwarding = svc.network.forward.build { };
defaultProfile.packages = with pkgs; [
min-collect-garbage
];
}
Reference in a new issue Copy permalink