router: clean up and fix it
This commit is contained in:
parent
3354f5b221
commit
9acf72a648
3 changed files with 56 additions and 107 deletions
|
@ -5,13 +5,14 @@
|
|||
# wherever the text "EDIT" appears - please consult the tutorial
|
||||
# documentation for details.
|
||||
|
||||
{ config, pkgs, lib, ... } :
|
||||
{ config, pkgs, lib, modulesPath, ... } :
|
||||
let
|
||||
liminix = (import ./npins).liminix;
|
||||
inherit (pkgs.liminix.services) bundle oneshot longrun;
|
||||
inherit (pkgs) serviceFns;
|
||||
# EDIT: you can pick your preferred RFC1918 address space
|
||||
# for NATted connections, if you don't like this one.
|
||||
ipv4LocalNet = "10.8.0";
|
||||
ipv4LocalNet = "192.168.1";
|
||||
svc = config.system.service;
|
||||
|
||||
in rec {
|
||||
|
@ -23,32 +24,33 @@ in rec {
|
|||
};
|
||||
};
|
||||
|
||||
hardware.flash.eraseBlockSize = 126976;
|
||||
|
||||
imports = [
|
||||
../modules/bridge
|
||||
../modules/dhcp6c
|
||||
../modules/dnsmasq
|
||||
../modules/firewall
|
||||
../modules/hostapd
|
||||
../modules/network
|
||||
../modules/ntp
|
||||
../modules/ppp
|
||||
../modules/ssh
|
||||
../modules/standard.nix
|
||||
../modules/vlan
|
||||
../modules/wlan.nix
|
||||
"${liminix}/modules/bridge"
|
||||
"${liminix}/modules/dhcp6c"
|
||||
"${liminix}/modules/dnsmasq"
|
||||
"${liminix}/modules/firewall"
|
||||
"${liminix}/modules/hostapd"
|
||||
"${liminix}/modules/network"
|
||||
"${liminix}/modules/ntp"
|
||||
"${liminix}/modules/ssh"
|
||||
"${liminix}/modules/vlan"
|
||||
"${liminix}/modules/wlan.nix"
|
||||
"${liminix}/modules/outputs/ubimage.nix"
|
||||
];
|
||||
rootfsType = "ubifs";
|
||||
hostname = "LeJeu"; # EDIT
|
||||
hostname = "hackens-router"; # EDIT
|
||||
|
||||
services.hostap = svc.hostapd.build {
|
||||
interface = config.hardware.networkInterfaces.wlan;
|
||||
# EDIT: you will want to change the obvious things
|
||||
# here to values of your choice
|
||||
params = {
|
||||
ssid = "LeJeu";
|
||||
ssid = "The_Game";
|
||||
channel = "1";
|
||||
country_code = "FR";
|
||||
wpa_passphrase = "not a real wifi password";
|
||||
wpa_passphrase = "putainmauricetueschiant";
|
||||
|
||||
hw_mode="g";
|
||||
ieee80211n = 1;
|
||||
|
@ -66,10 +68,10 @@ in rec {
|
|||
family = "inet"; address = "${ipv4LocalNet}.1"; prefixLength = 16;
|
||||
};
|
||||
|
||||
services.bridge = svc.bridge.members.build {
|
||||
services.bridge = svc.bridge.members.build {
|
||||
primary = services.int;
|
||||
members = with config.hardware.networkInterfaces;
|
||||
[ wlan lan ];
|
||||
[ lan ];
|
||||
};
|
||||
|
||||
services.ntp = svc.ntp.build {
|
||||
|
@ -83,17 +85,16 @@ in rec {
|
|||
# EDIT: choose a root password and then use
|
||||
# "mkpasswd -m sha512crypt" to determine the hash.
|
||||
# It should start wirh $6$.
|
||||
passwd = "$6$6HG7WALLQQY1LQDE$428cnouMJ7wVmyK9.dF1uWs7t0z9ztgp3MHvN5bbeo0M4Kqg/u2ThjoSHIjCEJQlnVpDOaEKcOjXAlIClHWN21";
|
||||
passwd = "$6$UnjSEEpbfVAtIs8H$6xLsdpdpc/XvmxiiUtbHLkItuG/jTJuGm9omOLVZnpXzDThyRb6jeGS6W0LqHfNjfeErRwsZQVsvucMG4Iyda1";
|
||||
openssh.authorizedKeys.keys = [
|
||||
# EDIT: you can add your ssh pubkey here
|
||||
# "ssh-rsa AAAAB3NzaC1....H6hKd user@example.com";
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiXXYkhRh+s7ixZ8rvG8ntIqd6FELQ9hh7HoaHQJRPU Thorkell"
|
||||
];
|
||||
};
|
||||
|
||||
services.dns =
|
||||
let interface = services.int;
|
||||
in svc.dnsmasq.build {
|
||||
resolvconf = services.resolvconf;
|
||||
# resolvconf = services.resolvconf;
|
||||
inherit interface;
|
||||
ranges = [
|
||||
"${ipv4LocalNet}.10,${ipv4LocalNet}.249"
|
||||
|
@ -110,93 +111,41 @@ in rec {
|
|||
];
|
||||
# EDIT: choose a domain name for the DNS names issued for your
|
||||
# DHCP-issued hosts
|
||||
domain = "lan.example.com";
|
||||
domain = "lan.hackens.org";
|
||||
};
|
||||
|
||||
services.wan = svc.pppoe.build {
|
||||
interface = config.hardware.networkInterfaces.wan;
|
||||
ppp-options = [
|
||||
"debug" "+ipv6" "noauth"
|
||||
# EDIT: change the strings "chap-username"
|
||||
# and "chap-secret" to match the username/password
|
||||
# provided by your ISP for PPP logins
|
||||
"name" "chap-username"
|
||||
"password" "chap-secret"
|
||||
];
|
||||
};
|
||||
#services.resolvconf = oneshot rec {
|
||||
# dependencies = [ services.wan ];
|
||||
# name = "resolvconf";
|
||||
# up = ''
|
||||
# . ${serviceFns}
|
||||
# ( in_outputs ${name}
|
||||
# echo "nameserver $(output ${services.wan} ns1)" > resolv.conf
|
||||
# echo "nameserver $(output ${services.wan} ns2)" >> resolv.conf
|
||||
# chmod 0444 resolv.conf
|
||||
# )
|
||||
# '';
|
||||
#};
|
||||
|
||||
services.resolvconf = oneshot rec {
|
||||
dependencies = [ services.wan ];
|
||||
name = "resolvconf";
|
||||
up = ''
|
||||
. ${serviceFns}
|
||||
( in_outputs ${name}
|
||||
echo "nameserver $(output ${services.wan} ns1)" > resolv.conf
|
||||
echo "nameserver $(output ${services.wan} ns2)" >> resolv.conf
|
||||
chmod 0444 resolv.conf
|
||||
)
|
||||
'';
|
||||
};
|
||||
#filesystem =
|
||||
# let inherit (pkgs.pseudofile) dir symlink;
|
||||
# in dir {
|
||||
# etc = dir {
|
||||
# "resolv.conf" = symlink "${services.resolvconf}/.outputs/resolv.conf";
|
||||
# };
|
||||
# };
|
||||
|
||||
filesystem =
|
||||
let inherit (pkgs.pseudofile) dir symlink;
|
||||
in dir {
|
||||
etc = dir {
|
||||
"resolv.conf" = symlink "${services.resolvconf}/.outputs/resolv.conf";
|
||||
};
|
||||
};
|
||||
#services.defaultroute4 = svc.network.route.build {
|
||||
# via = "$(output ${services.wan} address)";
|
||||
# target = "default";
|
||||
# dependencies = [ services.wan ];
|
||||
#};
|
||||
|
||||
services.defaultroute4 = svc.network.route.build {
|
||||
via = "$(output ${services.wan} address)";
|
||||
target = "default";
|
||||
dependencies = [ services.wan ];
|
||||
};
|
||||
|
||||
services.defaultroute6 = svc.network.route.build {
|
||||
via = "$(output ${services.wan} ipv6-peer-address)";
|
||||
target = "default";
|
||||
interface = services.wan;
|
||||
};
|
||||
|
||||
services.firewall = svc.firewall.build {
|
||||
ruleset = import ./demo-firewall.nix;
|
||||
};
|
||||
# 4A:3D:B6:7F:44:F0
|
||||
# 129.199.146.30
|
||||
|
||||
services.packet_forwarding = svc.network.forward.build { };
|
||||
|
||||
# We expect the ISP uses DHCP6 to issue IPv6 addresses. There is a
|
||||
# service to request address information in the form of a DHCP
|
||||
# lease, and two dependent services that listen for updates to the
|
||||
# DHCP address information and update the addresses of the WAN and
|
||||
# LAN interfaces respectively.
|
||||
|
||||
services.dhcp6c =
|
||||
let client = svc.dhcp6c.client.build {
|
||||
interface = services.wan;
|
||||
};
|
||||
in bundle {
|
||||
name = "dhcp6c";
|
||||
contents = [
|
||||
(svc.dhcp6c.prefix.build {
|
||||
# if your ISP provides you a real IPv6 prefix for your local
|
||||
# network (usually a /64 or /48 or something in between the
|
||||
# two), this service subscribes to that "prefix delegation"
|
||||
# information, and uses it to assign an address to the LAN
|
||||
# device. dnsmasq will notice this address and use it to
|
||||
# form the addresses it hands out to devices on the lan
|
||||
inherit client;
|
||||
interface = services.int;
|
||||
})
|
||||
(svc.dhcp6c.address.build {
|
||||
# if your ISP provides you a regular global IPv6 address,
|
||||
# this service subscribes to that information and assigns
|
||||
# the address to the WAN device.
|
||||
inherit client;
|
||||
interface = services.wan;
|
||||
})
|
||||
];
|
||||
};
|
||||
|
||||
defaultProfile.packages = with pkgs; [
|
||||
min-collect-garbage
|
||||
];
|
||||
|
|
|
@ -2,4 +2,4 @@
|
|||
, nixpkgs ? (import ./npins).nixpkgs
|
||||
, liminix-config ? ./configuration.nix
|
||||
}:
|
||||
import liminix { inherit nixpkgs liminix-config; device = import (liminix + "/devices/belkin-rt3200"); }
|
||||
(import liminix { inherit nixpkgs liminix-config; device = import (liminix + "/devices/belkin-rt3200"); })
|
||||
|
|
|
@ -7,15 +7,15 @@
|
|||
"url": "https://gti.telent.net/dan/liminix"
|
||||
},
|
||||
"branch": "main",
|
||||
"revision": "98d333692645263b5866bed254681b59dc39d196",
|
||||
"revision": "83ee488e4c81124380b8bd4ff8183e632f30eb91",
|
||||
"url": null,
|
||||
"hash": "186nx05vssly3pcdpkmrwfzhxc2dfsfvvqfgxg2gnqscj2m11ldf"
|
||||
"hash": "08mpx615kpqzvwallf91gdqv8rhc2avdgfwldka598ynydlq1wnw"
|
||||
},
|
||||
"nixpkgs": {
|
||||
"type": "Channel",
|
||||
"name": "nixpkgs-unstable",
|
||||
"url": "https://releases.nixos.org/nixpkgs/nixpkgs-24.05pre555839.0c6d8c783336/nixexprs.tar.xz",
|
||||
"hash": "04dykgz00bfnbxlaw00x2s5jzzh0jjqpgkb1z0ibkd1qkfq0cfcr"
|
||||
"url": "https://releases.nixos.org/nixpkgs/nixpkgs-24.05pre567370.24fe8bb4f552/nixexprs.tar.xz",
|
||||
"hash": "1bflgzw7x8ws2xmiaappxhp331wrvjc2zc77b41ijvsiid8k0l4j"
|
||||
}
|
||||
},
|
||||
"version": 3
|
||||
|
|
Loading…
Reference in a new issue