HackENS/hackens-org-configurations
5
0
Fork 0
Code Issues 2 Pull requests 1 Projects Releases Packages Wiki Activity

router: clean up and fix it

Browse source
This commit is contained in:
Raito Bezarius 2024-01-11 01:25:59 +01:00
parent 3354f5b221
commit 9acf72a648
3 changed files with 56 additions and 107 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

153
machines/router/configuration.nix
View file

@ -5,13 +5,14 @@
# wherever the text "EDIT" appears - please consult the tutorial
# documentation for details.
{ config, pkgs, lib, ... } :
{ config, pkgs, lib, modulesPath, ... } :
let
liminix = (import ./npins).liminix;
inherit (pkgs.liminix.services) bundle oneshot longrun;
inherit (pkgs) serviceFns;
# EDIT: you can pick your preferred RFC1918 address space
# for NATted connections, if you don't like this one.
ipv4LocalNet = "10.8.0";
ipv4LocalNet = "192.168.1";
svc = config.system.service;
in rec {
@ -23,32 +24,33 @@ in rec {
};
};
hardware.flash.eraseBlockSize = 126976;
imports = [
../modules/bridge
../modules/dhcp6c
../modules/dnsmasq
../modules/firewall
../modules/hostapd
../modules/network
../modules/ntp
../modules/ppp
../modules/ssh
../modules/standard.nix
../modules/vlan
../modules/wlan.nix
"${liminix}/modules/bridge"
"${liminix}/modules/dhcp6c"
"${liminix}/modules/dnsmasq"
"${liminix}/modules/firewall"
"${liminix}/modules/hostapd"
"${liminix}/modules/network"
"${liminix}/modules/ntp"
"${liminix}/modules/ssh"
"${liminix}/modules/vlan"
"${liminix}/modules/wlan.nix"
"${liminix}/modules/outputs/ubimage.nix"
];
rootfsType = "ubifs";
hostname = "LeJeu"; # EDIT
hostname = "hackens-router"; # EDIT
services.hostap = svc.hostapd.build {
interface = config.hardware.networkInterfaces.wlan;
# EDIT: you will want to change the obvious things
# here to values of your choice
params = {
ssid = "LeJeu";
ssid = "The_Game";
channel = "1";
country_code = "FR";
wpa_passphrase = "not a real wifi password";
wpa_passphrase = "putainmauricetueschiant";
hw_mode="g";
ieee80211n = 1;
@ -66,10 +68,10 @@ in rec {
family = "inet"; address = "${ipv4LocalNet}.1"; prefixLength = 16;
};
services.bridge = svc.bridge.members.build {
services.bridge = svc.bridge.members.build {
primary = services.int;
members = with config.hardware.networkInterfaces;
[ wlan lan ];
[ lan ];
};
services.ntp = svc.ntp.build {
@ -83,17 +85,16 @@ in rec {
# EDIT: choose a root password and then use
# "mkpasswd -m sha512crypt" to determine the hash.
# It should start wirh $6$.
passwd = "$6$6HG7WALLQQY1LQDE$428cnouMJ7wVmyK9.dF1uWs7t0z9ztgp3MHvN5bbeo0M4Kqg/u2ThjoSHIjCEJQlnVpDOaEKcOjXAlIClHWN21";
passwd = "$6$UnjSEEpbfVAtIs8H$6xLsdpdpc/XvmxiiUtbHLkItuG/jTJuGm9omOLVZnpXzDThyRb6jeGS6W0LqHfNjfeErRwsZQVsvucMG4Iyda1";
openssh.authorizedKeys.keys = [
# EDIT: you can add your ssh pubkey here
# "ssh-rsa AAAAB3NzaC1....H6hKd user@example.com";
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiXXYkhRh+s7ixZ8rvG8ntIqd6FELQ9hh7HoaHQJRPU Thorkell"
];
};
services.dns =
let interface = services.int;
in svc.dnsmasq.build {
resolvconf = services.resolvconf;
# resolvconf = services.resolvconf;
inherit interface;
ranges = [
"${ipv4LocalNet}.10,${ipv4LocalNet}.249"
@ -110,93 +111,41 @@ in rec {
];
# EDIT: choose a domain name for the DNS names issued for your
# DHCP-issued hosts
domain = "lan.example.com";
domain = "lan.hackens.org";
};
services.wan = svc.pppoe.build {
interface = config.hardware.networkInterfaces.wan;
ppp-options = [
"debug" "+ipv6" "noauth"
# EDIT: change the strings "chap-username"
# and "chap-secret" to match the username/password
# provided by your ISP for PPP logins
"name" "chap-username"
"password" "chap-secret"
];
};
#services.resolvconf = oneshot rec {
# dependencies = [ services.wan ];
# name = "resolvconf";
# up = ''
# . ${serviceFns}
# ( in_outputs ${name}
# echo "nameserver $(output ${services.wan} ns1)" > resolv.conf
# echo "nameserver $(output ${services.wan} ns2)" >> resolv.conf
# chmod 0444 resolv.conf
# )
# '';
#};
services.resolvconf = oneshot rec {
dependencies = [ services.wan ];
name = "resolvconf";
up = ''
. ${serviceFns}
( in_outputs ${name}
echo "nameserver $(output ${services.wan} ns1)" > resolv.conf
echo "nameserver $(output ${services.wan} ns2)" >> resolv.conf
chmod 0444 resolv.conf
)
'';
};
#filesystem =
# let inherit (pkgs.pseudofile) dir symlink;
# in dir {
# etc = dir {
# "resolv.conf" = symlink "${services.resolvconf}/.outputs/resolv.conf";
# };
# };
filesystem =
let inherit (pkgs.pseudofile) dir symlink;
in dir {
etc = dir {
"resolv.conf" = symlink "${services.resolvconf}/.outputs/resolv.conf";
};
};
#services.defaultroute4 = svc.network.route.build {
# via = "$(output ${services.wan} address)";
# target = "default";
# dependencies = [ services.wan ];
#};
services.defaultroute4 = svc.network.route.build {
via = "$(output ${services.wan} address)";
target = "default";
dependencies = [ services.wan ];
};
services.defaultroute6 = svc.network.route.build {
via = "$(output ${services.wan} ipv6-peer-address)";
target = "default";
interface = services.wan;
};
services.firewall = svc.firewall.build {
ruleset = import ./demo-firewall.nix;
};
# 4A:3D:B6:7F:44:F0
# 129.199.146.30
services.packet_forwarding = svc.network.forward.build { };
# We expect the ISP uses DHCP6 to issue IPv6 addresses. There is a
# service to request address information in the form of a DHCP
# lease, and two dependent services that listen for updates to the
# DHCP address information and update the addresses of the WAN and
# LAN interfaces respectively.
services.dhcp6c =
let client = svc.dhcp6c.client.build {
interface = services.wan;
};
in bundle {
name = "dhcp6c";
contents = [
(svc.dhcp6c.prefix.build {
# if your ISP provides you a real IPv6 prefix for your local
# network (usually a /64 or /48 or something in between the
# two), this service subscribes to that "prefix delegation"
# information, and uses it to assign an address to the LAN
# device. dnsmasq will notice this address and use it to
# form the addresses it hands out to devices on the lan
inherit client;
interface = services.int;
})
(svc.dhcp6c.address.build {
# if your ISP provides you a regular global IPv6 address,
# this service subscribes to that information and assigns
# the address to the WAN device.
inherit client;
interface = services.wan;
})
];
};
defaultProfile.packages = with pkgs; [
min-collect-garbage
];

2
machines/router/default.nix
View file

@ -2,4 +2,4 @@
, nixpkgs ? (import ./npins).nixpkgs
, liminix-config ? ./configuration.nix
}:
import liminix { inherit nixpkgs liminix-config; device = import (liminix + "/devices/belkin-rt3200"); }
(import liminix { inherit nixpkgs liminix-config; device = import (liminix + "/devices/belkin-rt3200"); })

8
machines/router/npins/sources.json
View file

@ -7,15 +7,15 @@
"url": "https://gti.telent.net/dan/liminix"
},
"branch": "main",
"revision": "98d333692645263b5866bed254681b59dc39d196",
"revision": "83ee488e4c81124380b8bd4ff8183e632f30eb91",
"url": null,
"hash": "186nx05vssly3pcdpkmrwfzhxc2dfsfvvqfgxg2gnqscj2m11ldf"
"hash": "08mpx615kpqzvwallf91gdqv8rhc2avdgfwldka598ynydlq1wnw"
},
"nixpkgs": {
"type": "Channel",
"name": "nixpkgs-unstable",
"url": "https://releases.nixos.org/nixpkgs/nixpkgs-24.05pre555839.0c6d8c783336/nixexprs.tar.xz",
"hash": "04dykgz00bfnbxlaw00x2s5jzzh0jjqpgkb1z0ibkd1qkfq0cfcr"
"url": "https://releases.nixos.org/nixpkgs/nixpkgs-24.05pre567370.24fe8bb4f552/nixexprs.tar.xz",
"hash": "1bflgzw7x8ws2xmiaappxhp331wrvjc2zc77b41ijvsiid8k0l4j"
}
},
"version": 3