diff --git a/machines/router/configuration.nix b/machines/router/configuration.nix index 22b339e..5538be4 100644 --- a/machines/router/configuration.nix +++ b/machines/router/configuration.nix @@ -5,13 +5,14 @@ # wherever the text "EDIT" appears - please consult the tutorial # documentation for details. -{ config, pkgs, lib, ... } : +{ config, pkgs, lib, modulesPath, ... } : let + liminix = (import ./npins).liminix; inherit (pkgs.liminix.services) bundle oneshot longrun; inherit (pkgs) serviceFns; # EDIT: you can pick your preferred RFC1918 address space # for NATted connections, if you don't like this one. - ipv4LocalNet = "10.8.0"; + ipv4LocalNet = "192.168.1"; svc = config.system.service; in rec { @@ -23,32 +24,33 @@ in rec { }; }; + hardware.flash.eraseBlockSize = 126976; + imports = [ - ../modules/bridge - ../modules/dhcp6c - ../modules/dnsmasq - ../modules/firewall - ../modules/hostapd - ../modules/network - ../modules/ntp - ../modules/ppp - ../modules/ssh - ../modules/standard.nix - ../modules/vlan - ../modules/wlan.nix + "${liminix}/modules/bridge" + "${liminix}/modules/dhcp6c" + "${liminix}/modules/dnsmasq" + "${liminix}/modules/firewall" + "${liminix}/modules/hostapd" + "${liminix}/modules/network" + "${liminix}/modules/ntp" + "${liminix}/modules/ssh" + "${liminix}/modules/vlan" + "${liminix}/modules/wlan.nix" + "${liminix}/modules/outputs/ubimage.nix" ]; rootfsType = "ubifs"; - hostname = "LeJeu"; # EDIT + hostname = "hackens-router"; # EDIT services.hostap = svc.hostapd.build { interface = config.hardware.networkInterfaces.wlan; # EDIT: you will want to change the obvious things # here to values of your choice params = { - ssid = "LeJeu"; + ssid = "The_Game"; channel = "1"; country_code = "FR"; - wpa_passphrase = "not a real wifi password"; + wpa_passphrase = "putainmauricetueschiant"; hw_mode="g"; ieee80211n = 1; @@ -66,10 +68,10 @@ in rec { family = "inet"; address = "${ipv4LocalNet}.1"; prefixLength = 16; }; - services.bridge = svc.bridge.members.build { + services.bridge = svc.bridge.members.build { primary = services.int; members = with config.hardware.networkInterfaces; - [ wlan lan ]; + [ lan ]; }; services.ntp = svc.ntp.build { @@ -83,17 +85,16 @@ in rec { # EDIT: choose a root password and then use # "mkpasswd -m sha512crypt" to determine the hash. # It should start wirh $6$. - passwd = "$6$6HG7WALLQQY1LQDE$428cnouMJ7wVmyK9.dF1uWs7t0z9ztgp3MHvN5bbeo0M4Kqg/u2ThjoSHIjCEJQlnVpDOaEKcOjXAlIClHWN21"; + passwd = "$6$UnjSEEpbfVAtIs8H$6xLsdpdpc/XvmxiiUtbHLkItuG/jTJuGm9omOLVZnpXzDThyRb6jeGS6W0LqHfNjfeErRwsZQVsvucMG4Iyda1"; openssh.authorizedKeys.keys = [ - # EDIT: you can add your ssh pubkey here - # "ssh-rsa AAAAB3NzaC1....H6hKd user@example.com"; + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiXXYkhRh+s7ixZ8rvG8ntIqd6FELQ9hh7HoaHQJRPU Thorkell" ]; }; services.dns = let interface = services.int; in svc.dnsmasq.build { - resolvconf = services.resolvconf; + # resolvconf = services.resolvconf; inherit interface; ranges = [ "${ipv4LocalNet}.10,${ipv4LocalNet}.249" @@ -110,93 +111,41 @@ in rec { ]; # EDIT: choose a domain name for the DNS names issued for your # DHCP-issued hosts - domain = "lan.example.com"; + domain = "lan.hackens.org"; }; - services.wan = svc.pppoe.build { - interface = config.hardware.networkInterfaces.wan; - ppp-options = [ - "debug" "+ipv6" "noauth" - # EDIT: change the strings "chap-username" - # and "chap-secret" to match the username/password - # provided by your ISP for PPP logins - "name" "chap-username" - "password" "chap-secret" - ]; - }; + #services.resolvconf = oneshot rec { + # dependencies = [ services.wan ]; + # name = "resolvconf"; + # up = '' + # . ${serviceFns} + # ( in_outputs ${name} + # echo "nameserver $(output ${services.wan} ns1)" > resolv.conf + # echo "nameserver $(output ${services.wan} ns2)" >> resolv.conf + # chmod 0444 resolv.conf + # ) + # ''; + #}; - services.resolvconf = oneshot rec { - dependencies = [ services.wan ]; - name = "resolvconf"; - up = '' - . ${serviceFns} - ( in_outputs ${name} - echo "nameserver $(output ${services.wan} ns1)" > resolv.conf - echo "nameserver $(output ${services.wan} ns2)" >> resolv.conf - chmod 0444 resolv.conf - ) - ''; - }; + #filesystem = + # let inherit (pkgs.pseudofile) dir symlink; + # in dir { + # etc = dir { + # "resolv.conf" = symlink "${services.resolvconf}/.outputs/resolv.conf"; + # }; + # }; - filesystem = - let inherit (pkgs.pseudofile) dir symlink; - in dir { - etc = dir { - "resolv.conf" = symlink "${services.resolvconf}/.outputs/resolv.conf"; - }; - }; + #services.defaultroute4 = svc.network.route.build { + # via = "$(output ${services.wan} address)"; + # target = "default"; + # dependencies = [ services.wan ]; + #}; - services.defaultroute4 = svc.network.route.build { - via = "$(output ${services.wan} address)"; - target = "default"; - dependencies = [ services.wan ]; - }; - - services.defaultroute6 = svc.network.route.build { - via = "$(output ${services.wan} ipv6-peer-address)"; - target = "default"; - interface = services.wan; - }; - - services.firewall = svc.firewall.build { - ruleset = import ./demo-firewall.nix; - }; + # 4A:3D:B6:7F:44:F0 + # 129.199.146.30 services.packet_forwarding = svc.network.forward.build { }; - # We expect the ISP uses DHCP6 to issue IPv6 addresses. There is a - # service to request address information in the form of a DHCP - # lease, and two dependent services that listen for updates to the - # DHCP address information and update the addresses of the WAN and - # LAN interfaces respectively. - - services.dhcp6c = - let client = svc.dhcp6c.client.build { - interface = services.wan; - }; - in bundle { - name = "dhcp6c"; - contents = [ - (svc.dhcp6c.prefix.build { - # if your ISP provides you a real IPv6 prefix for your local - # network (usually a /64 or /48 or something in between the - # two), this service subscribes to that "prefix delegation" - # information, and uses it to assign an address to the LAN - # device. dnsmasq will notice this address and use it to - # form the addresses it hands out to devices on the lan - inherit client; - interface = services.int; - }) - (svc.dhcp6c.address.build { - # if your ISP provides you a regular global IPv6 address, - # this service subscribes to that information and assigns - # the address to the WAN device. - inherit client; - interface = services.wan; - }) - ]; - }; - defaultProfile.packages = with pkgs; [ min-collect-garbage ]; diff --git a/machines/router/default.nix b/machines/router/default.nix index 61273b9..129774b 100644 --- a/machines/router/default.nix +++ b/machines/router/default.nix @@ -2,4 +2,4 @@ , nixpkgs ? (import ./npins).nixpkgs , liminix-config ? ./configuration.nix }: -import liminix { inherit nixpkgs liminix-config; device = import (liminix + "/devices/belkin-rt3200"); } +(import liminix { inherit nixpkgs liminix-config; device = import (liminix + "/devices/belkin-rt3200"); }) diff --git a/machines/router/npins/sources.json b/machines/router/npins/sources.json index 8bb04b1..6ed6fa4 100644 --- a/machines/router/npins/sources.json +++ b/machines/router/npins/sources.json @@ -7,15 +7,15 @@ "url": "https://gti.telent.net/dan/liminix" }, "branch": "main", - "revision": "98d333692645263b5866bed254681b59dc39d196", + "revision": "83ee488e4c81124380b8bd4ff8183e632f30eb91", "url": null, - "hash": "186nx05vssly3pcdpkmrwfzhxc2dfsfvvqfgxg2gnqscj2m11ldf" + "hash": "08mpx615kpqzvwallf91gdqv8rhc2avdgfwldka598ynydlq1wnw" }, "nixpkgs": { "type": "Channel", "name": "nixpkgs-unstable", - "url": "https://releases.nixos.org/nixpkgs/nixpkgs-24.05pre555839.0c6d8c783336/nixexprs.tar.xz", - "hash": "04dykgz00bfnbxlaw00x2s5jzzh0jjqpgkb1z0ibkd1qkfq0cfcr" + "url": "https://releases.nixos.org/nixpkgs/nixpkgs-24.05pre567370.24fe8bb4f552/nixexprs.tar.xz", + "hash": "1bflgzw7x8ws2xmiaappxhp331wrvjc2zc77b41ijvsiid8k0l4j" } }, "version": 3