router: clean up and fix it

machines/router/configuration.nix

@@ -5,13 +5,14 @@
 # wherever the text "EDIT" appears - please consult the tutorial
 # documentation for details.
 
-{ config, pkgs, lib, ... } :
+{ config, pkgs, lib, modulesPath, ... } :
 let
+  liminix = (import ./npins).liminix;
   inherit (pkgs.liminix.services) bundle oneshot longrun;
   inherit (pkgs) serviceFns;
   # EDIT: you can pick your preferred RFC1918 address space
   # for NATted connections, if you don't like this one.
-  ipv4LocalNet = "10.8.0";
+  ipv4LocalNet = "192.168.1";
   svc = config.system.service;
 
 in rec {
@@ -23,32 +24,33 @@ in rec {
     };
   };
 
+  hardware.flash.eraseBlockSize = 126976;
+
   imports = [
-    ../modules/bridge
+    "${liminix}/modules/bridge"
-    ../modules/dhcp6c
+    "${liminix}/modules/dhcp6c"
-    ../modules/dnsmasq
+    "${liminix}/modules/dnsmasq"
-    ../modules/firewall
+    "${liminix}/modules/firewall"
-    ../modules/hostapd
+    "${liminix}/modules/hostapd"
-    ../modules/network
+    "${liminix}/modules/network"
-    ../modules/ntp
+    "${liminix}/modules/ntp"
-    ../modules/ppp
+    "${liminix}/modules/ssh"
-    ../modules/ssh
+    "${liminix}/modules/vlan"
-    ../modules/standard.nix
+    "${liminix}/modules/wlan.nix"
-    ../modules/vlan
+    "${liminix}/modules/outputs/ubimage.nix"
-    ../modules/wlan.nix
   ];
   rootfsType = "ubifs";
-  hostname = "LeJeu"; # EDIT
+  hostname = "hackens-router"; # EDIT
 
   services.hostap = svc.hostapd.build {
     interface = config.hardware.networkInterfaces.wlan;
     # EDIT: you will want to change the obvious things
     # here to values of your choice
     params = {
-      ssid = "LeJeu";
+      ssid = "The_Game";
       channel = "1";
       country_code = "FR";
-      wpa_passphrase = "not a real wifi password";
+      wpa_passphrase = "putainmauricetueschiant";
 
       hw_mode="g";
       ieee80211n = 1;
@@ -69,7 +71,7 @@ in rec {
   services.bridge = svc.bridge.members.build {
     primary = services.int;
     members = with config.hardware.networkInterfaces;
-      [ wlan lan ];
+      [ lan ];
   };
 
   services.ntp = svc.ntp.build {
@@ -83,17 +85,16 @@ in rec {
     # EDIT: choose a root password and then use
     # "mkpasswd -m sha512crypt" to determine the hash.
     # It should start wirh $6$.
-    passwd = "$6$6HG7WALLQQY1LQDE$428cnouMJ7wVmyK9.dF1uWs7t0z9ztgp3MHvN5bbeo0M4Kqg/u2ThjoSHIjCEJQlnVpDOaEKcOjXAlIClHWN21";
+    passwd = "$6$UnjSEEpbfVAtIs8H$6xLsdpdpc/XvmxiiUtbHLkItuG/jTJuGm9omOLVZnpXzDThyRb6jeGS6W0LqHfNjfeErRwsZQVsvucMG4Iyda1";
     openssh.authorizedKeys.keys = [
-      # EDIT: you can add your ssh pubkey here
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiXXYkhRh+s7ixZ8rvG8ntIqd6FELQ9hh7HoaHQJRPU Thorkell"
-      # "ssh-rsa AAAAB3NzaC1....H6hKd user@example.com";
     ];
   };
 
   services.dns =
     let interface = services.int;
     in svc.dnsmasq.build {
-      resolvconf = services.resolvconf;
+      # resolvconf = services.resolvconf;
       inherit interface;
       ranges = [
         "${ipv4LocalNet}.10,${ipv4LocalNet}.249"
@@ -110,93 +111,41 @@ in rec {
       ];
       # EDIT: choose a domain name for the DNS names issued for your
       # DHCP-issued hosts
-      domain = "lan.example.com";
+      domain = "lan.hackens.org";
     };
 
-  services.wan = svc.pppoe.build {
+  #services.resolvconf = oneshot rec {
-    interface = config.hardware.networkInterfaces.wan;
+  #  dependencies = [ services.wan ];
-    ppp-options = [
+  #  name = "resolvconf";
-      "debug" "+ipv6" "noauth"
+  #  up = ''
-      # EDIT: change the strings "chap-username"
+  #    . ${serviceFns}
-      # and "chap-secret" to match the username/password
+  #    ( in_outputs ${name}
-      # provided by your ISP for PPP logins
+  #     echo "nameserver $(output ${services.wan} ns1)" > resolv.conf
-      "name" "chap-username"
+  #     echo "nameserver $(output ${services.wan} ns2)" >> resolv.conf
-      "password" "chap-secret"
+  #     chmod 0444 resolv.conf
-    ];
+  #    )
-  };
+  #  '';
+  #};
 
-  services.resolvconf = oneshot rec {
+  #filesystem =
-    dependencies = [ services.wan ];
+  #  let inherit (pkgs.pseudofile) dir symlink;
-    name = "resolvconf";
+  #  in dir {
-    up = ''
+  #    etc = dir {
-      . ${serviceFns}
+  #      "resolv.conf" = symlink "${services.resolvconf}/.outputs/resolv.conf";
-      ( in_outputs ${name}
+  #    };
-       echo "nameserver $(output ${services.wan} ns1)" > resolv.conf
+  #  };
-       echo "nameserver $(output ${services.wan} ns2)" >> resolv.conf
-       chmod 0444 resolv.conf
-      )
-    '';
-  };
 
-  filesystem =
+  #services.defaultroute4 = svc.network.route.build {
-    let inherit (pkgs.pseudofile) dir symlink;
+  #  via = "$(output ${services.wan} address)";
-    in dir {
+  #  target = "default";
-      etc = dir {
+  #  dependencies = [ services.wan ];
-        "resolv.conf" = symlink "${services.resolvconf}/.outputs/resolv.conf";
+  #};
-      };
-    };
 
-  services.defaultroute4 = svc.network.route.build {
+  # 4A:3D:B6:7F:44:F0
-    via = "$(output ${services.wan} address)";
+  # 129.199.146.30
-    target = "default";
-    dependencies = [ services.wan ];
-  };
-
-  services.defaultroute6 = svc.network.route.build {
-    via = "$(output ${services.wan} ipv6-peer-address)";
-    target = "default";
-    interface = services.wan;
-  };
-
-  services.firewall = svc.firewall.build {
-    ruleset = import ./demo-firewall.nix;
-  };
 
   services.packet_forwarding = svc.network.forward.build { };
 
-  # We expect the ISP uses DHCP6 to issue IPv6 addresses. There is a
-  # service to request address information in the form of a DHCP
-  # lease, and two dependent services that listen for updates to the
-  # DHCP address information and update the addresses of the WAN and
-  # LAN interfaces respectively.
-
-  services.dhcp6c =
-    let client = svc.dhcp6c.client.build {
-          interface = services.wan;
-        };
-    in bundle {
-      name = "dhcp6c";
-      contents = [
-        (svc.dhcp6c.prefix.build {
-          # if your ISP provides you a real IPv6 prefix for your local
-          # network (usually a /64 or /48 or something in between the
-          # two), this service subscribes to that "prefix delegation"
-          # information, and uses it to assign an address to the LAN
-          # device. dnsmasq will notice this address and use it to
-          # form the addresses it hands out to devices on the lan
-          inherit client;
-          interface = services.int;
-        })
-        (svc.dhcp6c.address.build {
-          # if your ISP provides you a regular global IPv6 address,
-          # this service subscribes to that information and assigns
-          # the address to the WAN device.
-          inherit client;
-          interface = services.wan;
-        })
-      ];
-    };
-
   defaultProfile.packages = with pkgs; [
     min-collect-garbage
   ];

machines/router/default.nix

@@ -2,4 +2,4 @@
 , nixpkgs ? (import ./npins).nixpkgs
 , liminix-config ? ./configuration.nix
 }:
-import liminix { inherit nixpkgs liminix-config; device = import (liminix + "/devices/belkin-rt3200"); }
+(import liminix { inherit nixpkgs liminix-config; device = import (liminix + "/devices/belkin-rt3200"); })

machines/router/npins/sources.json

@@ -7,15 +7,15 @@
         "url": "https://gti.telent.net/dan/liminix"
       },
       "branch": "main",
-      "revision": "98d333692645263b5866bed254681b59dc39d196",
+      "revision": "83ee488e4c81124380b8bd4ff8183e632f30eb91",
       "url": null,
-      "hash": "186nx05vssly3pcdpkmrwfzhxc2dfsfvvqfgxg2gnqscj2m11ldf"
+      "hash": "08mpx615kpqzvwallf91gdqv8rhc2avdgfwldka598ynydlq1wnw"
     },
     "nixpkgs": {
       "type": "Channel",
       "name": "nixpkgs-unstable",
-      "url": "https://releases.nixos.org/nixpkgs/nixpkgs-24.05pre555839.0c6d8c783336/nixexprs.tar.xz",
+      "url": "https://releases.nixos.org/nixpkgs/nixpkgs-24.05pre567370.24fe8bb4f552/nixexprs.tar.xz",
-      "hash": "04dykgz00bfnbxlaw00x2s5jzzh0jjqpgkb1z0ibkd1qkfq0cfcr"
+      "hash": "1bflgzw7x8ws2xmiaappxhp331wrvjc2zc77b41ijvsiid8k0l4j"
     }
   },
   "version": 3