2023-11-25 00:29:12 +01:00
|
|
|
{ config, pkgs, lib, lim, ... } :
|
|
|
|
|
let
|
|
|
|
|
inherit (pkgs) serviceFns;
|
|
|
|
|
svc = config.system.service;
|
|
|
|
|
|
|
|
|
|
in rec {
|
|
|
|
|
imports = [
|
|
|
|
|
../modules/network
|
|
|
|
|
../modules/ssh
|
|
|
|
|
../modules/vlan
|
2023-11-26 23:43:56 +01:00
|
|
|
../modules/wlan.nix
|
|
|
|
|
../modules/hostapd
|
|
|
|
|
../modules/bridge
|
2023-11-25 00:29:12 +01:00
|
|
|
|
|
|
|
|
../modules/ext4fs.nix
|
|
|
|
|
../modules/tftpboot.nix
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
rootfsType = "ext4";
|
|
|
|
|
|
|
|
|
|
boot.tftp = {
|
|
|
|
|
# IP addresses to use in the boot monitor when flashing/ booting
|
|
|
|
|
# over TFTP. If you are flashing using the stock firmware's Web UI
|
|
|
|
|
# then these dummy values are fine
|
|
|
|
|
ipaddr = "10.0.0.8"; # my address
|
|
|
|
|
serverip = "10.0.0.1"; # build machine or other tftp server
|
|
|
|
|
loadAddress = lim.parseInt "0x40000800";
|
|
|
|
|
};
|
|
|
|
|
|
2023-11-26 23:43:56 +01:00
|
|
|
hostname = "omnia";
|
2023-11-25 00:29:12 +01:00
|
|
|
|
2023-11-26 23:43:56 +01:00
|
|
|
services.hostap =
|
|
|
|
|
let secrets = {
|
|
|
|
|
ssid = "not-the-internet";
|
|
|
|
|
channel = 4;
|
|
|
|
|
wpa_passphrase = "diamond dogs";
|
|
|
|
|
};
|
|
|
|
|
in svc.hostapd.build {
|
|
|
|
|
interface = config.hardware.networkInterfaces.wlan;
|
|
|
|
|
params = {
|
|
|
|
|
country_code = "GB";
|
|
|
|
|
hw_mode = "g";
|
|
|
|
|
wmm_enabled = 1;
|
|
|
|
|
ieee80211n = 1;
|
|
|
|
|
inherit (secrets) ssid channel wpa_passphrase;
|
|
|
|
|
auth_algs = 1; # 1=wpa2, 2=wep, 3=both
|
|
|
|
|
wpa = 2; # 1=wpa, 2=wpa2, 3=both
|
|
|
|
|
wpa_key_mgmt = "WPA-PSK";
|
|
|
|
|
wpa_pairwise = "TKIP CCMP"; # auth for wpa (may not need this?)
|
|
|
|
|
rsn_pairwise = "CCMP"; # auth for wpa2
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
services.hostap5 =
|
|
|
|
|
let secrets = {
|
|
|
|
|
ssid = "not-the-internet";
|
|
|
|
|
channel = 36;
|
|
|
|
|
wpa_passphrase = "diamond dogs";
|
|
|
|
|
};
|
|
|
|
|
in svc.hostapd.build {
|
|
|
|
|
interface = config.hardware.networkInterfaces.wlan5;
|
|
|
|
|
params = {
|
|
|
|
|
country_code = "GB";
|
|
|
|
|
hw_mode = "a";
|
|
|
|
|
|
|
|
|
|
ht_capab = "[HT40+]";
|
|
|
|
|
vht_oper_chwidth = 1;
|
|
|
|
|
vht_oper_centr_freq_seg0_idx = secrets.channel + 6;
|
|
|
|
|
ieee80211ac = 1;
|
2023-11-25 00:29:12 +01:00
|
|
|
|
2023-11-26 23:43:56 +01:00
|
|
|
wmm_enabled = 1;
|
|
|
|
|
inherit (secrets) ssid channel wpa_passphrase;
|
|
|
|
|
auth_algs = 1; # 1=wpa2, 2=wep, 3=both
|
|
|
|
|
wpa = 2; # 1=wpa, 2=wpa2, 3=both
|
|
|
|
|
wpa_key_mgmt = "WPA-PSK";
|
|
|
|
|
wpa_pairwise = "TKIP CCMP"; # auth for wpa (may not need this?)
|
|
|
|
|
rsn_pairwise = "CCMP"; # auth for wpa2
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
services.int = svc.bridge.primary.build {
|
|
|
|
|
ifname = "int";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
services.dhcpc = svc.network.dhcp.client.build {
|
|
|
|
|
interface = services.int;
|
2023-11-25 00:29:12 +01:00
|
|
|
dependencies = [ config.services.hostname ];
|
|
|
|
|
};
|
|
|
|
|
|
2023-11-26 23:43:56 +01:00
|
|
|
services.bridge = svc.bridge.members.build {
|
|
|
|
|
primary = services.int;
|
|
|
|
|
members = with config.hardware.networkInterfaces; [
|
|
|
|
|
lan
|
|
|
|
|
wlan
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
|
2023-11-25 00:29:12 +01:00
|
|
|
services.sshd = svc.ssh.build { };
|
|
|
|
|
|
|
|
|
|
users.root = {
|
|
|
|
|
# the password is "secret". Use mkpasswd -m sha512crypt to
|
|
|
|
|
# create this hashed password string
|
|
|
|
|
passwd = "$6$y7WZ5hM6l5nriLmo$5AJlmzQZ6WA.7uBC7S8L4o19ESR28Dg25v64/vDvvCN01Ms9QoHeGByj8lGlJ4/b.dbwR9Hq2KXurSnLigt1W1";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
defaultProfile.packages = with pkgs; [
|
2023-11-26 23:43:56 +01:00
|
|
|
figlet pciutils
|
2023-11-25 00:29:12 +01:00
|
|
|
];
|
|
|
|
|
}
|
