diff --git a/liminix-hive.nix b/liminix-hive.nix new file mode 100644 index 0000000..563a9ce --- /dev/null +++ b/liminix-hive.nix @@ -0,0 +1,38 @@ +# This is a very rudimentary hive to deploy Liminix images. +{ + sources ? import ./npins, + nixpkgs ? sources.nixpkgs, + liminix ? sources.liminix, +}: +let + evalLiminix = + { + config, + device, + output, + }: + { + primary = + (import liminix { + inherit device nixpkgs; + imageType = "primary"; + liminix-config = config; + }).outputs.${output}; + secondary = + (import liminix { + inherit device nixpkgs; + imageType = "secondary"; + liminix-config = config; + }).outputs.${output}; + }; + zyxel = { + nwa50ax = import "${liminix}/devices/zyxel-nwa50ax"; + }; +in +{ + ap-test = evalLiminix { + config = ./machines/ap/configuration.nix; + device = zyxel.nwa50ax; + output = "zyxel-nwa-fit"; + }; +} diff --git a/machines/ap/configuration.nix b/machines/ap/configuration.nix new file mode 100644 index 0000000..a98a93c --- /dev/null +++ b/machines/ap/configuration.nix @@ -0,0 +1,140 @@ +{ + config, + pkgs, + modulesPath, + ... +}: +let + # inherit (pkgs.liminix.services) + # oneshot + # longrun + # bundle + # target + # ; + # inherit (pkgs) writeText; + svc = config.system.service; + secrets-1 = { + ssid = "Zyxel 2G (N)"; + wpa_passphrase = "diamond dogs"; + }; + secrets-2 = { + ssid = "Zyxel 5G (AX)"; + wpa_passphrase = "diamond dogs"; + }; + baseParams = { + country_code = "FR"; + hw_mode = "g"; + channel = 6; + wmm_enabled = 1; + ieee80211n = 1; + ht_capab = "[LDPC][GF][HT40-][HT40+][SHORT-GI-40][MAX-AMSDU-7935][TX-STBC]"; + auth_algs = 1; + wpa = 2; + wpa_key_mgmt = "WPA-PSK"; + wpa_pairwise = "TKIP CCMP"; + rsn_pairwise = "CCMP"; + }; + + modernParams = { + hw_mode = "a"; + he_su_beamformer = 1; + he_su_beamformee = 1; + he_mu_beamformer = 1; + preamble = 1; + # Allow radar detection. + ieee80211d = 1; + ieee80211h = 1; + ieee80211ac = 1; + ieee80211ax = 1; + vht_capab = "[MAX-MPDU-7991][SU-BEAMFORMEE][SU-BEAMFORMER][RXLDPC][SHORT-GI-80][MAX-A-MPDU-LEN-EXP3][RX-ANTENNA-PATTERN][TX-ANTENNA-PATTERN][TX-STBC-2BY1][RX-STBC-1][MU-BEAMFORMER]"; + vht_oper_chwidth = 1; + he_oper_chwidth = 1; + channel = 36; + vht_oper_centr_freq_seg0_idx = 42; + he_oper_centr_freq_seg0_idx = 42; + require_vht = 1; + }; + mkWifiSta = + params: interface: secrets: + svc.hostapd.build { + inherit interface; + params = params // { + inherit (secrets) ssid wpa_passphrase; + }; + }; +in +rec { + imports = [ + "${modulesPath}/wlan.nix" + "${modulesPath}/network" + "${modulesPath}/hostapd" + "${modulesPath}/ssh" + "${modulesPath}/ntp" + "${modulesPath}/vlan" + "${modulesPath}/bridge" + ]; + + hostname = "zyxel"; + + users.root = { + # EDIT: choose a root password and then use + # "mkpasswd -m sha512crypt" to determine the hash. + # It should start wirh $6$. + passwd = "$y$j9T$f8GhLiqYmr3lc58eKhgyD0$z7P/7S9u.kq/cANZExxhS98bze/6i7aBxU6tbl7RMi."; + openssh.authorizedKeys.keys = [ + # EDIT: you can add your ssh pubkey here + # "ssh-rsa AAAAB3NzaC1....H6hKd user@example.com"; + ]; + }; + + services.int = svc.bridge.primary.build { ifname = "int"; }; + + services.bridge = svc.bridge.members.build { + primary = services.int; + members = with config.hardware.networkInterfaces; [ + lan + wlan0 + wlan1 + ]; + }; + + services.dhcpv4 = + let + iface = services.int; + in + svc.network.dhcp.client.build { interface = iface; }; + + services.defaultroute4 = svc.network.route.build { + via = "$(output ${services.dhcpv4} address)"; + target = "default"; + dependencies = [ services.dhcpv4 ]; + }; + + services.packet_forwarding = svc.network.forward.build { }; + services.sshd = svc.ssh.build { allowRoot = true; }; + + services.ntp = config.system.service.ntp.build { + pools = { + "pool.ntp.org" = [ "iburst" ]; + }; + }; + + boot.tftp = { + serverip = "192.0.2.10"; + ipaddr = "192.0.2.12"; + }; + + # wlan0 is the 2.4GHz interface. + services.hostap-1 = mkWifiSta baseParams config.hardware.networkInterfaces.wlan0 secrets-1; + # wlan1 is the 5GHz interface, e.g. AX capable. + services.hostap-2 = + mkWifiSta (baseParams // modernParams) config.hardware.networkInterfaces.wlan1 + secrets-2; + + defaultProfile.packages = with pkgs; [ + zyxel-bootconfig + iw + min-collect-garbage + mtdutils + ]; +}