From a5616579dd691875d281c15d094b148d61a5534d Mon Sep 17 00:00:00 2001
From: Ryan Lahfa <ryan@dgnum.eu>
Date: Wed, 6 Mar 2024 19:14:58 +0100
Subject: [PATCH 1/3] feat: init Liminix evaluation system

Very rudimentary; undocumented, untested in production. This is for testing purposes.

Signed-off-by: Ryan Lahfa <ryan@dgnum.eu>
---
 liminix-hive.nix              |  38 +++++++++
 machines/ap/configuration.nix | 140 ++++++++++++++++++++++++++++++++++
 npins/sources.json            |   6 +-
 3 files changed, 181 insertions(+), 3 deletions(-)
 create mode 100644 liminix-hive.nix
 create mode 100644 machines/ap/configuration.nix

diff --git a/liminix-hive.nix b/liminix-hive.nix
new file mode 100644
index 00000000..563a9ce7
--- /dev/null
+++ b/liminix-hive.nix
@@ -0,0 +1,38 @@
+# This is a very rudimentary hive to deploy Liminix images.
+{
+  sources ? import ./npins,
+  nixpkgs ? sources.nixpkgs,
+  liminix ? sources.liminix,
+}:
+let
+  evalLiminix =
+    {
+      config,
+      device,
+      output,
+    }:
+    {
+      primary =
+        (import liminix {
+          inherit device nixpkgs;
+          imageType = "primary";
+          liminix-config = config;
+        }).outputs.${output};
+      secondary =
+        (import liminix {
+          inherit device nixpkgs;
+          imageType = "secondary";
+          liminix-config = config;
+        }).outputs.${output};
+    };
+  zyxel = {
+    nwa50ax = import "${liminix}/devices/zyxel-nwa50ax";
+  };
+in
+{
+  ap-test = evalLiminix {
+    config = ./machines/ap/configuration.nix;
+    device = zyxel.nwa50ax;
+    output = "zyxel-nwa-fit";
+  };
+}
diff --git a/machines/ap/configuration.nix b/machines/ap/configuration.nix
new file mode 100644
index 00000000..a98a93cc
--- /dev/null
+++ b/machines/ap/configuration.nix
@@ -0,0 +1,140 @@
+{
+  config,
+  pkgs,
+  modulesPath,
+  ...
+}:
+let
+  #  inherit (pkgs.liminix.services)
+  #    oneshot
+  #    longrun
+  #    bundle
+  #    target
+  #    ;
+  #  inherit (pkgs) writeText;
+  svc = config.system.service;
+  secrets-1 = {
+    ssid = "Zyxel 2G (N)";
+    wpa_passphrase = "diamond dogs";
+  };
+  secrets-2 = {
+    ssid = "Zyxel 5G (AX)";
+    wpa_passphrase = "diamond dogs";
+  };
+  baseParams = {
+    country_code = "FR";
+    hw_mode = "g";
+    channel = 6;
+    wmm_enabled = 1;
+    ieee80211n = 1;
+    ht_capab = "[LDPC][GF][HT40-][HT40+][SHORT-GI-40][MAX-AMSDU-7935][TX-STBC]";
+    auth_algs = 1;
+    wpa = 2;
+    wpa_key_mgmt = "WPA-PSK";
+    wpa_pairwise = "TKIP CCMP";
+    rsn_pairwise = "CCMP";
+  };
+
+  modernParams = {
+    hw_mode = "a";
+    he_su_beamformer = 1;
+    he_su_beamformee = 1;
+    he_mu_beamformer = 1;
+    preamble = 1;
+    # Allow radar detection.
+    ieee80211d = 1;
+    ieee80211h = 1;
+    ieee80211ac = 1;
+    ieee80211ax = 1;
+    vht_capab = "[MAX-MPDU-7991][SU-BEAMFORMEE][SU-BEAMFORMER][RXLDPC][SHORT-GI-80][MAX-A-MPDU-LEN-EXP3][RX-ANTENNA-PATTERN][TX-ANTENNA-PATTERN][TX-STBC-2BY1][RX-STBC-1][MU-BEAMFORMER]";
+    vht_oper_chwidth = 1;
+    he_oper_chwidth = 1;
+    channel = 36;
+    vht_oper_centr_freq_seg0_idx = 42;
+    he_oper_centr_freq_seg0_idx = 42;
+    require_vht = 1;
+  };
+  mkWifiSta =
+    params: interface: secrets:
+    svc.hostapd.build {
+      inherit interface;
+      params = params // {
+        inherit (secrets) ssid wpa_passphrase;
+      };
+    };
+in
+rec {
+  imports = [
+    "${modulesPath}/wlan.nix"
+    "${modulesPath}/network"
+    "${modulesPath}/hostapd"
+    "${modulesPath}/ssh"
+    "${modulesPath}/ntp"
+    "${modulesPath}/vlan"
+    "${modulesPath}/bridge"
+  ];
+
+  hostname = "zyxel";
+
+  users.root = {
+    # EDIT: choose a root password and then use
+    # "mkpasswd -m sha512crypt" to determine the hash.
+    # It should start wirh $6$.
+    passwd = "$y$j9T$f8GhLiqYmr3lc58eKhgyD0$z7P/7S9u.kq/cANZExxhS98bze/6i7aBxU6tbl7RMi.";
+    openssh.authorizedKeys.keys = [
+      # EDIT: you can add your ssh pubkey here
+      # "ssh-rsa AAAAB3NzaC1....H6hKd user@example.com";
+    ];
+  };
+
+  services.int = svc.bridge.primary.build { ifname = "int"; };
+
+  services.bridge = svc.bridge.members.build {
+    primary = services.int;
+    members = with config.hardware.networkInterfaces; [
+      lan
+      wlan0
+      wlan1
+    ];
+  };
+
+  services.dhcpv4 =
+    let
+      iface = services.int;
+    in
+    svc.network.dhcp.client.build { interface = iface; };
+
+  services.defaultroute4 = svc.network.route.build {
+    via = "$(output ${services.dhcpv4} address)";
+    target = "default";
+    dependencies = [ services.dhcpv4 ];
+  };
+
+  services.packet_forwarding = svc.network.forward.build { };
+  services.sshd = svc.ssh.build { allowRoot = true; };
+
+  services.ntp = config.system.service.ntp.build {
+    pools = {
+      "pool.ntp.org" = [ "iburst" ];
+    };
+  };
+
+  boot.tftp = {
+    serverip = "192.0.2.10";
+    ipaddr = "192.0.2.12";
+  };
+
+  # wlan0 is the 2.4GHz interface.
+  services.hostap-1 = mkWifiSta baseParams config.hardware.networkInterfaces.wlan0 secrets-1;
+  # wlan1 is the 5GHz interface, e.g. AX capable.
+  services.hostap-2 =
+    mkWifiSta (baseParams // modernParams) config.hardware.networkInterfaces.wlan1
+      secrets-2;
+
+  defaultProfile.packages = with pkgs; [
+    zyxel-bootconfig
+    iw
+    min-collect-garbage
+    mtdutils
+  ];
+}
diff --git a/npins/sources.json b/npins/sources.json
index 3e1f4cd7..0147266c 100644
--- a/npins/sources.json
+++ b/npins/sources.json
@@ -48,9 +48,9 @@
         "repo": "liminix"
       },
       "branch": "nwa50ax",
-      "revision": "baf3cf741301e696a5f614f8fb98d182a0ab0f1d",
-      "url": "https://github.com/RaitoBezarius/liminix/archive/baf3cf741301e696a5f614f8fb98d182a0ab0f1d.tar.gz",
-      "hash": "1k29bz7gxlv12pq9rqji4s27rxwg4zx93l8f7n7c0s5wza9cyzdp"
+      "revision": "a4aa10dcc30225a8bb8eb465abfe908629175f2c",
+      "url": "https://github.com/RaitoBezarius/liminix/archive/a4aa10dcc30225a8bb8eb465abfe908629175f2c.tar.gz",
+      "hash": "1m1sc6agg5z65lmyjl48i7sddlwm8d0zgvs8z81iammfy4jpy7qd"
     },
     "linkal": {
       "type": "Git",

From 3aafc9d272b929626e279aab788f2a5d619e1a1f Mon Sep 17 00:00:00 2001
From: Ryan Lahfa <ryan@dgnum.eu>
Date: Wed, 6 Mar 2024 21:28:27 +0100
Subject: [PATCH 2/3] feat: add liminix-rebuild in the shell

Signed-off-by: Ryan Lahfa <ryan@dgnum.eu>
---
 default.nix      | 2 ++
 liminix-hive.nix | 7 +++++++
 2 files changed, 9 insertions(+)

diff --git a/default.nix b/default.nix
index 46daed7a..885e7e2c 100644
--- a/default.nix
+++ b/default.nix
@@ -36,6 +36,7 @@
 let
   sources = import ./npins;
   pkgs = import sources.nixpkgs { };
+  liminixHive = import ./liminix-hive.nix { inherit sources; };
 
   pre-commit-check = (import sources.pre-commit-hooks).run {
     src = ./.;
@@ -76,6 +77,7 @@ in
             npins
             colmena
             nixos-generators
+            liminixHive.liminix.pkgs.pkgsBuildBuild.min-copy-closure
           ]
           ++ (builtins.map (p: callPackage p { }) [ (sources.disko + "/package.nix") ])
         )
diff --git a/liminix-hive.nix b/liminix-hive.nix
index 563a9ce7..94c65dea 100644
--- a/liminix-hive.nix
+++ b/liminix-hive.nix
@@ -30,6 +30,13 @@ let
   };
 in
 {
+  liminix.pkgs =
+    (import liminix {
+      device = zyxel.nwa50ax;
+      imageType = "primary";
+      liminix-config = ./machines/ap/configuration.nix;
+    }).pkgs;
+  devices = zyxel;
   ap-test = evalLiminix {
     config = ./machines/ap/configuration.nix;
     device = zyxel.nwa50ax;

From cb02eba0a2039e264fd75a0662220d808931da8d Mon Sep 17 00:00:00 2001
From: Ryan Lahfa <ryan@dgnum.eu>
Date: Wed, 6 Mar 2024 21:50:45 +0100
Subject: [PATCH 3/3] feat: enable liminix-rebuild

Signed-off-by: Ryan Lahfa <ryan@dgnum.eu>
---
 liminix-hive.nix    | 29 +++++++++++------------------
 liminix-rebuild.nix |  1 +
 2 files changed, 12 insertions(+), 18 deletions(-)
 create mode 100644 liminix-rebuild.nix

diff --git a/liminix-hive.nix b/liminix-hive.nix
index 94c65dea..a9be921b 100644
--- a/liminix-hive.nix
+++ b/liminix-hive.nix
@@ -6,24 +6,18 @@
 }:
 let
   evalLiminix =
+    { config, device }:
     {
-      config,
-      device,
-      output,
-    }:
-    {
-      primary =
-        (import liminix {
-          inherit device nixpkgs;
-          imageType = "primary";
-          liminix-config = config;
-        }).outputs.${output};
-      secondary =
-        (import liminix {
-          inherit device nixpkgs;
-          imageType = "secondary";
-          liminix-config = config;
-        }).outputs.${output};
+      primary = import liminix {
+        inherit device nixpkgs;
+        imageType = "primary";
+        liminix-config = config;
+      };
+      secondary = import liminix {
+        inherit device nixpkgs;
+        imageType = "secondary";
+        liminix-config = config;
+      };
     };
   zyxel = {
     nwa50ax = import "${liminix}/devices/zyxel-nwa50ax";
@@ -40,6 +34,5 @@ in
   ap-test = evalLiminix {
     config = ./machines/ap/configuration.nix;
     device = zyxel.nwa50ax;
-    output = "zyxel-nwa-fit";
   };
 }
diff --git a/liminix-rebuild.nix b/liminix-rebuild.nix
new file mode 100644
index 00000000..1bca642a
--- /dev/null
+++ b/liminix-rebuild.nix
@@ -0,0 +1 @@
+{ liminix-system }: (import ./liminix-hive.nix { }).${liminix-system}.primary