{ config, pkgs, lib, ... }: let secrets = import ./extneder-secrets.nix; rsecrets = import ./rotuer-secrets.nix; lns = "l2tp.aaisp.net.uk"; inherit (pkgs.liminix.services) oneshot longrun bundle target; inherit (pkgs.pseudofile) dir symlink; inherit (pkgs) writeText dropbear ifwait serviceFns; svc = config.system.service; in rec { boot = { tftp = { serverip = "10.0.0.1"; ipaddr = "10.0.0.8"; }; }; imports = [ ../modules/cdc-ncm ../modules/network ../modules/vlan ../modules/ssh ../modules/usb.nix ../modules/watchdog ../modules/mount ../modules/ppp ../modules/round-robin ../modules/health-check ../modules/profiles/gateway.nix ]; hostname = "thing"; services.wwan = svc.wwan.build { apn = "data.uk"; username = "user"; password = "one2one"; authType = "chap"; }; profile.gateway = { lan = { interfaces = with config.hardware.networkInterfaces; [ # EDIT: these are the interfaces exposed by the gl.inet gl-ar750: # if your device has more or differently named lan interfaces, # specify them here wlan wlan5 lan ]; inherit (rsecrets.lan) prefix; address = { family = "inet"; address ="${rsecrets.lan.prefix}.1"; prefixLength = 24; }; dhcp = { start = 10; end = 240; hosts = { } // lib.optionalAttrs (builtins.pathExists ./static-leases.nix) (import ./static-leases.nix); localDomain = "lan"; }; }; wan = { interface = let pppoe = svc.pppoe.build { interface = config.hardware.networkInterfaces.wan; debug = true; username = rsecrets.l2tp.name; password = rsecrets.l2tp.password; }; l2tp = let check-address = oneshot rec { name = "check-lns-address"; up = "grep -Fx ${lns.address} $(output_path ${services.lns-address} addresses)"; dependencies = [ services.lns-address ]; }; route = svc.network.route.build { via = "$(output ${services.bootstrap-dhcpc} router)"; target = lns.address; dependencies = [services.bootstrap-dhcpc check-address]; }; l2tpd= svc.l2tp.build { lns = lns.address; ppp-options = [ "debug" "+ipv6" "noauth" "name" rsecrets.l2tp.name "password" rsecrets.l2tp.password ]; dependencies = [config.services.lns-address route check-address]; }; in svc.health-check.build { service = l2tpd; threshold = 3; interval = 2; healthCheck = pkgs.writeAshScript "ping-check" {} "ping 1.1.1.1"; }; in svc.round-robin.build { name = "wan"; services = [ pppoe l2tp ]; }; dhcp6.enable = true; }; wireless.networks = { "${rsecrets.ssid}" = { interface = config.hardware.networkInterfaces.wlan; hw_mode = "g"; channel = "6"; ieee80211n = 1; } // wirelessConfig; "${rsecrets.ssid}5" = rec { interface = config.hardware.networkInterfaces.wlan5; hw_mode = "a"; channel = 36; ht_capab = "[HT40+]"; vht_oper_chwidth = 1; vht_oper_centr_freq_seg0_idx = channel + 6; ieee80211n = 1; ieee80211ac = 1; } // wirelessConfig; }; }; services.bootstrap-dhcpc = svc.network.dhcp.client.build { interface = config.services.wwan; dependencies = [ config.services.hostname ]; }; services.sshd = svc.ssh.build { }; services.resolvconf = oneshot rec { dependencies = [ services.dhcpc ]; name = "resolvconf"; up = '' . ${serviceFns} ( in_outputs ${name} for i in $(output ${services.dhcpc} dns); do echo "nameserver $i" > resolv.conf done ) ''; }; filesystem = dir { etc = dir { "resolv.conf" = symlink "${services.resolvconf}/.outputs/resolv.conf"; }; srv = dir {}; }; services.lnsroute = svc.network.route.build { via = "$(output ${services.dhcpc} router)"; target = lns; dependencies = [services.dhcpc]; }; services.l2tp = svc.l2tp.build { inherit lns; ppp-options = [ "debug" "+ipv6" "noauth" "name" rsecrets.l2tp.name "password" rsecrets.l2tp.password ]; dependencies = [ services.lnsroute ]; }; services.defaultroute4 = svc.network.route.build { via = "$(output ${services.l2tp} router)"; target = "default"; dependencies = [services.l2tp]; }; users.root = { passwd = lib.mkForce secrets.root.passwd; openssh.authorizedKeys.keys = secrets.root.keys; }; }