From 1066e09b4914e4956c0546861984940ea0d2b5d7 Mon Sep 17 00:00:00 2001 From: kurogeek Date: Tue, 14 Oct 2025 12:34:54 +0700 Subject: [PATCH] mob next [ci-skip] [ci skip] [skip ci] lastFile:routers/white-house/secrets.nix --- routers/default.nix | 5 +- routers/white-house/configuration.nix | 102 ++++++++++++++++++++++++++ routers/white-house/secrets.nix | 18 +++++ 3 files changed, 123 insertions(+), 2 deletions(-) create mode 100644 routers/white-house/configuration.nix create mode 100644 routers/white-house/secrets.nix diff --git a/routers/default.nix b/routers/default.nix index 0fa8ba8..0c5d3c5 100644 --- a/routers/default.nix +++ b/routers/default.nix @@ -1,8 +1,9 @@ { inputs, ... }: { flake.legacyPackages = { - yada-router = import "${inputs.liminix}/default.nix" { - liminix-config = import + whitehouse-router = import "${inputs.liminix}/default.nix" { + device = (import "${inputs.liminix}/devices/gl-ar750"); + liminix-config = import ./white-house/configuration.nix { inherit inputs; }; }; }; } diff --git a/routers/white-house/configuration.nix b/routers/white-house/configuration.nix new file mode 100644 index 0000000..43b3c3e --- /dev/null +++ b/routers/white-house/configuration.nix @@ -0,0 +1,102 @@ +{ inputs }: +{ + config, + pkgs, + modulesPath, + ... +}: +let + inherit (pkgs.liminix.services) target; + svc = config.system.service; +in +rec { + imports = [ + "${inputs.liminix}/modules/wlan.nix" + "${inputs.liminix}/modules/network" + "${inputs.liminix}/modules/ntp" + "${inputs.liminix}/modules/vlan" + "${inputs.liminix}/modules/ssh" + "${inputs.liminix}/modules/bridge" + "${modulesPath}/profiles/gateway.nix" + ]; + + hostname = "whitehouse"; + boot = { + tftp = { + freeSpaceBytes = 3 * 1024 * 1024; + serverip = "192.168.8.148"; + ipaddr = "192.168.8.251"; + }; + }; + + profile.gateway = { + lan = { + interfaces = with config.hardware.networkInterfaces; [ + # EDIT: these are the interfaces exposed by the gl.inet gl-ar750: + # if your device has more or differently named lan interfaces, + # specify them here + wlan + wlan5 + lan + ]; + inherit (secrets.lan) prefix; + address = { + family = "inet"; + address = "${secrets.lan.prefix}.1"; + prefixLength = 24; + }; + dhcp = { + start = 10; + end = 240; + hosts = + { } // lib.optionalAttrs (builtins.pathExists ./static-leases.nix) (import ./static-leases.nix); + localDomain = "lan"; + }; + }; + wan = { + # wan interface depends on your upstream - could be dhcp, static + # ethernet, a pppoe, ppp over serial, a complicated bonded + # failover ... who knows what else? + interface = svc.pppoe.build { + interface = config.hardware.networkInterfaces.wan; + username = secrets.l2tp.name; + password = secrets.l2tp.password; + bandwidth = 70 * 1000 * 1000; + }; + # once the wan has ipv4 connnectivity, should we run dhcp6 + # client to potentially get an address range ("prefix + # delegation") + dhcp6.enable = true; + }; + firewall = { + enable = true; + rules = secrets.firewallRules; + }; + wireless.networks = { + # EDIT: if you have more or fewer wireless radios, here is where + # you need to say so. hostapd tuning is hardware-specific and + # left as an exercise for the reader :-). + + "${secrets.ssid}" = { + interface = config.hardware.networkInterfaces.wlan; + hw_mode = "g"; + channel = "2"; + ieee80211n = 1; + } + // wirelessConfig; + "${secrets.ssid}5" = rec { + interface = config.hardware.networkInterfaces.wlan5; + hw_mode = "a"; + channel = 36; + ht_capab = "[HT40+]"; + vht_oper_chwidth = 1; + vht_oper_centr_freq_seg0_idx = channel + 6; + ieee80211n = 1; + ieee80211ac = 1; + } + // wirelessConfig; + }; + }; + + defaultProfile.packages = [ pkgs.hello ]; +} diff --git a/routers/white-house/secrets.nix b/routers/white-house/secrets.nix new file mode 100644 index 0000000..15494f9 --- /dev/null +++ b/routers/white-house/secrets.nix @@ -0,0 +1,18 @@ +{ + wpa_passphrase = ""; + ssid = "Yada"; + l2tp = { + name = ""; + password = ""; + }; + root = { + passwd = ""; + openssh.authorizedKeys.keys = [ + + ]; + }; + + lan = { + prefix = "192.168.8"; + }; +}