mob next [ci-skip] [ci skip] [skip ci]

lastFile:routers/white-house/secrets.nix

routers/default.nix

@@ -1,8 +1,9 @@
 { inputs, ... }:
 {
   flake.legacyPackages = {
-    yada-router = import "${inputs.liminix}/default.nix" {
+    whitehouse-router = import "${inputs.liminix}/default.nix" {
-      liminix-config = import
+      device = (import "${inputs.liminix}/devices/gl-ar750");
+      liminix-config = import ./white-house/configuration.nix { inherit inputs; };
     };
   };
 }

routers/white-house/configuration.nix

@@ -0,0 +1,102 @@
+{ inputs }:
+{
+  config,
+  pkgs,
+  modulesPath,
+  ...
+}:
+let
+  inherit (pkgs.liminix.services) target;
+  svc = config.system.service;
+in
+rec {
+  imports = [
+    "${inputs.liminix}/modules/wlan.nix"
+    "${inputs.liminix}/modules/network"
+    "${inputs.liminix}/modules/ntp"
+    "${inputs.liminix}/modules/vlan"
+    "${inputs.liminix}/modules/ssh"
+    "${inputs.liminix}/modules/bridge"
+    "${modulesPath}/profiles/gateway.nix"
+  ];
+
+  hostname = "whitehouse";
+  boot = {
+    tftp = {
+      freeSpaceBytes = 3 * 1024 * 1024;
+      serverip = "192.168.8.148";
+      ipaddr = "192.168.8.251";
+    };
+  };
+
+  profile.gateway = {
+    lan = {
+      interfaces = with config.hardware.networkInterfaces; [
+        # EDIT: these are the interfaces exposed by the gl.inet gl-ar750:
+        # if your device has more or differently named lan interfaces,
+        # specify them here
+        wlan
+        wlan5
+        lan
+      ];
+      inherit (secrets.lan) prefix;
+      address = {
+        family = "inet";
+        address = "${secrets.lan.prefix}.1";
+        prefixLength = 24;
+      };
+      dhcp = {
+        start = 10;
+        end = 240;
+        hosts =
+          { } // lib.optionalAttrs (builtins.pathExists ./static-leases.nix) (import ./static-leases.nix);
+        localDomain = "lan";
+      };
+    };
+    wan = {
+      # wan interface depends on your upstream - could be dhcp, static
+      # ethernet, a pppoe, ppp over serial, a complicated bonded
+      # failover ... who knows what else?
+      interface = svc.pppoe.build {
+        interface = config.hardware.networkInterfaces.wan;
+        username = secrets.l2tp.name;
+        password = secrets.l2tp.password;
+        bandwidth = 70 * 1000 * 1000;
+      };
+      # once the wan has ipv4 connnectivity, should we run dhcp6
+      # client to potentially get an address range ("prefix
+      # delegation")
+      dhcp6.enable = true;
+    };
+    firewall = {
+      enable = true;
+      rules = secrets.firewallRules;
+    };
+    wireless.networks = {
+      # EDIT: if you have more or fewer wireless radios, here is where
+      # you need to say so.  hostapd tuning is hardware-specific and
+      # left as an exercise for the reader :-).
+
+      "${secrets.ssid}" = {
+        interface = config.hardware.networkInterfaces.wlan;
+        hw_mode = "g";
+        channel = "2";
+        ieee80211n = 1;
+      }
+      // wirelessConfig;
+      "${secrets.ssid}5" = rec {
+        interface = config.hardware.networkInterfaces.wlan5;
+        hw_mode = "a";
+        channel = 36;
+        ht_capab = "[HT40+]";
+        vht_oper_chwidth = 1;
+        vht_oper_centr_freq_seg0_idx = channel + 6;
+        ieee80211n = 1;
+        ieee80211ac = 1;
+      }
+      // wirelessConfig;
+    };
+  };
+
+  defaultProfile.packages = [ pkgs.hello ];
+}

routers/white-house/secrets.nix

@@ -0,0 +1,18 @@
+{
+  wpa_passphrase = "";
+  ssid = "Yada";
+  l2tp = {
+    name = "";
+    password = "";
+  };
+  root = {
+    passwd = "";
+    openssh.authorizedKeys.keys = [
+
+    ];
+  };
+
+  lan = {
+    prefix = "192.168.8";
+  };
+}