diff --git a/routers/white-house/configuration.nix b/routers/white-house/configuration.nix index 6567d03..5ed29f6 100644 --- a/routers/white-house/configuration.nix +++ b/routers/white-house/configuration.nix @@ -23,7 +23,6 @@ rec { imports = [ "${inputs.liminix}/modules/wlan.nix" "${inputs.liminix}/modules/network" - "${inputs.liminix}/modules/ntp" "${inputs.liminix}/modules/vlan" "${inputs.liminix}/modules/ssh" "${inputs.liminix}/modules/bridge" @@ -34,17 +33,33 @@ rec { boot = { tftp = { freeSpaceBytes = 3 * 1024 * 1024; - serverip = "192.168.8.148"; - ipaddr = "192.168.8.251"; + serverip = "${secrets.lan.prefix}.148"; + ipaddr = "${secrets.lan.prefix}.251"; }; }; + services.sshd = svc.ssh.build { + authorizedKeys.root = secrets.root.openssh.authorizedKeys.keys; + }; + + users.root = secrets.root; + + services.resolvconf = lib.mkForce ( + pkgs.liminix.services.oneshot rec { + name = "resolvconf"; + up = '' + ( in_outputs ${name} + echo "nameserver $(output ${config.services.wan} ns1)" > resolv.conf + echo "nameserver $(output ${config.services.wan} ns2)" >> resolv.conf + chmod 0444 resolv.conf + ) + ''; + } + ); + profile.gateway = { lan = { interfaces = with config.hardware.networkInterfaces; [ - # EDIT: these are the interfaces exposed by the gl.inet gl-ar750: - # if your device has more or differently named lan interfaces, - # specify them here wlan wlan5 lan @@ -58,24 +73,17 @@ rec { dhcp = { start = 10; end = 240; - hosts = - { } // lib.optionalAttrs (builtins.pathExists ./static-leases.nix) (import ./static-leases.nix); + hosts = { }; localDomain = "lan"; }; }; wan = { - # wan interface depends on your upstream - could be dhcp, static - # ethernet, a pppoe, ppp over serial, a complicated bonded - # failover ... who knows what else? interface = svc.pppoe.build { interface = config.hardware.networkInterfaces.wan; username = secrets.l2tp.name; password = secrets.l2tp.password; - bandwidth = 70 * 1000 * 1000; }; - # once the wan has ipv4 connnectivity, should we run dhcp6 - # client to potentially get an address range ("prefix - # delegation") + dhcp6.enable = true; }; firewall = { @@ -83,9 +91,6 @@ rec { rules = secrets.firewallRules; }; wireless.networks = { - # EDIT: if you have more or fewer wireless radios, here is where - # you need to say so. hostapd tuning is hardware-specific and - # left as an exercise for the reader :-). "${secrets.ssid}" = { interface = config.hardware.networkInterfaces.wlan; @@ -94,7 +99,7 @@ rec { ieee80211n = 1; } // wirelessConfig; - "${secrets.ssid}5" = rec { + "${secrets.ssid}-5" = rec { interface = config.hardware.networkInterfaces.wlan5; hw_mode = "a"; channel = 36; @@ -109,19 +114,8 @@ rec { }; defaultProfile.packages = with pkgs; [ busybox - tcpdump - socat + iw iptables - usbutils - (levitate.override { - config = { - services = { - inherit (config.services) dhcp6c sshd watchdog; - }; - defaultProfile.packages = [ mtdutils ]; - users.root = config.users.root; - }; - }) ]; } diff --git a/routers/white-house/secrets.nix b/routers/white-house/secrets.nix index 15494f9..f31a993 100644 --- a/routers/white-house/secrets.nix +++ b/routers/white-house/secrets.nix @@ -1,18 +1,17 @@ { wpa_passphrase = ""; - ssid = "Yada"; + ssid = "WhiteHouse"; l2tp = { name = ""; password = ""; }; root = { - passwd = ""; openssh.authorizedKeys.keys = [ - + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEcZ/p1Ofa9liwIzPWzNtONhJ7+FUWd2lCz33r81t8+w kurogeek@kurogeek" ]; }; lan = { - prefix = "192.168.8"; + prefix = "192.168.1"; }; } diff --git a/run-vm-WVbDDP b/run-vm-WVbDDP new file mode 100644 index 0000000..4ce8b2c Binary files /dev/null and b/run-vm-WVbDDP differ diff --git a/run-vm-fA0cUs b/run-vm-fA0cUs new file mode 100644 index 0000000..dba78e9 Binary files /dev/null and b/run-vm-fA0cUs differ