mob next [ci-skip] [ci skip] [skip ci]

lastFile:routers/white-house/secrets.nix

routers/white-house/configuration.nix

@@ -23,7 +23,6 @@ rec {
   imports = [
     "${inputs.liminix}/modules/wlan.nix"
     "${inputs.liminix}/modules/network"
-    "${inputs.liminix}/modules/ntp"
     "${inputs.liminix}/modules/vlan"
     "${inputs.liminix}/modules/ssh"
     "${inputs.liminix}/modules/bridge"
@@ -34,17 +33,33 @@ rec {
   boot = {
     tftp = {
       freeSpaceBytes = 3 * 1024 * 1024;
-      serverip = "192.168.8.148";
+      serverip = "${secrets.lan.prefix}.148";
-      ipaddr = "192.168.8.251";
+      ipaddr = "${secrets.lan.prefix}.251";
     };
   };
 
+  services.sshd = svc.ssh.build {
+    authorizedKeys.root = secrets.root.openssh.authorizedKeys.keys;
+  };
+
+  users.root = secrets.root;
+
+  services.resolvconf = lib.mkForce (
+    pkgs.liminix.services.oneshot rec {
+      name = "resolvconf";
+      up = ''
+        ( in_outputs ${name}
+         echo "nameserver $(output ${config.services.wan} ns1)" > resolv.conf
+         echo "nameserver $(output ${config.services.wan} ns2)" >> resolv.conf
+         chmod 0444 resolv.conf
+        )
+      '';
+    }
+  );
+
   profile.gateway = {
     lan = {
       interfaces = with config.hardware.networkInterfaces; [
-        # EDIT: these are the interfaces exposed by the gl.inet gl-ar750:
-        # if your device has more or differently named lan interfaces,
-        # specify them here
         wlan
         wlan5
         lan
@@ -58,24 +73,17 @@ rec {
       dhcp = {
         start = 10;
         end = 240;
-        hosts =
+        hosts = { };
-          { } // lib.optionalAttrs (builtins.pathExists ./static-leases.nix) (import ./static-leases.nix);
         localDomain = "lan";
       };
     };
     wan = {
-      # wan interface depends on your upstream - could be dhcp, static
-      # ethernet, a pppoe, ppp over serial, a complicated bonded
-      # failover ... who knows what else?
       interface = svc.pppoe.build {
         interface = config.hardware.networkInterfaces.wan;
         username = secrets.l2tp.name;
         password = secrets.l2tp.password;
-        bandwidth = 70 * 1000 * 1000;
       };
-      # once the wan has ipv4 connnectivity, should we run dhcp6
+
-      # client to potentially get an address range ("prefix
-      # delegation")
       dhcp6.enable = true;
     };
     firewall = {
@@ -83,9 +91,6 @@ rec {
       rules = secrets.firewallRules;
     };
     wireless.networks = {
-      # EDIT: if you have more or fewer wireless radios, here is where
-      # you need to say so.  hostapd tuning is hardware-specific and
-      # left as an exercise for the reader :-).
 
       "${secrets.ssid}" = {
         interface = config.hardware.networkInterfaces.wlan;
@@ -94,7 +99,7 @@ rec {
         ieee80211n = 1;
       }
       // wirelessConfig;
-      "${secrets.ssid}5" = rec {
+      "${secrets.ssid}-5" = rec {
         interface = config.hardware.networkInterfaces.wlan5;
         hw_mode = "a";
         channel = 36;
@@ -109,19 +114,8 @@ rec {
   };
   defaultProfile.packages = with pkgs; [
     busybox
-    tcpdump
+    iw
-    socat
     iptables
-    usbutils
-    (levitate.override {
-      config = {
-        services = {
-          inherit (config.services) dhcp6c sshd watchdog;
-        };
-        defaultProfile.packages = [ mtdutils ];
-        users.root = config.users.root;
-      };
-    })
   ];
 
 }

routers/white-house/secrets.nix

@@ -1,18 +1,17 @@
 {
   wpa_passphrase = "";
-  ssid = "Yada";
+  ssid = "WhiteHouse";
   l2tp = {
     name = "";
     password = "";
   };
   root = {
-    passwd = "";
     openssh.authorizedKeys.keys = [
-
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEcZ/p1Ofa9liwIzPWzNtONhJ7+FUWd2lCz33r81t8+w kurogeek@kurogeek"
     ];
   };
 
   lan = {
-    prefix = "192.168.8";
+    prefix = "192.168.1";
   };
 }