diff --git a/routers/default.nix b/routers/default.nix index 12812d9..3da9e5f 100644 --- a/routers/default.nix +++ b/routers/default.nix @@ -17,5 +17,9 @@ liminix-config = import ./routers/vanilla/configuration.nix { inherit inputs; }; device = (import "${inputs.liminix}/devices/gl-mt300a/default.nix"); }; + fax-router = import "${inputs.liminix}default.nix" { + device = (import "${inputs.liminix}/devices/gl-ar750"); + liminix-config = import ./fax-router/configuration.nix { inherit inputs; }; + }; }; } diff --git a/routers/fax-router/configuration.nix b/routers/fax-router/configuration.nix new file mode 100644 index 0000000..bca95b0 --- /dev/null +++ b/routers/fax-router/configuration.nix @@ -0,0 +1,143 @@ +# This is an example that uses the "gateway" profile to create a +# "typical home wireless router" configuration suitable for a Gl.inet +# gl-ar750 router. It should be fairly simple to edit it for other +# devices: mostly you will need to attend to the number of wlan and lan +# interfaces +{ inputs }: +{ + config, + pkgs, + lib, + modulesPath, + ... +}: +let + secrets = { + domainName = "fake.liminix.org"; + firewallRules = { }; + } + // (import ./rotuer-secrets.nix); + svc = config.system.service; + wirelessConfig = { + country_code = "GB"; + inherit (secrets) wpa_passphrase; + wmm_enabled = 1; + }; + +in +rec { + boot = { + tftp = { + freeSpaceBytes = 3 * 1024 * 1024; + serverip = "10.0.0.1"; + ipaddr = "10.0.0.8"; + }; + }; + + imports = [ + "${modulesPath}/profiles/gateway.nix" + ]; + hostname = "rotuer"; + + profile.gateway = { + lan = { + interfaces = with config.hardware.networkInterfaces; [ + # EDIT: these are the interfaces exposed by the gl.inet gl-ar750: + # if your device has more or differently named lan interfaces, + # specify them here + wlan + wlan5 + lan + ]; + inherit (secrets.lan) prefix; + address = { + family = "inet"; + address = "${secrets.lan.prefix}.1"; + prefixLength = 24; + }; + dhcp = { + start = 10; + end = 240; + hosts = + { } // lib.optionalAttrs (builtins.pathExists ./static-leases.nix) (import ./static-leases.nix); + localDomain = "lan"; + }; + }; + wan = { + # wan interface depends on your upstream - could be dhcp, static + # ethernet, a pppoe, ppp over serial, a complicated bonded + # failover ... who knows what else? + interface = svc.pppoe.build { + interface = config.hardware.networkInterfaces.wan; + username = secrets.l2tp.name; + password = secrets.l2tp.password; + bandwidth = 70 * 1000 * 1000; + }; + # once the wan has ipv4 connnectivity, should we run dhcp6 + # client to potentially get an address range ("prefix + # delegation") + dhcp6.enable = true; + }; + firewall = { + enable = true; + rules = secrets.firewallRules; + }; + wireless.networks = { + # EDIT: if you have more or fewer wireless radios, here is where + # you need to say so. hostapd tuning is hardware-specific and + # left as an exercise for the reader :-). + + "${secrets.ssid}" = { + interface = config.hardware.networkInterfaces.wlan; + hw_mode = "g"; + channel = "2"; + ieee80211n = 1; + } + // wirelessConfig; + "${secrets.ssid}5" = rec { + interface = config.hardware.networkInterfaces.wlan5; + hw_mode = "a"; + channel = 36; + ht_capab = "[HT40+]"; + vht_oper_chwidth = 1; + vht_oper_centr_freq_seg0_idx = channel + 6; + ieee80211n = 1; + ieee80211ac = 1; + } + // wirelessConfig; + }; + }; + + services.ntp = svc.ntp.build { + user = "root"; + pools = { + "pool.ntp.org" = [ "iburst" ]; + }; + makestep = { + threshold = 1.0; + limit = 3; + }; + }; + + services.sshd = svc.ssh.build { }; + + users.root = secrets.root; + + defaultProfile.packages = with pkgs; [ + min-collect-garbage + nftables + strace + tcpdump + s6 + ]; + + programs.busybox = { + applets = [ + "fdisk" + "sfdisk" + ]; + options = { + FEATURE_FANCY_TAIL = "y"; + }; + }; +}