newedge/infra
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

mob next [ci-skip] [ci skip] [skip ci]

Browse Source 
lastFile:routers/fax-router/configuration.nix
This commit is contained in:
kurogeek
2025-10-10 15:22:03 +07:00
parent 0f929bc8f4
commit 8e08efa13c
3 changed files with 36 additions and 128 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
flake.lock generated
View File

@@ -139,14 +139,19 @@
"liminix": { "liminix": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1758271851, "lastModified": 1759950611,
"narHash": "sha256-pfh+oahaVh1HVbZsz+ZM/+YV8FXnjMQ62dcRDUpzzPA=", "narHash": "sha256-wGMzkMYsXZX7aZC2mj1vubqi3Q728V162P6k/EE9tHE=",
"path": "/home/kurogeek/Desktop/gitea/dan/liminix", "ref": "refs/heads/main",
"type": "path" "rev": "29fbb5461d034c4c59b88cbe04937b04ecad18e0",
"revCount": 1572,
"type": "git",
"url": "https://gti.telent.net/dan/liminix"
}, },
"original": { "original": {
"path": "/home/kurogeek/Desktop/gitea/dan/liminix", "ref": "refs/heads/main",
"type": "path" "rev": "29fbb5461d034c4c59b88cbe04937b04ecad18e0",
"type": "git",
"url": "https://gti.telent.net/dan/liminix"
} }
}, },
"nix-darwin": { "nix-darwin": {

4
flake.nix
View File

@@ -22,8 +22,8 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
liminix = { liminix = {
# url = "git+https://gti.telent.net/dan/liminix?ref=refs/heads/main&rev=cb43857ecf45feb0351023946f559e8e3343d12a"; url = "git+https://gti.telent.net/dan/liminix?ref=refs/heads/main&rev=29fbb5461d034c4c59b88cbe04937b04ecad18e0";
url = "path:/home/kurogeek/Desktop/gitea/dan/liminix"; # url = "path:/home/kurogeek/Desktop/gitea/dan/liminix";
flake = false; flake = false;
}; };
}; };

143
routers/fax-router/configuration.nix
View File

@@ -4,140 +4,43 @@
# devices: mostly you will need to attend to the number of wlan and lan # devices: mostly you will need to attend to the number of wlan and lan
# interfaces # interfaces
{ inputs }: { inputs }:
{ { config, pkgs, ... }:
config,
pkgs,
lib,
modulesPath,
...
}:
let let
secrets = { inherit (pkgs.liminix.services) target;
domainName = "fake.liminix.org";
firewallRules = { };
}
// (import ./rotuer-secrets.nix);
svc = config.system.service; svc = config.system.service;
wirelessConfig = {
country_code = "GB";
inherit (secrets) wpa_passphrase;
wmm_enabled = 1;
};
in in
rec { rec {
boot = {
tftp = {
freeSpaceBytes = 3 * 1024 * 1024;
serverip = "10.0.0.1";
ipaddr = "10.0.0.8";
};
};
imports = [ imports = [
"${modulesPath}/profiles/gateway.nix" "${inputs.liminix}/modules/wlan.nix"
"${inputs.liminix}/modules/network"
"${inputs.liminix}/modules/ntp"
"${inputs.liminix}/modules/vlan"
]; ];
hostname = "rotuer";
profile.gateway = { services.dhcpv4 =
lan = { let
interfaces = with config.hardware.networkInterfaces; [ iface = svc.network.link.build { ifname = "eth1"; };
# EDIT: these are the interfaces exposed by the gl.inet gl-ar750: in
# if your device has more or differently named lan interfaces, svc.network.dhcp.client.build { interface = iface; };
# specify them here
wlan
wlan5
lan
];
inherit (secrets.lan) prefix;
address = {
family = "inet";
address = "${secrets.lan.prefix}.1";
prefixLength = 24;
};
dhcp = {
start = 10;
end = 240;
hosts =
{ } // lib.optionalAttrs (builtins.pathExists ./static-leases.nix) (import ./static-leases.nix);
localDomain = "lan";
};
};
wan = {
# wan interface depends on your upstream - could be dhcp, static
# ethernet, a pppoe, ppp over serial, a complicated bonded
# failover ... who knows what else?
interface = svc.pppoe.build {
interface = config.hardware.networkInterfaces.wan;
username = secrets.l2tp.name;
password = secrets.l2tp.password;
bandwidth = 70 * 1000 * 1000;
};
# once the wan has ipv4 connnectivity, should we run dhcp6
# client to potentially get an address range ("prefix
# delegation")
dhcp6.enable = true;
};
firewall = {
enable = true;
rules = secrets.firewallRules;
};
wireless.networks = {
# EDIT: if you have more or fewer wireless radios, here is where
# you need to say so. hostapd tuning is hardware-specific and
# left as an exercise for the reader :-).
"${secrets.ssid}" = { services.defaultroute4 = svc.network.route.build {
interface = config.hardware.networkInterfaces.wlan; via = "$(output ${services.dhcpv4} ip)";
hw_mode = "g"; target = "default";
channel = "2"; dependencies = [ services.dhcpv4 ];
ieee80211n = 1;
}
// wirelessConfig;
"${secrets.ssid}5" = rec {
interface = config.hardware.networkInterfaces.wlan5;
hw_mode = "a";
channel = 36;
ht_capab = "[HT40+]";
vht_oper_chwidth = 1;
vht_oper_centr_freq_seg0_idx = channel + 6;
ieee80211n = 1;
ieee80211ac = 1;
}
// wirelessConfig;
};
}; };
services.ntp = svc.ntp.build { services.packet_forwarding = svc.network.forward.build { };
user = "root";
services.ntp = config.system.service.ntp.build {
pools = { pools = {
"pool.ntp.org" = [ "iburst" ]; "pool.ntp.org" = [ "iburst" ];
}; };
makestep = {
threshold = 1.0;
limit = 3;
};
}; };
services.sshd = svc.ssh.build { }; boot.tftp = {
serverip = "192.168.8.148";
users.root = secrets.root; ipaddr = "192.168.8.251";
defaultProfile.packages = with pkgs; [
min-collect-garbage
nftables
strace
tcpdump
s6
];
programs.busybox = {
applets = [
"fdisk"
"sfdisk"
];
options = {
FEATURE_FANCY_TAIL = "y";
};
}; };
defaultProfile.packages = [ pkgs.hello ];
} }