From 98072c7bd42442f72c6be6931745df15b56bc95f Mon Sep 17 00:00:00 2001 From: kurogeek Date: Mon, 4 May 2026 15:44:56 +0700 Subject: [PATCH] mob next [ci-skip] [ci skip] [skip ci] lastFile:routers/white-house-2/secrets.nix --- routers/white-house-2/configuration.nix | 133 ++++++++++++++++++++++++ routers/white-house-2/secrets.nix | 20 ++++ 2 files changed, 153 insertions(+) create mode 100644 routers/white-house-2/configuration.nix create mode 100644 routers/white-house-2/secrets.nix diff --git a/routers/white-house-2/configuration.nix b/routers/white-house-2/configuration.nix new file mode 100644 index 0000000..8cf4b7a --- /dev/null +++ b/routers/white-house-2/configuration.nix @@ -0,0 +1,133 @@ +{ inputs }: +{ + config, + pkgs, + modulesPath, + lib, + ... +}: +let + secrets = { + firewallRules = { }; + } + // (import ./secrets.nix); + wirelessConfig = { + country_code = "TH"; + inherit (secrets) wpa_passphrase; + wmm_enabled = 1; + }; + svc = config.system.service; +in +{ + imports = [ + "${inputs.liminix}/modules/wlan.nix" + "${inputs.liminix}/modules/network" + "${inputs.liminix}/modules/vlan" + "${inputs.liminix}/modules/ssh" + "${inputs.liminix}/modules/bridge" + "${inputs.liminix}/modules/health-check" + "${modulesPath}/profiles/gateway.nix" + ]; + + hostname = "whitehouse-2"; + boot = { + tftp = { + freeSpaceBytes = 3 * 1024 * 1024; + serverip = "${secrets.lan.prefix}.148"; + ipaddr = "${secrets.lan.prefix}.251"; + }; + }; + + services.sshd = svc.ssh.build { + authorizedKeys.root = secrets.root.openssh.authorizedKeys.keys; + }; + + users.root = secrets.root; + + services.resolvconf = lib.mkForce ( + pkgs.liminix.services.oneshot rec { + name = "resolvconf"; + up = '' + ( in_outputs ${name} + echo "nameserver 208.67.222.222" >> resolv.conf + echo "nameserver 208.67.220.220" >> resolv.conf + echo "nameserver 1.1.1.1" >> resolv.conf + echo "nameserver 1.0.0.1" >> resolv.conf + echo "nameserver 8.8.8.8" >> resolv.conf + chmod 0444 resolv.conf + ) + ''; + } + ); + + profile.gateway = { + lan = { + interfaces = with config.hardware.networkInterfaces; [ + wlan + wlan5 + lan + ]; + inherit (secrets.lan) prefix; + address = { + family = "inet"; + address = "${secrets.lan.prefix}.1"; + prefixLength = 24; + }; + dhcp = { + start = 10; + end = 240; + hosts = { }; + localDomain = "lan"; + }; + }; + wan = + let + inherit (config.system.service) vlan; + wan-vlan = vlan.build { + ifname = "wan-vlan"; + primary = config.hardware.networkInterfaces.wan; + vid = "10"; + }; + in + { + interface = svc.pppoe.build { + interface = wan-vlan; + username = secrets.l2tp.name; + password = secrets.l2tp.password; + }; + + dhcp6.enable = true; + }; + firewall = { + enable = true; + rules = secrets.firewallRules; + }; + wireless.networks = { + + "${secrets.ssid}" = { + interface = config.hardware.networkInterfaces.wlan; + hw_mode = "g"; + channel = "2"; + ieee80211n = 1; + } + // wirelessConfig; + "${secrets.ssid}-5" = rec { + interface = config.hardware.networkInterfaces.wlan5; + hw_mode = "a"; + channel = 36; + ht_capab = "[HT40+]"; + vht_oper_chwidth = 1; + vht_oper_centr_freq_seg0_idx = channel + 6; + ieee80211n = 1; + ieee80211ac = 1; + } + // wirelessConfig; + }; + }; + defaultProfile.packages = with pkgs; [ + busybox + iw + nftables + ]; + +} diff --git a/routers/white-house-2/secrets.nix b/routers/white-house-2/secrets.nix new file mode 100644 index 0000000..6a882dd --- /dev/null +++ b/routers/white-house-2/secrets.nix @@ -0,0 +1,20 @@ +{ + wpa_passphrase = ""; + ssid = "WhiteHouse"; + l2tp = { + name = ""; + password = ""; + }; + root = { + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEcZ/p1Ofa9liwIzPWzNtONhJ7+FUWd2lCz33r81t8+w kurogeek@kurogeek" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAB/raxJR8gASmquP63weHelbi+da2WBJR1DgzHPNz/f" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDuhpzDHBPvn8nv8RH1MRomDOaXyP4GziQm7r3MZ1Syk" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAmgyEGuY/r7SDlJgrzYmQqpcWS5W+fCzRi3OS59ne4W openpgp:0xFF687387" + ]; + }; + + lan = { + prefix = "192.168.1"; + }; +}