mob next [ci-skip] [ci skip] [skip ci]

lastFile:routers/white-house-2/secrets.nix

routers/default.nix

@@ -5,5 +5,9 @@
       device = (import "${inputs.liminix}/devices/gl-ar750");
       liminix-config = import ./white-house/configuration.nix { inherit inputs; };
     };
+    whitehouse-router-2 = import "${inputs.liminix}/default.nix" {
+      device = (import "${inputs.liminix}/devices/gl-ar750");
+      liminix-config = import ./white-house-2/configuration.nix { inherit inputs; };
+    };
   };
 }

routers/white-house-2/configuration.nix

@@ -0,0 +1,82 @@
+{ inputs }:
+{
+  config,
+  pkgs,
+  modulesPath,
+  lib,
+  ...
+}:
+let
+  secrets = {
+    firewallRules = { };
+  }
+  // (import ./secrets.nix);
+  wirelessConfig = {
+    country_code = "TH";
+    inherit (secrets) wpa_passphrase;
+    wmm_enabled = 1;
+  };
+  svc = config.system.service;
+in
+{
+  imports = [
+    "${inputs.liminix}/modules/wlan.nix"
+    "${inputs.liminix}/modules/ssh"
+    "${modulesPath}/profiles/wap.nix"
+  ];
+
+  hostname = "whitehouse2";
+  boot = {
+    tftp = {
+      freeSpaceBytes = 3 * 1024 * 1024;
+      serverip = "${secrets.lan.prefix}.149";
+      ipaddr = "${secrets.lan.prefix}.252";
+    };
+  };
+
+  services.sshd = svc.ssh.build {
+    authorizedKeys.root = secrets.root.openssh.authorizedKeys.keys;
+  };
+
+  users.root = secrets.root;
+
+  profile.wap = {
+    interfaces = with config.hardware.networkInterfaces; [
+      wan
+      lan
+      wlan
+      wlan5
+    ];
+
+    wireless.networks = {
+      "${secrets.ssid}" = {
+        interface = config.hardware.networkInterfaces.wlan;
+        hw_mode = "g";
+        channel = "6";
+        ieee80211n = 1;
+      }
+      // wirelessConfig;
+      "${secrets.ssid}-5" = rec {
+        interface = config.hardware.networkInterfaces.wlan5;
+        hw_mode = "a";
+        channel = 36;
+        ht_capab = "[HT40+]";
+        vht_oper_chwidth = 1;
+        vht_oper_centr_freq_seg0_idx = channel + 6;
+        ieee80211n = 1;
+        ieee80211ac = 1;
+      }
+      // wirelessConfig;
+    };
+  };
+
+  system.service.network.forward.enableIPv4 = false;
+  system.service.network.forward.enableIPv6 = false;
+
+  defaultProfile.packages = with pkgs; [
+    busybox
+    iw
+    nftables
+  ];
+
+}

routers/white-house-2/secrets.nix

@@ -0,0 +1,16 @@
+{
+  wpa_passphrase = "";
+  ssid = "GL-AR750";
+  root = {
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEcZ/p1Ofa9liwIzPWzNtONhJ7+FUWd2lCz33r81t8+w kurogeek@kurogeek"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAB/raxJR8gASmquP63weHelbi+da2WBJR1DgzHPNz/f"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDuhpzDHBPvn8nv8RH1MRomDOaXyP4GziQm7r3MZ1Syk"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAmgyEGuY/r7SDlJgrzYmQqpcWS5W+fCzRi3OS59ne4W openpgp:0xFF687387"
+    ];
+  };
+
+  lan = {
+    prefix = "192.168.1";
+  };
+}