mob next [ci-skip] [ci skip] [skip ci]

lastFile:routers/white-house-2/secrets.nix
2026-05-07 10:51:03 +07:00
parent 6a29794575
commit a8ad9bba43
3 changed files with 102 additions and 0 deletions
@@ -0,0 +1,82 @@
+{ inputs }:
+{
+  config,
+  pkgs,
+  modulesPath,
+  lib,
+  ...
+}:
+let
+  secrets = {
+    firewallRules = { };
+  }
+  // (import ./secrets.nix);
+  wirelessConfig = {
+    country_code = "TH";
+    inherit (secrets) wpa_passphrase;
+    wmm_enabled = 1;
+  };
+  svc = config.system.service;
+in
+{
+  imports = [
+    "${inputs.liminix}/modules/wlan.nix"
+    "${inputs.liminix}/modules/ssh"
+    "${modulesPath}/profiles/wap.nix"
+  ];
+
+  hostname = "whitehouse2";
+  boot = {
+    tftp = {
+      freeSpaceBytes = 3 * 1024 * 1024;
+      serverip = "${secrets.lan.prefix}.149";
+      ipaddr = "${secrets.lan.prefix}.252";
+    };
+  };
+
+  services.sshd = svc.ssh.build {
+    authorizedKeys.root = secrets.root.openssh.authorizedKeys.keys;
+  };
+
+  users.root = secrets.root;
+
+  profile.wap = {
+    interfaces = with config.hardware.networkInterfaces; [
+      wan
+      lan
+      wlan
+      wlan5
+    ];
+
+    wireless.networks = {
+      "${secrets.ssid}" = {
+        interface = config.hardware.networkInterfaces.wlan;
+        hw_mode = "g";
+        channel = "6";
+        ieee80211n = 1;
+      }
+      // wirelessConfig;
+      "${secrets.ssid}-5" = rec {
+        interface = config.hardware.networkInterfaces.wlan5;
+        hw_mode = "a";
+        channel = 36;
+        ht_capab = "[HT40+]";
+        vht_oper_chwidth = 1;
+        vht_oper_centr_freq_seg0_idx = channel + 6;
+        ieee80211n = 1;
+        ieee80211ac = 1;
+      }
+      // wirelessConfig;
+    };
+  };
+
+  system.service.network.forward.enableIPv4 = false;
+  system.service.network.forward.enableIPv6 = false;
+
+  defaultProfile.packages = with pkgs; [
+    busybox
+    iw
+    nftables
+  ];
+
+}