mob next [ci-skip] [ci skip] [skip ci]

lastFile:routers/white-house-2/secrets.nix

routers/white-house-2/configuration.nix

@@ -0,0 +1,133 @@
+{ inputs }:
+{
+  config,
+  pkgs,
+  modulesPath,
+  lib,
+  ...
+}:
+let
+  secrets = {
+    firewallRules = { };
+  }
+  // (import ./secrets.nix);
+  wirelessConfig = {
+    country_code = "TH";
+    inherit (secrets) wpa_passphrase;
+    wmm_enabled = 1;
+  };
+  svc = config.system.service;
+in
+{
+  imports = [
+    "${inputs.liminix}/modules/wlan.nix"
+    "${inputs.liminix}/modules/network"
+    "${inputs.liminix}/modules/vlan"
+    "${inputs.liminix}/modules/ssh"
+    "${inputs.liminix}/modules/bridge"
+    "${inputs.liminix}/modules/health-check"
+    "${modulesPath}/profiles/gateway.nix"
+  ];
+
+  hostname = "whitehouse-2";
+  boot = {
+    tftp = {
+      freeSpaceBytes = 3 * 1024 * 1024;
+      serverip = "${secrets.lan.prefix}.148";
+      ipaddr = "${secrets.lan.prefix}.251";
+    };
+  };
+
+  services.sshd = svc.ssh.build {
+    authorizedKeys.root = secrets.root.openssh.authorizedKeys.keys;
+  };
+
+  users.root = secrets.root;
+
+  services.resolvconf = lib.mkForce (
+    pkgs.liminix.services.oneshot rec {
+      name = "resolvconf";
+      up = ''
+        ( in_outputs ${name}
+         echo "nameserver 208.67.222.222" >> resolv.conf
+         echo "nameserver 208.67.220.220" >> resolv.conf
+         echo "nameserver 1.1.1.1" >> resolv.conf
+         echo "nameserver 1.0.0.1" >> resolv.conf
+         echo "nameserver 8.8.8.8" >> resolv.conf
+         chmod 0444 resolv.conf
+        )
+      '';
+    }
+  );
+
+  profile.gateway = {
+    lan = {
+      interfaces = with config.hardware.networkInterfaces; [
+        wlan
+        wlan5
+        lan
+      ];
+      inherit (secrets.lan) prefix;
+      address = {
+        family = "inet";
+        address = "${secrets.lan.prefix}.1";
+        prefixLength = 24;
+      };
+      dhcp = {
+        start = 10;
+        end = 240;
+        hosts = { };
+        localDomain = "lan";
+      };
+    };
+    wan =
+      let
+        inherit (config.system.service) vlan;
+        wan-vlan = vlan.build {
+          ifname = "wan-vlan";
+          primary = config.hardware.networkInterfaces.wan;
+          vid = "10";
+        };
+      in
+      {
+        interface = svc.pppoe.build {
+          interface = wan-vlan;
+          username = secrets.l2tp.name;
+          password = secrets.l2tp.password;
+        };
+
+        dhcp6.enable = true;
+      };
+    firewall = {
+      enable = true;
+      rules = secrets.firewallRules;
+    };
+    wireless.networks = {
+
+      "${secrets.ssid}" = {
+        interface = config.hardware.networkInterfaces.wlan;
+        hw_mode = "g";
+        channel = "2";
+        ieee80211n = 1;
+      }
+      // wirelessConfig;
+      "${secrets.ssid}-5" = rec {
+        interface = config.hardware.networkInterfaces.wlan5;
+        hw_mode = "a";
+        channel = 36;
+        ht_capab = "[HT40+]";
+        vht_oper_chwidth = 1;
+        vht_oper_centr_freq_seg0_idx = channel + 6;
+        ieee80211n = 1;
+        ieee80211ac = 1;
+      }
+      // wirelessConfig;
+    };
+  };
+  defaultProfile.packages = with pkgs; [
+    busybox
+    iw
+    nftables
+  ];
+
+}

routers/white-house-2/secrets.nix

@@ -0,0 +1,20 @@
+{
+  wpa_passphrase = "";
+  ssid = "WhiteHouse";
+  l2tp = {
+    name = "";
+    password = "";
+  };
+  root = {
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEcZ/p1Ofa9liwIzPWzNtONhJ7+FUWd2lCz33r81t8+w kurogeek@kurogeek"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAB/raxJR8gASmquP63weHelbi+da2WBJR1DgzHPNz/f"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDuhpzDHBPvn8nv8RH1MRomDOaXyP4GziQm7r3MZ1Syk"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAmgyEGuY/r7SDlJgrzYmQqpcWS5W+fCzRi3OS59ne4W openpgp:0xFF687387"
+    ];
+  };
+
+  lan = {
+    prefix = "192.168.1";
+  };
+}