convert l2tp example to use gateway profile
This commit is contained in:
		| @@ -30,6 +30,11 @@ | |||||||
|   inherit (pkgs.pseudofile) dir symlink; |   inherit (pkgs.pseudofile) dir symlink; | ||||||
|   inherit (pkgs) serviceFns; |   inherit (pkgs) serviceFns; | ||||||
|   svc = config.system.service; |   svc = config.system.service; | ||||||
|  |   wirelessConfig = { | ||||||
|  |     country_code = "GB"; | ||||||
|  |     inherit (rsecrets) wpa_passphrase; | ||||||
|  |     wmm_enabled = 1; | ||||||
|  |   }; | ||||||
| in rec { | in rec { | ||||||
|   boot = { |   boot = { | ||||||
|     tftp = { |     tftp = { | ||||||
| @@ -41,13 +46,14 @@ in rec { | |||||||
|   imports = [ |   imports = [ | ||||||
|     ../modules/wwan |     ../modules/wwan | ||||||
|     ../modules/network |     ../modules/network | ||||||
|     ../modules/vlan |     # ../modules/vlan | ||||||
|     ../modules/ssh |     ../modules/ssh | ||||||
|     ../modules/usb.nix |     ../modules/usb.nix | ||||||
|     ../modules/watchdog |     # ../modules/watchdog | ||||||
|     ../modules/mount |     # ../modules/mount | ||||||
|     ../modules/ppp |     ../modules/ppp | ||||||
|     ../modules/round-robin |     ../modules/round-robin | ||||||
|  |     ../modules/profiles/gateway.nix | ||||||
|   ]; |   ]; | ||||||
|   hostname = "thing"; |   hostname = "thing"; | ||||||
|  |  | ||||||
| @@ -58,8 +64,29 @@ in rec { | |||||||
|     authType = "chap"; |     authType = "chap"; | ||||||
|   }; |   }; | ||||||
|  |  | ||||||
|   services.wan = |   profile.gateway = { | ||||||
|     let |     lan = { | ||||||
|  |       interfaces =  with config.hardware.networkInterfaces; | ||||||
|  |         [ | ||||||
|  |           # EDIT: these are the interfaces exposed by the gl.inet gl-ar750: | ||||||
|  |           # if your device has more or differently named lan interfaces, | ||||||
|  |           # specify them here | ||||||
|  |           wlan wlan5 | ||||||
|  |           lan | ||||||
|  |         ]; | ||||||
|  |       inherit (rsecrets.lan) prefix; | ||||||
|  |       address = { | ||||||
|  |         family = "inet"; address ="${rsecrets.lan.prefix}.1"; prefixLength = 24; | ||||||
|  |       }; | ||||||
|  |       dhcp = { | ||||||
|  |         start = 10; | ||||||
|  |         end = 240; | ||||||
|  |         hosts = { } // lib.optionalAttrs (builtins.pathExists ./static-leases.nix) (import ./static-leases.nix); | ||||||
|  |         localDomain = "lan"; | ||||||
|  |       }; | ||||||
|  |     }; | ||||||
|  |     wan = { | ||||||
|  |       interface = let | ||||||
|         pppoe = svc.pppoe.build { |         pppoe = svc.pppoe.build { | ||||||
|           interface = config.hardware.networkInterfaces.wan; |           interface = config.hardware.networkInterfaces.wan; | ||||||
|           debug = true; |           debug = true; | ||||||
| @@ -75,9 +102,9 @@ in rec { | |||||||
|               dependencies = [ services.lns-address ]; |               dependencies = [ services.lns-address ]; | ||||||
|             }; |             }; | ||||||
|             route = svc.network.route.build { |             route = svc.network.route.build { | ||||||
|             via = "$(output ${services.dhcpc} router)"; |               via = "$(output ${services.bootstrap-dhcpc} router)"; | ||||||
|               target = lns.address; |               target = lns.address; | ||||||
|             dependencies = [services.dhcpc check-address]; |               dependencies = [services.bootstrap-dhcpc check-address]; | ||||||
|             }; |             }; | ||||||
|           in svc.l2tp.build { |           in svc.l2tp.build { | ||||||
|             lns = lns.address; |             lns = lns.address; | ||||||
| @@ -92,25 +119,26 @@ in rec { | |||||||
|         name = "wan"; |         name = "wan"; | ||||||
|         services = [ l2tp pppoe ]; |         services = [ l2tp pppoe ]; | ||||||
|       }; |       }; | ||||||
|  |       dhcp6.enable = true; | ||||||
|   services.sshd = svc.ssh.build { }; |  | ||||||
|  |  | ||||||
|   services.resolvconf = oneshot rec { |  | ||||||
|     dependencies = [ services.wan ]; |  | ||||||
|     name = "resolvconf"; |  | ||||||
|     up = '' |  | ||||||
|       . ${serviceFns} |  | ||||||
|        ( in_outputs ${name} |  | ||||||
|         for i in ns1 ns2 ; do |  | ||||||
|           ns=$(output ${services.wan} $i) |  | ||||||
|           echo "nameserver $ns" >> resolv.conf |  | ||||||
|         done |  | ||||||
|        ) |  | ||||||
|     ''; |  | ||||||
|     }; |     }; | ||||||
|   filesystem = dir { |  | ||||||
|     etc = dir { |     wireless.networks = { | ||||||
|       "resolv.conf" = symlink "${services.resolvconf}/.outputs/resolv.conf"; |       "${rsecrets.ssid}" = { | ||||||
|  |         interface = config.hardware.networkInterfaces.wlan; | ||||||
|  |         hw_mode = "g"; | ||||||
|  |         channel = "6"; | ||||||
|  |         ieee80211n = 1; | ||||||
|  |       } // wirelessConfig; | ||||||
|  |       "${rsecrets.ssid}5" = rec { | ||||||
|  |         interface = config.hardware.networkInterfaces.wlan5; | ||||||
|  |         hw_mode = "a"; | ||||||
|  |         channel = 36; | ||||||
|  |         ht_capab = "[HT40+]"; | ||||||
|  |         vht_oper_chwidth = 1; | ||||||
|  |         vht_oper_centr_freq_seg0_idx = channel + 6; | ||||||
|  |         ieee80211n = 1; | ||||||
|  |         ieee80211ac = 1; | ||||||
|  |       } // wirelessConfig; | ||||||
|     }; |     }; | ||||||
|   }; |   }; | ||||||
|  |  | ||||||
| @@ -119,6 +147,8 @@ in rec { | |||||||
|     dependencies = [ config.services.hostname ]; |     dependencies = [ config.services.hostname ]; | ||||||
|   }; |   }; | ||||||
|  |  | ||||||
|  |   services.sshd = svc.ssh.build { }; | ||||||
|  |  | ||||||
|   services.lns-address = let |   services.lns-address = let | ||||||
|     ns = "$(output_word ${services.bootstrap-dhcpc} dns 1)"; |     ns = "$(output_word ${services.bootstrap-dhcpc} dns 1)"; | ||||||
|     route-to-bootstrap-nameserver = svc.network.route.build { |     route-to-bootstrap-nameserver = svc.network.route.build { | ||||||
| @@ -137,18 +167,13 @@ in rec { | |||||||
|     ''; |     ''; | ||||||
|   }; |   }; | ||||||
|  |  | ||||||
|   services.defaultroute4 = svc.network.route.build { |   # services.ntp = svc.ntp.build { | ||||||
|     via = "$(output ${services.wan} peer-address)"; |   #   pools = { "pool.ntp.org" = ["iburst"]; }; | ||||||
|     target = "default"; |   #   makestep = { threshold = 1.0; limit = 3; }; | ||||||
|     dependencies = [services.wan]; |   #   dependencies = with config.services; [ defaultroute4 defaultroute6 ]; | ||||||
|   }; |   # }; | ||||||
|  |  | ||||||
| #  defaultProfile.packages = [ pkgs.go-l2tp ]; |   users.root = rsecrets.root; | ||||||
|  |  | ||||||
|   users.root = { |  | ||||||
|     passwd = lib.mkForce secrets.root.passwd; |  | ||||||
|     openssh.authorizedKeys.keys = secrets.root.keys; |  | ||||||
|   }; |  | ||||||
|  |  | ||||||
|   programs.busybox.options = { |   programs.busybox.options = { | ||||||
|     FEATURE_FANCY_TAIL = "y"; |     FEATURE_FANCY_TAIL = "y"; | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user
	 Daniel Barlow
					Daniel Barlow