121 lines
		
	
	
		
			3.2 KiB
		
	
	
	
		
			Nix
		
	
	
	
	
	
			
		
		
	
	
			121 lines
		
	
	
		
			3.2 KiB
		
	
	
	
		
			Nix
		
	
	
	
	
	
| { config, pkgs, ... } :
 | |
| let
 | |
|   inherit (pkgs.liminix.services) oneshot longrun bundle target;
 | |
|   inherit (pkgs) writeText;
 | |
|   svc = config.system.service;
 | |
|   secrets-1 = {
 | |
|     ssid = "Zyxel 2G (N)";
 | |
|     wpa_passphrase = "diamond dogs";
 | |
|   };
 | |
|   secrets-2 = {
 | |
|     ssid = "Zyxel 5G (AX)";
 | |
|     wpa_passphrase = "diamond dogs";
 | |
|   };
 | |
|   baseParams = {
 | |
|     country_code = "FR";
 | |
|     hw_mode = "g";
 | |
|     channel = 6;
 | |
|     wmm_enabled = 1;
 | |
|     ieee80211n = 1;
 | |
|     ht_capab = "[LDPC][GF][HT40-][HT40+][SHORT-GI-40][MAX-AMSDU-7935][TX-STBC]";
 | |
|     auth_algs = 1;
 | |
|     wpa = 2;
 | |
|     wpa_key_mgmt = "WPA-PSK";
 | |
|     wpa_pairwise = "TKIP CCMP";
 | |
|     rsn_pairwise = "CCMP";
 | |
|   };
 | |
| 
 | |
|   modernParams = {
 | |
|     hw_mode = "a";
 | |
|     he_su_beamformer = 1;
 | |
|     he_su_beamformee = 1;
 | |
|     he_mu_beamformer = 1;
 | |
|     preamble = 1;
 | |
|     # Allow radar detection.
 | |
|     ieee80211d = 1;
 | |
|     ieee80211h = 1;
 | |
|     ieee80211ac = 1;
 | |
|     ieee80211ax = 1;
 | |
|     vht_capab = "[MAX-MPDU-7991][SU-BEAMFORMEE][SU-BEAMFORMER][RXLDPC][SHORT-GI-80][MAX-A-MPDU-LEN-EXP3][RX-ANTENNA-PATTERN][TX-ANTENNA-PATTERN][TX-STBC-2BY1][RX-STBC-1][MU-BEAMFORMER]";
 | |
|     vht_oper_chwidth = 1;
 | |
|     he_oper_chwidth = 1;
 | |
|     channel = 36;
 | |
|     vht_oper_centr_freq_seg0_idx = 42;
 | |
|     he_oper_centr_freq_seg0_idx = 42;
 | |
|     require_vht = 1;
 | |
|   };
 | |
|   mkWifiSta = params: interface: secrets: svc.hostapd.build {
 | |
|     inherit interface;
 | |
|       params = params // {
 | |
|         inherit (secrets) ssid wpa_passphrase;
 | |
|       };
 | |
|   };
 | |
| in rec {
 | |
|   imports = [
 | |
|     ../modules/wlan.nix
 | |
|     ../modules/network
 | |
|     ../modules/hostapd
 | |
|     ../modules/ssh
 | |
|     ../modules/ntp
 | |
|     ../modules/vlan
 | |
|     ../modules/bridge
 | |
|   ];
 | |
| 
 | |
|   hostname = "zyxel";
 | |
| 
 | |
|   users.root = {
 | |
|     # EDIT: choose a root password and then use
 | |
|     # "mkpasswd -m sha512crypt" to determine the hash.
 | |
|     # It should start wirh $6$.
 | |
|     passwd = "$y$j9T$f8GhLiqYmr3lc58eKhgyD0$z7P/7S9u.kq/cANZExxhS98bze/6i7aBxU6tbl7RMi.";
 | |
|     openssh.authorizedKeys.keys = [
 | |
|       # EDIT: you can add your ssh pubkey here
 | |
|       # "ssh-rsa AAAAB3NzaC1....H6hKd user@example.com";
 | |
|     ];
 | |
|   };
 | |
| 
 | |
|   services.int = svc.bridge.primary.build {
 | |
|     ifname = "int";
 | |
|   };
 | |
| 
 | |
|   services.bridge = svc.bridge.members.build {
 | |
|     primary = services.int;
 | |
|     members = with config.hardware.networkInterfaces; [
 | |
|       lan
 | |
|       wlan0
 | |
|       wlan1
 | |
|     ];
 | |
|   };
 | |
| 
 | |
|   services.dhcpv4 =
 | |
|     let iface = services.int;
 | |
|     in svc.network.dhcp.client.build { interface = iface; };
 | |
| 
 | |
|   services.defaultroute4 = svc.network.route.build {
 | |
|     via = "$(output ${services.dhcpv4} address)";
 | |
|     target = "default";
 | |
|     dependencies = [ services.dhcpv4 ];
 | |
|   };
 | |
| 
 | |
|   services.packet_forwarding = svc.network.forward.build { };
 | |
|   services.sshd = svc.ssh.build {
 | |
|     allowRoot = true;
 | |
|   };
 | |
| 
 | |
|   services.ntp = config.system.service.ntp.build {
 | |
|     pools = { "pool.ntp.org" = ["iburst"] ; };
 | |
|   };
 | |
| 
 | |
|   boot.tftp = {
 | |
|     serverip = "192.0.2.10";
 | |
|     ipaddr = "192.0.2.12";
 | |
|   };
 | |
| 
 | |
|   # wlan0 is the 2.4GHz interface.
 | |
|   services.hostap-1 = mkWifiSta baseParams config.hardware.networkInterfaces.wlan0 secrets-1;
 | |
|   # wlan1 is the 5GHz interface, e.g. AX capable.
 | |
|   services.hostap-2 = mkWifiSta (baseParams // modernParams) config.hardware.networkInterfaces.wlan1 secrets-2;
 | |
| 
 | |
|   defaultProfile.packages = with pkgs; [ zyxel-bootconfig iw min-collect-garbage mtdutils ];
 | |
| }
 | 
