Add implementation prototype for router function

host/achiles.nix

@@ -4,11 +4,33 @@
 
 { config, pkgs, ... }:
 
+let routerConfig = {
+  wanCardAddress = "00:0d:b9:51:a2:74";
+  wireless = {
+    country = "CH";
+    wleInterface = "wlp5s0";
+    wleSSID = "hauser";
+    wlePassphrase = "a5e42b914b5ad2b7e0474c3b9b35d0843a52668d30cd6aa8650ec43263a60b6e";
+  };
+  lanInterfaces = [ "enp2s0" "enp3s0" "enp3s0" ];
+  lanNetwork = {
+    routerAddress = "10.2.1.1";
+    netid = "10.2.1.0";
+    revIpDomain = "1.2.10";
+    prefixLength = 24;
+    domain = "rappi.fh2.ch";
+    dhcpRange = "10.2.1.2,10.2.1.249";
+  };
+};
+
+in
+
 {
   imports =
     [
       ../hardware/apu.nix
       ../role/base.nix
+      (import ../role/router.nix routerConfig)
     ];
 
   fileSystems."/" =
@@ -31,12 +53,12 @@
   boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
 
   networking.hostName = "achiles"; # Define your hostname.
-  networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+  #networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
-  networking.wireless.networks = {
+  #networking.wireless.networks = {
-    yummi = {
+  #  yummi = {
-      psk = "cookies!";
+  #    psk = "cookies!";
-    };
+  #  };
-  };
+  #};
 
   # Configure network proxy if necessary
   # networking.proxy.default = "http://user:password@proxy:port/";

host/calanda.nix

@@ -9,7 +9,7 @@
     [
       ../hardware/apu.nix
       ../role/base.nix
-      ../role/router.nix
+#      ../role/router.nix #TODO
     ];
 
   fileSystems."/" =

role/router.nix

@@ -1,12 +1,30 @@
-
+{
-{ config, pkgs, ... }:
+  # To get the MAC address of each card, use this command: cat /sys/class/net/*device_name*/address
-
+  # Make sure to use the lower-case hex values in your udev rules. It does not like upper-case.
+  wanCardAddress ? "00:0d:b9:48:55:be",
+  wireless ? {
+    country = "CH";
+    wleInterface = "wlp5s0";
+    wleSSID = "hauser";
+    # Generate Encrypted Passphrase with: wpa_passphrase <wleSSID> <passphrase>
+    wlePassphrase = "a5e42b914b5ad2b7e0474c3b9b35d0843a52668d30cd6aa8650ec43263a60b6e";
+  },
+  lanInterfaces ? [ "enp2s0" "enp3s0" ],
+  lanNetwork ? {
+    routerAddress = "10.1.1.1";
+    netid = "10.1.1.0";
+    revIpDomain = "1.1.10";
+    prefixLength = 24;
+    domain = "ilanz.fh2.ch";
+    dhcpRange = "10.1.1.2,10.1.1.249";
+  }
+}:
 {
 
   # To get the MAC address of each card, use this command: cat /sys/class/net/*device_name*/address
   # Make sure to use the lower-case hex values in your udev rules. It does not like upper-case.
   services.udev.extraRules = ''
-    SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="00:0d:b9:48:55:be", NAME="wan"
+    SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="${wanCardAddress}", NAME="wan"
   '';
  
   networking.nat = {
@@ -16,15 +34,15 @@
   };
 
   boot.extraModprobeConfig = ''
-  options cfg80211 ieee80211_regdom=CH
+  options cfg80211 ieee80211_regdom=${wireless.country}
   '';
   services.udev.packages = [ pkgs.crda ];
   services.hostapd = {
     enable = true;
-    interface = "wlp5s0";
+    interface = wireless.wleInterface;
     hwMode = "g";
-    ssid = "hauser";
+    ssid = wireless.wleSSID;
-    wpaPassphrase = "a5e42b914b5ad2b7e0474c3b9b35d0843a52668d30cd6aa8650ec43263a60b6e";
+    wpaPassphrase = wireless.wlePassphrase;
     channel = 6;
     extraConfig = ''
       #macaddr_acl sets options for mac address filtering. 0 means "accept unless in deny list"
@@ -57,10 +75,10 @@
   };
 
   networking = {
-    bridges.lan.interfaces = [ "enp2s0" "enp3s0" "wlp5s0" ];
+    bridges.lan.interfaces = lanInterfaces ++ [ wireless.wleInterface ];
     interfaces.lan = {
         ipv4 = {
-        addresses = [ { address = "10.1.1.1"; prefixLength = 24; } ];
+        addresses = [ { address = lanNetwork.routerAddress; prefixLength = lanNetwork.prefixLength; } ];
       };
     };
     firewall.trustedInterfaces = [ "lan" ];
@@ -68,23 +86,23 @@
 
   services.unbound = {
     enable = true;
-    interfaces = [ "127.0.0.1" "10.1.1.1" ];
+    interfaces = [ "127.0.0.1" lanNetwork.routerAddress ];
-    allowedAccess = [ "127.0.0.0/24" "10.1.1.0/24" ];
+    allowedAccess = [ "127.0.0.0/24"  lanNetwork.netid ++ "/" ++ lanNetwork.prefixLength ];
     extraConfig = ''
       # Custom configuration (leave this note to assure indentation!)
         do-not-query-localhost: no
-        private-domain: "ilanz.fh2.ch."
+        private-domain: "${lanNetwork.domain}."
-        domain-insecure: "ilanz.fh2.ch."
+        domain-insecure: "${lanNetwork.domain}."
-        private-domain: "1.1.10.in-addr.arpa."
+        private-domain: "${lanNetwork.revIpDomain}.in-addr.arpa."
-        domain-insecure: "1.1.10.in-addr.arpa."
+        domain-insecure: "${lanNetwork.revIpDomain}.in-addr.arpa."
-        local-zone: "1.1.10.in-addr.arpa" transparent
+        local-zone: "${lanNetwork.revIpDomain}.in-addr.arpa" transparent
 
         forward-zone:
-            name: "ilanz.fh2.ch."
+            name: "${lanNetwork.domain}."
             forward-addr: 127.0.0.1@5553
 
         forward-zone:
-            name: "1.1.10.in-addr.arpa."
+            name: "${lanNetwork.revIpDomain}.in-addr.arpa."
            forward-addr: 127.0.0.1@5553
     '';
   };
@@ -146,7 +164,7 @@
     
     # Add local-only domains here, queries in these domains are answered
     # from /etc/hosts or DHCP only.
-    local=/ilanz.fh2.ch/
+    local=/${lanNetwork.domain}/
     
     # Add domains which you want to force to an IP address here.
     # The example below send any host in double-click.net to a local
@@ -213,7 +231,7 @@
     # 2) Sets the "domain" DHCP option thereby potentially setting the
     #    domain of all systems configured by DHCP
     # 3) Provides the domain part for "expand-hosts"
-    domain=ilanz.fh2.ch
+    domain=${lanNetwork.domain}
     
     # Set a different domain for a particular subnet
     #domain=wireless.thekelleys.org.uk,192.168.2.0/24
@@ -226,7 +244,7 @@
     # a lease time. If you have more than one network, you will need to
     # repeat this for each network on which you want to supply DHCP
     # service.
-    dhcp-range=10.1.1.2,10.1.1.249,48h
+    dhcp-range=${lanNetwork.dhcpRange},48h
     
     # This is an example of a DHCP range where the netmask is given. This
     # is needed for networks we reach the dnsmasq DHCP server via a relay
@@ -394,7 +412,7 @@
     # Override the default route supplied by dnsmasq, which assumes the
     # router is the same machine as the one running dnsmasq.
     #dhcp-option=3,1.2.3.4
-    dhcp-option=6,10.1.1.1
+    dhcp-option=6,${lanNetwork.routerAddress}
     
     # Do the same thing, but using the option name
     #dhcp-option=option:router,1.2.3.4
@@ -454,7 +472,7 @@
     
     # Send RFC-3397 DNS domain search DHCP option. WARNING: Your DHCP client
     # probably doesn't support this......
-    dhcp-option=option:domain-search,ilanz.fh2.ch
+    dhcp-option=option:domain-search,${lanNetwork.domain}
     
     # Send RFC-3442 classless static routes (note the netmask encoding)
     #dhcp-option=121,192.168.1.0/24,1.2.3.4,10.0.0.0/8,5.6.7.8