Add implementation prototype for router function

2019-11-19 00:09:51 +01:00 · 2019-11-19 00:09:51 +01:00 · 571684592d
commit 571684592d
parent c27573f72d
3 changed files with 71 additions and 31 deletions
--- a/host/achiles.nix
+++ b/host/achiles.nix
@ -4,11 +4,33 @@
 { config, pkgs, ... }:
 let routerConfig = {
  wanCardAddress = "00:0d:b9:51:a2:74";
  wireless = {
    country = "CH";
    wleInterface = "wlp5s0";
    wleSSID = "hauser";
    wlePassphrase = "a5e42b914b5ad2b7e0474c3b9b35d0843a52668d30cd6aa8650ec43263a60b6e";
  };
  lanInterfaces = [ "enp2s0" "enp3s0" "enp3s0" ];
  lanNetwork = {
    routerAddress = "10.2.1.1";
    netid = "10.2.1.0";
    revIpDomain = "1.2.10";
    prefixLength = 24;
    domain = "rappi.fh2.ch";
    dhcpRange = "10.2.1.2,10.2.1.249";
  };
 };
 in
 {
  imports =
    [
      ../hardware/apu.nix
      ../role/base.nix
      (import ../role/router.nix routerConfig)
    ];
  fileSystems."/" =
@ -31,12 +53,12 @@
  boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
  networking.hostName = "achiles"; # Define your hostname.
-  networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+  #networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
-  networking.wireless.networks = {
+  #networking.wireless.networks = {
-    yummi = {
+  #  yummi = {
-      psk = "cookies!";
+  #    psk = "cookies!";
-    };
+  #  };
-  };
+  #};
  # Configure network proxy if necessary
  # networking.proxy.default = "http://user:password@proxy:port/";
--- a/host/calanda.nix
+++ b/host/calanda.nix
@ -9,7 +9,7 @@
    [
      ../hardware/apu.nix
      ../role/base.nix
-      ../role/router.nix
+#      ../role/router.nix #TODO
    ];
  fileSystems."/" =
--- a/role/router.nix
+++ b/role/router.nix
@ -1,12 +1,30 @@
-
+{
-{ config, pkgs, ... }:
+  # To get the MAC address of each card, use this command: cat /sys/class/net/*device_name*/address
-
+  # Make sure to use the lower-case hex values in your udev rules. It does not like upper-case.
  wanCardAddress ? "00:0d:b9:48:55:be",
  wireless ? {
    country = "CH";
    wleInterface = "wlp5s0";
    wleSSID = "hauser";
    # Generate Encrypted Passphrase with: wpa_passphrase <wleSSID> <passphrase>
    wlePassphrase = "a5e42b914b5ad2b7e0474c3b9b35d0843a52668d30cd6aa8650ec43263a60b6e";
  },
  lanInterfaces ? [ "enp2s0" "enp3s0" ],
  lanNetwork ? {
    routerAddress = "10.1.1.1";
    netid = "10.1.1.0";
    revIpDomain = "1.1.10";
    prefixLength = 24;
    domain = "ilanz.fh2.ch";
    dhcpRange = "10.1.1.2,10.1.1.249";
  }
 }:
 {
  # To get the MAC address of each card, use this command: cat /sys/class/net/*device_name*/address
  # Make sure to use the lower-case hex values in your udev rules. It does not like upper-case.
  services.udev.extraRules = ''
-    SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="00:0d:b9:48:55:be", NAME="wan"
+    SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="${wanCardAddress}", NAME="wan"
  '';
  networking.nat = {
@ -16,15 +34,15 @@
  };
  boot.extraModprobeConfig = ''
-  options cfg80211 ieee80211_regdom=CH
+  options cfg80211 ieee80211_regdom=${wireless.country}
  '';
  services.udev.packages = [ pkgs.crda ];
  services.hostapd = {
    enable = true;
-    interface = "wlp5s0";
+    interface = wireless.wleInterface;
    hwMode = "g";
-    ssid = "hauser";
+    ssid = wireless.wleSSID;
-    wpaPassphrase = "a5e42b914b5ad2b7e0474c3b9b35d0843a52668d30cd6aa8650ec43263a60b6e";
+    wpaPassphrase = wireless.wlePassphrase;
    channel = 6;
    extraConfig = ''
      #macaddr_acl sets options for mac address filtering. 0 means "accept unless in deny list"
@ -57,10 +75,10 @@
  };
  networking = {
-    bridges.lan.interfaces = [ "enp2s0" "enp3s0" "wlp5s0" ];
+    bridges.lan.interfaces = lanInterfaces ++ [ wireless.wleInterface ];
    interfaces.lan = {
        ipv4 = {
-        addresses = [ { address = "10.1.1.1"; prefixLength = 24; } ];
+        addresses = [ { address = lanNetwork.routerAddress; prefixLength = lanNetwork.prefixLength; } ];
      };
    };
    firewall.trustedInterfaces = [ "lan" ];
@ -68,23 +86,23 @@
  services.unbound = {
    enable = true;
-    interfaces = [ "127.0.0.1" "10.1.1.1" ];
+    interfaces = [ "127.0.0.1" lanNetwork.routerAddress ];
-    allowedAccess = [ "127.0.0.0/24" "10.1.1.0/24" ];
+    allowedAccess = [ "127.0.0.0/24"  lanNetwork.netid ++ "/" ++ lanNetwork.prefixLength ];
    extraConfig = ''
      # Custom configuration (leave this note to assure indentation!)
        do-not-query-localhost: no
-        private-domain: "ilanz.fh2.ch."
+        private-domain: "${lanNetwork.domain}."
-        domain-insecure: "ilanz.fh2.ch."
+        domain-insecure: "${lanNetwork.domain}."
-        private-domain: "1.1.10.in-addr.arpa."
+        private-domain: "${lanNetwork.revIpDomain}.in-addr.arpa."
-        domain-insecure: "1.1.10.in-addr.arpa."
+        domain-insecure: "${lanNetwork.revIpDomain}.in-addr.arpa."
-        local-zone: "1.1.10.in-addr.arpa" transparent
+        local-zone: "${lanNetwork.revIpDomain}.in-addr.arpa" transparent
        forward-zone:
-            name: "ilanz.fh2.ch."
+            name: "${lanNetwork.domain}."
            forward-addr: 127.0.0.1@5553
        forward-zone:
-            name: "1.1.10.in-addr.arpa."
+            name: "${lanNetwork.revIpDomain}.in-addr.arpa."
           forward-addr: 127.0.0.1@5553
    '';
  };
@ -146,7 +164,7 @@
    # Add local-only domains here, queries in these domains are answered
    # from /etc/hosts or DHCP only.
-    local=/ilanz.fh2.ch/
+    local=/${lanNetwork.domain}/
    # Add domains which you want to force to an IP address here.
    # The example below send any host in double-click.net to a local
@ -213,7 +231,7 @@
    # 2) Sets the "domain" DHCP option thereby potentially setting the
    #    domain of all systems configured by DHCP
    # 3) Provides the domain part for "expand-hosts"
-    domain=ilanz.fh2.ch
+    domain=${lanNetwork.domain}
    # Set a different domain for a particular subnet
    #domain=wireless.thekelleys.org.uk,192.168.2.0/24
@ -226,7 +244,7 @@
    # a lease time. If you have more than one network, you will need to
    # repeat this for each network on which you want to supply DHCP
    # service.
-    dhcp-range=10.1.1.2,10.1.1.249,48h
+    dhcp-range=${lanNetwork.dhcpRange},48h
    # This is an example of a DHCP range where the netmask is given. This
    # is needed for networks we reach the dnsmasq DHCP server via a relay
@ -394,7 +412,7 @@
    # Override the default route supplied by dnsmasq, which assumes the
    # router is the same machine as the one running dnsmasq.
    #dhcp-option=3,1.2.3.4
-    dhcp-option=6,10.1.1.1
+    dhcp-option=6,${lanNetwork.routerAddress}
    # Do the same thing, but using the option name
    #dhcp-option=option:router,1.2.3.4
@ -454,7 +472,7 @@
    # Send RFC-3397 DNS domain search DHCP option. WARNING: Your DHCP client
    # probably doesn't support this......
-    dhcp-option=option:domain-search,ilanz.fh2.ch
+    dhcp-option=option:domain-search,${lanNetwork.domain}
    # Send RFC-3442 classless static routes (note the netmask encoding)
    #dhcp-option=121,192.168.1.0/24,1.2.3.4,10.0.0.0/8,5.6.7.8