fabianhauser/dotfiles
1
0
Fork 0
Code Issues 4 Pull requests 1 Projects Releases Packages Wiki Activity Actions

Switch router roles to services

Browse source
This commit is contained in:
Fabian Hauser 2020-05-17 13:47:27 +00:00
parent 1628359fbd
commit fad59bbb27
5 changed files with 892 additions and 761 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
hardware/wle600vx.nix
View file

@ -1,5 +1,7 @@
# Note: You can either use wel600vx.nix or wle900vx.nix
{ config, lib, pkgs, ... }: {
#TODO!
services.hostapd5ghz.extraConfig = "";
services.hostapd5ghz.extraConfig = ''
ht_capab=[LDPC][HT40][SMPS-STATIC][SHORT-GI-20][SHORT-GI-40][TX-STBC][RX-STBC1][DSSS_CCK-40]
'';
}

35
host/etzel.nix
View file

@ -5,7 +5,40 @@
{ config, pkgs, ... }:
{
imports = [ ../hardware/apu1.nix ../role/base ];
imports = [
../hardware/apu1.nix
../hardware/wel200vx.nix
../hardware/wle600vx.nix
../role/base
../role/router
../role/router-dhcp
../role/router-dns
../role/router-wireless-ap
];
service.router = {
enable = true;
wanInterface = "enp2s0";
wirelessInterfaces = [ "wlp4s0" "wlp6s0" ];
lanInterfaces = ["enp1s0", "enp3s0" ];
internalRouterIP = "10.2.2.1";
dhcp = {
enable = true;
localDomain = "test.rappi.fh2.ch";
dhcpRange = "10.2.2.2,10.2.2.200";
};
recursiveDns = {
enable = true;
networkIdIp = "10.2.2.0";
};
wireless = {
enable = true;
wleInterface24Ghz = "wlp4s0";
wleInterface5Ghz = "wlp6s0";
ssid = "testnet";
passphrase = "testnet";
};
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;

1282
role/router-dhcp/default.nix
View file

File diff suppressed because it is too large Load diff

61
role/router-dns/default.nix
View file

@ -1,27 +1,46 @@
{ internalRouterIP, networkIdIP, revIpDomain, internalPrefixLength? 24, localDomain, }:
{ config, lib, pkgs, ... }:
let pkgs = import <nixpkgs> { };
with lib;
let routerCfg = config.services.router;
dhcpCfg = config.services.router.dhcp;
cfg = config.services.router.recursiveDns;
with lib.lists; with builtins; revIpDomain = concatStringsSep "." reverseList take 3 split "\." networkIdIp;
in {
services.unbound = {
enable = true;
interfaces = [ "127.0.0.1" internalRouterIP ];
allowedAccess = [ "127.0.0.0/24" "${networkIdIP}/${toString internalPrefixLength}" ];
extraConfig = ''
# Custom configuration (leave this note to assure indentation!)
do-not-query-localhost: no
private-domain: "${localDomain}."
domain-insecure: "${localDomain}."
private-domain: "${revIpDomain}.in-addr.arpa."
domain-insecure: "${revIpDomain}.in-addr.arpa."
local-zone: "${revIpDomain}.in-addr.arpa" transparent
options.services.router.recursiveDns = {
enable = mkEnableOption "router recursive dns service";
forward-zone:
name: "${localDomain}."
forward-addr: 127.0.0.1@5553
networkIdIp = mkOption {
type = types.str;
example = "192.168.0.0";
description = ''
Network ID IP of local network.
'';
};
};
forward-zone:
name: "${revIpDomain}.in-addr.arpa."
forward-addr: 127.0.0.1@5553
'';
config = mkIf cfg.enable {
services.unbound = {
enable = true;
interfaces = [ "127.0.0.1" routerCfg.internalRouterIP ];
allowedAccess = [ "127.0.0.0/24" "${cfg.networkIdIp}/${toString routerCfg.internalPrefixLength}" ];
extraConfig = mkIf dhcpCfg.enable ''
# Custom configuration (leave this note to assure indentation!)
do-not-query-localhost: no
private-domain: "${dhcpCfg.localDomain}."
domain-insecure: "${dhcpCfg.localDomain}."
private-domain: "${revIpDomain}.in-addr.arpa."
domain-insecure: "${revIpDomain}.in-addr.arpa."
local-zone: "${revIpDomain}.in-addr.arpa" transparent
forward-zone:
name: "${dhcpCfg.localDomain}."
forward-addr: 127.0.0.1@${dhcpCfg.lanLocalDnsPort}
forward-zone:
name: "${revIpDomain}.in-addr.arpa."
forward-addr: 127.0.0.1@${dhcpCfg.lanLocalDnsPort}
'';
};
};
}

271
role/router-wireless-ap/default.nix
View file

@ -1,126 +1,169 @@
{ wleInterface24Ghz ? "", wleInterface5Ghz ? "", wleSSID,
# Generate Encrypted Passphrase with: wpa_passphrase <wleSSID> <passphrase>
wlePassphrase, }:
{ config, lib, pkgs, ... }:
with builtins;
let
pkgs = import <nixpkgs> { };
country = "US";
wle24GhzEnabled = (stringLength wleInterface24Ghz) > 0;
wle5GhzEnabled = (stringLength wleInterface5Ghz) > 0;
with lib;
let routerCfg = config.services.router;
cfg = config.services.router.wireless
in {
boot.extraModprobeConfig = ''
options cfg80211 ieee80211_regdom=${country}
'';
options.services.wireless = {
enable = mkEnableOption "router wireless service";
imports = [ ./hostapd5ghz.nix ];
wleInterface24Ghz = mkOption {
type = with types; nullOr str;
example = "wlp1";
description = ''
Wireless interface name for 2.4 GHz wireless band.
'';
};
services.udev.packages = [ pkgs.crda ];
wleInterface5Ghz = mkOption {
type = with types; nullOr str;
example = "wlp2";
description = ''
Wireless interface name for 5 GHz wireless band.
'';
};
services.hostapd5ghz = {
enable = wle5GhzEnabled;
interface = wleInterface5Ghz;
hwMode = "a";
ssid = wleSSID;
wpaPassphrase = wlePassphrase;
channel = 36;
extraConfig = ''
${optionalString wle24GhzEnabled "except-interface=${wleInterface24Ghz}"}
max_num_sta=255
ssid = mkOption {
type = types.str;
example = "MyNetwork";
description = ''
Wireless network SSID.
'';
};
#Details for Connecting Clients via WPA2 TKIP
auth_algs=1
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP
rsn_pairwise=CCMP
passphrase = mkOption {
type = types.str;
description = ''
Passphrase of wireless network. May be encrypted with <literal>wpa_passphrase &lt;wleSSID&gt; &lt;passphrase&gt;</literal>.
'';
};
#802.11d Regulatory Restrictions Designations for Which Frequencies and Channels are Legal
ieee80211d=1
# DFS
#ieee80211h=1
country_code=${country}
#802.11n Configurations
ieee80211n=1
#802.11ac Configurations
ieee80211ac=1
vht_oper_chwidth=1
vht_oper_centr_freq_seg0_idx=42
#How Many Units of Time Between Beacon Transmissions
#beacon_int=100
#Multiplier of How Many Units of Time Between Beacon Transmissions
#dtim_period=2
#(e.g. 100 milliseconds(ms) * 2 = 200 ms between beacons)
#QoS Type of Traffic Management Based on Traffic Type
wmm_enabled=1
##Background
#wmm_ac_bk_cwmin=4
#wmm_ac_bk_cwmax=10
#wmm_ac_bk_aifs=7
#wmm_ac_bk_txop_limit=0
#wmm_ac_bk_acm=0
##Best Effort
#wmm_ac_be_aifs=3
#wmm_ac_be_cwmin=4
#wmm_ac_be_cwmax=10
#wmm_ac_be_txop_limit=0
#wmm_ac_be_acm=0
##Video
#wmm_ac_vi_aifs=2
#wmm_ac_vi_cwmin=3
#wmm_ac_vi_cwmax=4
#wmm_ac_vi_txop_limit=94
#wmm_ac_vi_acm=0
##Voice
#wmm_ac_vo_aifs=2
#wmm_ac_vo_cwmin=2
#wmm_ac_vo_cwmax=3
#wmm_ac_vo_txop_limit=47
#wmm_ac_vo_acm=0
'';
regulatoryCountryCode = mkOption {
type = types.str;
default = "US";
description = ''
Regulatory wireless country code.
'';
};
};
services.hostapd = {
enable = wle24GhzEnabled;
interface = wleInterface;
hwMode = "g";
ssid = wleSSID;
wpaPassphrase = wlePassphrase;
channel = 6;
extraConfig = ''
${optionalString wle5GhzEnabled "except-interface=${wleInterface5Ghz}"}
#macaddr_acl sets options for mac address filtering. 0 means "accept unless in deny list"
macaddr_acl=0
#setting ignore_broadcast_ssid to 1 will disable the broadcasting of ssid
ignore_broadcast_ssid=0
#Sets authentication algorithm
#1 - only open system authentication
#2 - both open system authentication and shared key authentication
auth_algs=1
#####Sets WPA2 authentication#####
#sets wpa key management
wpa_key_mgmt=WPA-PSK
#sets encryption used by WPA
wpa_pairwise=TKIP
#sets encryption used by WPA2
rsn_pairwise=CCMP
#### even more options ####
wme_enabled=1
ieee80211n=1
config = mkIf cfg.enable let
wle24GhzEnabled = cfg.wleInterface24Ghz != null;
wle5GhzEnabled = wleInterface5Ghz != null;
in {
boot.extraModprobeConfig = ''
options cfg80211 ieee80211_regdom=${cfg.regulatoryCountryCode}
'';
};
imports = [ ./hostapd5ghz.nix ];
services.udev.packages = [ pkgs.crda ]; # TODO: Still required with 20.03?
services.hostapd5ghz = {
enable = wle5GhzEnabled;
interface = cfg.wleInterface5Ghz;
hwMode = "a";
ssid = cfg.ssid;
wpaPassphrase = cfg.passphrase;
channel = 36;
extraConfig = ''
${optionalString wle24GhzEnabled "except-interface=${cfg.wleInterface24Ghz}"}
max_num_sta=255
#Details for Connecting Clients via WPA2 TKIP
auth_algs=1
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP
rsn_pairwise=CCMP
#802.11d Regulatory Restrictions Designations for Which Frequencies and Channels are Legal
ieee80211d=1
# DFS
#ieee80211h=1
country_code=${cfg.regulatoryCountryCode}
#802.11n Configurations
ieee80211n=1
#802.11ac Configurations
ieee80211ac=1
vht_oper_chwidth=1
vht_oper_centr_freq_seg0_idx=42
#How Many Units of Time Between Beacon Transmissions
#beacon_int=100
#Multiplier of How Many Units of Time Between Beacon Transmissions
#dtim_period=2
#(e.g. 100 milliseconds(ms) * 2 = 200 ms between beacons)
#QoS Type of Traffic Management Based on Traffic Type
wmm_enabled=1
##Background
#wmm_ac_bk_cwmin=4
#wmm_ac_bk_cwmax=10
#wmm_ac_bk_aifs=7
#wmm_ac_bk_txop_limit=0
#wmm_ac_bk_acm=0
##Best Effort
#wmm_ac_be_aifs=3
#wmm_ac_be_cwmin=4
#wmm_ac_be_cwmax=10
#wmm_ac_be_txop_limit=0
#wmm_ac_be_acm=0
##Video
#wmm_ac_vi_aifs=2
#wmm_ac_vi_cwmin=3
#wmm_ac_vi_cwmax=4
#wmm_ac_vi_txop_limit=94
#wmm_ac_vi_acm=0
##Voice
#wmm_ac_vo_aifs=2
#wmm_ac_vo_cwmin=2
#wmm_ac_vo_cwmax=3
#wmm_ac_vo_txop_limit=47
#wmm_ac_vo_acm=0
'';
};
services.hostapd = {
enable = wle24GhzEnabled;
interface = wleInterface;
hwMode = "g";
ssid = cfg.ssid;
wpaPassphrase = cfg.passphrase;
channel = 6;
extraConfig = ''
${optionalString wle5GhzEnabled "except-interface=${cfg.wleInterface5Ghz}"}
#macaddr_acl sets options for mac address filtering. 0 means "accept unless in deny list"
macaddr_acl=0
#setting ignore_broadcast_ssid to 1 will disable the broadcasting of ssid
ignore_broadcast_ssid=0
#Sets authentication algorithm
#1 - only open system authentication
#2 - both open system authentication and shared key authentication
auth_algs=1
#####Sets WPA2 authentication#####
#sets wpa key management
wpa_key_mgmt=WPA-PSK
#sets encryption used by WPA
wpa_pairwise=TKIP
#sets encryption used by WPA2
rsn_pairwise=CCMP
#### even more options ####
wme_enabled=1
ieee80211n=1
'';
};
};
}