Switch router roles to services

hardware/wle600vx.nix

@@ -1,5 +1,7 @@
 # Note: You can either use wel600vx.nix or wle900vx.nix
 { config, lib, pkgs, ... }: {
   #TODO!
-  services.hostapd5ghz.extraConfig = "";
+  services.hostapd5ghz.extraConfig = ''
+    ht_capab=[LDPC][HT40][SMPS-STATIC][SHORT-GI-20][SHORT-GI-40][TX-STBC][RX-STBC1][DSSS_CCK-40]
+  '';
 }

host/etzel.nix

@@ -5,7 +5,40 @@
 { config, pkgs, ... }:
 
 {
-  imports = [ ../hardware/apu1.nix ../role/base ];
+  imports = [
+    ../hardware/apu1.nix
+    ../hardware/wel200vx.nix
+    ../hardware/wle600vx.nix
+    ../role/base
+    ../role/router
+    ../role/router-dhcp
+    ../role/router-dns
+    ../role/router-wireless-ap
+  ];
+
+
+  service.router  = {
+    enable = true;
+    wanInterface = "enp2s0";
+    wirelessInterfaces = [ "wlp4s0" "wlp6s0" ];
+    lanInterfaces = ["enp1s0", "enp3s0" ];
+    internalRouterIP = "10.2.2.1";
+    dhcp = {
+      enable = true;
+      localDomain = "test.rappi.fh2.ch";
+      dhcpRange = "10.2.2.2,10.2.2.200";
+    };
+    recursiveDns = {
+      enable = true;
+      networkIdIp = "10.2.2.0";
+    };
+    wireless = {
+      enable = true;
+      wleInterface24Ghz = "wlp4s0";
+      wleInterface5Ghz = "wlp6s0";
+      ssid = "testnet";
+      passphrase = "testnet";
+  };
 
   # Use the GRUB 2 boot loader.
   boot.loader.grub.enable = true;

role/router-dns/default.nix

@@ -1,27 +1,46 @@
-{ internalRouterIP, networkIdIP, revIpDomain, internalPrefixLength? 24, localDomain, }:
+{ config, lib, pkgs, ... }:
 
-let pkgs = import <nixpkgs> { };
+with lib;
+
+let routerCfg = config.services.router;
+    dhcpCfg = config.services.router.dhcp;
+    cfg = config.services.router.recursiveDns;
+    with lib.lists; with builtins; revIpDomain = concatStringsSep "." reverseList take 3 split "\." networkIdIp;
 in {
-  services.unbound = {
+  options.services.router.recursiveDns = {
-    enable = true;
+    enable = mkEnableOption "router recursive dns service";
-    interfaces = [ "127.0.0.1" internalRouterIP ];
-    allowedAccess = [ "127.0.0.0/24" "${networkIdIP}/${toString internalPrefixLength}" ];
-    extraConfig = ''
-      # Custom configuration (leave this note to assure indentation!)
-        do-not-query-localhost: no
-        private-domain: "${localDomain}."
-        domain-insecure: "${localDomain}."
-        private-domain: "${revIpDomain}.in-addr.arpa."
-        domain-insecure: "${revIpDomain}.in-addr.arpa."
-        local-zone: "${revIpDomain}.in-addr.arpa" transparent
 
-        forward-zone:
+    networkIdIp = mkOption {
-            name: "${localDomain}."
+      type = types.str;
-            forward-addr: 127.0.0.1@5553
+      example = "192.168.0.0";
+      description = ''
+        Network ID IP of local network.
+      '';
+    };
+  };
 
-        forward-zone:
+  config = mkIf cfg.enable {
-            name: "${revIpDomain}.in-addr.arpa."
+    services.unbound = {
-           forward-addr: 127.0.0.1@5553
+      enable = true;
-    '';
+      interfaces = [ "127.0.0.1" routerCfg.internalRouterIP ];
+      allowedAccess = [ "127.0.0.0/24" "${cfg.networkIdIp}/${toString routerCfg.internalPrefixLength}" ];
+      extraConfig = mkIf dhcpCfg.enable ''
+        # Custom configuration (leave this note to assure indentation!)
+          do-not-query-localhost: no
+          private-domain: "${dhcpCfg.localDomain}."
+          domain-insecure: "${dhcpCfg.localDomain}."
+          private-domain: "${revIpDomain}.in-addr.arpa."
+          domain-insecure: "${revIpDomain}.in-addr.arpa."
+          local-zone: "${revIpDomain}.in-addr.arpa" transparent
+
+          forward-zone:
+              name: "${dhcpCfg.localDomain}."
+              forward-addr: 127.0.0.1@${dhcpCfg.lanLocalDnsPort}
+
+          forward-zone:
+              name: "${revIpDomain}.in-addr.arpa."
+             forward-addr: 127.0.0.1@${dhcpCfg.lanLocalDnsPort}
+      '';
+    };
   };
 }

role/router-wireless-ap/default.nix

@@ -1,126 +1,169 @@
-{ wleInterface24Ghz ? "", wleInterface5Ghz ? "", wleSSID,
+{ config, lib, pkgs, ... }:
-# Generate Encrypted Passphrase with: wpa_passphrase <wleSSID> <passphrase>
-wlePassphrase, }:
 
-with builtins;
+with lib;
-let
+
-  pkgs = import <nixpkgs> { };
+let routerCfg = config.services.router;
-  country = "US";
+    cfg = config.services.router.wireless
-  wle24GhzEnabled = (stringLength wleInterface24Ghz) > 0;
-  wle5GhzEnabled = (stringLength wleInterface5Ghz) > 0;
 in {
-  boot.extraModprobeConfig = ''
+  options.services.wireless = {
-    options cfg80211 ieee80211_regdom=${country}
+    enable = mkEnableOption "router wireless service";
-  '';
 
-  imports = [ ./hostapd5ghz.nix ];
+    wleInterface24Ghz = mkOption {
+      type = with types; nullOr str;
+      example = "wlp1";
+      description = ''
+        Wireless interface name for 2.4 GHz wireless band.
+      '';
+    };
 
-  services.udev.packages = [ pkgs.crda ];
+    wleInterface5Ghz = mkOption {
+      type = with types; nullOr str;
+      example = "wlp2";
+      description = ''
+        Wireless interface name for 5 GHz wireless band.
+      '';
+    };
 
-  services.hostapd5ghz = {
+    ssid = mkOption {
-    enable = wle5GhzEnabled;
+      type = types.str;
-    interface = wleInterface5Ghz;
+      example = "MyNetwork";
-    hwMode = "a";
+      description = ''
-    ssid = wleSSID;
+        Wireless network SSID.
-    wpaPassphrase = wlePassphrase;
+      '';
-    channel = 36;
+    };
-    extraConfig = ''
-      ${optionalString wle24GhzEnabled "except-interface=${wleInterface24Ghz}"}
-      max_num_sta=255
 
-      #Details for Connecting Clients via WPA2 TKIP
+    passphrase = mkOption {
-      auth_algs=1
+      type = types.str;
-      wpa_key_mgmt=WPA-PSK
+      description = ''
-      wpa_pairwise=CCMP
+        Passphrase of wireless network. May be encrypted with <literal>wpa_passphrase &lt;wleSSID&gt; &lt;passphrase&gt;</literal>.
-      rsn_pairwise=CCMP
+      '';
+    };
 
-      #802.11d Regulatory Restrictions Designations for Which Frequencies and Channels are Legal
+    regulatoryCountryCode = mkOption {
-      ieee80211d=1
+      type = types.str;
-      # DFS
+      default = "US";
-      #ieee80211h=1
+      description = ''
-      country_code=${country}
+        Regulatory wireless country code.
-
+      '';
-      #802.11n Configurations
+    };
-      ieee80211n=1
-
-      #802.11ac Configurations
-      ieee80211ac=1
-      vht_oper_chwidth=1
-      vht_oper_centr_freq_seg0_idx=42
-
-
-      #How Many Units of Time Between Beacon Transmissions
-      #beacon_int=100
-      #Multiplier of How Many Units of Time Between Beacon Transmissions
-      #dtim_period=2
-      #(e.g. 100 milliseconds(ms) * 2 = 200 ms between beacons)
-
-      #QoS Type of Traffic Management Based on Traffic Type
-      wmm_enabled=1
-
-      ##Background
-      #wmm_ac_bk_cwmin=4
-      #wmm_ac_bk_cwmax=10
-      #wmm_ac_bk_aifs=7
-      #wmm_ac_bk_txop_limit=0
-      #wmm_ac_bk_acm=0
-
-      ##Best Effort
-      #wmm_ac_be_aifs=3
-      #wmm_ac_be_cwmin=4
-      #wmm_ac_be_cwmax=10
-      #wmm_ac_be_txop_limit=0
-      #wmm_ac_be_acm=0
-
-      ##Video
-      #wmm_ac_vi_aifs=2
-      #wmm_ac_vi_cwmin=3
-      #wmm_ac_vi_cwmax=4
-      #wmm_ac_vi_txop_limit=94
-      #wmm_ac_vi_acm=0
-
-      ##Voice
-      #wmm_ac_vo_aifs=2
-      #wmm_ac_vo_cwmin=2
-      #wmm_ac_vo_cwmax=3
-      #wmm_ac_vo_txop_limit=47
-      #wmm_ac_vo_acm=0
-    '';
   };
 
-  services.hostapd = {
+  config = mkIf cfg.enable let
-    enable = wle24GhzEnabled;
+    wle24GhzEnabled = cfg.wleInterface24Ghz != null;
-    interface = wleInterface;
+    wle5GhzEnabled = wleInterface5Ghz != null;
-    hwMode = "g";
+  in {
-    ssid = wleSSID;
+    boot.extraModprobeConfig = ''
-    wpaPassphrase = wlePassphrase;
+      options cfg80211 ieee80211_regdom=${cfg.regulatoryCountryCode}
-    channel = 6;
-    extraConfig = ''
-      ${optionalString wle5GhzEnabled "except-interface=${wleInterface5Ghz}"}
-
-      #macaddr_acl sets options for mac address filtering. 0 means "accept unless in deny list"
-      macaddr_acl=0
-
-      #setting ignore_broadcast_ssid to 1 will disable the broadcasting of ssid
-      ignore_broadcast_ssid=0
-
-      #Sets authentication algorithm
-      #1 - only open system authentication
-      #2 - both open system authentication and shared key authentication
-      auth_algs=1
-
-      #####Sets WPA2 authentication#####
-      #sets wpa key management
-      wpa_key_mgmt=WPA-PSK
-      #sets encryption used by WPA
-      wpa_pairwise=TKIP
-      #sets encryption used by WPA2
-      rsn_pairwise=CCMP
-
-      #### even more options ####
-      wme_enabled=1
-      ieee80211n=1
     '';
-  };
 
+    imports = [ ./hostapd5ghz.nix ];
+
+    services.udev.packages = [ pkgs.crda ]; # TODO: Still required with 20.03?
+
+    services.hostapd5ghz = {
+      enable = wle5GhzEnabled;
+      interface = cfg.wleInterface5Ghz;
+      hwMode = "a";
+      ssid = cfg.ssid;
+      wpaPassphrase = cfg.passphrase;
+      channel = 36;
+      extraConfig = ''
+        ${optionalString wle24GhzEnabled "except-interface=${cfg.wleInterface24Ghz}"}
+        max_num_sta=255
+
+        #Details for Connecting Clients via WPA2 TKIP
+        auth_algs=1
+        wpa_key_mgmt=WPA-PSK
+        wpa_pairwise=CCMP
+        rsn_pairwise=CCMP
+
+        #802.11d Regulatory Restrictions Designations for Which Frequencies and Channels are Legal
+        ieee80211d=1
+        # DFS
+        #ieee80211h=1
+        country_code=${cfg.regulatoryCountryCode}
+
+        #802.11n Configurations
+        ieee80211n=1
+
+        #802.11ac Configurations
+        ieee80211ac=1
+        vht_oper_chwidth=1
+        vht_oper_centr_freq_seg0_idx=42
+
+
+        #How Many Units of Time Between Beacon Transmissions
+        #beacon_int=100
+        #Multiplier of How Many Units of Time Between Beacon Transmissions
+        #dtim_period=2
+        #(e.g. 100 milliseconds(ms) * 2 = 200 ms between beacons)
+
+        #QoS Type of Traffic Management Based on Traffic Type
+        wmm_enabled=1
+
+        ##Background
+        #wmm_ac_bk_cwmin=4
+        #wmm_ac_bk_cwmax=10
+        #wmm_ac_bk_aifs=7
+        #wmm_ac_bk_txop_limit=0
+        #wmm_ac_bk_acm=0
+
+        ##Best Effort
+        #wmm_ac_be_aifs=3
+        #wmm_ac_be_cwmin=4
+        #wmm_ac_be_cwmax=10
+        #wmm_ac_be_txop_limit=0
+        #wmm_ac_be_acm=0
+
+        ##Video
+        #wmm_ac_vi_aifs=2
+        #wmm_ac_vi_cwmin=3
+        #wmm_ac_vi_cwmax=4
+        #wmm_ac_vi_txop_limit=94
+        #wmm_ac_vi_acm=0
+
+        ##Voice
+        #wmm_ac_vo_aifs=2
+        #wmm_ac_vo_cwmin=2
+        #wmm_ac_vo_cwmax=3
+        #wmm_ac_vo_txop_limit=47
+        #wmm_ac_vo_acm=0
+      '';
+    };
+
+    services.hostapd = {
+      enable = wle24GhzEnabled;
+      interface = wleInterface;
+      hwMode = "g";
+      ssid = cfg.ssid;
+      wpaPassphrase = cfg.passphrase;
+      channel = 6;
+      extraConfig = ''
+        ${optionalString wle5GhzEnabled "except-interface=${cfg.wleInterface5Ghz}"}
+
+        #macaddr_acl sets options for mac address filtering. 0 means "accept unless in deny list"
+        macaddr_acl=0
+
+        #setting ignore_broadcast_ssid to 1 will disable the broadcasting of ssid
+        ignore_broadcast_ssid=0
+
+        #Sets authentication algorithm
+        #1 - only open system authentication
+        #2 - both open system authentication and shared key authentication
+        auth_algs=1
+
+        #####Sets WPA2 authentication#####
+        #sets wpa key management
+        wpa_key_mgmt=WPA-PSK
+        #sets encryption used by WPA
+        wpa_pairwise=TKIP
+        #sets encryption used by WPA2
+        rsn_pairwise=CCMP
+
+        #### even more options ####
+        wme_enabled=1
+        ieee80211n=1
+      '';
+    };
+  };
 }