From d5665f571aa674fddc94af2f2d9f90d2b36dc4ae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Charlotte=20=F0=9F=A6=9D=20Delenk?= Date: Tue, 21 Nov 2023 13:42:22 +0100 Subject: [PATCH] remove routing features from nas --- config/nas.nix | 15 - config/netboot.nix | 9 - config/services/hostapd.nix | 24 -- config/services/router.nix | 185 ----------- flake.lock | 640 +----------------------------------- flake.nix | 8 - modules/hostapd.nix | 252 -------------- secrets/nas.yaml | 5 +- 8 files changed, 8 insertions(+), 1130 deletions(-) delete mode 100644 config/netboot.nix delete mode 100644 config/services/hostapd.nix delete mode 100644 config/services/router.nix delete mode 100644 modules/hostapd.nix diff --git a/config/nas.nix b/config/nas.nix index 37e0b10e..af959307 100644 --- a/config/nas.nix +++ b/config/nas.nix @@ -19,8 +19,6 @@ ./services/backup.nix nixos-hardware.nixosModules.common-cpu-amd nixos-hardware.nixosModules.common-pc-ssd - ./services/hostapd.nix - ./services/router.nix ./services/syncthing.nix ../modules/tc-cake.nix ./services/cups.nix @@ -73,19 +71,6 @@ fsType = "vfat"; }; - networking.interfaces.br0 = { - ipv4 = { - addresses = [ - { - address = "192.168.2.1"; - prefixLength = 24; - } - ]; - }; - }; - networking.bridges = { - br0.interfaces = ["enp9s0" "wlp7s0"]; - }; networking.wireguard.interfaces."wg0".ips = ["fd0d:a262:1fa6:e621:bc9b:6a33:86e4:873b/64"]; environment.etc."sysconfig/lm_sensors".text = '' # Generated by sensors-detect on Sun Apr 24 08:31:51 2022 diff --git a/config/netboot.nix b/config/netboot.nix deleted file mode 100644 index 83bc1259..00000000 --- a/config/netboot.nix +++ /dev/null @@ -1,9 +0,0 @@ -{nixpkgs, ...}: { - imports = [ - "${nixpkgs}/nixos/modules/installer/netboot/netboot-base.nix" - ]; - networking.wireguard.interfaces."wg0".ips = [ - "fd0d:a262:1fa6:e621:6ec2:1e4e:ce7f:d2af/64" - ]; - networking.hostId = "8425e349"; -} diff --git a/config/services/hostapd.nix b/config/services/hostapd.nix deleted file mode 100644 index a8805ac0..00000000 --- a/config/services/hostapd.nix +++ /dev/null @@ -1,24 +0,0 @@ -{config, ...}: { - imports = [ - ../../modules/hostapd.nix - ]; - services.hostapd = { - enable = true; - countryCode = "DE"; - interface = "wlp7s0"; - ssid = "🦝"; - wpa = true; - wpaPassphraseFile = config.sops.secrets."services/hostapd".path; - extraConfig = '' - utf8_ssid=1 - wmm_enabled=1 - ieee80211n=1 - wpa_pairwise=GCMP CCMP - ''; - }; - sops.secrets."services/hostapd" = { - restartUnits = [ - "hostapd.service" - ]; - }; -} diff --git a/config/services/router.nix b/config/services/router.nix deleted file mode 100644 index 2b06cdf4..00000000 --- a/config/services/router.nix +++ /dev/null @@ -1,185 +0,0 @@ -{ - nixos-config-for-netboot, - pkgs, - ... -}: let - win11Iso = pkgs.stdenv.mkDerivation { - name = "Win11_22H2_EnglishInternational_x64v2.iso"; - - src = pkgs.emptyDirectory; - - buildPhase = '' - echo "Manually add a win11.iso with the correct hash to your store" - - exit 1 - ''; - - outputHash = "0dgv9vjv375d5jx80y67ljz5vvpnb0inmia0cifga1zlsp1sq9zz"; - outputHashMode = "flat"; - outputHashAlgo = "sha256"; - }; - installBat = pkgs.writeText "install.bat" '' - wpeinit - ipconfig - net use i: \\192.168.2.1\INSTALL /user:none none - - i: - setup.exe /AddBootMgrLast - ''; - winpeshlIni = pkgs.writeText "winpeshl.ini" '' - [LaunchhApps] - "install.bat" - ''; - win11SetupDir = pkgs.stdenv.mkDerivation { - name = "win11-boot"; - src = pkgs.emptyDirectory; - nativeBuildInputs = [pkgs.p7zip]; - buildPhase = ""; - installPhase = '' - mkdir $out - cd $out - 7z x ${win11Iso} efi/microsoft/boot/bcd boot/fonts/segmono_boot.ttf boot/fonts/segoe_slboot.ttf boot/fonts/segoen_slboot.ttf boot/fonts/wgl4_boot.ttf boot/boot.sdi sources/boot.wim - ln -sv ${installBat} install.bat - ln -sv ${winpeshlIni} winpeshl.ini - ''; - }; - win11IsoDir = pkgs.stdenv.mkDerivation { - name = "win11"; - - src = pkgs.emptyDirectory; - - buildPhase = "true"; - installPhase = '' - mkdir $out - ln -sv ${win11Iso} $out/win11.iso - ln -sv ${win11SetupDir} $out/setup - ''; - }; - bootIpxeX86Script = pkgs.writeTextDir "boot.ipxe" '' - #!ipxe - :start - menu iPXE boot menu - item --gap -- ------------------------- Operating systems ------------------------------ - item --key n linux (N)ixOS (netboot) - item --key w windows (W)indows 11 (installer) - item --gap -- ----------------------------- Utilities ---------------------------------- - item --key e ext (E)xit - item --key s shell EFI (S)hell - choose version && goto ${"$"}{version} || goto start - - :linux - chain http://192.168.2.1/x86_64/netboot.ipxe - - :windows - imgfree - kernel http://192.168.2.1/x86_64/share/wimboot/wimboot.x86_64.efi gui - initrd http://192.168.2.1/x86_64/setup/install.bat install.bat - initrd http://192.168.2.1/x86_64/setup/winpeshl.ini winpeshl.ini - initrd http://192.168.2.1/x86_64/setup/efi/microsoft/boot/bcd BCD - initrd http://192.168.2.1/x86_64/setup/boot/fonts/segmono_boot.ttf segmono_boot.ttf - initrd http://192.168.2.1/x86_64/setup/boot/fonts/segoe_slboot.ttf segoe_slboot.ttf - initrd http://192.168.2.1/x86_64/setup/boot/fonts/segoen_slboot.ttf segoen_slboot.ttf - initrd http://192.168.2.1/x86_64/setup/boot/fonts/wgl4_boot.ttf wgl4_boot.ttf - initrd http://192.168.2.1/x86_64/setup/boot/boot.sdi boot.sdi - initrd http://192.168.2.1/x86_64/setup/sources/boot.wim boot.wim - boot - - :shell - chain http://192.168.2.1/x86_64/shell.efi - - :ext - exit - ''; - netboot-x86_64 = pkgs.symlinkJoin { - name = "netboot-x86_64"; - paths = [ - pkgs.ipxe - nixos-config-for-netboot.nixosConfigurations.netboot.config.system.build.kernel - nixos-config-for-netboot.nixosConfigurations.netboot.config.system.build.netbootRamdisk - nixos-config-for-netboot.nixosConfigurations.netboot.config.system.build.netbootIpxeScript - pkgs.edk2-uefi-shell - bootIpxeX86Script - win11IsoDir - pkgs.wimboot - ]; - }; - bootIpxeScript = pkgs.writeText "boot.ipxe" '' - #!ipxe - set arch ${"$"}{buildarch} - iseq ${"$"}{arch} i386 && cpuid --ext 29 && set arch x86_64 || - - chain http://192.168.2.1/${"$"}{arch}/boot.ipxe - ''; - netboot = pkgs.stdenvNoCC.mkDerivation { - name = "netboot"; - src = pkgs.emptyDirectory; - buildPhase = "true"; - installPhase = '' - mkdir $out - cp ${bootIpxeScript} $out/boot.ipxe - ln -svf ${netboot-x86_64} $out/x86_64 - ''; - }; -in { - networking.dhcpcd.allowInterfaces = ["enp2s0f0u4"]; # yes a usb network card don’t judge - services.kea.dhcp4.settings = { - interfaces-config = { - interfaces = [ - "br0" - ]; - }; - lease-database = { - name = "/var/lib/kea/dhcp4.leases"; - persist = true; - type = "memfile"; - }; - rebind-timer = 2000; - renew-timer = 1000; - subnet4 = [ - { - pools = [ - { - pool = "192.168.2.100 - 192.168.2.240"; - } - ]; - subnet = "192.168.2.0/24"; - option-data = [ - { - name = "routers"; - data = "192.168.2.1"; - } - { - name = "domain-name-servers"; - data = "1.1.1.1"; - } - ]; - } - ]; - valid-lifetime = 4000; - }; - services.kea.dhcp4.enable = true; - services.atftpd = { - enable = true; - root = pkgs.ipxe; - }; - services.caddy.virtualHosts."http://192.168.2.1".extraConfig = '' - import baseConfig - root * ${netboot} - file_server - ''; - networking.firewall.interfaces."br0".allowedUDPPorts = [69 4011]; - # No i don’t have ipv6 :( - networking.firewall.extraCommands = '' - iptables -A FORWARD -i br0 -j ACCEPT - iptables -t nat -A POSTROUTING -o enp2s0f0u4 -s 192.168.2.0/24 -j MASQUERADE - ''; - networking.interfaces.enp2s0f0u4.macAddress = "00:d8:61:d0:de:1e"; # fucking ISP - boot.kernel.sysctl = { - "net.ipv4.conf.all.forwarding" = true; - "net.ipv6.conf.all.forwarding" = true; - }; - fileSystems."/mnt/win" = { - device = "${win11Iso}"; - options = ["loop" "ro"]; - }; -} diff --git a/flake.lock b/flake.lock index 5ceacd07..d13c2d0f 100644 --- a/flake.lock +++ b/flake.lock @@ -36,48 +36,6 @@ "type": "github" } }, - "chir-rs_2": { - "inputs": { - "flake-parts": [ - "nixos-config-for-netboot", - "flake-parts" - ], - "haskell-flake": [ - "nixos-config-for-netboot", - "haskell-flake" - ], - "microformats2-parser": "microformats2-parser_2", - "nix-packages": [ - "nixos-config-for-netboot", - "nix-packages" - ], - "nixpkgs": [ - "nixos-config-for-netboot", - "nixpkgs" - ], - "systems": [ - "nixos-config-for-netboot", - "systems" - ], - "treefmt-nix": [ - "nixos-config-for-netboot", - "treefmt-nix" - ] - }, - "locked": { - "lastModified": 1699254151, - "narHash": "sha256-PeC6rOfXVIgMQ/0eZM9j9tLbS4Xu8/PzPKTpQ4L60Ds=", - "owner": "DarkKirb", - "repo": "chir.rs", - "rev": "c849b0234b38e0105fd0504d4ec379b84e5fbec0", - "type": "github" - }, - "original": { - "owner": "DarkKirb", - "repo": "chir.rs", - "type": "github" - } - }, "colorpickle": { "inputs": { "naersk": [ @@ -150,31 +108,6 @@ "type": "github" } }, - "dns_2": { - "inputs": { - "flake-utils": [ - "nixos-config-for-netboot", - "flake-utils" - ], - "nixpkgs": [ - "nixos-config-for-netboot", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1644390195, - "narHash": "sha256-eU6y5oYs8HUS7Mmo6h8qsl+gLa4zLlhIl0Ryk4e4r2M=", - "owner": "DarkKirb", - "repo": "dns.nix", - "rev": "4d3d32b0fd221895bf3da0e348056260c3a77636", - "type": "github" - }, - "original": { - "owner": "DarkKirb", - "repo": "dns.nix", - "type": "github" - } - }, "element-web": { "inputs": { "devshell": [ @@ -235,43 +168,6 @@ "type": "github" } }, - "firefox_2": { - "inputs": { - "cachix": [ - "nixos-config-for-netboot", - "nixpkgs" - ], - "flake-compat": [ - "nixos-config-for-netboot", - "flake-compat" - ], - "lib-aggregate": [ - "nixos-config-for-netboot", - "lib-aggregate" - ], - "mozilla": [ - "nixos-config-for-netboot", - "mozilla" - ], - "nixpkgs": [ - "nixos-config-for-netboot", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1700009812, - "narHash": "sha256-gexWhDZs4fo/qrcIYdt96ubkPTM+/HSMvj48BodiirY=", - "owner": "nix-community", - "repo": "flake-firefox-nightly", - "rev": "e6b823170a4f89a08c20b418bf4b7798a94d3cab", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "flake-firefox-nightly", - "type": "github" - } - }, "flake-compat": { "flake": false, "locked": { @@ -288,22 +184,6 @@ "type": "github" } }, - "flake-compat_2": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-parts": { "inputs": { "nixpkgs-lib": [ @@ -324,27 +204,6 @@ "type": "github" } }, - "flake-parts_2": { - "inputs": { - "nixpkgs-lib": [ - "nixos-config-for-netboot", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1698882062, - "narHash": "sha256-HkhafUayIqxXyHH1X8d9RDl1M2CkFgZLjKD3MzabiEo=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "8c9fa2545007b49a5db5f650ae91f227672c3877", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, "flake-utils": { "inputs": { "systems": [ @@ -365,27 +224,6 @@ "type": "github" } }, - "flake-utils_2": { - "inputs": { - "systems": [ - "nixos-config-for-netboot", - "systems" - ] - }, - "locked": { - "lastModified": 1694529238, - "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "gomod2nix": { "inputs": { "nixpkgs": [ @@ -411,33 +249,6 @@ "type": "github" } }, - "gomod2nix_2": { - "inputs": { - "nixpkgs": [ - "nixos-config-for-netboot", - "nix-packages", - "nixpkgs" - ], - "utils": [ - "nixos-config-for-netboot", - "nix-packages", - "flake-utils" - ] - }, - "locked": { - "lastModified": 1692555015, - "narHash": "sha256-QS7fNVS9ToprIt93R/S+BVerAttNkYI3/SVQI3jciLs=", - "owner": "DarkKirb", - "repo": "gomod2nix", - "rev": "de2e02108ef1e6ab52a71676f7735a3fc1bea741", - "type": "github" - }, - "original": { - "owner": "DarkKirb", - "repo": "gomod2nix", - "type": "github" - } - }, "haskell-flake": { "locked": { "lastModified": 1700254486, @@ -453,21 +264,6 @@ "type": "github" } }, - "haskell-flake_2": { - "locked": { - "lastModified": 1699388095, - "narHash": "sha256-uutZJWtd6rKwoLYLFGsjrA2zu06uRdGC//FANb4azgU=", - "owner": "srid", - "repo": "haskell-flake", - "rev": "7029034b00bd7c9225d74915a6a53e5b44b4a1d3", - "type": "github" - }, - "original": { - "owner": "srid", - "repo": "haskell-flake", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -488,27 +284,6 @@ "type": "github" } }, - "home-manager_2": { - "inputs": { - "nixpkgs": [ - "nixos-config-for-netboot", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1699783872, - "narHash": "sha256-4zTwLT2LL45Nmo6iwKB3ls3hWodVP9DiSWxki/oewWE=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "280721186ab75a76537713ec310306f0eba3e407", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "home-manager", - "type": "github" - } - }, "hydra": { "inputs": { "nix": "nix", @@ -533,31 +308,6 @@ "url": "https://git.chir.rs/darkkirb/hydra" } }, - "hydra_2": { - "inputs": { - "nix": "nix_2", - "nixpkgs": [ - "nixos-config-for-netboot", - "nix-packages", - "hydra", - "nix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1697704332, - "narHash": "sha256-XDDllf7VLpSuQcBxv4v2BGoeKhbqDqISAu8r48eqc3Y=", - "ref": "refs/heads/master", - "rev": "30ba162924d53d4daafb09414b86241e7ecaa9ab", - "revCount": 4073, - "type": "git", - "url": "https://git.chir.rs/darkkirb/hydra" - }, - "original": { - "type": "git", - "url": "https://git.chir.rs/darkkirb/hydra" - } - }, "lib-aggregate": { "inputs": { "flake-utils": [ @@ -581,31 +331,6 @@ "type": "github" } }, - "lib-aggregate_2": { - "inputs": { - "flake-utils": [ - "nixos-config-for-netboot", - "flake-utils" - ], - "nixpkgs-lib": [ - "nixos-config-for-netboot", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1699790908, - "narHash": "sha256-8CO4KQhiEyO7rce4KVOq8arpk9802fVwxtN/oLeRFag=", - "owner": "nix-community", - "repo": "lib-aggregate", - "rev": "6c60a229fa422698325b2788e93dfeeba3f11391", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "lib-aggregate", - "type": "github" - } - }, "lowdown-src": { "flake": false, "locked": { @@ -622,22 +347,6 @@ "type": "github" } }, - "lowdown-src_2": { - "flake": false, - "locked": { - "lastModified": 1633514407, - "narHash": "sha256-Dw32tiMjdK9t3ETl5fzGrutQTzh2rufgZV4A/BbxuD4=", - "owner": "kristapsdz", - "repo": "lowdown", - "rev": "d2c2b44ff6c27b936ec27358a2653caaef8f73b8", - "type": "github" - }, - "original": { - "owner": "kristapsdz", - "repo": "lowdown", - "type": "github" - } - }, "matrix-js-sdk": { "inputs": { "devshell": [ @@ -725,33 +434,6 @@ "type": "github" } }, - "mautrix-cleanup_2": { - "inputs": { - "flake-utils": [ - "nixos-config-for-netboot", - "nix-packages", - "flake-utils" - ], - "nixpkgs": [ - "nixos-config-for-netboot", - "nix-packages", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1678395415, - "narHash": "sha256-l7upZ8y8SobYtv+RYD7DodRU74DGvDRjvaKfj8VmAow=", - "owner": "DarkKirb", - "repo": "mautrix-cleanup", - "rev": "5f5f51ce8b7560d18ddae1824bc253a9e896ab0b", - "type": "github" - }, - "original": { - "owner": "DarkKirb", - "repo": "mautrix-cleanup", - "type": "github" - } - }, "microformats2-parser": { "flake": false, "locked": { @@ -768,22 +450,6 @@ "type": "github" } }, - "microformats2-parser_2": { - "flake": false, - "locked": { - "lastModified": 1695821315, - "narHash": "sha256-Et4yYDiIcIeMsEkZI9Y0Unh51fnuMQzScE4dxgXCGzo=", - "owner": "darkkirb", - "repo": "microformats2-parser", - "rev": "4e6b3aac8f5af3306261ef2782f7df990e96f429", - "type": "github" - }, - "original": { - "owner": "darkkirb", - "repo": "microformats2-parser", - "type": "github" - } - }, "mozilla": { "locked": { "lastModified": 1695805681, @@ -799,21 +465,6 @@ "type": "github" } }, - "mozilla_2": { - "locked": { - "lastModified": 1695805681, - "narHash": "sha256-1ElPLD8eFfnuIk0G52HGGpRtQZ4QPCjChRlEOfkZ5ro=", - "owner": "mozilla", - "repo": "nixpkgs-mozilla", - "rev": "6eabade97bc28d707a8b9d82ad13ef143836736e", - "type": "github" - }, - "original": { - "owner": "mozilla", - "repo": "nixpkgs-mozilla", - "type": "github" - } - }, "naersk": { "inputs": { "nixpkgs": [ @@ -879,31 +530,6 @@ "type": "github" } }, - "nix-gaming_2": { - "inputs": { - "flake-parts": [ - "nixos-config-for-netboot", - "flake-parts" - ], - "nixpkgs": [ - "nixos-config-for-netboot", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1700010845, - "narHash": "sha256-Zpd6vdDBsL8phO9QlIPX/h01v2LCOPlsrJQreOSenoQ=", - "owner": "fufexan", - "repo": "nix-gaming", - "rev": "92d6637940bf86746a4f5efa7b86e1d94090b351", - "type": "github" - }, - "original": { - "owner": "fufexan", - "repo": "nix-gaming", - "type": "github" - } - }, "nix-neovim": { "inputs": { "nixpkgs": [ @@ -924,27 +550,6 @@ "type": "github" } }, - "nix-neovim_2": { - "inputs": { - "nixpkgs": [ - "nixos-config-for-netboot", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1650651888, - "narHash": "sha256-2lC6oeQMTke7/bx8VxLNJr54A/WGkdAv2H0iebTmACY=", - "owner": "syberant", - "repo": "nix-neovim", - "rev": "6f03a1c206ff2c5bea209c73f861ebd8088de53b", - "type": "github" - }, - "original": { - "owner": "syberant", - "repo": "nix-neovim", - "type": "github" - } - }, "nix-packages": { "inputs": { "flake-compat": [ @@ -975,116 +580,7 @@ "type": "github" } }, - "nix-packages_2": { - "inputs": { - "flake-compat": [ - "nixos-config-for-netboot", - "flake-compat" - ], - "flake-utils": [ - "nixos-config-for-netboot", - "flake-utils" - ], - "gomod2nix": "gomod2nix_2", - "hydra": "hydra_2", - "mautrix-cleanup": "mautrix-cleanup_2", - "nixpkgs": [ - "nixos-config-for-netboot", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1700028514, - "narHash": "sha256-Xb5qQwjFI02yO1rHEFAB4Xfs9Uzo1paCGNw1WGRziJw=", - "owner": "DarkKirb", - "repo": "nix-packages", - "rev": "9f786a30cf3907c18d1f6709cb0487b651ec7ba1", - "type": "github" - }, - "original": { - "owner": "DarkKirb", - "ref": "main", - "repo": "nix-packages", - "type": "github" - } - }, - "nix_2": { - "inputs": { - "lowdown-src": "lowdown-src_2", - "nixpkgs": "nixpkgs_2", - "nixpkgs-regression": "nixpkgs-regression_2" - }, - "locked": { - "lastModified": 1677045134, - "narHash": "sha256-jUc2ccTR8f6MGY2pUKgujm+lxSPNGm/ZAP+toX+nMNc=", - "owner": "nixos", - "repo": "nix", - "rev": "4acc684ef7b3117c6d6ac12837398a0008a53d85", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "2.13.3", - "repo": "nix", - "type": "github" - } - }, - "nixos-config-for-netboot": { - "inputs": { - "chir-rs": "chir-rs_2", - "dns": "dns_2", - "firefox": "firefox_2", - "flake-compat": "flake-compat_2", - "flake-parts": "flake-parts_2", - "flake-utils": "flake-utils_2", - "haskell-flake": "haskell-flake_2", - "home-manager": "home-manager_2", - "lib-aggregate": "lib-aggregate_2", - "mozilla": "mozilla_2", - "nix-gaming": "nix-gaming_2", - "nix-neovim": "nix-neovim_2", - "nix-packages": "nix-packages_2", - "nixos-config-for-netboot": [ - "nixos-config-for-netboot" - ], - "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_3", - "nur": "nur", - "sops-nix": "sops-nix", - "systems": "systems", - "treefmt-nix": "treefmt-nix" - }, - "locked": { - "lastModified": 1700028923, - "narHash": "sha256-87w37LOdowNLdgczPIDtzvv298FT/T75P4Ct+ibne0g=", - "owner": "DarkKirb", - "repo": "nixos-config", - "rev": "70a88984c0362fc5dad723173f38e11490f8d34e", - "type": "github" - }, - "original": { - "owner": "DarkKirb", - "repo": "nixos-config", - "rev": "70a88984c0362fc5dad723173f38e11490f8d34e", - "type": "github" - } - }, "nixos-hardware": { - "locked": { - "lastModified": 1699997707, - "narHash": "sha256-ugb+1TGoOqqiy3axyEZpfF6T4DQUGjfWZ3Htry1EfvI=", - "owner": "NixOS", - "repo": "nixos-hardware", - "rev": "5689f3ebf899f644a1aabe8774d4f37eb2f6c2f9", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "nixos-hardware", - "type": "github" - } - }, - "nixos-hardware_2": { "locked": { "lastModified": 1700392353, "narHash": "sha256-KARn8aVJu5fdW0jdJYoOQ1SPqWlNdz4l7r90NbArWSY=", @@ -1131,54 +627,7 @@ "type": "github" } }, - "nixpkgs-regression_2": { - "locked": { - "lastModified": 1643052045, - "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", - "type": "github" - } - }, "nixpkgs_2": { - "locked": { - "lastModified": 1670461440, - "narHash": "sha256-jy1LB8HOMKGJEGXgzFRLDU1CBGL0/LlkolgnqIsF0D8=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "04a75b2eecc0acf6239acf9dd04485ff8d14f425", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-22.11-small", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { - "locked": { - "lastModified": 1700026739, - "narHash": "sha256-Igz8Ug98Z/mt6QGlkfdGZNQQw2GkT9y0AMz9ii0bOFk=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "e8ad54f562b4621c7c080b4a3ddbafe4735bcb86", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_4": { "locked": { "lastModified": 1700503501, "narHash": "sha256-Ong9/3qx2lEytSezcFdtaKQvjVma6yjBFzvt257uwjo=", @@ -1194,21 +643,6 @@ } }, "nur": { - "locked": { - "lastModified": 1700026913, - "narHash": "sha256-tDep0ctEmsm/VCUvhjE0EaIeIArvdfnxkoTmX6Q4JD8=", - "owner": "nix-community", - "repo": "NUR", - "rev": "89eea2ba1860809b7ed9e9cab9d9ac0e312f833a", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "NUR", - "type": "github" - } - }, - "nur_2": { "locked": { "lastModified": 1700498677, "narHash": "sha256-ABtiINPf4cwNHsWQ1dnriQvvuhRBoqScYtXYEhvevN0=", @@ -1242,41 +676,15 @@ "nix-gaming": "nix-gaming", "nix-neovim": "nix-neovim", "nix-packages": "nix-packages", - "nixos-config-for-netboot": "nixos-config-for-netboot", - "nixos-hardware": "nixos-hardware_2", - "nixpkgs": "nixpkgs_4", - "nur": "nur_2", - "sops-nix": "sops-nix_2", - "systems": "systems_2", - "treefmt-nix": "treefmt-nix_2" + "nixos-hardware": "nixos-hardware", + "nixpkgs": "nixpkgs_2", + "nur": "nur", + "sops-nix": "sops-nix", + "systems": "systems", + "treefmt-nix": "treefmt-nix" } }, "sops-nix": { - "inputs": { - "nixpkgs": [ - "nixos-config-for-netboot", - "nixpkgs" - ], - "nixpkgs-stable": [ - "nixos-config-for-netboot", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1699951338, - "narHash": "sha256-1GeczM7XfgHcYGYiYNcdwSFu3E62vmh4d7mffWZvyzE=", - "owner": "Mic92", - "repo": "sops-nix", - "rev": "0e3a94167dcd10a47b89141f35b2ff9e04b34c46", - "type": "github" - }, - "original": { - "owner": "Mic92", - "repo": "sops-nix", - "type": "github" - } - }, - "sops-nix_2": { "inputs": { "nixpkgs": [ "nixpkgs" @@ -1314,43 +722,7 @@ "type": "github" } }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "treefmt-nix": { - "inputs": { - "nixpkgs": [ - "nixos-config-for-netboot", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1699786194, - "narHash": "sha256-3h3EH1FXQkIeAuzaWB+nK0XK54uSD46pp+dMD3gAcB4=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "e82f32aa7f06bbbd56d7b12186d555223dc399d1", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", - "type": "github" - } - }, - "treefmt-nix_2": { "inputs": { "nixpkgs": [ "nixpkgs" diff --git a/flake.nix b/flake.nix index 426f7d9e..c287b652 100644 --- a/flake.nix +++ b/flake.nix @@ -85,10 +85,6 @@ rec { inputs.flake-utils.follows = "flake-utils"; inputs.nixpkgs.follows = "nixpkgs"; }; - nixos-config-for-netboot = { - url = "github:DarkKirb/nixos-config/70a88984c0362fc5dad723173f38e11490f8d34e"; - inputs.nixos-config-for-netboot.follows = "nixos-config-for-netboot"; - }; nixos-hardware.url = "github:NixOS/nixos-hardware"; nixpkgs.url = "github:NixOS/nixpkgs"; nur.url = "github:nix-community/NUR"; @@ -133,10 +129,6 @@ rec { name = "installer"; # Installer iso system = "x86_64-linux"; } - { - name = "netboot"; # Installer netboot - system = "x86_64-linux"; - } { name = "instance-20221213-1915"; # Oracle server system = "aarch64-linux"; diff --git a/modules/hostapd.nix b/modules/hostapd.nix deleted file mode 100644 index 13b3f7e6..00000000 --- a/modules/hostapd.nix +++ /dev/null @@ -1,252 +0,0 @@ -{ - config, - lib, - pkgs, - utils, - ... -}: -# TODO: -# -# asserts -# ensure that the nl80211 module is loaded/compiled in the kernel -# wpa_supplicant and hostapd on the same wireless interface doesn't make any sense -with lib; let - cfg = config.services.hostapd; - - escapedInterface = utils.escapeSystemdPath cfg.interface; - - configFile = pkgs.writeText "hostapd.conf" '' - interface=${cfg.interface} - driver=${cfg.driver} - ssid=${cfg.ssid} - hw_mode=${cfg.hwMode} - channel=${toString cfg.channel} - ${optionalString (cfg.countryCode != null) "country_code=${cfg.countryCode}"} - ${optionalString (cfg.countryCode != null) "ieee80211d=1"} - - # logging (debug level) - logger_syslog=-1 - logger_syslog_level=${toString cfg.logLevel} - logger_stdout=-1 - logger_stdout_level=${toString cfg.logLevel} - - ctrl_interface=/run/hostapd - ctrl_interface_group=${cfg.group} - - ${optionalString cfg.wpa '' - wpa=2 - wpa_passphrase=${ - if cfg.wpaPassphrase != null - then cfg.wpaPassphrase - else "#WPA_PASSPHRASE#" - } - ''} - ${optionalString cfg.noScan "noscan=1"} - - ${cfg.extraConfig} - ''; -in { - ###### interface - - options = { - services.hostapd = { - enable = mkOption { - type = types.bool; - default = false; - description = '' - Enable putting a wireless interface into infrastructure mode, - allowing other wireless devices to associate with the wireless - interface and do wireless networking. A simple access point will - , - , and - , as well as DHCP on the wireless - interface to provide IP addresses to the associated stations, and - NAT (from the wireless interface to an upstream interface). - ''; - }; - - interface = mkOption { - default = ""; - example = "wlp2s0"; - type = types.str; - description = '' - The interfaces hostapd will use. - ''; - }; - - noScan = mkOption { - type = types.bool; - default = false; - description = '' - Do not scan for overlapping BSSs in HT40+/- mode. - Caution: turning this on will violate regulatory requirements! - ''; - }; - - driver = mkOption { - default = "nl80211"; - example = "hostapd"; - type = types.str; - description = '' - Which driver hostapd will use. - Most applications will probably use the default. - ''; - }; - - ssid = mkOption { - default = "nixos"; - example = "mySpecialSSID"; - type = types.str; - description = "SSID to be used in IEEE 802.11 management frames."; - }; - - hwMode = mkOption { - default = "g"; - type = types.enum ["a" "b" "g"]; - description = '' - Operation mode. - (a = IEEE 802.11a, b = IEEE 802.11b, g = IEEE 802.11g). - ''; - }; - - channel = mkOption { - default = 7; - example = 11; - type = types.int; - description = '' - Channel number (IEEE 802.11) - Please note that some drivers do not use this value from - hostapd and the channel will need to be configured - separately with iwconfig. - ''; - }; - - group = mkOption { - default = "wheel"; - example = "network"; - type = types.str; - description = '' - Members of this group can control hostapd. - ''; - }; - - wpa = mkOption { - type = types.bool; - default = true; - description = '' - Enable WPA (IEEE 802.11i/D3.0) to authenticate with the access point. - ''; - }; - - wpaPassphrase = mkOption { - default = null; - example = "any_64_char_string"; - type = types.nullOr types.str; - description = '' - WPA-PSK (pre-shared-key) passphrase. Clients will need this - passphrase to associate with this access point. - Warning: This passphrase will get put into a world-readable file in - the Nix store! - ''; - }; - - wpaPassphraseFile = mkOption { - default = null; - example = "/run/secrets/wpa_passphrase"; - type = types.nullOr types.str; - description = '' - File containing WPA-PSK passphrase. Clients will need this - passphrase to associate with this access point. - ''; - }; - - logLevel = mkOption { - default = 2; - type = types.int; - description = '' - Levels (minimum value for logged events): - 0 = verbose debugging - 1 = debugging - 2 = informational messages - 3 = notification - 4 = warning - ''; - }; - - countryCode = mkOption { - default = null; - example = "US"; - type = with types; nullOr str; - description = '' - Country code (ISO/IEC 3166-1). Used to set regulatory domain. - Set as needed to indicate country in which device is operating. - This can limit available channels and transmit power. - These two octets are used as the first two octets of the Country String - (dot11CountryString). - If set this enables IEEE 802.11d. This advertises the countryCode and - the set of allowed channels and transmit power levels based on the - regulatory limits. - ''; - }; - - extraConfig = mkOption { - default = ""; - example = '' - auth_algo=0 - ieee80211n=1 - ht_capab=[HT40-][SHORT-GI-40][DSSS_CCK-40] - ''; - type = types.lines; - description = "Extra configuration options to put in hostapd.conf."; - }; - }; - }; - - disabledModules = ["services/networking/hostapd.nix"]; - - ###### implementation - - config = mkIf cfg.enable { - assertions = [ - { - assertion = cfg.wpa != null -> (cfg.wpaPassphrase != null || cfg.wpaPassphraseFile != null); - message = "Either wpaPassphrase or wpaPassphraseFile must be set if wpa is enabled."; - } - { - assertion = cfg.wpaPassphraseFile != null -> cfg.wpaPassphrase == null; - message = "You cannot provide a wpaPassphrase and a wpaPassphraseFile!"; - } - ]; - - environment.systemPackages = [pkgs.hostapd]; - - services.udev.packages = optionals (cfg.countryCode != null) [pkgs.crda]; - - systemd.services.hostapd = { - description = "hostapd wireless AP"; - - path = [pkgs.hostapd]; - after = ["sys-subsystem-net-devices-${escapedInterface}.device"]; - bindsTo = ["sys-subsystem-net-devices-${escapedInterface}.device"]; - requiredBy = ["network-link-${cfg.interface}.service"]; - wantedBy = ["multi-user.target"]; - - preStart = mkIf (cfg.wpaPassphraseFile != null) '' - PASSPHRASE=$(cat ${cfg.wpaPassphraseFile}) - sed "s|#WPA_PASSPHRASE#|$PASSPHRASE|g" ${configFile} > /run/hostapd/hostapd.conf - ''; - - serviceConfig = { - ExecStart = "${pkgs.hostapd}/bin/hostapd ${ - if cfg.wpaPassphraseFile != null - then "/run/hostapd/hostapd.conf" - else configFile - }"; - Restart = "always"; - }; - }; - systemd.tmpfiles.rules = mkIf (cfg.wpaPassphraseFile != null) [ - "d '/run/hostapd' 0700 root root - -" - ]; - }; -} diff --git a/secrets/nas.yaml b/secrets/nas.yaml index 601854c0..9bc30b7b 100644 --- a/secrets/nas.yaml +++ b/secrets/nas.yaml @@ -9,7 +9,6 @@ services: gitea_token: ENC[AES256_GCM,data:v0Ej8841I1F/dK5ZplRzZlvngpueMQKspM5USzX9VkOEmpCs2NA3+Q==,iv:fZisAuyqk7ATFx6qHYkScUeS8SsikjiPzVovZjGnUYM=,tag:7+O+Sn7unPDy88a6T70Jmg==,type:str] github_token: ENC[AES256_GCM,data:AWMeX+P8YHGpSuH+5KqvE9zNxkEPKGvdRaQjNysO4/XE4csGjCvmjA==,iv:MCRtws/SM7lWS2/2pp5tbeX7+I5h4LVd9bJp//ln9hs=,tag:LMEGWFAaOqH0fqfNgc87AQ==,type:str] aws_credentials: ENC[AES256_GCM,data:TqfAEFfDEIicrI/qNEpHYI/cXw5OZ4z31eq05WTIQWxuyD01UfduuJeHlPNuzp7+cGVSExBUccNvVpwz7ivESoMLqiP459GfXert/SZi56fMZdOsfFxbl5x/ks71bamj5/qIXxQW0hqSOG8TwQNIMNQgAcA=,iv:HDXc7F+3WXnIfRL8rYxMnQPlfNLMYJAjKKjWVzIhNQ0=,tag:u+D+/YY+60TAEmhHMGoUwg==,type:str] - hostapd: ENC[AES256_GCM,data:KCOOPShBt6gs8TK0Ns6Kzw==,iv:haG+7w893r9w9XySav8n2MWIAOi8eehy61rQudpdjGU=,tag:yupv4fTLiOgTU7SKoAR3og==,type:str] rspamd: dkim: darkkirb.de: ENC[AES256_GCM,data:BWh1VbxBjMKMLPsFHrLIHWZGyzy8bJGYC22f1FXPWxy4WD23tfXuFMiM5TOjSgd7/7nImpndtYMXqKwyoAePGtGhpk6xogH9ObeuVisOvI8HnDZS2uuSxqWA9qA3fmP867DCDl4h3eeclpUburidCDuS4ZriA467fbvbLynX5EqntnWmrWZdTnnXs7WTAL+4ePj6optoL33BgLOvh7PREyLfzgaoBrMhJdW4mBp6XNfIbuY9JH5sUXKV4rNHDBZNoBi6UJXK69futQ+Q6Dj95OKE7l8iY/HfpF7nt1Lb9Prr1wyCQdfEd233NfUgfz6EomuKbhu3bUKau3wwIxF0qAnU+gW1BxMPzDOAS9Pm8XByJ4R9H6gHuTyleCDyq2t1TfJe7FtbIE3I9HsvrpqHGt1NETtwXrdK508PI3WrLGJusCND8KpRA0G4NMazQNPrvrFlQcQcTRe7QmZv3SLNqB4OemWSlS4uDwDYyxeaMnaKqgrwX3emRlIrrKk/eEGyCFG+FtBqsLlAiGHNE44kfjQQCrqNLFgYPWeTzgnpO0uwscYmCik6xFlpxn/0EEUtFnfOcRq3rCt9NNMX4zpJk+lFTu21LG42whDvxw4EpskLWYtdfHwob2o3IbrzuL1R7WknKMvn02asVLmn5YlOgX4dJA6J9eT17Omeq08VUnAxuOEDOZENNKMIxzoEoX90ZkjpHYqyCwJ/1ITZ1WXAaFnp8ow+wySVOYFCnw5x16A6GpDzz1rDZnXr4DY39W/yXabD9M4EAdRZHuJPEbnww5XR3n5NgYxvA9sQsKsgu4j0erJWda31Jwko6YXvJ6jMG8iySMzaD9UHZhtp3+E0kTgMzJB5gVCXuG90AUWQ4+ODK/9yO0aswi6pTakQr/y3k/XbKi85Ndt7YqhOYJZxuZdnWa519Q1Bsnyr64bbfQrRjCWeDl150G18/u5FES9dSgB0nHxIdvu8M/Xhgk0dCiQiGNWNF6XFfFFgTBu0uw8x5fIGgMrV2pp6OKUmz7Ty/UGH30c8BCTECAsafWi4WCAfpxOu5PXC9oi8QOjJegW/tetGK9S2G8+jFQvvONdQImB6IC0zzaW7BKipa3IVdc4KYtZ9NxxNKp6X2GcXEF2l6spmcZOtSeDNgKXHQE7b9wViGSdjj5KQK5RuMsxO4BAeGuLB+3jGNGiK3RijhjAIEvlSOIVoipf1lu+9QYa4wBmCOQ==,iv:uvRzwnbFMKT6EKGBfxst7CCD+uu0n/pYrjEtcHF2TIA=,tag:v4sWaO5ek6su907Z/RRPtw==,type:str] @@ -45,8 +44,8 @@ sops: WnV3QWxtalIzWFdoQmpDTmJsNGdNOW8K++rFGXy0G6Gcu2gQwSP6xfXInQ/y5nh5 2oGp8sfOLFWnNI4SWL0ChP47K3C/9ysUHwQnUYPbRafZ/4X6cN40ZQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-11-03T13:33:44Z" - mac: ENC[AES256_GCM,data:CUi7/JEP6LerZ1SKYt4nEJQNbLs6iLK4U758qFXCpLkHBX2DA7wpu2HQ98SXkfQYHNOmoH/2LhCd+Am+UixnzmTZPXol7zntO3zSrjLQh208Cpp7lYO+sDFLOJqijjth1n6c4dri5yaXJwHLQn/iLZR0Ktespl38RotWnaQ597A=,iv:K6nhBEpagZSrTVfFiS1iGC/K691yxrdFP/sqoMZvWO0=,tag:7N10AC167RoG2qKUH11g5g==,type:str] + lastmodified: "2023-11-21T12:39:29Z" + mac: ENC[AES256_GCM,data:MP5inznWToSedLyM6/SAT6apYow+JIz9qPSzKAXFn6XFjuqq/3f89twE+5cGSI8eH+syj8olhgrgw3/aCi6HYkZMIOXDQBM4ieDEI61LSAmYTX+c32CQzZHzR3Pi5PTFAxPvsG6knO9P7T81J9zQ2iP2TNWOAputAd4KLyY5Ob4=,iv:HY8cJBbpfr8YlQ2pbnQpVE2oAicyVsehtKZ8ExgQQEA=,tag:TLkoPPS73aFbYHJ4TPeMeg==,type:str] pgp: - created_at: "2022-04-24T10:34:20Z" enc: |