Merge pull request #275 from DarkKirb/disable-router

remove routing features from nas
This commit is contained in:
Charlotte 🦝 Delenk 2023-11-21 14:20:50 +01:00 committed by GitHub
commit ff45731a77
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 8 additions and 1130 deletions

View file

@ -19,8 +19,6 @@
./services/backup.nix
nixos-hardware.nixosModules.common-cpu-amd
nixos-hardware.nixosModules.common-pc-ssd
./services/hostapd.nix
./services/router.nix
./services/syncthing.nix
../modules/tc-cake.nix
./services/cups.nix
@ -73,19 +71,6 @@
fsType = "vfat";
};
networking.interfaces.br0 = {
ipv4 = {
addresses = [
{
address = "192.168.2.1";
prefixLength = 24;
}
];
};
};
networking.bridges = {
br0.interfaces = ["enp9s0" "wlp7s0"];
};
networking.wireguard.interfaces."wg0".ips = ["fd0d:a262:1fa6:e621:bc9b:6a33:86e4:873b/64"];
environment.etc."sysconfig/lm_sensors".text = ''
# Generated by sensors-detect on Sun Apr 24 08:31:51 2022

View file

@ -1,9 +0,0 @@
{nixpkgs, ...}: {
imports = [
"${nixpkgs}/nixos/modules/installer/netboot/netboot-base.nix"
];
networking.wireguard.interfaces."wg0".ips = [
"fd0d:a262:1fa6:e621:6ec2:1e4e:ce7f:d2af/64"
];
networking.hostId = "8425e349";
}

View file

@ -1,24 +0,0 @@
{config, ...}: {
imports = [
../../modules/hostapd.nix
];
services.hostapd = {
enable = true;
countryCode = "DE";
interface = "wlp7s0";
ssid = "🦝";
wpa = true;
wpaPassphraseFile = config.sops.secrets."services/hostapd".path;
extraConfig = ''
utf8_ssid=1
wmm_enabled=1
ieee80211n=1
wpa_pairwise=GCMP CCMP
'';
};
sops.secrets."services/hostapd" = {
restartUnits = [
"hostapd.service"
];
};
}

View file

@ -1,185 +0,0 @@
{
nixos-config-for-netboot,
pkgs,
...
}: let
win11Iso = pkgs.stdenv.mkDerivation {
name = "Win11_22H2_EnglishInternational_x64v2.iso";
src = pkgs.emptyDirectory;
buildPhase = ''
echo "Manually add a win11.iso with the correct hash to your store"
exit 1
'';
outputHash = "0dgv9vjv375d5jx80y67ljz5vvpnb0inmia0cifga1zlsp1sq9zz";
outputHashMode = "flat";
outputHashAlgo = "sha256";
};
installBat = pkgs.writeText "install.bat" ''
wpeinit
ipconfig
net use i: \\192.168.2.1\INSTALL /user:none none
i:
setup.exe /AddBootMgrLast
'';
winpeshlIni = pkgs.writeText "winpeshl.ini" ''
[LaunchhApps]
"install.bat"
'';
win11SetupDir = pkgs.stdenv.mkDerivation {
name = "win11-boot";
src = pkgs.emptyDirectory;
nativeBuildInputs = [pkgs.p7zip];
buildPhase = "";
installPhase = ''
mkdir $out
cd $out
7z x ${win11Iso} efi/microsoft/boot/bcd boot/fonts/segmono_boot.ttf boot/fonts/segoe_slboot.ttf boot/fonts/segoen_slboot.ttf boot/fonts/wgl4_boot.ttf boot/boot.sdi sources/boot.wim
ln -sv ${installBat} install.bat
ln -sv ${winpeshlIni} winpeshl.ini
'';
};
win11IsoDir = pkgs.stdenv.mkDerivation {
name = "win11";
src = pkgs.emptyDirectory;
buildPhase = "true";
installPhase = ''
mkdir $out
ln -sv ${win11Iso} $out/win11.iso
ln -sv ${win11SetupDir} $out/setup
'';
};
bootIpxeX86Script = pkgs.writeTextDir "boot.ipxe" ''
#!ipxe
:start
menu iPXE boot menu
item --gap -- ------------------------- Operating systems ------------------------------
item --key n linux (N)ixOS (netboot)
item --key w windows (W)indows 11 (installer)
item --gap -- ----------------------------- Utilities ----------------------------------
item --key e ext (E)xit
item --key s shell EFI (S)hell
choose version && goto ${"$"}{version} || goto start
:linux
chain http://192.168.2.1/x86_64/netboot.ipxe
:windows
imgfree
kernel http://192.168.2.1/x86_64/share/wimboot/wimboot.x86_64.efi gui
initrd http://192.168.2.1/x86_64/setup/install.bat install.bat
initrd http://192.168.2.1/x86_64/setup/winpeshl.ini winpeshl.ini
initrd http://192.168.2.1/x86_64/setup/efi/microsoft/boot/bcd BCD
initrd http://192.168.2.1/x86_64/setup/boot/fonts/segmono_boot.ttf segmono_boot.ttf
initrd http://192.168.2.1/x86_64/setup/boot/fonts/segoe_slboot.ttf segoe_slboot.ttf
initrd http://192.168.2.1/x86_64/setup/boot/fonts/segoen_slboot.ttf segoen_slboot.ttf
initrd http://192.168.2.1/x86_64/setup/boot/fonts/wgl4_boot.ttf wgl4_boot.ttf
initrd http://192.168.2.1/x86_64/setup/boot/boot.sdi boot.sdi
initrd http://192.168.2.1/x86_64/setup/sources/boot.wim boot.wim
boot
:shell
chain http://192.168.2.1/x86_64/shell.efi
:ext
exit
'';
netboot-x86_64 = pkgs.symlinkJoin {
name = "netboot-x86_64";
paths = [
pkgs.ipxe
nixos-config-for-netboot.nixosConfigurations.netboot.config.system.build.kernel
nixos-config-for-netboot.nixosConfigurations.netboot.config.system.build.netbootRamdisk
nixos-config-for-netboot.nixosConfigurations.netboot.config.system.build.netbootIpxeScript
pkgs.edk2-uefi-shell
bootIpxeX86Script
win11IsoDir
pkgs.wimboot
];
};
bootIpxeScript = pkgs.writeText "boot.ipxe" ''
#!ipxe
set arch ${"$"}{buildarch}
iseq ${"$"}{arch} i386 && cpuid --ext 29 && set arch x86_64 ||
chain http://192.168.2.1/${"$"}{arch}/boot.ipxe
'';
netboot = pkgs.stdenvNoCC.mkDerivation {
name = "netboot";
src = pkgs.emptyDirectory;
buildPhase = "true";
installPhase = ''
mkdir $out
cp ${bootIpxeScript} $out/boot.ipxe
ln -svf ${netboot-x86_64} $out/x86_64
'';
};
in {
networking.dhcpcd.allowInterfaces = ["enp2s0f0u4"]; # yes a usb network card dont judge
services.kea.dhcp4.settings = {
interfaces-config = {
interfaces = [
"br0"
];
};
lease-database = {
name = "/var/lib/kea/dhcp4.leases";
persist = true;
type = "memfile";
};
rebind-timer = 2000;
renew-timer = 1000;
subnet4 = [
{
pools = [
{
pool = "192.168.2.100 - 192.168.2.240";
}
];
subnet = "192.168.2.0/24";
option-data = [
{
name = "routers";
data = "192.168.2.1";
}
{
name = "domain-name-servers";
data = "1.1.1.1";
}
];
}
];
valid-lifetime = 4000;
};
services.kea.dhcp4.enable = true;
services.atftpd = {
enable = true;
root = pkgs.ipxe;
};
services.caddy.virtualHosts."http://192.168.2.1".extraConfig = ''
import baseConfig
root * ${netboot}
file_server
'';
networking.firewall.interfaces."br0".allowedUDPPorts = [69 4011];
# No i dont have ipv6 :(
networking.firewall.extraCommands = ''
iptables -A FORWARD -i br0 -j ACCEPT
iptables -t nat -A POSTROUTING -o enp2s0f0u4 -s 192.168.2.0/24 -j MASQUERADE
'';
networking.interfaces.enp2s0f0u4.macAddress = "00:d8:61:d0:de:1e"; # fucking ISP
boot.kernel.sysctl = {
"net.ipv4.conf.all.forwarding" = true;
"net.ipv6.conf.all.forwarding" = true;
};
fileSystems."/mnt/win" = {
device = "${win11Iso}";
options = ["loop" "ro"];
};
}

View file

@ -36,48 +36,6 @@
"type": "github"
}
},
"chir-rs_2": {
"inputs": {
"flake-parts": [
"nixos-config-for-netboot",
"flake-parts"
],
"haskell-flake": [
"nixos-config-for-netboot",
"haskell-flake"
],
"microformats2-parser": "microformats2-parser_2",
"nix-packages": [
"nixos-config-for-netboot",
"nix-packages"
],
"nixpkgs": [
"nixos-config-for-netboot",
"nixpkgs"
],
"systems": [
"nixos-config-for-netboot",
"systems"
],
"treefmt-nix": [
"nixos-config-for-netboot",
"treefmt-nix"
]
},
"locked": {
"lastModified": 1699254151,
"narHash": "sha256-PeC6rOfXVIgMQ/0eZM9j9tLbS4Xu8/PzPKTpQ4L60Ds=",
"owner": "DarkKirb",
"repo": "chir.rs",
"rev": "c849b0234b38e0105fd0504d4ec379b84e5fbec0",
"type": "github"
},
"original": {
"owner": "DarkKirb",
"repo": "chir.rs",
"type": "github"
}
},
"colorpickle": {
"inputs": {
"naersk": [
@ -150,31 +108,6 @@
"type": "github"
}
},
"dns_2": {
"inputs": {
"flake-utils": [
"nixos-config-for-netboot",
"flake-utils"
],
"nixpkgs": [
"nixos-config-for-netboot",
"nixpkgs"
]
},
"locked": {
"lastModified": 1644390195,
"narHash": "sha256-eU6y5oYs8HUS7Mmo6h8qsl+gLa4zLlhIl0Ryk4e4r2M=",
"owner": "DarkKirb",
"repo": "dns.nix",
"rev": "4d3d32b0fd221895bf3da0e348056260c3a77636",
"type": "github"
},
"original": {
"owner": "DarkKirb",
"repo": "dns.nix",
"type": "github"
}
},
"element-web": {
"inputs": {
"devshell": [
@ -235,43 +168,6 @@
"type": "github"
}
},
"firefox_2": {
"inputs": {
"cachix": [
"nixos-config-for-netboot",
"nixpkgs"
],
"flake-compat": [
"nixos-config-for-netboot",
"flake-compat"
],
"lib-aggregate": [
"nixos-config-for-netboot",
"lib-aggregate"
],
"mozilla": [
"nixos-config-for-netboot",
"mozilla"
],
"nixpkgs": [
"nixos-config-for-netboot",
"nixpkgs"
]
},
"locked": {
"lastModified": 1700009812,
"narHash": "sha256-gexWhDZs4fo/qrcIYdt96ubkPTM+/HSMvj48BodiirY=",
"owner": "nix-community",
"repo": "flake-firefox-nightly",
"rev": "e6b823170a4f89a08c20b418bf4b7798a94d3cab",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "flake-firefox-nightly",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
@ -288,22 +184,6 @@
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
@ -324,27 +204,6 @@
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"nixos-config-for-netboot",
"nixpkgs"
]
},
"locked": {
"lastModified": 1698882062,
"narHash": "sha256-HkhafUayIqxXyHH1X8d9RDl1M2CkFgZLjKD3MzabiEo=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "8c9fa2545007b49a5db5f650ae91f227672c3877",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": [
@ -365,27 +224,6 @@
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": [
"nixos-config-for-netboot",
"systems"
]
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"gomod2nix": {
"inputs": {
"nixpkgs": [
@ -411,33 +249,6 @@
"type": "github"
}
},
"gomod2nix_2": {
"inputs": {
"nixpkgs": [
"nixos-config-for-netboot",
"nix-packages",
"nixpkgs"
],
"utils": [
"nixos-config-for-netboot",
"nix-packages",
"flake-utils"
]
},
"locked": {
"lastModified": 1692555015,
"narHash": "sha256-QS7fNVS9ToprIt93R/S+BVerAttNkYI3/SVQI3jciLs=",
"owner": "DarkKirb",
"repo": "gomod2nix",
"rev": "de2e02108ef1e6ab52a71676f7735a3fc1bea741",
"type": "github"
},
"original": {
"owner": "DarkKirb",
"repo": "gomod2nix",
"type": "github"
}
},
"haskell-flake": {
"locked": {
"lastModified": 1700254486,
@ -453,21 +264,6 @@
"type": "github"
}
},
"haskell-flake_2": {
"locked": {
"lastModified": 1699388095,
"narHash": "sha256-uutZJWtd6rKwoLYLFGsjrA2zu06uRdGC//FANb4azgU=",
"owner": "srid",
"repo": "haskell-flake",
"rev": "7029034b00bd7c9225d74915a6a53e5b44b4a1d3",
"type": "github"
},
"original": {
"owner": "srid",
"repo": "haskell-flake",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
@ -488,27 +284,6 @@
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"nixos-config-for-netboot",
"nixpkgs"
]
},
"locked": {
"lastModified": 1699783872,
"narHash": "sha256-4zTwLT2LL45Nmo6iwKB3ls3hWodVP9DiSWxki/oewWE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "280721186ab75a76537713ec310306f0eba3e407",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"hydra": {
"inputs": {
"nix": "nix",
@ -533,31 +308,6 @@
"url": "https://git.chir.rs/darkkirb/hydra"
}
},
"hydra_2": {
"inputs": {
"nix": "nix_2",
"nixpkgs": [
"nixos-config-for-netboot",
"nix-packages",
"hydra",
"nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1697704332,
"narHash": "sha256-XDDllf7VLpSuQcBxv4v2BGoeKhbqDqISAu8r48eqc3Y=",
"ref": "refs/heads/master",
"rev": "30ba162924d53d4daafb09414b86241e7ecaa9ab",
"revCount": 4073,
"type": "git",
"url": "https://git.chir.rs/darkkirb/hydra"
},
"original": {
"type": "git",
"url": "https://git.chir.rs/darkkirb/hydra"
}
},
"lib-aggregate": {
"inputs": {
"flake-utils": [
@ -581,31 +331,6 @@
"type": "github"
}
},
"lib-aggregate_2": {
"inputs": {
"flake-utils": [
"nixos-config-for-netboot",
"flake-utils"
],
"nixpkgs-lib": [
"nixos-config-for-netboot",
"nixpkgs"
]
},
"locked": {
"lastModified": 1699790908,
"narHash": "sha256-8CO4KQhiEyO7rce4KVOq8arpk9802fVwxtN/oLeRFag=",
"owner": "nix-community",
"repo": "lib-aggregate",
"rev": "6c60a229fa422698325b2788e93dfeeba3f11391",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "lib-aggregate",
"type": "github"
}
},
"lowdown-src": {
"flake": false,
"locked": {
@ -622,22 +347,6 @@
"type": "github"
}
},
"lowdown-src_2": {
"flake": false,
"locked": {
"lastModified": 1633514407,
"narHash": "sha256-Dw32tiMjdK9t3ETl5fzGrutQTzh2rufgZV4A/BbxuD4=",
"owner": "kristapsdz",
"repo": "lowdown",
"rev": "d2c2b44ff6c27b936ec27358a2653caaef8f73b8",
"type": "github"
},
"original": {
"owner": "kristapsdz",
"repo": "lowdown",
"type": "github"
}
},
"matrix-js-sdk": {
"inputs": {
"devshell": [
@ -725,33 +434,6 @@
"type": "github"
}
},
"mautrix-cleanup_2": {
"inputs": {
"flake-utils": [
"nixos-config-for-netboot",
"nix-packages",
"flake-utils"
],
"nixpkgs": [
"nixos-config-for-netboot",
"nix-packages",
"nixpkgs"
]
},
"locked": {
"lastModified": 1678395415,
"narHash": "sha256-l7upZ8y8SobYtv+RYD7DodRU74DGvDRjvaKfj8VmAow=",
"owner": "DarkKirb",
"repo": "mautrix-cleanup",
"rev": "5f5f51ce8b7560d18ddae1824bc253a9e896ab0b",
"type": "github"
},
"original": {
"owner": "DarkKirb",
"repo": "mautrix-cleanup",
"type": "github"
}
},
"microformats2-parser": {
"flake": false,
"locked": {
@ -768,22 +450,6 @@
"type": "github"
}
},
"microformats2-parser_2": {
"flake": false,
"locked": {
"lastModified": 1695821315,
"narHash": "sha256-Et4yYDiIcIeMsEkZI9Y0Unh51fnuMQzScE4dxgXCGzo=",
"owner": "darkkirb",
"repo": "microformats2-parser",
"rev": "4e6b3aac8f5af3306261ef2782f7df990e96f429",
"type": "github"
},
"original": {
"owner": "darkkirb",
"repo": "microformats2-parser",
"type": "github"
}
},
"mozilla": {
"locked": {
"lastModified": 1695805681,
@ -799,21 +465,6 @@
"type": "github"
}
},
"mozilla_2": {
"locked": {
"lastModified": 1695805681,
"narHash": "sha256-1ElPLD8eFfnuIk0G52HGGpRtQZ4QPCjChRlEOfkZ5ro=",
"owner": "mozilla",
"repo": "nixpkgs-mozilla",
"rev": "6eabade97bc28d707a8b9d82ad13ef143836736e",
"type": "github"
},
"original": {
"owner": "mozilla",
"repo": "nixpkgs-mozilla",
"type": "github"
}
},
"naersk": {
"inputs": {
"nixpkgs": [
@ -879,31 +530,6 @@
"type": "github"
}
},
"nix-gaming_2": {
"inputs": {
"flake-parts": [
"nixos-config-for-netboot",
"flake-parts"
],
"nixpkgs": [
"nixos-config-for-netboot",
"nixpkgs"
]
},
"locked": {
"lastModified": 1700010845,
"narHash": "sha256-Zpd6vdDBsL8phO9QlIPX/h01v2LCOPlsrJQreOSenoQ=",
"owner": "fufexan",
"repo": "nix-gaming",
"rev": "92d6637940bf86746a4f5efa7b86e1d94090b351",
"type": "github"
},
"original": {
"owner": "fufexan",
"repo": "nix-gaming",
"type": "github"
}
},
"nix-neovim": {
"inputs": {
"nixpkgs": [
@ -924,27 +550,6 @@
"type": "github"
}
},
"nix-neovim_2": {
"inputs": {
"nixpkgs": [
"nixos-config-for-netboot",
"nixpkgs"
]
},
"locked": {
"lastModified": 1650651888,
"narHash": "sha256-2lC6oeQMTke7/bx8VxLNJr54A/WGkdAv2H0iebTmACY=",
"owner": "syberant",
"repo": "nix-neovim",
"rev": "6f03a1c206ff2c5bea209c73f861ebd8088de53b",
"type": "github"
},
"original": {
"owner": "syberant",
"repo": "nix-neovim",
"type": "github"
}
},
"nix-packages": {
"inputs": {
"flake-compat": [
@ -975,116 +580,7 @@
"type": "github"
}
},
"nix-packages_2": {
"inputs": {
"flake-compat": [
"nixos-config-for-netboot",
"flake-compat"
],
"flake-utils": [
"nixos-config-for-netboot",
"flake-utils"
],
"gomod2nix": "gomod2nix_2",
"hydra": "hydra_2",
"mautrix-cleanup": "mautrix-cleanup_2",
"nixpkgs": [
"nixos-config-for-netboot",
"nixpkgs"
]
},
"locked": {
"lastModified": 1700028514,
"narHash": "sha256-Xb5qQwjFI02yO1rHEFAB4Xfs9Uzo1paCGNw1WGRziJw=",
"owner": "DarkKirb",
"repo": "nix-packages",
"rev": "9f786a30cf3907c18d1f6709cb0487b651ec7ba1",
"type": "github"
},
"original": {
"owner": "DarkKirb",
"ref": "main",
"repo": "nix-packages",
"type": "github"
}
},
"nix_2": {
"inputs": {
"lowdown-src": "lowdown-src_2",
"nixpkgs": "nixpkgs_2",
"nixpkgs-regression": "nixpkgs-regression_2"
},
"locked": {
"lastModified": 1677045134,
"narHash": "sha256-jUc2ccTR8f6MGY2pUKgujm+lxSPNGm/ZAP+toX+nMNc=",
"owner": "nixos",
"repo": "nix",
"rev": "4acc684ef7b3117c6d6ac12837398a0008a53d85",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "2.13.3",
"repo": "nix",
"type": "github"
}
},
"nixos-config-for-netboot": {
"inputs": {
"chir-rs": "chir-rs_2",
"dns": "dns_2",
"firefox": "firefox_2",
"flake-compat": "flake-compat_2",
"flake-parts": "flake-parts_2",
"flake-utils": "flake-utils_2",
"haskell-flake": "haskell-flake_2",
"home-manager": "home-manager_2",
"lib-aggregate": "lib-aggregate_2",
"mozilla": "mozilla_2",
"nix-gaming": "nix-gaming_2",
"nix-neovim": "nix-neovim_2",
"nix-packages": "nix-packages_2",
"nixos-config-for-netboot": [
"nixos-config-for-netboot"
],
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_3",
"nur": "nur",
"sops-nix": "sops-nix",
"systems": "systems",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1700028923,
"narHash": "sha256-87w37LOdowNLdgczPIDtzvv298FT/T75P4Ct+ibne0g=",
"owner": "DarkKirb",
"repo": "nixos-config",
"rev": "70a88984c0362fc5dad723173f38e11490f8d34e",
"type": "github"
},
"original": {
"owner": "DarkKirb",
"repo": "nixos-config",
"rev": "70a88984c0362fc5dad723173f38e11490f8d34e",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1699997707,
"narHash": "sha256-ugb+1TGoOqqiy3axyEZpfF6T4DQUGjfWZ3Htry1EfvI=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "5689f3ebf899f644a1aabe8774d4f37eb2f6c2f9",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixos-hardware",
"type": "github"
}
},
"nixos-hardware_2": {
"locked": {
"lastModified": 1700392353,
"narHash": "sha256-KARn8aVJu5fdW0jdJYoOQ1SPqWlNdz4l7r90NbArWSY=",
@ -1131,54 +627,7 @@
"type": "github"
}
},
"nixpkgs-regression_2": {
"locked": {
"lastModified": 1643052045,
"narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1670461440,
"narHash": "sha256-jy1LB8HOMKGJEGXgzFRLDU1CBGL0/LlkolgnqIsF0D8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "04a75b2eecc0acf6239acf9dd04485ff8d14f425",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-22.11-small",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1700026739,
"narHash": "sha256-Igz8Ug98Z/mt6QGlkfdGZNQQw2GkT9y0AMz9ii0bOFk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e8ad54f562b4621c7c080b4a3ddbafe4735bcb86",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1700503501,
"narHash": "sha256-Ong9/3qx2lEytSezcFdtaKQvjVma6yjBFzvt257uwjo=",
@ -1194,21 +643,6 @@
}
},
"nur": {
"locked": {
"lastModified": 1700026913,
"narHash": "sha256-tDep0ctEmsm/VCUvhjE0EaIeIArvdfnxkoTmX6Q4JD8=",
"owner": "nix-community",
"repo": "NUR",
"rev": "89eea2ba1860809b7ed9e9cab9d9ac0e312f833a",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "NUR",
"type": "github"
}
},
"nur_2": {
"locked": {
"lastModified": 1700498677,
"narHash": "sha256-ABtiINPf4cwNHsWQ1dnriQvvuhRBoqScYtXYEhvevN0=",
@ -1242,41 +676,15 @@
"nix-gaming": "nix-gaming",
"nix-neovim": "nix-neovim",
"nix-packages": "nix-packages",
"nixos-config-for-netboot": "nixos-config-for-netboot",
"nixos-hardware": "nixos-hardware_2",
"nixpkgs": "nixpkgs_4",
"nur": "nur_2",
"sops-nix": "sops-nix_2",
"systems": "systems_2",
"treefmt-nix": "treefmt-nix_2"
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_2",
"nur": "nur",
"sops-nix": "sops-nix",
"systems": "systems",
"treefmt-nix": "treefmt-nix"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixos-config-for-netboot",
"nixpkgs"
],
"nixpkgs-stable": [
"nixos-config-for-netboot",
"nixpkgs"
]
},
"locked": {
"lastModified": 1699951338,
"narHash": "sha256-1GeczM7XfgHcYGYiYNcdwSFu3E62vmh4d7mffWZvyzE=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "0e3a94167dcd10a47b89141f35b2ff9e04b34c46",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"sops-nix_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
@ -1314,43 +722,7 @@
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"nixos-config-for-netboot",
"nixpkgs"
]
},
"locked": {
"lastModified": 1699786194,
"narHash": "sha256-3h3EH1FXQkIeAuzaWB+nK0XK54uSD46pp+dMD3gAcB4=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "e82f32aa7f06bbbd56d7b12186d555223dc399d1",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"treefmt-nix_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"

View file

@ -85,10 +85,6 @@ rec {
inputs.flake-utils.follows = "flake-utils";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-config-for-netboot = {
url = "github:DarkKirb/nixos-config/70a88984c0362fc5dad723173f38e11490f8d34e";
inputs.nixos-config-for-netboot.follows = "nixos-config-for-netboot";
};
nixos-hardware.url = "github:NixOS/nixos-hardware";
nixpkgs.url = "github:NixOS/nixpkgs";
nur.url = "github:nix-community/NUR";
@ -133,10 +129,6 @@ rec {
name = "installer"; # Installer iso
system = "x86_64-linux";
}
{
name = "netboot"; # Installer netboot
system = "x86_64-linux";
}
{
name = "instance-20221213-1915"; # Oracle server
system = "aarch64-linux";

View file

@ -1,252 +0,0 @@
{
config,
lib,
pkgs,
utils,
...
}:
# TODO:
#
# asserts
# ensure that the nl80211 module is loaded/compiled in the kernel
# wpa_supplicant and hostapd on the same wireless interface doesn't make any sense
with lib; let
cfg = config.services.hostapd;
escapedInterface = utils.escapeSystemdPath cfg.interface;
configFile = pkgs.writeText "hostapd.conf" ''
interface=${cfg.interface}
driver=${cfg.driver}
ssid=${cfg.ssid}
hw_mode=${cfg.hwMode}
channel=${toString cfg.channel}
${optionalString (cfg.countryCode != null) "country_code=${cfg.countryCode}"}
${optionalString (cfg.countryCode != null) "ieee80211d=1"}
# logging (debug level)
logger_syslog=-1
logger_syslog_level=${toString cfg.logLevel}
logger_stdout=-1
logger_stdout_level=${toString cfg.logLevel}
ctrl_interface=/run/hostapd
ctrl_interface_group=${cfg.group}
${optionalString cfg.wpa ''
wpa=2
wpa_passphrase=${
if cfg.wpaPassphrase != null
then cfg.wpaPassphrase
else "#WPA_PASSPHRASE#"
}
''}
${optionalString cfg.noScan "noscan=1"}
${cfg.extraConfig}
'';
in {
###### interface
options = {
services.hostapd = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Enable putting a wireless interface into infrastructure mode,
allowing other wireless devices to associate with the wireless
interface and do wireless networking. A simple access point will
<option>enable hostapd.wpa</option>,
<option>hostapd.wpaPassphrase</option>, and
<option>hostapd.ssid</option>, as well as DHCP on the wireless
interface to provide IP addresses to the associated stations, and
NAT (from the wireless interface to an upstream interface).
'';
};
interface = mkOption {
default = "";
example = "wlp2s0";
type = types.str;
description = ''
The interfaces <command>hostapd</command> will use.
'';
};
noScan = mkOption {
type = types.bool;
default = false;
description = ''
Do not scan for overlapping BSSs in HT40+/- mode.
Caution: turning this on will violate regulatory requirements!
'';
};
driver = mkOption {
default = "nl80211";
example = "hostapd";
type = types.str;
description = ''
Which driver <command>hostapd</command> will use.
Most applications will probably use the default.
'';
};
ssid = mkOption {
default = "nixos";
example = "mySpecialSSID";
type = types.str;
description = "SSID to be used in IEEE 802.11 management frames.";
};
hwMode = mkOption {
default = "g";
type = types.enum ["a" "b" "g"];
description = ''
Operation mode.
(a = IEEE 802.11a, b = IEEE 802.11b, g = IEEE 802.11g).
'';
};
channel = mkOption {
default = 7;
example = 11;
type = types.int;
description = ''
Channel number (IEEE 802.11)
Please note that some drivers do not use this value from
<command>hostapd</command> and the channel will need to be configured
separately with <command>iwconfig</command>.
'';
};
group = mkOption {
default = "wheel";
example = "network";
type = types.str;
description = ''
Members of this group can control <command>hostapd</command>.
'';
};
wpa = mkOption {
type = types.bool;
default = true;
description = ''
Enable WPA (IEEE 802.11i/D3.0) to authenticate with the access point.
'';
};
wpaPassphrase = mkOption {
default = null;
example = "any_64_char_string";
type = types.nullOr types.str;
description = ''
WPA-PSK (pre-shared-key) passphrase. Clients will need this
passphrase to associate with this access point.
Warning: This passphrase will get put into a world-readable file in
the Nix store!
'';
};
wpaPassphraseFile = mkOption {
default = null;
example = "/run/secrets/wpa_passphrase";
type = types.nullOr types.str;
description = ''
File containing WPA-PSK passphrase. Clients will need this
passphrase to associate with this access point.
'';
};
logLevel = mkOption {
default = 2;
type = types.int;
description = ''
Levels (minimum value for logged events):
0 = verbose debugging
1 = debugging
2 = informational messages
3 = notification
4 = warning
'';
};
countryCode = mkOption {
default = null;
example = "US";
type = with types; nullOr str;
description = ''
Country code (ISO/IEC 3166-1). Used to set regulatory domain.
Set as needed to indicate country in which device is operating.
This can limit available channels and transmit power.
These two octets are used as the first two octets of the Country String
(dot11CountryString).
If set this enables IEEE 802.11d. This advertises the countryCode and
the set of allowed channels and transmit power levels based on the
regulatory limits.
'';
};
extraConfig = mkOption {
default = "";
example = ''
auth_algo=0
ieee80211n=1
ht_capab=[HT40-][SHORT-GI-40][DSSS_CCK-40]
'';
type = types.lines;
description = "Extra configuration options to put in hostapd.conf.";
};
};
};
disabledModules = ["services/networking/hostapd.nix"];
###### implementation
config = mkIf cfg.enable {
assertions = [
{
assertion = cfg.wpa != null -> (cfg.wpaPassphrase != null || cfg.wpaPassphraseFile != null);
message = "Either wpaPassphrase or wpaPassphraseFile must be set if wpa is enabled.";
}
{
assertion = cfg.wpaPassphraseFile != null -> cfg.wpaPassphrase == null;
message = "You cannot provide a wpaPassphrase and a wpaPassphraseFile!";
}
];
environment.systemPackages = [pkgs.hostapd];
services.udev.packages = optionals (cfg.countryCode != null) [pkgs.crda];
systemd.services.hostapd = {
description = "hostapd wireless AP";
path = [pkgs.hostapd];
after = ["sys-subsystem-net-devices-${escapedInterface}.device"];
bindsTo = ["sys-subsystem-net-devices-${escapedInterface}.device"];
requiredBy = ["network-link-${cfg.interface}.service"];
wantedBy = ["multi-user.target"];
preStart = mkIf (cfg.wpaPassphraseFile != null) ''
PASSPHRASE=$(cat ${cfg.wpaPassphraseFile})
sed "s|#WPA_PASSPHRASE#|$PASSPHRASE|g" ${configFile} > /run/hostapd/hostapd.conf
'';
serviceConfig = {
ExecStart = "${pkgs.hostapd}/bin/hostapd ${
if cfg.wpaPassphraseFile != null
then "/run/hostapd/hostapd.conf"
else configFile
}";
Restart = "always";
};
};
systemd.tmpfiles.rules = mkIf (cfg.wpaPassphraseFile != null) [
"d '/run/hostapd' 0700 root root - -"
];
};
}

View file

@ -9,7 +9,6 @@ services:
gitea_token: ENC[AES256_GCM,data:v0Ej8841I1F/dK5ZplRzZlvngpueMQKspM5USzX9VkOEmpCs2NA3+Q==,iv:fZisAuyqk7ATFx6qHYkScUeS8SsikjiPzVovZjGnUYM=,tag:7+O+Sn7unPDy88a6T70Jmg==,type:str]
github_token: ENC[AES256_GCM,data:AWMeX+P8YHGpSuH+5KqvE9zNxkEPKGvdRaQjNysO4/XE4csGjCvmjA==,iv:MCRtws/SM7lWS2/2pp5tbeX7+I5h4LVd9bJp//ln9hs=,tag:LMEGWFAaOqH0fqfNgc87AQ==,type:str]
aws_credentials: ENC[AES256_GCM,data:TqfAEFfDEIicrI/qNEpHYI/cXw5OZ4z31eq05WTIQWxuyD01UfduuJeHlPNuzp7+cGVSExBUccNvVpwz7ivESoMLqiP459GfXert/SZi56fMZdOsfFxbl5x/ks71bamj5/qIXxQW0hqSOG8TwQNIMNQgAcA=,iv:HDXc7F+3WXnIfRL8rYxMnQPlfNLMYJAjKKjWVzIhNQ0=,tag:u+D+/YY+60TAEmhHMGoUwg==,type:str]
hostapd: ENC[AES256_GCM,data:KCOOPShBt6gs8TK0Ns6Kzw==,iv:haG+7w893r9w9XySav8n2MWIAOi8eehy61rQudpdjGU=,tag:yupv4fTLiOgTU7SKoAR3og==,type:str]
rspamd:
dkim:
darkkirb.de: ENC[AES256_GCM,data:BWh1VbxBjMKMLPsFHrLIHWZGyzy8bJGYC22f1FXPWxy4WD23tfXuFMiM5TOjSgd7/7nImpndtYMXqKwyoAePGtGhpk6xogH9ObeuVisOvI8HnDZS2uuSxqWA9qA3fmP867DCDl4h3eeclpUburidCDuS4ZriA467fbvbLynX5EqntnWmrWZdTnnXs7WTAL+4ePj6optoL33BgLOvh7PREyLfzgaoBrMhJdW4mBp6XNfIbuY9JH5sUXKV4rNHDBZNoBi6UJXK69futQ+Q6Dj95OKE7l8iY/HfpF7nt1Lb9Prr1wyCQdfEd233NfUgfz6EomuKbhu3bUKau3wwIxF0qAnU+gW1BxMPzDOAS9Pm8XByJ4R9H6gHuTyleCDyq2t1TfJe7FtbIE3I9HsvrpqHGt1NETtwXrdK508PI3WrLGJusCND8KpRA0G4NMazQNPrvrFlQcQcTRe7QmZv3SLNqB4OemWSlS4uDwDYyxeaMnaKqgrwX3emRlIrrKk/eEGyCFG+FtBqsLlAiGHNE44kfjQQCrqNLFgYPWeTzgnpO0uwscYmCik6xFlpxn/0EEUtFnfOcRq3rCt9NNMX4zpJk+lFTu21LG42whDvxw4EpskLWYtdfHwob2o3IbrzuL1R7WknKMvn02asVLmn5YlOgX4dJA6J9eT17Omeq08VUnAxuOEDOZENNKMIxzoEoX90ZkjpHYqyCwJ/1ITZ1WXAaFnp8ow+wySVOYFCnw5x16A6GpDzz1rDZnXr4DY39W/yXabD9M4EAdRZHuJPEbnww5XR3n5NgYxvA9sQsKsgu4j0erJWda31Jwko6YXvJ6jMG8iySMzaD9UHZhtp3+E0kTgMzJB5gVCXuG90AUWQ4+ODK/9yO0aswi6pTakQr/y3k/XbKi85Ndt7YqhOYJZxuZdnWa519Q1Bsnyr64bbfQrRjCWeDl150G18/u5FES9dSgB0nHxIdvu8M/Xhgk0dCiQiGNWNF6XFfFFgTBu0uw8x5fIGgMrV2pp6OKUmz7Ty/UGH30c8BCTECAsafWi4WCAfpxOu5PXC9oi8QOjJegW/tetGK9S2G8+jFQvvONdQImB6IC0zzaW7BKipa3IVdc4KYtZ9NxxNKp6X2GcXEF2l6spmcZOtSeDNgKXHQE7b9wViGSdjj5KQK5RuMsxO4BAeGuLB+3jGNGiK3RijhjAIEvlSOIVoipf1lu+9QYa4wBmCOQ==,iv:uvRzwnbFMKT6EKGBfxst7CCD+uu0n/pYrjEtcHF2TIA=,tag:v4sWaO5ek6su907Z/RRPtw==,type:str]
@ -45,8 +44,8 @@ sops:
WnV3QWxtalIzWFdoQmpDTmJsNGdNOW8K++rFGXy0G6Gcu2gQwSP6xfXInQ/y5nh5
2oGp8sfOLFWnNI4SWL0ChP47K3C/9ysUHwQnUYPbRafZ/4X6cN40ZQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-11-03T13:33:44Z"
mac: ENC[AES256_GCM,data:CUi7/JEP6LerZ1SKYt4nEJQNbLs6iLK4U758qFXCpLkHBX2DA7wpu2HQ98SXkfQYHNOmoH/2LhCd+Am+UixnzmTZPXol7zntO3zSrjLQh208Cpp7lYO+sDFLOJqijjth1n6c4dri5yaXJwHLQn/iLZR0Ktespl38RotWnaQ597A=,iv:K6nhBEpagZSrTVfFiS1iGC/K691yxrdFP/sqoMZvWO0=,tag:7N10AC167RoG2qKUH11g5g==,type:str]
lastmodified: "2023-11-21T12:39:29Z"
mac: ENC[AES256_GCM,data:MP5inznWToSedLyM6/SAT6apYow+JIz9qPSzKAXFn6XFjuqq/3f89twE+5cGSI8eH+syj8olhgrgw3/aCi6HYkZMIOXDQBM4ieDEI61LSAmYTX+c32CQzZHzR3Pi5PTFAxPvsG6knO9P7T81J9zQ2iP2TNWOAputAd4KLyY5Ob4=,iv:HY8cJBbpfr8YlQ2pbnQpVE2oAicyVsehtKZ8ExgQQEA=,tag:TLkoPPS73aFbYHJ4TPeMeg==,type:str]
pgp:
- created_at: "2022-04-24T10:34:20Z"
enc: |