convert l2tp example to use gateway profile
This commit is contained in:
parent
bce0c7ffb6
commit
e1ae986cf6
@ -30,6 +30,11 @@
|
||||
inherit (pkgs.pseudofile) dir symlink;
|
||||
inherit (pkgs) serviceFns;
|
||||
svc = config.system.service;
|
||||
wirelessConfig = {
|
||||
country_code = "GB";
|
||||
inherit (rsecrets) wpa_passphrase;
|
||||
wmm_enabled = 1;
|
||||
};
|
||||
in rec {
|
||||
boot = {
|
||||
tftp = {
|
||||
@ -41,13 +46,14 @@ in rec {
|
||||
imports = [
|
||||
../modules/wwan
|
||||
../modules/network
|
||||
../modules/vlan
|
||||
# ../modules/vlan
|
||||
../modules/ssh
|
||||
../modules/usb.nix
|
||||
../modules/watchdog
|
||||
../modules/mount
|
||||
# ../modules/watchdog
|
||||
# ../modules/mount
|
||||
../modules/ppp
|
||||
../modules/round-robin
|
||||
../modules/profiles/gateway.nix
|
||||
];
|
||||
hostname = "thing";
|
||||
|
||||
@ -58,59 +64,81 @@ in rec {
|
||||
authType = "chap";
|
||||
};
|
||||
|
||||
services.wan =
|
||||
let
|
||||
pppoe = svc.pppoe.build {
|
||||
interface = config.hardware.networkInterfaces.wan;
|
||||
debug = true;
|
||||
username = rsecrets.l2tp.name;
|
||||
password = rsecrets.l2tp.password;
|
||||
profile.gateway = {
|
||||
lan = {
|
||||
interfaces = with config.hardware.networkInterfaces;
|
||||
[
|
||||
# EDIT: these are the interfaces exposed by the gl.inet gl-ar750:
|
||||
# if your device has more or differently named lan interfaces,
|
||||
# specify them here
|
||||
wlan wlan5
|
||||
lan
|
||||
];
|
||||
inherit (rsecrets.lan) prefix;
|
||||
address = {
|
||||
family = "inet"; address ="${rsecrets.lan.prefix}.1"; prefixLength = 24;
|
||||
};
|
||||
|
||||
l2tp =
|
||||
let
|
||||
check-address = oneshot rec {
|
||||
name = "check-lns-address";
|
||||
up = "grep -Fx ${lns.address} $(output_path ${services.lns-address} addresses)";
|
||||
dependencies = [ services.lns-address ];
|
||||
};
|
||||
route = svc.network.route.build {
|
||||
via = "$(output ${services.dhcpc} router)";
|
||||
target = lns.address;
|
||||
dependencies = [services.dhcpc check-address];
|
||||
};
|
||||
in svc.l2tp.build {
|
||||
lns = lns.address;
|
||||
ppp-options = [
|
||||
"debug" "+ipv6" "noauth"
|
||||
"name" rsecrets.l2tp.name
|
||||
"password" rsecrets.l2tp.password
|
||||
];
|
||||
dependencies = [config.services.lns-address route check-address];
|
||||
dhcp = {
|
||||
start = 10;
|
||||
end = 240;
|
||||
hosts = { } // lib.optionalAttrs (builtins.pathExists ./static-leases.nix) (import ./static-leases.nix);
|
||||
localDomain = "lan";
|
||||
};
|
||||
};
|
||||
wan = {
|
||||
interface = let
|
||||
pppoe = svc.pppoe.build {
|
||||
interface = config.hardware.networkInterfaces.wan;
|
||||
debug = true;
|
||||
username = rsecrets.l2tp.name;
|
||||
password = rsecrets.l2tp.password;
|
||||
};
|
||||
in svc.round-robin.build {
|
||||
name = "wan";
|
||||
services = [ l2tp pppoe ];
|
||||
|
||||
l2tp =
|
||||
let
|
||||
check-address = oneshot rec {
|
||||
name = "check-lns-address";
|
||||
up = "grep -Fx ${lns.address} $(output_path ${services.lns-address} addresses)";
|
||||
dependencies = [ services.lns-address ];
|
||||
};
|
||||
route = svc.network.route.build {
|
||||
via = "$(output ${services.bootstrap-dhcpc} router)";
|
||||
target = lns.address;
|
||||
dependencies = [services.bootstrap-dhcpc check-address];
|
||||
};
|
||||
in svc.l2tp.build {
|
||||
lns = lns.address;
|
||||
ppp-options = [
|
||||
"debug" "+ipv6" "noauth"
|
||||
"name" rsecrets.l2tp.name
|
||||
"password" rsecrets.l2tp.password
|
||||
];
|
||||
dependencies = [config.services.lns-address route check-address];
|
||||
};
|
||||
in svc.round-robin.build {
|
||||
name = "wan";
|
||||
services = [ l2tp pppoe ];
|
||||
};
|
||||
dhcp6.enable = true;
|
||||
};
|
||||
|
||||
services.sshd = svc.ssh.build { };
|
||||
|
||||
services.resolvconf = oneshot rec {
|
||||
dependencies = [ services.wan ];
|
||||
name = "resolvconf";
|
||||
up = ''
|
||||
. ${serviceFns}
|
||||
( in_outputs ${name}
|
||||
for i in ns1 ns2 ; do
|
||||
ns=$(output ${services.wan} $i)
|
||||
echo "nameserver $ns" >> resolv.conf
|
||||
done
|
||||
)
|
||||
'';
|
||||
};
|
||||
filesystem = dir {
|
||||
etc = dir {
|
||||
"resolv.conf" = symlink "${services.resolvconf}/.outputs/resolv.conf";
|
||||
wireless.networks = {
|
||||
"${rsecrets.ssid}" = {
|
||||
interface = config.hardware.networkInterfaces.wlan;
|
||||
hw_mode = "g";
|
||||
channel = "6";
|
||||
ieee80211n = 1;
|
||||
} // wirelessConfig;
|
||||
"${rsecrets.ssid}5" = rec {
|
||||
interface = config.hardware.networkInterfaces.wlan5;
|
||||
hw_mode = "a";
|
||||
channel = 36;
|
||||
ht_capab = "[HT40+]";
|
||||
vht_oper_chwidth = 1;
|
||||
vht_oper_centr_freq_seg0_idx = channel + 6;
|
||||
ieee80211n = 1;
|
||||
ieee80211ac = 1;
|
||||
} // wirelessConfig;
|
||||
};
|
||||
};
|
||||
|
||||
@ -119,6 +147,8 @@ in rec {
|
||||
dependencies = [ config.services.hostname ];
|
||||
};
|
||||
|
||||
services.sshd = svc.ssh.build { };
|
||||
|
||||
services.lns-address = let
|
||||
ns = "$(output_word ${services.bootstrap-dhcpc} dns 1)";
|
||||
route-to-bootstrap-nameserver = svc.network.route.build {
|
||||
@ -137,18 +167,13 @@ in rec {
|
||||
'';
|
||||
};
|
||||
|
||||
services.defaultroute4 = svc.network.route.build {
|
||||
via = "$(output ${services.wan} peer-address)";
|
||||
target = "default";
|
||||
dependencies = [services.wan];
|
||||
};
|
||||
# services.ntp = svc.ntp.build {
|
||||
# pools = { "pool.ntp.org" = ["iburst"]; };
|
||||
# makestep = { threshold = 1.0; limit = 3; };
|
||||
# dependencies = with config.services; [ defaultroute4 defaultroute6 ];
|
||||
# };
|
||||
|
||||
# defaultProfile.packages = [ pkgs.go-l2tp ];
|
||||
|
||||
users.root = {
|
||||
passwd = lib.mkForce secrets.root.passwd;
|
||||
openssh.authorizedKeys.keys = secrets.root.keys;
|
||||
};
|
||||
users.root = rsecrets.root;
|
||||
|
||||
programs.busybox.options = {
|
||||
FEATURE_FANCY_TAIL = "y";
|
||||
|
||||
Loading…
Reference in New Issue
Block a user