Compare commits
3 Commits
5bf8e8522a
...
4396afa97b
| Author | SHA1 | Date | |
|---|---|---|---|
| 4396afa97b | |||
| 9b70fd62f6 | |||
| 86e73317ee |
@ -20,6 +20,7 @@ let
|
||||
writeText
|
||||
writeFennelScript
|
||||
serviceFns;
|
||||
svc = config.system.service;
|
||||
in rec {
|
||||
boot = {
|
||||
tftp = {
|
||||
@ -36,16 +37,12 @@ in rec {
|
||||
../modules/dnsmasq
|
||||
../modules/firewall
|
||||
../modules/hostapd
|
||||
../modules/bridge
|
||||
];
|
||||
rootfsType = "jffs2";
|
||||
hostname = "rotuer";
|
||||
kernel = {
|
||||
config = {
|
||||
BRIDGE = "y";
|
||||
};
|
||||
};
|
||||
|
||||
services.hostap = config.system.service.hostapd {
|
||||
services.hostap = svc.hostapd {
|
||||
interface = config.hardware.networkInterfaces.wlan_24;
|
||||
params = {
|
||||
ssid = "liminix";
|
||||
@ -63,7 +60,7 @@ in rec {
|
||||
};
|
||||
};
|
||||
|
||||
services.hostap5 = config.system.service.hostapd {
|
||||
services.hostap5 = svc.hostapd {
|
||||
interface = config.hardware.networkInterfaces.wlan_5;
|
||||
params = rec {
|
||||
ssid = "liminix_5";
|
||||
@ -86,26 +83,14 @@ in rec {
|
||||
};
|
||||
|
||||
services.int =
|
||||
let iface = interface {
|
||||
type = "bridge";
|
||||
device = "int";
|
||||
};
|
||||
let iface = svc.bridge.primary { ifname = "int"; };
|
||||
in address iface {
|
||||
family = "inet4"; address ="10.8.0.1"; prefixLength = 16;
|
||||
};
|
||||
|
||||
services.bridge =
|
||||
let
|
||||
services.bridge = svc.bridge.members {
|
||||
primary = services.int;
|
||||
addif = dev: oneshot {
|
||||
name = "add-${dev.device}-to-bridge";
|
||||
up = "${ifwait}/bin/ifwait -v ${dev.device} running && ip link set dev ${dev.device} master ${primary.device}";
|
||||
down = "ip link set dev ${dev} nomaster";
|
||||
dependencies = [ primary dev ];
|
||||
};
|
||||
in bundle {
|
||||
name = "bridge-members";
|
||||
contents = with config.hardware.networkInterfaces; map addif [
|
||||
members = with config.hardware.networkInterfaces; [
|
||||
wlan_24 lan wlan_5
|
||||
];
|
||||
};
|
||||
@ -145,7 +130,7 @@ in rec {
|
||||
|
||||
services.dns =
|
||||
let interface = services.int;
|
||||
in config.system.service.dnsmasq {
|
||||
in svc.dnsmasq {
|
||||
resolvconf = services.resolvconf;
|
||||
inherit interface;
|
||||
ranges = [
|
||||
@ -155,10 +140,8 @@ in rec {
|
||||
domain = "fake.liminix.org";
|
||||
};
|
||||
|
||||
services.wan =
|
||||
let iface = config.hardware.networkInterfaces.wan;
|
||||
in config.system.service.pppoe {
|
||||
interface = iface;
|
||||
services.wan = svc.pppoe {
|
||||
interface = config.hardware.networkInterfaces.wan;
|
||||
ppp-options = [
|
||||
"debug" "+ipv6" "noauth"
|
||||
"name" secrets.l2tp.name
|
||||
@ -196,7 +179,7 @@ in rec {
|
||||
dependencies = [ services.wan ];
|
||||
};
|
||||
|
||||
services.firewall = config.system.service.firewall {
|
||||
services.firewall = svc.firewall {
|
||||
ruleset = import ./rotuer-firewall.nix;
|
||||
};
|
||||
|
||||
|
||||
22
modules/bridge/default.nix
Normal file
22
modules/bridge/default.nix
Normal file
@ -0,0 +1,22 @@
|
||||
{ lib, pkgs, config, ...}:
|
||||
let
|
||||
inherit (lib) mkOption types;
|
||||
inherit (pkgs.liminix.services) oneshot;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
system.service.bridge = {
|
||||
primary = mkOption {
|
||||
type = types.functionTo pkgs.liminix.lib.types.service;
|
||||
};
|
||||
members = mkOption {
|
||||
type = types.functionTo pkgs.liminix.lib.types.service;
|
||||
};
|
||||
};
|
||||
};
|
||||
config = {
|
||||
system.service.bridge.primary = pkgs.callPackage ./primary.nix {};
|
||||
system.service.bridge.members = pkgs.callPackage ./members.nix {};
|
||||
kernel.config.BRIDGE = "y";
|
||||
};
|
||||
}
|
||||
35
modules/bridge/members.nix
Normal file
35
modules/bridge/members.nix
Normal file
@ -0,0 +1,35 @@
|
||||
{
|
||||
liminix
|
||||
, ifwait
|
||||
, lib
|
||||
}:
|
||||
let
|
||||
inherit (liminix.networking) interface;
|
||||
inherit (liminix.services) bundle oneshot;
|
||||
inherit (liminix.lib) typeChecked;
|
||||
inherit (lib) mkOption types;
|
||||
t = {
|
||||
members = mkOption {
|
||||
type = types.listOf liminix.lib.types.service;
|
||||
description = "interfaces to add to the bridge";
|
||||
};
|
||||
primary = mkOption {
|
||||
type = liminix.lib.types.service;
|
||||
description = "bridge interface to add them to";
|
||||
};
|
||||
};
|
||||
in
|
||||
params:
|
||||
let
|
||||
inherit (typeChecked "bridge-members" t params) members primary;
|
||||
addif = member :
|
||||
oneshot {
|
||||
name = "add-${member.device}-to-br-${primary.device}";
|
||||
up = "${ifwait}/bin/ifwait ${member.device} running && ip link set dev ${member.device} master ${primary.device}";
|
||||
down = "ip link set dev ${member.device} nomaster";
|
||||
dependencies = [ primary member ];
|
||||
};
|
||||
in bundle {
|
||||
name = "bridge-${primary.device}-members";
|
||||
contents = map addif members;
|
||||
}
|
||||
22
modules/bridge/primary.nix
Normal file
22
modules/bridge/primary.nix
Normal file
@ -0,0 +1,22 @@
|
||||
{
|
||||
liminix
|
||||
, lib
|
||||
}:
|
||||
let
|
||||
inherit (liminix.networking) interface;
|
||||
inherit (liminix.lib) typeChecked;
|
||||
inherit (lib) mkOption types;
|
||||
t = {
|
||||
ifname = mkOption {
|
||||
type = types.str;
|
||||
description = "interface name for the bridge device";
|
||||
};
|
||||
};
|
||||
in
|
||||
params:
|
||||
let
|
||||
inherit (typeChecked "bridge" t params) ifname;
|
||||
in interface {
|
||||
device = ifname;
|
||||
type = "bridge";
|
||||
}
|
||||
Loading…
Reference in New Issue
Block a user