From e1ae986cf66c396f6d5970735abd2042c99ead1f Mon Sep 17 00:00:00 2001 From: Daniel Barlow Date: Tue, 23 Jul 2024 09:30:25 +0100 Subject: [PATCH] convert l2tp example to use gateway profile --- examples/l2tp.nix | 151 +++++++++++++++++++++++++++------------------- 1 file changed, 88 insertions(+), 63 deletions(-) diff --git a/examples/l2tp.nix b/examples/l2tp.nix index 0b45b2e..f7b66ca 100644 --- a/examples/l2tp.nix +++ b/examples/l2tp.nix @@ -30,6 +30,11 @@ inherit (pkgs.pseudofile) dir symlink; inherit (pkgs) serviceFns; svc = config.system.service; + wirelessConfig = { + country_code = "GB"; + inherit (rsecrets) wpa_passphrase; + wmm_enabled = 1; + }; in rec { boot = { tftp = { @@ -41,13 +46,14 @@ in rec { imports = [ ../modules/wwan ../modules/network - ../modules/vlan + # ../modules/vlan ../modules/ssh ../modules/usb.nix - ../modules/watchdog - ../modules/mount + # ../modules/watchdog + # ../modules/mount ../modules/ppp ../modules/round-robin + ../modules/profiles/gateway.nix ]; hostname = "thing"; @@ -58,59 +64,81 @@ in rec { authType = "chap"; }; - services.wan = - let - pppoe = svc.pppoe.build { - interface = config.hardware.networkInterfaces.wan; - debug = true; - username = rsecrets.l2tp.name; - password = rsecrets.l2tp.password; + profile.gateway = { + lan = { + interfaces = with config.hardware.networkInterfaces; + [ + # EDIT: these are the interfaces exposed by the gl.inet gl-ar750: + # if your device has more or differently named lan interfaces, + # specify them here + wlan wlan5 + lan + ]; + inherit (rsecrets.lan) prefix; + address = { + family = "inet"; address ="${rsecrets.lan.prefix}.1"; prefixLength = 24; }; - - l2tp = - let - check-address = oneshot rec { - name = "check-lns-address"; - up = "grep -Fx ${lns.address} $(output_path ${services.lns-address} addresses)"; - dependencies = [ services.lns-address ]; - }; - route = svc.network.route.build { - via = "$(output ${services.dhcpc} router)"; - target = lns.address; - dependencies = [services.dhcpc check-address]; - }; - in svc.l2tp.build { - lns = lns.address; - ppp-options = [ - "debug" "+ipv6" "noauth" - "name" rsecrets.l2tp.name - "password" rsecrets.l2tp.password - ]; - dependencies = [config.services.lns-address route check-address]; + dhcp = { + start = 10; + end = 240; + hosts = { } // lib.optionalAttrs (builtins.pathExists ./static-leases.nix) (import ./static-leases.nix); + localDomain = "lan"; + }; + }; + wan = { + interface = let + pppoe = svc.pppoe.build { + interface = config.hardware.networkInterfaces.wan; + debug = true; + username = rsecrets.l2tp.name; + password = rsecrets.l2tp.password; }; - in svc.round-robin.build { - name = "wan"; - services = [ l2tp pppoe ]; + + l2tp = + let + check-address = oneshot rec { + name = "check-lns-address"; + up = "grep -Fx ${lns.address} $(output_path ${services.lns-address} addresses)"; + dependencies = [ services.lns-address ]; + }; + route = svc.network.route.build { + via = "$(output ${services.bootstrap-dhcpc} router)"; + target = lns.address; + dependencies = [services.bootstrap-dhcpc check-address]; + }; + in svc.l2tp.build { + lns = lns.address; + ppp-options = [ + "debug" "+ipv6" "noauth" + "name" rsecrets.l2tp.name + "password" rsecrets.l2tp.password + ]; + dependencies = [config.services.lns-address route check-address]; + }; + in svc.round-robin.build { + name = "wan"; + services = [ l2tp pppoe ]; + }; + dhcp6.enable = true; }; - services.sshd = svc.ssh.build { }; - - services.resolvconf = oneshot rec { - dependencies = [ services.wan ]; - name = "resolvconf"; - up = '' - . ${serviceFns} - ( in_outputs ${name} - for i in ns1 ns2 ; do - ns=$(output ${services.wan} $i) - echo "nameserver $ns" >> resolv.conf - done - ) - ''; - }; - filesystem = dir { - etc = dir { - "resolv.conf" = symlink "${services.resolvconf}/.outputs/resolv.conf"; + wireless.networks = { + "${rsecrets.ssid}" = { + interface = config.hardware.networkInterfaces.wlan; + hw_mode = "g"; + channel = "6"; + ieee80211n = 1; + } // wirelessConfig; + "${rsecrets.ssid}5" = rec { + interface = config.hardware.networkInterfaces.wlan5; + hw_mode = "a"; + channel = 36; + ht_capab = "[HT40+]"; + vht_oper_chwidth = 1; + vht_oper_centr_freq_seg0_idx = channel + 6; + ieee80211n = 1; + ieee80211ac = 1; + } // wirelessConfig; }; }; @@ -119,6 +147,8 @@ in rec { dependencies = [ config.services.hostname ]; }; + services.sshd = svc.ssh.build { }; + services.lns-address = let ns = "$(output_word ${services.bootstrap-dhcpc} dns 1)"; route-to-bootstrap-nameserver = svc.network.route.build { @@ -137,18 +167,13 @@ in rec { ''; }; - services.defaultroute4 = svc.network.route.build { - via = "$(output ${services.wan} peer-address)"; - target = "default"; - dependencies = [services.wan]; - }; + # services.ntp = svc.ntp.build { + # pools = { "pool.ntp.org" = ["iburst"]; }; + # makestep = { threshold = 1.0; limit = 3; }; + # dependencies = with config.services; [ defaultroute4 defaultroute6 ]; + # }; -# defaultProfile.packages = [ pkgs.go-l2tp ]; - - users.root = { - passwd = lib.mkForce secrets.root.passwd; - openssh.authorizedKeys.keys = secrets.root.keys; - }; + users.root = rsecrets.root; programs.busybox.options = { FEATURE_FANCY_TAIL = "y";