linuxhackerman
/
liminix
forked from dan/liminix
1
0
Fork 0
Code Pull Requests Activity

convert l2tp example to use gateway profile

This commit is contained in:
Daniel Barlow 2024-07-23 09:30:25 +01:00
parent bce0c7ffb6
commit e1ae986cf6
1 changed files with 88 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

151
examples/l2tp.nix
View File

@ -30,6 +30,11 @@
inherit (pkgs.pseudofile) dir symlink; inherit (pkgs.pseudofile) dir symlink;
inherit (pkgs) serviceFns; inherit (pkgs) serviceFns;
svc = config.system.service; svc = config.system.service;
wirelessConfig = {
country_code = "GB";
inherit (rsecrets) wpa_passphrase;
wmm_enabled = 1;
};
in rec { in rec {
boot = { boot = {
tftp = { tftp = {
@ -41,13 +46,14 @@ in rec {
imports = [ imports = [
../modules/wwan ../modules/wwan
../modules/network ../modules/network
../modules/vlan # ../modules/vlan
../modules/ssh ../modules/ssh
../modules/usb.nix ../modules/usb.nix
../modules/watchdog # ../modules/watchdog
../modules/mount # ../modules/mount
../modules/ppp ../modules/ppp
../modules/round-robin ../modules/round-robin
../modules/profiles/gateway.nix
]; ];
hostname = "thing"; hostname = "thing";
@ -58,59 +64,81 @@ in rec {
authType = "chap"; authType = "chap";
}; };
services.wan = profile.gateway = {
let lan = {
pppoe = svc.pppoe.build { interfaces = with config.hardware.networkInterfaces;
interface = config.hardware.networkInterfaces.wan; [
debug = true; # EDIT: these are the interfaces exposed by the gl.inet gl-ar750:
username = rsecrets.l2tp.name; # if your device has more or differently named lan interfaces,
password = rsecrets.l2tp.password; # specify them here
wlan wlan5
lan
];
inherit (rsecrets.lan) prefix;
address = {
family = "inet"; address ="${rsecrets.lan.prefix}.1"; prefixLength = 24;
}; };
dhcp = {
l2tp = start = 10;
let end = 240;
check-address = oneshot rec { hosts = { } // lib.optionalAttrs (builtins.pathExists ./static-leases.nix) (import ./static-leases.nix);
name = "check-lns-address"; localDomain = "lan";
up = "grep -Fx ${lns.address} $(output_path ${services.lns-address} addresses)"; };
dependencies = [ services.lns-address ]; };
}; wan = {
route = svc.network.route.build { interface = let
via = "$(output ${services.dhcpc} router)"; pppoe = svc.pppoe.build {
target = lns.address; interface = config.hardware.networkInterfaces.wan;
dependencies = [services.dhcpc check-address]; debug = true;
}; username = rsecrets.l2tp.name;
in svc.l2tp.build { password = rsecrets.l2tp.password;
lns = lns.address;
ppp-options = [
"debug" "+ipv6" "noauth"
"name" rsecrets.l2tp.name
"password" rsecrets.l2tp.password
];
dependencies = [config.services.lns-address route check-address];
}; };
in svc.round-robin.build {
name = "wan"; l2tp =
services = [ l2tp pppoe ]; let
check-address = oneshot rec {
name = "check-lns-address";
up = "grep -Fx ${lns.address} $(output_path ${services.lns-address} addresses)";
dependencies = [ services.lns-address ];
};
route = svc.network.route.build {
via = "$(output ${services.bootstrap-dhcpc} router)";
target = lns.address;
dependencies = [services.bootstrap-dhcpc check-address];
};
in svc.l2tp.build {
lns = lns.address;
ppp-options = [
"debug" "+ipv6" "noauth"
"name" rsecrets.l2tp.name
"password" rsecrets.l2tp.password
];
dependencies = [config.services.lns-address route check-address];
};
in svc.round-robin.build {
name = "wan";
services = [ l2tp pppoe ];
};
dhcp6.enable = true;
}; };
services.sshd = svc.ssh.build { }; wireless.networks = {
"${rsecrets.ssid}" = {
services.resolvconf = oneshot rec { interface = config.hardware.networkInterfaces.wlan;
dependencies = [ services.wan ]; hw_mode = "g";
name = "resolvconf"; channel = "6";
up = '' ieee80211n = 1;
. ${serviceFns} } // wirelessConfig;
( in_outputs ${name} "${rsecrets.ssid}5" = rec {
for i in ns1 ns2 ; do interface = config.hardware.networkInterfaces.wlan5;
ns=$(output ${services.wan} $i) hw_mode = "a";
echo "nameserver $ns" >> resolv.conf channel = 36;
done ht_capab = "[HT40+]";
) vht_oper_chwidth = 1;
''; vht_oper_centr_freq_seg0_idx = channel + 6;
}; ieee80211n = 1;
filesystem = dir { ieee80211ac = 1;
etc = dir { } // wirelessConfig;
"resolv.conf" = symlink "${services.resolvconf}/.outputs/resolv.conf";
}; };
}; };
@ -119,6 +147,8 @@ in rec {
dependencies = [ config.services.hostname ]; dependencies = [ config.services.hostname ];
}; };
services.sshd = svc.ssh.build { };
services.lns-address = let services.lns-address = let
ns = "$(output_word ${services.bootstrap-dhcpc} dns 1)"; ns = "$(output_word ${services.bootstrap-dhcpc} dns 1)";
route-to-bootstrap-nameserver = svc.network.route.build { route-to-bootstrap-nameserver = svc.network.route.build {
@ -137,18 +167,13 @@ in rec {
''; '';
}; };
services.defaultroute4 = svc.network.route.build { # services.ntp = svc.ntp.build {
via = "$(output ${services.wan} peer-address)"; # pools = { "pool.ntp.org" = ["iburst"]; };
target = "default"; # makestep = { threshold = 1.0; limit = 3; };
dependencies = [services.wan]; # dependencies = with config.services; [ defaultroute4 defaultroute6 ];
}; # };
# defaultProfile.packages = [ pkgs.go-l2tp ]; users.root = rsecrets.root;
users.root = {
passwd = lib.mkForce secrets.root.passwd;
openssh.authorizedKeys.keys = secrets.root.keys;
};
programs.busybox.options = { programs.busybox.options = {
FEATURE_FANCY_TAIL = "y"; FEATURE_FANCY_TAIL = "y";