diff --git a/common/default.nix b/common/default.nix index 1764c8e..68361fb 100644 --- a/common/default.nix +++ b/common/default.nix @@ -56,7 +56,6 @@ pciutils usbutils killall - screen micro helix lm_sensors diff --git a/common/network/default.nix b/common/network/default.nix index e08be49..b5cfd93 100644 --- a/common/network/default.nix +++ b/common/network/default.nix @@ -9,7 +9,6 @@ in imports = [ ./pia-openvpn.nix ./pia-wireguard.nix - ./ping.nix ./tailscale.nix ./vpn.nix ./sandbox.nix diff --git a/common/network/ping.nix b/common/network/ping.nix deleted file mode 100644 index 865fe5a..0000000 --- a/common/network/ping.nix +++ /dev/null @@ -1,59 +0,0 @@ -{ config, pkgs, lib, ... }: - -# keeps peer to peer connections alive with a periodic ping - -with lib; -with builtins; - -# todo auto restart - -let - cfg = config.keepalive-ping; - - serviceTemplate = host: - { - "keepalive-ping@${host}" = { - description = "Periodic ping keep alive for ${host} connection"; - - requires = [ "network-online.target" ]; - after = [ "network.target" "network-online.target" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig.Restart = "always"; - - path = with pkgs; [ iputils ]; - - script = '' - ping -i ${cfg.delay} ${host} &>/dev/null - ''; - }; - }; - - combineAttrs = foldl recursiveUpdate { }; - - serviceList = map serviceTemplate cfg.hosts; - - services = combineAttrs serviceList; -in -{ - options.keepalive-ping = { - enable = mkEnableOption "Enable keep alive ping task"; - hosts = mkOption { - type = types.listOf types.str; - default = [ ]; - description = '' - Hosts to ping periodically - ''; - }; - delay = mkOption { - type = types.str; - default = "60"; - description = '' - Ping interval in seconds of periodic ping per host being pinged - ''; - }; - }; - - config = mkIf cfg.enable { - systemd.services = services; - }; -} diff --git a/common/server/ceph.nix b/common/server/ceph.nix deleted file mode 100644 index 5ffe9ad..0000000 --- a/common/server/ceph.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ config, lib, ... }: - -with lib; -let - cfg = config.ceph; -in -{ - options.ceph = { }; - - config = mkIf cfg.enable { - # ceph.enable = true; - - ## S3 Object gateway - #ceph.rgw.enable = true; - #ceph.rgw.daemons = [ - #]; - - # https://docs.ceph.com/en/latest/start/intro/ - - # meta object storage daemon - ceph.osd.enable = true; - ceph.osd.daemons = [ - - ]; - # monitor's ceph state - ceph.mon.enable = true; - ceph.mon.daemons = [ - - ]; - # manage ceph - ceph.mgr.enable = true; - ceph.mgr.daemons = [ - - ]; - # metadata server - ceph.mds.enable = true; - ceph.mds.daemons = [ - - ]; - ceph.global.fsid = "925773DC-D95F-476C-BBCD-08E01BF0865F"; - - }; -} diff --git a/common/server/default.nix b/common/server/default.nix index 1b6a265..5ef68a8 100644 --- a/common/server/default.nix +++ b/common/server/default.nix @@ -5,17 +5,12 @@ ./nginx.nix ./thelounge.nix ./mumble.nix - ./icecast.nix - ./nginx-stream.nix ./matrix.nix - ./zerobin.nix ./gitea.nix ./samba.nix ./owncast.nix ./mailserver.nix ./nextcloud.nix - ./iodine.nix - ./searx.nix ./gitea-actions-runner.nix ./librechat.nix ./actualbudget.nix diff --git a/common/server/gitlab.nix b/common/server/gitlab.nix deleted file mode 100644 index 3a81c33..0000000 --- a/common/server/gitlab.nix +++ /dev/null @@ -1,42 +0,0 @@ -{ config, pkgs, ... }: - -{ - services.gitlab = { - enable = true; - databasePasswordFile = "/var/keys/gitlab/db_password"; - initialRootPasswordFile = "/var/keys/gitlab/root_password"; - https = true; - host = "git.neet.dev"; - port = 443; - user = "git"; - group = "git"; - databaseUsername = "git"; - smtp = { - enable = true; - address = "localhost"; - port = 25; - }; - secrets = { - dbFile = "/var/keys/gitlab/db"; - secretFile = "/var/keys/gitlab/secret"; - otpFile = "/var/keys/gitlab/otp"; - jwsFile = "/var/keys/gitlab/jws"; - }; - extraConfig = { - gitlab = { - email_from = "gitlab-no-reply@neet.dev"; - email_display_name = "neet.dev GitLab"; - email_reply_to = "gitlab-no-reply@neet.dev"; - }; - }; - pagesExtraArgs = [ "-listen-proxy" "127.0.0.1:8090" ]; - }; - - services.nginx.virtualHosts = { - "git.neet.dev" = { - enableACME = true; - forceSSL = true; - locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket"; - }; - }; -} diff --git a/common/server/hydra.nix b/common/server/hydra.nix deleted file mode 100644 index 2c4e845..0000000 --- a/common/server/hydra.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ config, pkgs, ... }: - -let - domain = "hydra.neet.dev"; - port = 3000; - notifyEmail = "hydra@neet.dev"; -in -{ - services.nginx.virtualHosts."${domain}" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://localhost:${toString port}"; - }; - }; - - services.hydra = { - enable = true; - inherit port; - hydraURL = "https://${domain}"; - useSubstitutes = true; - notificationSender = notifyEmail; - buildMachinesFiles = [ ]; - }; -} diff --git a/common/server/icecast.nix b/common/server/icecast.nix deleted file mode 100644 index 72390cc..0000000 --- a/common/server/icecast.nix +++ /dev/null @@ -1,65 +0,0 @@ -{ lib, config, ... }: - -# configures icecast to only accept source from localhost -# to a audio optimized stream on services.icecast.mount -# made available via nginx for http access on -# https://host/mount - -let - cfg = config.services.icecast; -in -{ - options.services.icecast = { - mount = lib.mkOption { - type = lib.types.str; - example = "stream.mp3"; - }; - fallback = lib.mkOption { - type = lib.types.str; - example = "fallback.mp3"; - }; - nginx = lib.mkEnableOption "enable nginx"; - }; - - config = lib.mkIf cfg.enable { - services.icecast = { - listen.address = "0.0.0.0"; - listen.port = 8001; - admin.password = "hackme"; - extraConf = '' - - hackme - - -
- - - /${cfg.mount} - 30 - 64000 - false - false - /${cfg.fallback} - 1 - - - /${cfg.fallback} - 30 - 64000 - false - false - - ''; - }; - services.nginx.virtualHosts.${cfg.hostname} = lib.mkIf cfg.nginx { - enableACME = true; - forceSSL = true; - locations."/${cfg.mount}" = { - proxyPass = "http://localhost:${toString cfg.listen.port}/${cfg.mount}"; - extraConfig = '' - add_header Access-Control-Allow-Origin *; - ''; - }; - }; - }; -} diff --git a/common/server/iodine.nix b/common/server/iodine.nix deleted file mode 100644 index 0187f11..0000000 --- a/common/server/iodine.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ config, pkgs, lib, ... }: - -let - cfg = config.services.iodine.server; -in -{ - config = lib.mkIf cfg.enable { - # iodine DNS-based vpn - services.iodine.server = { - ip = "192.168.99.1"; - domain = "tun.neet.dev"; - passwordFile = "/run/agenix/iodine"; - }; - age.secrets.iodine.file = ../../secrets/iodine.age; - networking.firewall.allowedUDPPorts = [ 53 ]; - - networking.nat.internalInterfaces = [ - "dns0" # iodine - ]; - }; -} diff --git a/common/server/nginx-stream.nix b/common/server/nginx-stream.nix deleted file mode 100644 index 9da4bdb..0000000 --- a/common/server/nginx-stream.nix +++ /dev/null @@ -1,76 +0,0 @@ -{ lib, config, pkgs, ... }: - -let - cfg = config.services.nginx.stream; - nginxWithRTMP = pkgs.nginx.override { - modules = [ pkgs.nginxModules.rtmp ]; - }; -in -{ - options.services.nginx.stream = { - enable = lib.mkEnableOption "enable nginx rtmp/hls/dash video streaming"; - port = lib.mkOption { - type = lib.types.int; - default = 1935; - description = "rtmp injest/serve port"; - }; - rtmpName = lib.mkOption { - type = lib.types.str; - default = "live"; - description = "the name of the rtmp application"; - }; - hostname = lib.mkOption { - type = lib.types.str; - description = "the http host to serve hls"; - }; - httpLocation = lib.mkOption { - type = lib.types.str; - default = "/tmp"; - description = "the path of the tmp http files"; - }; - }; - config = lib.mkIf cfg.enable { - services.nginx = { - enable = true; - - package = nginxWithRTMP; - - virtualHosts.${cfg.hostname} = { - enableACME = true; - forceSSL = true; - locations = { - "/stream/hls".root = "${cfg.httpLocation}/hls"; - "/stream/dash".root = "${cfg.httpLocation}/dash"; - }; - extraConfig = '' - location /stat { - rtmp_stat all; - } - ''; - }; - - appendConfig = '' - rtmp { - server { - listen ${toString cfg.port}; - chunk_size 4096; - application ${cfg.rtmpName} { - allow publish all; - allow publish all; - live on; - record off; - hls on; - hls_path ${cfg.httpLocation}/hls; - dash on; - dash_path ${cfg.httpLocation}/dash; - } - } - } - ''; - }; - - networking.firewall.allowedTCPPorts = [ - cfg.port - ]; - }; -} diff --git a/common/server/searx.nix b/common/server/searx.nix deleted file mode 100644 index 4e444f9..0000000 --- a/common/server/searx.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ config, pkgs, lib, ... }: - -let - cfg = config.services.searx; -in -{ - config = lib.mkIf cfg.enable { - services.searx = { - environmentFile = "/run/agenix/searx"; - settings = { - server.port = 43254; - server.secret_key = "@SEARX_SECRET_KEY@"; - engines = [{ - name = "wolframalpha"; - shortcut = "wa"; - api_key = "@WOLFRAM_API_KEY@"; - engine = "wolframalpha_api"; - }]; - }; - }; - services.nginx.virtualHosts."search.neet.space" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://localhost:${toString config.services.searx.settings.server.port}"; - }; - }; - age.secrets.searx.file = ../../secrets/searx.age; - }; -} diff --git a/common/server/video-stream.nix b/common/server/video-stream.nix deleted file mode 100644 index 23a775d..0000000 --- a/common/server/video-stream.nix +++ /dev/null @@ -1,97 +0,0 @@ -{ config, pkgs, ... }: - -let - # external - rtp-port = 8083; - webrtc-peer-lower-port = 20000; - webrtc-peer-upper-port = 20100; - domain = "live.neet.space"; - - # internal - ingest-port = 8084; - web-port = 8085; - webrtc-port = 8086; - toStr = builtins.toString; -in -{ - networking.firewall.allowedUDPPorts = [ rtp-port ]; - networking.firewall.allowedTCPPortRanges = [{ - from = webrtc-peer-lower-port; - to = webrtc-peer-upper-port; - }]; - networking.firewall.allowedUDPPortRanges = [{ - from = webrtc-peer-lower-port; - to = webrtc-peer-upper-port; - }]; - - virtualisation.docker.enable = true; - - services.nginx.virtualHosts.${domain} = { - enableACME = true; - forceSSL = true; - locations = { - "/" = { - proxyPass = "http://localhost:${toStr web-port}"; - }; - "websocket" = { - proxyPass = "http://localhost:${toStr webrtc-port}/websocket"; - proxyWebsockets = true; - }; - }; - }; - - virtualisation.oci-containers = { - backend = "docker"; - containers = { - "lightspeed-ingest" = { - workdir = "/var/lib/lightspeed-ingest"; - image = "projectlightspeed/ingest"; - ports = [ - "${toStr ingest-port}:8084" - ]; - # imageFile = pkgs.dockerTools.pullImage { - # imageName = "projectlightspeed/ingest"; - # finalImageTag = "version-0.1.4"; - # imageDigest = "sha256:9fc51833b7c27a76d26e40f092b9cec1ac1c4bfebe452e94ad3269f1f73ff2fc"; - # sha256 = "19kxl02x0a3i6hlnsfcm49hl6qxnq2f3hfmyv1v8qdaz58f35kd5"; - # }; - }; - "lightspeed-react" = { - workdir = "/var/lib/lightspeed-react"; - image = "projectlightspeed/react"; - ports = [ - "${toStr web-port}:80" - ]; - # imageFile = pkgs.dockerTools.pullImage { - # imageName = "projectlightspeed/react"; - # finalImageTag = "version-0.1.3"; - # imageDigest = "sha256:b7c58425f1593f7b4304726b57aa399b6e216e55af9c0962c5c19333fae638b6"; - # sha256 = "0d2jh7mr20h7dxgsp7ml7cw2qd4m8ja9rj75dpy59zyb6v0bn7js"; - # }; - }; - "lightspeed-webrtc" = { - workdir = "/var/lib/lightspeed-webrtc"; - image = "projectlightspeed/webrtc"; - ports = [ - "${toStr webrtc-port}:8080" - "${toStr rtp-port}:65535/udp" - "${toStr webrtc-peer-lower-port}-${toStr webrtc-peer-upper-port}:${toStr webrtc-peer-lower-port}-${toStr webrtc-peer-upper-port}/tcp" - "${toStr webrtc-peer-lower-port}-${toStr webrtc-peer-upper-port}:${toStr webrtc-peer-lower-port}-${toStr webrtc-peer-upper-port}/udp" - ]; - cmd = [ - "lightspeed-webrtc" - "--addr=0.0.0.0" - "--ip=${domain}" - "--ports=${toStr webrtc-peer-lower-port}-${toStr webrtc-peer-upper-port}" - "run" - ]; - # imageFile = pkgs.dockerTools.pullImage { - # imageName = "projectlightspeed/webrtc"; - # finalImageTag = "version-0.1.2"; - # imageDigest = "sha256:ddf8b3dd294485529ec11d1234a3fc38e365a53c4738998c6bc2c6930be45ecf"; - # sha256 = "1bdy4ak99fjdphj5bsk8rp13xxmbqdhfyfab14drbyffivg9ad2i"; - # }; - }; - }; - }; -} diff --git a/common/server/zerobin.nix b/common/server/zerobin.nix deleted file mode 100644 index 6ecada7..0000000 --- a/common/server/zerobin.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ config, pkgs, lib, ... }: - -let - cfg = config.services.zerobin; -in -{ - options.services.zerobin = { - host = lib.mkOption { - type = lib.types.str; - example = "example.com"; - }; - port = lib.mkOption { - type = lib.types.int; - default = 33422; - }; - }; - config = lib.mkIf cfg.enable { - services.zerobin.listenPort = cfg.port; - services.zerobin.listenAddress = "localhost"; - - services.nginx.virtualHosts.${cfg.host} = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://localhost:${toString cfg.port}"; - proxyWebsockets = true; - }; - }; - - # zerobin service is broken in nixpkgs currently - systemd.services.zerobin.serviceConfig.ExecStart = lib.mkForce - "${pkgs.zerobin}/bin/zerobin --host=${cfg.listenAddress} --port=${toString cfg.listenPort} --data-dir=${cfg.dataDir}"; - }; -} diff --git a/machines/fry/workspaces/test-vm.nix b/machines/fry/workspaces/test-vm.nix deleted file mode 100644 index cc1af84..0000000 --- a/machines/fry/workspaces/test-vm.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, lib, pkgs, ... }: - -# Example VM workspace configuration -# -# Add to sandboxed-workspace.workspaces in machines/fry/default.nix: -# sandboxed-workspace.workspaces.example = { -# type = "vm"; -# config = ./workspaces/example.nix; -# ip = "192.168.83.10"; -# }; -# -# The workspace name ("example") becomes the hostname automatically. -# The IP is configured in default.nix, not here. - -{ - # Install packages as needed - environment.systemPackages = with pkgs; [ - # Add packages here - ]; - - # Additional shares beyond the standard ones (workspace, ssh-host-keys, claude-config): - # microvm.shares = [ ... ]; -} diff --git a/machines/ponyo/default.nix b/machines/ponyo/default.nix index 998dfc9..e79dad7 100644 --- a/machines/ponyo/default.nix +++ b/machines/ponyo/default.nix @@ -77,9 +77,6 @@ # pin postgresql for matrix (will need to migrate eventually) services.postgresql.package = pkgs.postgresql_15; - # iodine DNS-based vpn - # services.iodine.server.enable = true; - # proxied web services services.nginx.enable = true; services.nginx.virtualHosts."navidrome.neet.cloud" = { diff --git a/machines/ponyo/properties.nix b/machines/ponyo/properties.nix index 1695957..7662160 100644 --- a/machines/ponyo/properties.nix +++ b/machines/ponyo/properties.nix @@ -10,7 +10,6 @@ systemRoles = [ "server" "email-server" - "iodine" "pia" "nextcloud" "dailybot" diff --git a/machines/router/default.nix b/machines/router/default.nix deleted file mode 100644 index ff42011..0000000 --- a/machines/router/default.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - imports = [ - ./hardware-configuration.nix - ./router.nix - ]; - - # https://dataswamp.org/~solene/2022-08-03-nixos-with-live-usb-router.html - # https://github.com/mdlayher/homelab/blob/391cfc0de06434e4dee0abe2bec7a2f0637345ac/nixos/routnerr-2/configuration.nix - # https://github.com/skogsbrus/os/blob/master/sys/router.nix - # http://trac.gateworks.com/wiki/wireless/wifi - - system.autoUpgrade.enable = true; - - services.tailscale.exitNode = true; - - router.enable = true; - router.privateSubnet = "192.168.3"; - - services.iperf3.enable = true; - - # networking.useDHCP = lib.mkForce true; - - networking.usePredictableInterfaceNames = false; - - powerManagement.cpuFreqGovernor = "ondemand"; - - - services.irqbalance.enable = true; - - # services.miniupnpd = { - # enable = true; - # externalInterface = "eth0"; - # internalIPs = [ "br0" ]; - # }; -} diff --git a/machines/router/firmware/mediatek/mt7916_eeprom.bin b/machines/router/firmware/mediatek/mt7916_eeprom.bin deleted file mode 100644 index 35b287c..0000000 Binary files a/machines/router/firmware/mediatek/mt7916_eeprom.bin and /dev/null differ diff --git a/machines/router/firmware/mediatek/mt7916_rom_patch.bin b/machines/router/firmware/mediatek/mt7916_rom_patch.bin deleted file mode 100644 index f06d5a2..0000000 Binary files a/machines/router/firmware/mediatek/mt7916_rom_patch.bin and /dev/null differ diff --git a/machines/router/firmware/mediatek/mt7916_wa.bin b/machines/router/firmware/mediatek/mt7916_wa.bin deleted file mode 100644 index 21caab9..0000000 Binary files a/machines/router/firmware/mediatek/mt7916_wa.bin and /dev/null differ diff --git a/machines/router/firmware/mediatek/mt7916_wm.bin b/machines/router/firmware/mediatek/mt7916_wm.bin deleted file mode 100644 index b9267a5..0000000 Binary files a/machines/router/firmware/mediatek/mt7916_wm.bin and /dev/null differ diff --git a/machines/router/generate_hostapd_config.sh b/machines/router/generate_hostapd_config.sh deleted file mode 100755 index 3c8906f..0000000 --- a/machines/router/generate_hostapd_config.sh +++ /dev/null @@ -1,223 +0,0 @@ -#!/bin/sh - -# TODO allow adding custom parameters to ht_capab, vht_capab -# TODO detect bad channel numbers (preferably not at runtime) -# TODO error if 160mhz is not supported -# TODO 'b' only goes up to 40mhz - -# gets the phy number using the input interface -# Ex: get_phy_number("wlan0") -> "1" -get_phy_number() { - local interface=$1 - phy=$(iw dev "$interface" info | awk '/phy/ {gsub(/#/,"");print $2}') - if [[ -z "$phy" ]]; then - echo "Error: interface not found" >&2 - exit 1 - fi - phy=phy$phy -} - -get_ht_cap_mask() { - ht_cap_mask=0 - - for cap in $(iw phy "$phy" info | grep 'Capabilities:' | cut -d: -f2); do - ht_cap_mask="$(($ht_cap_mask | $cap))" - done - - local cap_rx_stbc - cap_rx_stbc=$((($ht_cap_mask >> 8) & 3)) - ht_cap_mask="$(( ($ht_cap_mask & ~(0x300)) | ($cap_rx_stbc << 8) ))" -} - -get_vht_cap_mask() { - vht_cap_mask=0 - for cap in $(iw phy "$phy" info | awk -F "[()]" '/VHT Capabilities/ { print $2 }'); do - vht_cap_mask="$(($vht_cap_mask | $cap))" - done - - local cap_rx_stbc - cap_rx_stbc=$((($vht_cap_mask >> 8) & 7)) - vht_cap_mask="$(( ($vht_cap_mask & ~(0x700)) | ($cap_rx_stbc << 8) ))" -} - -mac80211_add_capabilities() { - local __var="$1"; shift - local __mask="$1"; shift - local __out= oifs - - oifs="$IFS" - IFS=: - for capab in "$@"; do - set -- $capab - [ "$(($4))" -gt 0 ] || continue - [ "$(($__mask & $2))" -eq "$((${3:-$2}))" ] || continue - __out="$__out[$1]" - done - IFS="$oifs" - - export -n -- "$__var=$__out" -} - -add_special_ht_capabilities() { - case "$hwmode" in - a) - case "$(( ($channel / 4) % 2 ))" in - 1) ht_capab="$ht_capab[HT40+]";; - 0) ht_capab="$ht_capab[HT40-]";; - esac - ;; - *) - if [ "$channel" -lt 7 ]; then - ht_capab="$ht_capab[HT40+]" - else - ht_capab="$ht_capab[HT40-]" - fi - ;; - esac -} - -add_special_vht_capabilities() { - local cap_ant - [ "$(($vht_cap_mask & 0x800))" -gt 0 ] && { - cap_ant="$(( ( ($vht_cap_mask >> 16) & 3 ) + 1 ))" - [ "$cap_ant" -gt 1 ] && vht_capab="$vht_capab[SOUNDING-DIMENSION-$cap_ant]" - } - - [ "$(($vht_cap_mask & 0x1000))" -gt 0 ] && { - cap_ant="$(( ( ($vht_cap_mask >> 13) & 3 ) + 1 ))" - [ "$cap_ant" -gt 1 ] && vht_capab="$vht_capab[BF-ANTENNA-$cap_ant]" - } - - if [ "$(($vht_cap_mask & 12))" -eq 4 ]; then - vht_capab="$vht_capab[VHT160]" - fi - - local vht_max_mpdu_hw=3895 - [ "$(($vht_cap_mask & 3))" -ge 1 ] && \ - vht_max_mpdu_hw=7991 - [ "$(($vht_cap_mask & 3))" -ge 2 ] && \ - vht_max_mpdu_hw=11454 - [ "$vht_max_mpdu_hw" != 3895 ] && \ - vht_capab="$vht_capab[MAX-MPDU-$vht_max_mpdu_hw]" - - # maximum A-MPDU length exponent - local vht_max_a_mpdu_len_exp_hw=0 - [ "$(($vht_cap_mask & 58720256))" -ge 8388608 ] && \ - vht_max_a_mpdu_len_exp_hw=1 - [ "$(($vht_cap_mask & 58720256))" -ge 16777216 ] && \ - vht_max_a_mpdu_len_exp_hw=2 - [ "$(($vht_cap_mask & 58720256))" -ge 25165824 ] && \ - vht_max_a_mpdu_len_exp_hw=3 - [ "$(($vht_cap_mask & 58720256))" -ge 33554432 ] && \ - vht_max_a_mpdu_len_exp_hw=4 - [ "$(($vht_cap_mask & 58720256))" -ge 41943040 ] && \ - vht_max_a_mpdu_len_exp_hw=5 - [ "$(($vht_cap_mask & 58720256))" -ge 50331648 ] && \ - vht_max_a_mpdu_len_exp_hw=6 - [ "$(($vht_cap_mask & 58720256))" -ge 58720256 ] && \ - vht_max_a_mpdu_len_exp_hw=7 - vht_capab="$vht_capab[MAX-A-MPDU-LEN-EXP$vht_max_a_mpdu_len_exp_hw]" - - local vht_link_adapt_hw=0 - [ "$(($vht_cap_mask & 201326592))" -ge 134217728 ] && \ - vht_link_adapt_hw=2 - [ "$(($vht_cap_mask & 201326592))" -ge 201326592 ] && \ - vht_link_adapt_hw=3 - [ "$vht_link_adapt_hw" != 0 ] && \ - vht_capab="$vht_capab[VHT-LINK-ADAPT-$vht_link_adapt_hw]" -} - -calculate_channel_offsets() { - vht_oper_chwidth=0 - vht_oper_centr_freq_seg0_idx= - - local idx="$channel" - case "$channelWidth" in - 40) - case "$(( ($channel / 4) % 2 ))" in - 1) idx=$(($channel + 2));; - 0) idx=$(($channel - 2));; - esac - vht_oper_centr_freq_seg0_idx=$idx - ;; - 80) - case "$(( ($channel / 4) % 4 ))" in - 1) idx=$(($channel + 6));; - 2) idx=$(($channel + 2));; - 3) idx=$(($channel - 2));; - 0) idx=$(($channel - 6));; - esac - vht_oper_chwidth=1 - vht_oper_centr_freq_seg0_idx=$idx - ;; - 160) - case "$channel" in - 36|40|44|48|52|56|60|64) idx=50;; - 100|104|108|112|116|120|124|128) idx=114;; - esac - vht_oper_chwidth=2 - vht_oper_centr_freq_seg0_idx=$idx - ;; - esac - - he_oper_chwidth=$vht_oper_chwidth - he_oper_centr_freq_seg0_idx=$vht_oper_centr_freq_seg0_idx -} - -interface=$1 -channel=$2 -hwmode=$3 -channelWidth=$4 - -get_phy_number $interface -get_ht_cap_mask -get_vht_cap_mask - -mac80211_add_capabilities vht_capab $vht_cap_mask \ - RXLDPC:0x10::1 \ - SHORT-GI-80:0x20::1 \ - SHORT-GI-160:0x40::1 \ - TX-STBC-2BY1:0x80::1 \ - SU-BEAMFORMER:0x800::1 \ - SU-BEAMFORMEE:0x1000::1 \ - MU-BEAMFORMER:0x80000::1 \ - MU-BEAMFORMEE:0x100000::1 \ - VHT-TXOP-PS:0x200000::1 \ - HTC-VHT:0x400000::1 \ - RX-ANTENNA-PATTERN:0x10000000::1 \ - TX-ANTENNA-PATTERN:0x20000000::1 \ - RX-STBC-1:0x700:0x100:1 \ - RX-STBC-12:0x700:0x200:1 \ - RX-STBC-123:0x700:0x300:1 \ - RX-STBC-1234:0x700:0x400:1 \ - -mac80211_add_capabilities ht_capab $ht_cap_mask \ - LDPC:0x1::1 \ - GF:0x10::1 \ - SHORT-GI-20:0x20::1 \ - SHORT-GI-40:0x40::1 \ - TX-STBC:0x80::1 \ - RX-STBC1:0x300::1 \ - MAX-AMSDU-7935:0x800::1 \ - - # TODO this is active when the driver doesn't support it? - # DSSS_CCK-40:0x1000::1 \ - - # TODO these are active when the driver doesn't support them? - # RX-STBC1:0x300:0x100:1 \ - # RX-STBC12:0x300:0x200:1 \ - # RX-STBC123:0x300:0x300:1 \ - -add_special_ht_capabilities -add_special_vht_capabilities - -echo ht_capab=$ht_capab -echo vht_capab=$vht_capab - -if [ "$channelWidth" != "20" ]; then - calculate_channel_offsets - echo he_oper_chwidth=$he_oper_chwidth - echo vht_oper_chwidth=$vht_oper_chwidth - echo he_oper_centr_freq_seg0_idx=$he_oper_centr_freq_seg0_idx - echo vht_oper_centr_freq_seg0_idx=$vht_oper_centr_freq_seg0_idx -fi \ No newline at end of file diff --git a/machines/router/hardware-configuration.nix b/machines/router/hardware-configuration.nix deleted file mode 100644 index ad6ae33..0000000 --- a/machines/router/hardware-configuration.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ config, pkgs, ... }: - -{ - # kernel - boot.kernelPackages = pkgs.linuxPackages_latest; - boot.initrd.availableKernelModules = [ "igb" "mt7915e" "xhci_pci" "ahci" "ehci_pci" "usb_storage" "sd_mod" "sdhci_pci" ]; - boot.initrd.kernelModules = [ "dm-snapshot" ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; - - # Enable serial output - boot.kernelParams = [ - "console=ttyS0,115200n8" # enable serial console - ]; - boot.loader.grub.extraConfig = " - serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1 - terminal_input serial - terminal_output serial - "; - - # firmware - firmware.x86_64.enable = true; - nixpkgs.config.allowUnfree = true; - hardware.enableRedistributableFirmware = true; - hardware.enableAllFirmware = true; - - # boot - bios = { - enable = true; - device = "/dev/sda"; - }; - - # disks - fileSystems."/" = - { - device = "/dev/disk/by-uuid/6aa7f79e-bef8-4b0f-b22c-9d1b3e8ac94b"; - fsType = "ext4"; - }; - fileSystems."/boot" = - { - device = "/dev/disk/by-uuid/14dfc562-0333-4ddd-b10c-4eeefe1cd05f"; - fsType = "ext3"; - }; - swapDevices = - [{ device = "/dev/disk/by-uuid/adf37c64-3b54-480c-a9a7-099d61c6eac7"; }]; - - nixpkgs.hostPlatform = "x86_64-linux"; -} diff --git a/machines/router/properties.nix b/machines/router/properties.nix deleted file mode 100644 index 2f75b63..0000000 --- a/machines/router/properties.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ - hostNames = [ - "router" - "192.168.6.159" - "192.168.3.1" - ]; - - arch = "x86_64-linux"; - - systemRoles = [ - "server" - "wireless" - "router" - ]; - - hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKDCMhEvWJxFBNyvpyuljv5Uun8AdXCxBK9HvPBRe5x6"; -} diff --git a/machines/router/router.nix b/machines/router/router.nix deleted file mode 100644 index 72052f4..0000000 --- a/machines/router/router.nix +++ /dev/null @@ -1,238 +0,0 @@ -{ config, pkgs, lib, ... }: - -let - cfg = config.router; - inherit (lib) mapAttrs' genAttrs nameValuePair mkOption types mkIf mkEnableOption; -in -{ - options.router = { - enable = mkEnableOption "router"; - - privateSubnet = mkOption { - type = types.str; - default = "192.168.1"; - description = "IP block (/24) to use for the private subnet"; - }; - }; - - config = mkIf cfg.enable { - networking.ip_forward = true; - - networking.interfaces.enp1s0.useDHCP = true; - - networking.nat = { - enable = true; - internalInterfaces = [ - "br0" - ]; - externalInterface = "enp1s0"; - }; - - networking.bridges = { - br0 = { - interfaces = [ - "eth2" - # "wlp4s0" - # "wlan1" - "wlan0" - "wlan1" - ]; - }; - }; - - networking.interfaces = { - br0 = { - useDHCP = false; - ipv4.addresses = [ - { - address = "${cfg.privateSubnet}.1"; - prefixLength = 24; - } - ]; - }; - }; - - networking.firewall = { - enable = true; - trustedInterfaces = [ "br0" "tailscale0" ]; - - interfaces = { - enp1s0 = { - allowedTCPPorts = [ ]; - allowedUDPPorts = [ ]; - }; - }; - }; - - services.dnsmasq = { - enable = true; - settings = { - # sensible behaviours - domain-needed = true; - bogus-priv = true; - no-resolv = true; - - # upstream name servers - server = [ - "1.1.1.1" - "8.8.8.8" - ]; - - # local domains - expand-hosts = true; - domain = "home"; - local = "/home/"; - - # Interfaces to use DNS on - interface = "br0"; - - # subnet IP blocks to use DHCP on - dhcp-range = "${cfg.privateSubnet}.10,${cfg.privateSubnet}.254,24h"; - }; - }; - - services.hostapd = { - enable = true; - radios = { - # Simple 2.4GHz AP - wlan0 = { - countryCode = "US"; - networks.wlan0 = { - ssid = "CXNK00BF9176-1"; - authentication.saePasswords = [{ passwordFile = "/run/agenix/hostapd-pw-CXNK00BF9176"; }]; - }; - }; - - # WiFi 5 (5GHz) with two advertised networks - wlan1 = { - band = "5g"; - channel = 0; - countryCode = "US"; - networks.wlan1 = { - ssid = "CXNK00BF9176-1"; - authentication.saePasswords = [{ passwordFile = "/run/agenix/hostapd-pw-CXNK00BF9176"; }]; - }; - }; - }; - }; - age.secrets.hostapd-pw-CXNK00BF9176.file = ../../secrets/hostapd-pw-CXNK00BF9176.age; - - # wlan0 5Ghz 00:0a:52:08:38:32 - # wlp4s0 2.4Ghz 00:0a:52:08:38:33 - - # services.hostapd = { - # enable = true; - # radios = { - # # 2.4GHz - # wlp4s0 = { - # band = "2g"; - # noScan = true; - # channel = 6; - # countryCode = "US"; - # wifi4 = { - # capabilities = [ "LDPC" "GF" "SHORT-GI-20" "SHORT-GI-40" "TX-STBC" "RX-STBC1" "MAX-AMSDU-7935" "HT40+" ]; - # }; - # wifi5 = { - # operatingChannelWidth = "20or40"; - # capabilities = [ "MAX-A-MPDU-LEN-EXP0" ]; - # }; - # wifi6 = { - # enable = true; - # singleUserBeamformer = true; - # singleUserBeamformee = true; - # multiUserBeamformer = true; - # operatingChannelWidth = "20or40"; - # }; - # networks = { - # wlp4s0 = { - # ssid = "CXNK00BF9176"; - # authentication.saePasswordsFile = "/run/agenix/hostapd-pw-CXNK00BF9176"; - # }; - # # wlp4s0-1 = { - # # ssid = "- Experimental 5G Tower by AT&T"; - # # authentication.saePasswordsFile = "/run/agenix/hostapd-pw-experimental-tower"; - # # }; - # # wlp4s0-2 = { - # # ssid = "FBI Surveillance Van 2"; - # # authentication.saePasswordsFile = "/run/agenix/hostapd-pw-experimental-tower"; - # # }; - # }; - # settings = { - # he_oper_centr_freq_seg0_idx = 8; - # vht_oper_centr_freq_seg0_idx = 8; - # }; - # }; - - # # 5GHz - # wlan1 = { - # band = "5g"; - # noScan = true; - # channel = 128; - # countryCode = "US"; - # wifi4 = { - # capabilities = [ "LDPC" "GF" "SHORT-GI-20" "SHORT-GI-40" "TX-STBC" "RX-STBC1" "MAX-AMSDU-7935" "HT40-" ]; - # }; - # wifi5 = { - # operatingChannelWidth = "160"; - # capabilities = [ "RXLDPC" "SHORT-GI-80" "SHORT-GI-160" "TX-STBC-2BY1" "SU-BEAMFORMER" "SU-BEAMFORMEE" "MU-BEAMFORMER" "MU-BEAMFORMEE" "RX-ANTENNA-PATTERN" "TX-ANTENNA-PATTERN" "RX-STBC-1" "SOUNDING-DIMENSION-3" "BF-ANTENNA-3" "VHT160" "MAX-MPDU-11454" "MAX-A-MPDU-LEN-EXP7" ]; - # }; - # wifi6 = { - # enable = true; - # singleUserBeamformer = true; - # singleUserBeamformee = true; - # multiUserBeamformer = true; - # operatingChannelWidth = "160"; - # }; - # networks = { - # wlan1 = { - # ssid = "CXNK00BF9176"; - # authentication.saePasswordsFile = "/run/agenix/hostapd-pw-CXNK00BF9176"; - # }; - # # wlan1-1 = { - # # ssid = "- Experimental 5G Tower by AT&T"; - # # authentication.saePasswordsFile = "/run/agenix/hostapd-pw-experimental-tower"; - # # }; - # # wlan1-2 = { - # # ssid = "FBI Surveillance Van 5"; - # # authentication.saePasswordsFile = "/run/agenix/hostapd-pw-experimental-tower"; - # # }; - # }; - # settings = { - # vht_oper_centr_freq_seg0_idx = 114; - # he_oper_centr_freq_seg0_idx = 114; - # }; - # }; - # }; - # }; - # age.secrets.hostapd-pw-experimental-tower.file = ../../secrets/hostapd-pw-experimental-tower.age; - # age.secrets.hostapd-pw-CXNK00BF9176.file = ../../secrets/hostapd-pw-CXNK00BF9176.age; - - # hardware.firmware = [ - # pkgs.mt7916-firmware - # ]; - - # nixpkgs.overlays = [ - # (self: super: { - # mt7916-firmware = pkgs.stdenvNoCC.mkDerivation { - # pname = "mt7916-firmware"; - # version = "custom-feb-02-23"; - # src = ./firmware/mediatek; # from here https://github.com/openwrt/mt76/issues/720#issuecomment-1413537674 - # dontBuild = true; - # installPhase = '' - # for i in \ - # mt7916_eeprom.bin \ - # mt7916_rom_patch.bin \ - # mt7916_wa.bin \ - # mt7916_wm.bin; - # do - # install -D -pm644 $i $out/lib/firmware/mediatek/$i - # done - # ''; - # meta = with lib; { - # license = licenses.unfreeRedistributableFirmware; - # }; - # }; - # }) - # ]; - }; -} diff --git a/secrets/hostapd-pw-CXNK00BF9176.age b/secrets/hostapd-pw-CXNK00BF9176.age deleted file mode 100644 index a8464dd..0000000 Binary files a/secrets/hostapd-pw-CXNK00BF9176.age and /dev/null differ diff --git a/secrets/hostapd-pw-experimental-tower.age b/secrets/hostapd-pw-experimental-tower.age deleted file mode 100644 index dc91dec..0000000 Binary files a/secrets/hostapd-pw-experimental-tower.age and /dev/null differ diff --git a/secrets/iodine.age b/secrets/iodine.age deleted file mode 100644 index 91d946e..0000000 --- a/secrets/iodine.age +++ /dev/null @@ -1,11 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 6AT2/g 3s+reqcb4Hu/3Z7rICFZBOkW02ibISthFAT1sveyLBo -Eh5ynxeqqXhNbv/ASWZxzKXAzKX41uI5iJI4KqluHRI --> ssh-ed25519 ZDy34A cHcA2p0VrGr6jP/CUTOSU4Gef04ujh6wmJjmEWmWNE0 -wwaQnj7RABFzTbU74awlIJeHHePtO7jihNd2EUkNZPU --> ssh-ed25519 w3nu8g hN/fWUHspXoJmpibR4NAL3EXkKExe2tRjUzmLGK6VnE -F1KQnGe3M8eD9hjnHLc7hqFTw9iXh7ICz0u421DuFOs --> ssh-ed25519 evqvfg r3AoIJ3KWCYIsV8+RTgYY+Eg+1EcBVNrX+ZRunKaug8 -KSXd4uq1/0ErZzSTPrCmY/66v4TT5PmFqv9LRSHNi9A ---- 3bGqZANqdfEgdiUzu38n4dzPOShgGUzQGtO7l2S+hwU -?\a'{/}L:|G`+MY$s+UkgIDK \ No newline at end of file diff --git a/secrets/oauth2-proxy-env.age b/secrets/oauth2-proxy-env.age deleted file mode 100644 index 349311e..0000000 --- a/secrets/oauth2-proxy-env.age +++ /dev/null @@ -1,21 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 WBT1Hw QyirfN0ibrERO2bNZrb/8xqT5thl8LQmjn+xAFVMryc -bLND1Cb4eO2VAGtM+ehm4YW8jN5Tcki+jc3JxLHSZuo --> ssh-ed25519 6AT2/g DqNkPFZ/b96oYl8RiUkVxi9vmv8RG0Pbs2y0cqKRGX4 -5FLcVYepU/bNRq2Cr9zdHDN/vM9OFO6Q7QlWX+PPa4Q --> ssh-ed25519 r848+g iSF57inO0hafZ0N6hIWGML1kRE48fN3WooeeHXXIRSs -RdYVTCEwMc31x9yl2VBmRCEJXUGCVeJjBBdO1rAL3A8 --> ssh-ed25519 hPp1nw mhanVdWbVK7OAinjTmEqx1jawd8pTlPe6YTIa/sEckQ -MVBgbEa8uNYIoCCmEBmFzMQR5cO033C57lMze5z+n54 --> ssh-ed25519 ZDy34A su3VVvWZhGKTR11mNKoOLzYjvnBCOG+U4qIeHUY6VXE -DRscTOjNk5BpejadPMVABLeLC+0mB6uAYxsSm5HqUgw --> ssh-ed25519 w3nu8g kZXxRHeMvnzk96IhW73XUkXo6lM0CfUjgFFcio5e4TA -1vWdp3DVAH74cBd2hUujCz4J4ztQzFseP9SKYk2juAM --> ssh-ed25519 evqvfg xRV4zs+y8jaqkLH7qMbRsThjptxuokIn1h1S2eIUmXg -6+a1IS7X2qucszKXa1XOeEgVDeNf3PF2HgQMixGPR7s ---- 6gSqjzHmrwlNUz8bmuoeB/2zUIOvQ82RDu77vaCtnvs -]qӮAz}eU(em{^cְ)7[H -gK܉#F$)OE5{6֋QNJ.3YNoXS`bZ W;* -AU۾&wj@BL/ -