zuckerberg/nix-config
zuckerberg/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Activity

NixOS router is now in active use :)

Browse Source
This commit is contained in:
Zuckerberg 2023-04-04 20:53:38 -06:00
parent 68bd70b525
commit 3c683e7b9e
4 changed files with 62 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
flake.nix
View File

@ -126,7 +126,7 @@
in {
s0 = mkDeploy "s0" "s0";
router = mkDeploy "router" "192.168.1.228";
router = mkDeploy "router" "router";
ponyo = mkDeploy "ponyo" "ponyo.neet.dev";
};

47
machines/router/router.nix
View File

@ -50,7 +50,17 @@ in
};
};
networking.networkmanager.enable = false;
networking.firewall = {
enable = true;
trustedInterfaces = [ "br0" "tailscale0" ];
interfaces = {
enp1s0 = {
allowedTCPPorts = [ ];
allowedUDPPorts = [ ];
};
};
};
services.dnsmasq = {
enable = true;
@ -77,8 +87,6 @@ in
'';
};
networking.firewall.enable = lib.mkForce false; # TODO
services.hostapd = {
enable = true;
radios = {
@ -102,9 +110,19 @@ in
multiUserBeamformer = true;
operatingChannelWidth = "20or40";
};
networks.wlp4s0 = {
ssid = "- Experimental 5G Tower by AT&T";
authentication.saePasswordsFile = "/run/agenix/hostapd-pw-experimental-tower";
networks = {
wlp4s0 = {
ssid = "CXNK00BF9176";
authentication.saePasswordsFile = "/run/agenix/hostapd-pw-CXNK00BF9176";
};
# wlp4s0-1 = {
# ssid = "- Experimental 5G Tower by AT&T";
# authentication.saePasswordsFile = "/run/agenix/hostapd-pw-experimental-tower";
# };
# wlp4s0-2 = {
# ssid = "FBI Surveillance Van 2";
# authentication.saePasswordsFile = "/run/agenix/hostapd-pw-experimental-tower";
# };
};
extraConfig = ''
he_oper_centr_freq_seg0_idx=8
@ -132,9 +150,19 @@ in
multiUserBeamformer = true;
operatingChannelWidth = "160";
};
networks.wlan1 = {
ssid = "- Experimental 5G Tower by AT&T";
authentication.saePasswordsFile = "/run/agenix/hostapd-pw-experimental-tower";
networks = {
wlan1 = {
ssid = "CXNK00BF9176";
authentication.saePasswordsFile = "/run/agenix/hostapd-pw-CXNK00BF9176";
};
# wlan1-1 = {
# ssid = "- Experimental 5G Tower by AT&T";
# authentication.saePasswordsFile = "/run/agenix/hostapd-pw-experimental-tower";
# };
# wlan1-2 = {
# ssid = "FBI Surveillance Van 5";
# authentication.saePasswordsFile = "/run/agenix/hostapd-pw-experimental-tower";
# };
};
extraConfig = ''
vht_oper_centr_freq_seg0_idx=114
@ -144,6 +172,7 @@ in
};
};
age.secrets.hostapd-pw-experimental-tower.file = ../../secrets/hostapd-pw-experimental-tower.age;
age.secrets.hostapd-pw-CXNK00BF9176.file = ../../secrets/hostapd-pw-CXNK00BF9176.age;
hardware.firmware = [
pkgs.mt7916-firmware

16
secrets/hostapd-pw-CXNK00BF9176.age Normal file
View File

@ -0,0 +1,16 @@
age-encryption.org/v1
-> ssh-ed25519 VyYH/Q I1gFDOOOEfSDSUtZ4YtZK/qxWJqWIFFHsilSCmZbJHA
EpY7XZ28RrBvJ7NEQYhEnp2vpKEkge6SzGCKJYkeH14
-> ssh-ed25519 xoAm7w +2NRmQIyrHZ3BcwclLxDOatDL+za1u3lHp6v9HEtmEs
L8wjpBk6FcrRmaBfJfxZAN9v/aE5G//MpwU4WuiDX1Q
-> ssh-ed25519 mbw8xA fpiGYGRxYwc1BS+U6NaomHuC2zxCY3ijuYQi6XUg6lw
yWgTUbvvx3Hsnz3suPdYPVNTb3errqd5GXmtUHJnrEM
-> ssh-ed25519 2a2Yhw sr15CIyZX/FznIcn48vTCl8bva8b/fC+9VKacnEImHE
oN34RfbM14+4kKyr5aLdioxKPWsnsLbBc9bCRIgLObc
-> ssh-ed25519 dMQYog NRUfD/s+mS4fKiKN/hDTXBe0TD2IVnnWMptEUbPOhm0
FXUCV9DnNjVC3fcDelE9c3Facl2/SuKXwyeb3ywW4N0
-> 6[iGZC;-grease .
9nz6/4cWYXy0/9QHBMKVngqDjEfaIdPjdgESEf0EZYo7y+xtTUKd4QNq3N0C6+dz
MTUMD6eVwNlf990aLihSGriHuEgoBEEHBvdPxw4tn6tVZBRfvImi5caLbRZT
--- fKgNkprjYxTkoHrZFYSgS+Y/Dbe9zner89UuZalEv8M
Õ(Ae Lžà/3L—¨o=䀆‘Ãè³Ãñ±Å||´dª“'ÇiOšÊßìó

8
secrets/secrets.nix
View File

@ -1,8 +1,13 @@
let
keys = import ../common/ssh.nix;
system = keys.system;
systems = keys.systems;
users = keys.users;
all = users ++ systems;
wireless = [
system.router
] ++ users;
in
{
# TODO: Minimum necessary access to keys
@ -17,5 +22,6 @@ in
"wolframalpha.age".publicKeys = all;
# hostapd
"hostapd-pw-experimental-tower.age".publicKeys = all;
"hostapd-pw-experimental-tower.age".publicKeys = wireless;
"hostapd-pw-CXNK00BF9176.age".publicKeys = wireless;
}