WIP: vlan experimentation

2023-12-17 23:28:00 +01:00 · 2023-12-17 23:28:00 +01:00 · 55ce0f0be1
commit 55ce0f0be1
parent fd6077c476
4 changed files with 101 additions and 62 deletions
--- a/nix/os/devices/router0-dmz0/configuration.nix
+++ b/nix/os/devices/router0-dmz0/configuration.nix
@ -146,20 +146,20 @@ in {
  systemd.network = {
    wait-online.anyInterface = true;
    netdevs = {
-      # Create the VLANs
-      "00-vlan-100" = {
-        Name = "vlan100";
-        Kind = "vlan";
-      };
-
-      # Create the bridge interfaces
+      # Create the bridge interface
      "20-br-lan" = {
        netdevConfig = {
          Kind = "bridge";
          Name = "br-lan";
-          VLANFiltering = true;
-          DefaultPVID = 10;
+
        };
+
+        extraConfig = ''
+          [Bridge]
+          STP=true
+          VLANFiltering=yes
+          DefaultPVID=none
+        '';
      };
    };
    networks = {
@ -239,7 +239,8 @@ in {
  services.hostapd = {
    enable = true;
    radios = let
-      mkBssid = i: "34:56:ce:0f:ed:4${builtins.toString i}";
+      mkBssid = i: # generated with https://miniwebtool.com/mac-address-generator/
+              "34:56:ce:0f:ed:4${builtins.toString i}";
    in {
      wlan0 = {
        band = "2g";
@ -259,13 +260,15 @@ in {
              # saePasswordsFile = config.sops.secrets.wifiPassword.path;
              saePasswords = [
                {
-                  password = "justtestingwifi";
-                  # vlanid = 100;
+                  password = "normalnormal";
+                }
+                {
+                  password = "vlanvlan";
+                  vlanid = 1;
                }
              ];
            };

-            # generated with https://miniwebtool.com/mac-address-generator/
            bssid = mkBssid 0;
            settings = {
              bridge = "br-lan";
@ -279,20 +282,33 @@ in {
              # saePasswordsFile = config.sops.secrets.wifiPassword.path;
              saePasswords = [
                {
-                  password = "justtestingwifi";
-                  # vlanid = 100;
+                  password = "normalnormal";
+                }
+                {
+                  password = "vlanvlan";
+                  vlanid = 1;
                }
              ];
-              wpaPskFile = pkgs.writeText "pskfile" ''
-                00:00:00:00:00:00 justtestingwifi
-                # vlanid=100 00:00:00:00:00:00 justtestingwifi-vlan
+              wpaPskFile = pkgs.writeText "wpa_psk" ''
+                00:00:00:00:00:00 normalnormal
+                vlanid=1 00:00:00:00:00:00 vlanvlan
              '';
            };

-            # generated with https://miniwebtool.com/mac-address-generator/
            bssid = mkBssid 1;
            settings = {
              bridge = "br-lan";
+
+              # resources on vlan tagging
+              # https://wireless.wiki.kernel.org/en/users/Documentation/hostapd#dynamic_vlan_tagging
+              # https://forum.openwrt.org/t/individual-per-passphrase-wifi-vlans-using-wpa-psk-file-no-radius-required/161696/4
+
+              vlan_tagged_interface = "br-lan";
+              vlan_bridge = "br-vlan";
+              dynamic_vlan = 1;
+              vlan_file = builtins.toString (pkgs.writeText "hostapd.vlan" ''
+                * wlan0-1.#
+              '');
            };
          };

@ -314,6 +330,7 @@ in {
          # };
        };
      };
+
      # wlan1 = {
      #   band = "5g";
      #   # channels with 160 MHz width in Poland: 36, 52, 100 i 116
@ -416,9 +433,15 @@ in {
      bogus-priv = true;
      no-resolv = true;

-      dhcp-range = ["br-lan,192.168.10.50,192.168.10.254,24h"];
-      interface = "br-lan";
-      dhcp-host = "192.168.10.1";
+      dhcp-range = [
+        # "br-lan,192.168.10.50,192.168.10.100,24h"
+        "192.168.10.50,192.168.10.100,24h"
+      ];
+
+      # interface = "br-lan";
+      # bind-interfaces = true;
+
+      # dhcp-host = "192.168.10.1";

      # local domains
      local = "/lan/";
@ -491,7 +514,6 @@ in {
  system.stateVersion = "23.05";

  boot.kernelPackages = pkgs.linuxPackages_bpir3;
-  # boot.kernelPackages = bpir3.packages.aarch64-linux.linuxPackages_bpir3;
  # We exclude a number of modules included in the default list. A non-insignificant amount do
  # not apply to embedded hardware like this, so simply skip the defaults.
  #
--- a/nix/os/devices/router0-dmz0/flake.lock
+++ b/nix/os/devices/router0-dmz0/flake.lock
@ -7,17 +7,16 @@
        ]
      },
      "locked": {
+        "dirtyRev": "4210480bdebbf3a7953e22d5d9f183f47b725bff-dirty",
+        "dirtyShortRev": "4210480-dirty",
        "lastModified": 1688620001,
-        "narHash": "sha256-8ACxxssPiQy/lsUsT8cAaT2te8p8d8ngmPwTc/erPnU=",
-        "owner": "nakato",
-        "repo": "nixos-bpir3-example",
-        "rev": "4210480bdebbf3a7953e22d5d9f183f47b725bff",
-        "type": "github"
+        "narHash": "sha256-INxwGchokdU3ESpnvmfkMWZhocM134FmhWQoyPqtg60=",
+        "type": "git",
+        "url": "file:///home/steveej/src/steveej/nixos-bpir3"
      },
      "original": {
-        "owner": "nakato",
-        "repo": "nixos-bpir3-example",
-        "type": "github"
+        "type": "git",
+        "url": "file:///home/steveej/src/steveej/nixos-bpir3"
      }
    },
    "dependencyDagOfSubmodule": {
@ -48,11 +47,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1695864092,
-        "narHash": "sha256-Hu1SkFPqO7ND95AOzBkZE2jGXSYhfZ965C03O72Kbu8=",
+        "lastModified": 1702569759,
+        "narHash": "sha256-Ze3AdEEsVZBRJ4wn13EZpV1Uubkzi59TkC4j2G9xoFI=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "19b62324663b6b9859caf7f335d232cf4f1f6a32",
+        "rev": "98ab91109716871f50ea8cb0e0ac7cc1e1e14714",
        "type": "github"
      },
      "original": {
@ -83,11 +82,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1696145345,
-        "narHash": "sha256-3dM7I/d4751SLPJah0to1WBlWiyzIiuCEUwJqwBdmr4=",
+        "lastModified": 1702814335,
+        "narHash": "sha256-Qck7BAMi3eydzT1WFOzp/SgECetyPpOn1dLgmxH2ebQ=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "6f9b5b83ad1f470b3d11b8a9fe1d5ef68c7d0e30",
+        "rev": "e4dba0bd01956170667458be7b45f68170a63651",
        "type": "github"
      },
      "original": {
@ -105,11 +104,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1695065444,
-        "narHash": "sha256-c39mzyE1Z95bOjNfcCpENdQUn8lgTQFXNDeDguZnKs4=",
+        "lastModified": 1702744409,
+        "narHash": "sha256-dcDkc+6TF9EvfWpsLdmGz4hhrNVbQZDgFwvk5SOjYTI=",
        "owner": "thelegy",
        "repo": "nixos-nftables-firewall",
-        "rev": "f1d43094940379f8aa3b7ef750b48db48b622584",
+        "rev": "a33df9d2f586b85e8e7e546d9b99b39f3187c382",
        "type": "github"
      },
      "original": {
@ -118,18 +117,34 @@
        "type": "github"
      }
    },
-    "nixpkgs": {
+    "nixos-stable": {
      "locked": {
-        "lastModified": 1691788113,
-        "narHash": "sha256-h5dnmk0QMQI+WkP7ZGbqusr7GfeXOrYCzO7BoZpSGJ0=",
-        "owner": "steveej-forks",
+        "lastModified": 1702346276,
+        "narHash": "sha256-eAQgwIWApFQ40ipeOjVSoK4TEHVd6nbSd9fApiHIw5A=",
+        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "f358ddb768fad528772ae3faf786337fe89a7568",
+        "rev": "cf28ee258fd5f9a52de6b9865cdb93a1f96d09b7",
        "type": "github"
      },
      "original": {
-        "owner": "steveej-forks",
-        "ref": "hostapd-fix",
+        "owner": "NixOS",
+        "ref": "nixos-23.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1702312524,
+        "narHash": "sha256-gkZJRDBUCpTPBvQk25G0B7vfbpEYM5s5OZqghkjZsnE=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "a9bf124c46ef298113270b1f84a164865987a91c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
@ -147,16 +162,17 @@
    },
    "srvos": {
      "inputs": {
+        "nixos-stable": "nixos-stable",
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1695864227,
-        "narHash": "sha256-X3ADr3UE0Cws7yRLnMyo6VbBWrbkT8KMrds8TK6IYXw=",
+        "lastModified": 1702518612,
+        "narHash": "sha256-AGqIpvEMqo0FKXslmKL8ydt01pJFs8q3nUtz7gksoig=",
        "owner": "numtide",
        "repo": "srvos",
-        "rev": "25cf328a2d83926dde264b6195d82bc6dcfb4b0c",
+        "rev": "cd802e2933c567ea91de48dbe8968f41a5d9a642",
        "type": "github"
      },
      "original": {
--- a/nix/os/devices/router0-dmz0/flake.nix
+++ b/nix/os/devices/router0-dmz0/flake.nix
@ -1,7 +1,7 @@
 {
  inputs = {
-    # nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
-    nixpkgs.url = "github:steveej-forks/nixpkgs/hostapd-fix";
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
+    # nixpkgs.url = "github:steveej-forks/nixpkgs/hostapd-fix";

    get-flake.url = "github:ursi/get-flake";

@ -13,7 +13,8 @@
    srvos.url = "github:numtide/srvos";
    srvos.inputs.nixpkgs.follows = "nixpkgs";

-    bpir3.url = "github:nakato/nixos-bpir3-example";
+    # bpir3.url = "github:steveej-forks/nixos-bpir3";
+    bpir3.url = "/home/steveej/src/steveej/nixos-bpir3";
    bpir3.inputs.nixpkgs.follows = "nixpkgs";

    nixos-nftables-firewall.url = "github:thelegy/nixos-nftables-firewall";
--- a/nix/os/devices/steveej-t14/flake.lock
+++ b/nix/os/devices/steveej-t14/flake.lock
@ -7,11 +7,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1702676849,
-        "narHash": "sha256-XqcREaTS38/QOsN8fk8PP325/UXHyF9enbP5ZPw5aiA=",
+        "lastModified": 1702814678,
+        "narHash": "sha256-zDtO0jV2QLoddUJinLlTQrQqCUW3dPiIWOSYgg98T7E=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "aa99c2f4e9847cbb7e46fac0844ea1eb164b3b3a",
+        "rev": "1488651d02c1a7a15e284210f0d380a62d8d8cef",
        "type": "github"
      },
      "original": {
@ -55,11 +55,11 @@
    },
    "nixpkgs-2311": {
      "locked": {
-        "lastModified": 1702346276,
-        "narHash": "sha256-eAQgwIWApFQ40ipeOjVSoK4TEHVd6nbSd9fApiHIw5A=",
+        "lastModified": 1702645756,
+        "narHash": "sha256-qKI6OR3TYJYQB3Q8mAZ+DG4o/BR9ptcv9UnRV2hzljc=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "cf28ee258fd5f9a52de6b9865cdb93a1f96d09b7",
+        "rev": "40c3c94c241286dd2243ea34d3aef8a488f9e4d0",
        "type": "github"
      },
      "original": {
@ -71,11 +71,11 @@
    },
    "nixpkgs-master": {
      "locked": {
-        "lastModified": 1702743713,
-        "narHash": "sha256-vcoIM8IyCwGER/1CcP8j5bq8izM/uzFNipbv5MS4JSE=",
+        "lastModified": 1702830598,
+        "narHash": "sha256-NiGUGof87PAmaH8BLzC/mIhYmjd190NEA3uk2tNTBms=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "bb6cf10a57b762ca24e4a1b791b49e2216816cf2",
+        "rev": "c9bdee2a9629344cb5d7d9aa48fda1ef34deec18",
        "type": "github"
      },
      "original": {