diff --git a/nix/os/devices/router0-dmz0/configuration.nix b/nix/os/devices/router0-dmz0/configuration.nix index f7f57c3..632be00 100644 --- a/nix/os/devices/router0-dmz0/configuration.nix +++ b/nix/os/devices/router0-dmz0/configuration.nix @@ -146,20 +146,20 @@ in { systemd.network = { wait-online.anyInterface = true; netdevs = { - # Create the VLANs - "00-vlan-100" = { - Name = "vlan100"; - Kind = "vlan"; - }; - - # Create the bridge interfaces + # Create the bridge interface "20-br-lan" = { netdevConfig = { Kind = "bridge"; Name = "br-lan"; - VLANFiltering = true; - DefaultPVID = 10; + }; + + extraConfig = '' + [Bridge] + STP=true + VLANFiltering=yes + DefaultPVID=none + ''; }; }; networks = { @@ -239,7 +239,8 @@ in { services.hostapd = { enable = true; radios = let - mkBssid = i: "34:56:ce:0f:ed:4${builtins.toString i}"; + mkBssid = i: # generated with https://miniwebtool.com/mac-address-generator/ + "34:56:ce:0f:ed:4${builtins.toString i}"; in { wlan0 = { band = "2g"; @@ -259,13 +260,15 @@ in { # saePasswordsFile = config.sops.secrets.wifiPassword.path; saePasswords = [ { - password = "justtestingwifi"; - # vlanid = 100; + password = "normalnormal"; + } + { + password = "vlanvlan"; + vlanid = 1; } ]; }; - # generated with https://miniwebtool.com/mac-address-generator/ bssid = mkBssid 0; settings = { bridge = "br-lan"; @@ -279,20 +282,33 @@ in { # saePasswordsFile = config.sops.secrets.wifiPassword.path; saePasswords = [ { - password = "justtestingwifi"; - # vlanid = 100; + password = "normalnormal"; + } + { + password = "vlanvlan"; + vlanid = 1; } ]; - wpaPskFile = pkgs.writeText "pskfile" '' - 00:00:00:00:00:00 justtestingwifi - # vlanid=100 00:00:00:00:00:00 justtestingwifi-vlan + wpaPskFile = pkgs.writeText "wpa_psk" '' + 00:00:00:00:00:00 normalnormal + vlanid=1 00:00:00:00:00:00 vlanvlan ''; }; - # generated with https://miniwebtool.com/mac-address-generator/ bssid = mkBssid 1; settings = { bridge = "br-lan"; + + # resources on vlan tagging + # https://wireless.wiki.kernel.org/en/users/Documentation/hostapd#dynamic_vlan_tagging + # https://forum.openwrt.org/t/individual-per-passphrase-wifi-vlans-using-wpa-psk-file-no-radius-required/161696/4 + + vlan_tagged_interface = "br-lan"; + vlan_bridge = "br-vlan"; + dynamic_vlan = 1; + vlan_file = builtins.toString (pkgs.writeText "hostapd.vlan" '' + * wlan0-1.# + ''); }; }; @@ -314,6 +330,7 @@ in { # }; }; }; + # wlan1 = { # band = "5g"; # # channels with 160 MHz width in Poland: 36, 52, 100 i 116 @@ -416,9 +433,15 @@ in { bogus-priv = true; no-resolv = true; - dhcp-range = ["br-lan,192.168.10.50,192.168.10.254,24h"]; - interface = "br-lan"; - dhcp-host = "192.168.10.1"; + dhcp-range = [ + # "br-lan,192.168.10.50,192.168.10.100,24h" + "192.168.10.50,192.168.10.100,24h" + ]; + + # interface = "br-lan"; + # bind-interfaces = true; + + # dhcp-host = "192.168.10.1"; # local domains local = "/lan/"; @@ -491,7 +514,6 @@ in { system.stateVersion = "23.05"; boot.kernelPackages = pkgs.linuxPackages_bpir3; - # boot.kernelPackages = bpir3.packages.aarch64-linux.linuxPackages_bpir3; # We exclude a number of modules included in the default list. A non-insignificant amount do # not apply to embedded hardware like this, so simply skip the defaults. # diff --git a/nix/os/devices/router0-dmz0/flake.lock b/nix/os/devices/router0-dmz0/flake.lock index b572ebd..06e3d64 100644 --- a/nix/os/devices/router0-dmz0/flake.lock +++ b/nix/os/devices/router0-dmz0/flake.lock @@ -7,17 +7,16 @@ ] }, "locked": { + "dirtyRev": "4210480bdebbf3a7953e22d5d9f183f47b725bff-dirty", + "dirtyShortRev": "4210480-dirty", "lastModified": 1688620001, - "narHash": "sha256-8ACxxssPiQy/lsUsT8cAaT2te8p8d8ngmPwTc/erPnU=", - "owner": "nakato", - "repo": "nixos-bpir3-example", - "rev": "4210480bdebbf3a7953e22d5d9f183f47b725bff", - "type": "github" + "narHash": "sha256-INxwGchokdU3ESpnvmfkMWZhocM134FmhWQoyPqtg60=", + "type": "git", + "url": "file:///home/steveej/src/steveej/nixos-bpir3" }, "original": { - "owner": "nakato", - "repo": "nixos-bpir3-example", - "type": "github" + "type": "git", + "url": "file:///home/steveej/src/steveej/nixos-bpir3" } }, "dependencyDagOfSubmodule": { @@ -48,11 +47,11 @@ ] }, "locked": { - "lastModified": 1695864092, - "narHash": "sha256-Hu1SkFPqO7ND95AOzBkZE2jGXSYhfZ965C03O72Kbu8=", + "lastModified": 1702569759, + "narHash": "sha256-Ze3AdEEsVZBRJ4wn13EZpV1Uubkzi59TkC4j2G9xoFI=", "owner": "nix-community", "repo": "disko", - "rev": "19b62324663b6b9859caf7f335d232cf4f1f6a32", + "rev": "98ab91109716871f50ea8cb0e0ac7cc1e1e14714", "type": "github" }, "original": { @@ -83,11 +82,11 @@ ] }, "locked": { - "lastModified": 1696145345, - "narHash": "sha256-3dM7I/d4751SLPJah0to1WBlWiyzIiuCEUwJqwBdmr4=", + "lastModified": 1702814335, + "narHash": "sha256-Qck7BAMi3eydzT1WFOzp/SgECetyPpOn1dLgmxH2ebQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "6f9b5b83ad1f470b3d11b8a9fe1d5ef68c7d0e30", + "rev": "e4dba0bd01956170667458be7b45f68170a63651", "type": "github" }, "original": { @@ -105,11 +104,11 @@ ] }, "locked": { - "lastModified": 1695065444, - "narHash": "sha256-c39mzyE1Z95bOjNfcCpENdQUn8lgTQFXNDeDguZnKs4=", + "lastModified": 1702744409, + "narHash": "sha256-dcDkc+6TF9EvfWpsLdmGz4hhrNVbQZDgFwvk5SOjYTI=", "owner": "thelegy", "repo": "nixos-nftables-firewall", - "rev": "f1d43094940379f8aa3b7ef750b48db48b622584", + "rev": "a33df9d2f586b85e8e7e546d9b99b39f3187c382", "type": "github" }, "original": { @@ -118,18 +117,34 @@ "type": "github" } }, - "nixpkgs": { + "nixos-stable": { "locked": { - "lastModified": 1691788113, - "narHash": "sha256-h5dnmk0QMQI+WkP7ZGbqusr7GfeXOrYCzO7BoZpSGJ0=", - "owner": "steveej-forks", + "lastModified": 1702346276, + "narHash": "sha256-eAQgwIWApFQ40ipeOjVSoK4TEHVd6nbSd9fApiHIw5A=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "f358ddb768fad528772ae3faf786337fe89a7568", + "rev": "cf28ee258fd5f9a52de6b9865cdb93a1f96d09b7", "type": "github" }, "original": { - "owner": "steveej-forks", - "ref": "hostapd-fix", + "owner": "NixOS", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1702312524, + "narHash": "sha256-gkZJRDBUCpTPBvQk25G0B7vfbpEYM5s5OZqghkjZsnE=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "a9bf124c46ef298113270b1f84a164865987a91c", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } @@ -147,16 +162,17 @@ }, "srvos": { "inputs": { + "nixos-stable": "nixos-stable", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1695864227, - "narHash": "sha256-X3ADr3UE0Cws7yRLnMyo6VbBWrbkT8KMrds8TK6IYXw=", + "lastModified": 1702518612, + "narHash": "sha256-AGqIpvEMqo0FKXslmKL8ydt01pJFs8q3nUtz7gksoig=", "owner": "numtide", "repo": "srvos", - "rev": "25cf328a2d83926dde264b6195d82bc6dcfb4b0c", + "rev": "cd802e2933c567ea91de48dbe8968f41a5d9a642", "type": "github" }, "original": { diff --git a/nix/os/devices/router0-dmz0/flake.nix b/nix/os/devices/router0-dmz0/flake.nix index 32748fb..9a714b9 100644 --- a/nix/os/devices/router0-dmz0/flake.nix +++ b/nix/os/devices/router0-dmz0/flake.nix @@ -1,7 +1,7 @@ { inputs = { - # nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - nixpkgs.url = "github:steveej-forks/nixpkgs/hostapd-fix"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + # nixpkgs.url = "github:steveej-forks/nixpkgs/hostapd-fix"; get-flake.url = "github:ursi/get-flake"; @@ -13,7 +13,8 @@ srvos.url = "github:numtide/srvos"; srvos.inputs.nixpkgs.follows = "nixpkgs"; - bpir3.url = "github:nakato/nixos-bpir3-example"; + # bpir3.url = "github:steveej-forks/nixos-bpir3"; + bpir3.url = "/home/steveej/src/steveej/nixos-bpir3"; bpir3.inputs.nixpkgs.follows = "nixpkgs"; nixos-nftables-firewall.url = "github:thelegy/nixos-nftables-firewall"; diff --git a/nix/os/devices/steveej-t14/flake.lock b/nix/os/devices/steveej-t14/flake.lock index b171000..de4e48f 100644 --- a/nix/os/devices/steveej-t14/flake.lock +++ b/nix/os/devices/steveej-t14/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1702676849, - "narHash": "sha256-XqcREaTS38/QOsN8fk8PP325/UXHyF9enbP5ZPw5aiA=", + "lastModified": 1702814678, + "narHash": "sha256-zDtO0jV2QLoddUJinLlTQrQqCUW3dPiIWOSYgg98T7E=", "owner": "nix-community", "repo": "home-manager", - "rev": "aa99c2f4e9847cbb7e46fac0844ea1eb164b3b3a", + "rev": "1488651d02c1a7a15e284210f0d380a62d8d8cef", "type": "github" }, "original": { @@ -55,11 +55,11 @@ }, "nixpkgs-2311": { "locked": { - "lastModified": 1702346276, - "narHash": "sha256-eAQgwIWApFQ40ipeOjVSoK4TEHVd6nbSd9fApiHIw5A=", + "lastModified": 1702645756, + "narHash": "sha256-qKI6OR3TYJYQB3Q8mAZ+DG4o/BR9ptcv9UnRV2hzljc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "cf28ee258fd5f9a52de6b9865cdb93a1f96d09b7", + "rev": "40c3c94c241286dd2243ea34d3aef8a488f9e4d0", "type": "github" }, "original": { @@ -71,11 +71,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1702743713, - "narHash": "sha256-vcoIM8IyCwGER/1CcP8j5bq8izM/uzFNipbv5MS4JSE=", + "lastModified": 1702830598, + "narHash": "sha256-NiGUGof87PAmaH8BLzC/mIhYmjd190NEA3uk2tNTBms=", "owner": "nixos", "repo": "nixpkgs", - "rev": "bb6cf10a57b762ca24e4a1b791b49e2216816cf2", + "rev": "c9bdee2a9629344cb5d7d9aa48fda1ef34deec18", "type": "github" }, "original": {