steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

WIP: vlan experimentation

Browse source
This commit is contained in:
steveej 2023-12-17 23:28:00 +01:00
parent fd6077c476
commit 55ce0f0be1
4 changed files with 101 additions and 62 deletions
Download patch file Download diff file Expand all files Collapse all files

68
nix/os/devices/router0-dmz0/configuration.nix
View file

@ -146,20 +146,20 @@ in {
systemd.network = { systemd.network = {
wait-online.anyInterface = true; wait-online.anyInterface = true;
netdevs = { netdevs = {
# Create the VLANs # Create the bridge interface
"00-vlan-100" = {
Name = "vlan100";
Kind = "vlan";
};
# Create the bridge interfaces
"20-br-lan" = { "20-br-lan" = {
netdevConfig = { netdevConfig = {
Kind = "bridge"; Kind = "bridge";
Name = "br-lan"; Name = "br-lan";
VLANFiltering = true;
DefaultPVID = 10;
}; };
extraConfig = ''
[Bridge]
STP=true
VLANFiltering=yes
DefaultPVID=none
'';
}; };
}; };
networks = { networks = {
@ -239,7 +239,8 @@ in {
services.hostapd = { services.hostapd = {
enable = true; enable = true;
radios = let radios = let
mkBssid = i: "34:56:ce:0f:ed:4${builtins.toString i}"; mkBssid = i: # generated with https://miniwebtool.com/mac-address-generator/
"34:56:ce:0f:ed:4${builtins.toString i}";
in { in {
wlan0 = { wlan0 = {
band = "2g"; band = "2g";
@ -259,13 +260,15 @@ in {
# saePasswordsFile = config.sops.secrets.wifiPassword.path; # saePasswordsFile = config.sops.secrets.wifiPassword.path;
saePasswords = [ saePasswords = [
{ {
password = "justtestingwifi"; password = "normalnormal";
# vlanid = 100; }
{
password = "vlanvlan";
vlanid = 1;
} }
]; ];
}; };
# generated with https://miniwebtool.com/mac-address-generator/
bssid = mkBssid 0; bssid = mkBssid 0;
settings = { settings = {
bridge = "br-lan"; bridge = "br-lan";
@ -279,20 +282,33 @@ in {
# saePasswordsFile = config.sops.secrets.wifiPassword.path; # saePasswordsFile = config.sops.secrets.wifiPassword.path;
saePasswords = [ saePasswords = [
{ {
password = "justtestingwifi"; password = "normalnormal";
# vlanid = 100; }
{
password = "vlanvlan";
vlanid = 1;
} }
]; ];
wpaPskFile = pkgs.writeText "pskfile" '' wpaPskFile = pkgs.writeText "wpa_psk" ''
00:00:00:00:00:00 justtestingwifi 00:00:00:00:00:00 normalnormal
# vlanid=100 00:00:00:00:00:00 justtestingwifi-vlan vlanid=1 00:00:00:00:00:00 vlanvlan
''; '';
}; };
# generated with https://miniwebtool.com/mac-address-generator/
bssid = mkBssid 1; bssid = mkBssid 1;
settings = { settings = {
bridge = "br-lan"; bridge = "br-lan";
# resources on vlan tagging
# https://wireless.wiki.kernel.org/en/users/Documentation/hostapd#dynamic_vlan_tagging
# https://forum.openwrt.org/t/individual-per-passphrase-wifi-vlans-using-wpa-psk-file-no-radius-required/161696/4
vlan_tagged_interface = "br-lan";
vlan_bridge = "br-vlan";
dynamic_vlan = 1;
vlan_file = builtins.toString (pkgs.writeText "hostapd.vlan" ''
* wlan0-1.#
'');
}; };
}; };
@ -314,6 +330,7 @@ in {
# }; # };
}; };
}; };
# wlan1 = { # wlan1 = {
# band = "5g"; # band = "5g";
# # channels with 160 MHz width in Poland: 36, 52, 100 i 116 # # channels with 160 MHz width in Poland: 36, 52, 100 i 116
@ -416,9 +433,15 @@ in {
bogus-priv = true; bogus-priv = true;
no-resolv = true; no-resolv = true;
dhcp-range = ["br-lan,192.168.10.50,192.168.10.254,24h"]; dhcp-range = [
interface = "br-lan"; # "br-lan,192.168.10.50,192.168.10.100,24h"
dhcp-host = "192.168.10.1"; "192.168.10.50,192.168.10.100,24h"
];
# interface = "br-lan";
# bind-interfaces = true;
# dhcp-host = "192.168.10.1";
# local domains # local domains
local = "/lan/"; local = "/lan/";
@ -491,7 +514,6 @@ in {
system.stateVersion = "23.05"; system.stateVersion = "23.05";
boot.kernelPackages = pkgs.linuxPackages_bpir3; boot.kernelPackages = pkgs.linuxPackages_bpir3;
# boot.kernelPackages = bpir3.packages.aarch64-linux.linuxPackages_bpir3;
# We exclude a number of modules included in the default list. A non-insignificant amount do # We exclude a number of modules included in the default list. A non-insignificant amount do
# not apply to embedded hardware like this, so simply skip the defaults. # not apply to embedded hardware like this, so simply skip the defaults.
# #

70
nix/os/devices/router0-dmz0/flake.lock generated
View file

@ -7,17 +7,16 @@
] ]
}, },
"locked": { "locked": {
"dirtyRev": "4210480bdebbf3a7953e22d5d9f183f47b725bff-dirty",
"dirtyShortRev": "4210480-dirty",
"lastModified": 1688620001, "lastModified": 1688620001,
"narHash": "sha256-8ACxxssPiQy/lsUsT8cAaT2te8p8d8ngmPwTc/erPnU=", "narHash": "sha256-INxwGchokdU3ESpnvmfkMWZhocM134FmhWQoyPqtg60=",
"owner": "nakato", "type": "git",
"repo": "nixos-bpir3-example", "url": "file:///home/steveej/src/steveej/nixos-bpir3"
"rev": "4210480bdebbf3a7953e22d5d9f183f47b725bff",
"type": "github"
}, },
"original": { "original": {
"owner": "nakato", "type": "git",
"repo": "nixos-bpir3-example", "url": "file:///home/steveej/src/steveej/nixos-bpir3"
"type": "github"
} }
}, },
"dependencyDagOfSubmodule": { "dependencyDagOfSubmodule": {
@ -48,11 +47,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1695864092, "lastModified": 1702569759,
"narHash": "sha256-Hu1SkFPqO7ND95AOzBkZE2jGXSYhfZ965C03O72Kbu8=", "narHash": "sha256-Ze3AdEEsVZBRJ4wn13EZpV1Uubkzi59TkC4j2G9xoFI=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "19b62324663b6b9859caf7f335d232cf4f1f6a32", "rev": "98ab91109716871f50ea8cb0e0ac7cc1e1e14714",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -83,11 +82,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1696145345, "lastModified": 1702814335,
"narHash": "sha256-3dM7I/d4751SLPJah0to1WBlWiyzIiuCEUwJqwBdmr4=", "narHash": "sha256-Qck7BAMi3eydzT1WFOzp/SgECetyPpOn1dLgmxH2ebQ=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "6f9b5b83ad1f470b3d11b8a9fe1d5ef68c7d0e30", "rev": "e4dba0bd01956170667458be7b45f68170a63651",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -105,11 +104,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1695065444, "lastModified": 1702744409,
"narHash": "sha256-c39mzyE1Z95bOjNfcCpENdQUn8lgTQFXNDeDguZnKs4=", "narHash": "sha256-dcDkc+6TF9EvfWpsLdmGz4hhrNVbQZDgFwvk5SOjYTI=",
"owner": "thelegy", "owner": "thelegy",
"repo": "nixos-nftables-firewall", "repo": "nixos-nftables-firewall",
"rev": "f1d43094940379f8aa3b7ef750b48db48b622584", "rev": "a33df9d2f586b85e8e7e546d9b99b39f3187c382",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -118,18 +117,34 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs": { "nixos-stable": {
"locked": { "locked": {
"lastModified": 1691788113, "lastModified": 1702346276,
"narHash": "sha256-h5dnmk0QMQI+WkP7ZGbqusr7GfeXOrYCzO7BoZpSGJ0=", "narHash": "sha256-eAQgwIWApFQ40ipeOjVSoK4TEHVd6nbSd9fApiHIw5A=",
"owner": "steveej-forks", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "f358ddb768fad528772ae3faf786337fe89a7568", "rev": "cf28ee258fd5f9a52de6b9865cdb93a1f96d09b7",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "steveej-forks", "owner": "NixOS",
"ref": "hostapd-fix", "ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1702312524,
"narHash": "sha256-gkZJRDBUCpTPBvQk25G0B7vfbpEYM5s5OZqghkjZsnE=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "a9bf124c46ef298113270b1f84a164865987a91c",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@ -147,16 +162,17 @@
}, },
"srvos": { "srvos": {
"inputs": { "inputs": {
"nixos-stable": "nixos-stable",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1695864227, "lastModified": 1702518612,
"narHash": "sha256-X3ADr3UE0Cws7yRLnMyo6VbBWrbkT8KMrds8TK6IYXw=", "narHash": "sha256-AGqIpvEMqo0FKXslmKL8ydt01pJFs8q3nUtz7gksoig=",
"owner": "numtide", "owner": "numtide",
"repo": "srvos", "repo": "srvos",
"rev": "25cf328a2d83926dde264b6195d82bc6dcfb4b0c", "rev": "cd802e2933c567ea91de48dbe8968f41a5d9a642",
"type": "github" "type": "github"
}, },
"original": { "original": {

7
nix/os/devices/router0-dmz0/flake.nix
View file

@ -1,7 +1,7 @@
{ {
inputs = { inputs = {
# nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs.url = "github:steveej-forks/nixpkgs/hostapd-fix"; # nixpkgs.url = "github:steveej-forks/nixpkgs/hostapd-fix";
get-flake.url = "github:ursi/get-flake"; get-flake.url = "github:ursi/get-flake";
@ -13,7 +13,8 @@
srvos.url = "github:numtide/srvos"; srvos.url = "github:numtide/srvos";
srvos.inputs.nixpkgs.follows = "nixpkgs"; srvos.inputs.nixpkgs.follows = "nixpkgs";
bpir3.url = "github:nakato/nixos-bpir3-example"; # bpir3.url = "github:steveej-forks/nixos-bpir3";
bpir3.url = "/home/steveej/src/steveej/nixos-bpir3";
bpir3.inputs.nixpkgs.follows = "nixpkgs"; bpir3.inputs.nixpkgs.follows = "nixpkgs";
nixos-nftables-firewall.url = "github:thelegy/nixos-nftables-firewall"; nixos-nftables-firewall.url = "github:thelegy/nixos-nftables-firewall";

18
nix/os/devices/steveej-t14/flake.lock generated
View file

@ -7,11 +7,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1702676849, "lastModified": 1702814678,
"narHash": "sha256-XqcREaTS38/QOsN8fk8PP325/UXHyF9enbP5ZPw5aiA=", "narHash": "sha256-zDtO0jV2QLoddUJinLlTQrQqCUW3dPiIWOSYgg98T7E=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "aa99c2f4e9847cbb7e46fac0844ea1eb164b3b3a", "rev": "1488651d02c1a7a15e284210f0d380a62d8d8cef",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -55,11 +55,11 @@
}, },
"nixpkgs-2311": { "nixpkgs-2311": {
"locked": { "locked": {
"lastModified": 1702346276, "lastModified": 1702645756,
"narHash": "sha256-eAQgwIWApFQ40ipeOjVSoK4TEHVd6nbSd9fApiHIw5A=", "narHash": "sha256-qKI6OR3TYJYQB3Q8mAZ+DG4o/BR9ptcv9UnRV2hzljc=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "cf28ee258fd5f9a52de6b9865cdb93a1f96d09b7", "rev": "40c3c94c241286dd2243ea34d3aef8a488f9e4d0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -71,11 +71,11 @@
}, },
"nixpkgs-master": { "nixpkgs-master": {
"locked": { "locked": {
"lastModified": 1702743713, "lastModified": 1702830598,
"narHash": "sha256-vcoIM8IyCwGER/1CcP8j5bq8izM/uzFNipbv5MS4JSE=", "narHash": "sha256-NiGUGof87PAmaH8BLzC/mIhYmjd190NEA3uk2tNTBms=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "bb6cf10a57b762ca24e4a1b791b49e2216816cf2", "rev": "c9bdee2a9629344cb5d7d9aa48fda1ef34deec18",
"type": "github" "type": "github"
}, },
"original": { "original": {