feat(router0-dmz0): AP with dynamic vlan filtering on central bridge

2023-12-28 10:38:38 +00:00 · 2023-12-28 10:38:38 +00:00 · 96413dcfec
commit 96413dcfec
parent 0b74972992
8 changed files with 696 additions and 249 deletions
--- a/nix/os/devices/router0-dmz0/flake.nix
+++ b/nix/os/devices/router0-dmz0/flake.nix
@ -1,7 +1,6 @@
 {
  inputs = {
-    # nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
-    nixpkgs.url = "github:steveej-forks/nixpkgs/hostapd-fix";
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";

    get-flake.url = "github:ursi/get-flake";

@ -13,14 +12,30 @@
    srvos.url = "github:numtide/srvos";
    srvos.inputs.nixpkgs.follows = "nixpkgs";

-    bpir3.url = "github:nakato/nixos-bpir3-example";
+    bpir3.url =
+      "github:steveej-forks/nixos-bpir3/linux-6.6"
+      # "/home/steveej/src/steveej/nixos-bpir3"
+      ;
+
    bpir3.inputs.nixpkgs.follows = "nixpkgs";

+
    nixos-nftables-firewall.url = "github:thelegy/nixos-nftables-firewall";
    nixos-nftables-firewall.inputs.nixpkgs.follows = "nixpkgs";
-  };

-  # outputs = _: {};
+    hostapd.url = "git://w1.fi/hostap.git?branch=main";
+    hostapd.flake = false;
+
+    openwrt.url = "git+https://github.com/openwrt/openwrt.git?ref=main&rev=847984c773d819d5579d5abae4b80a4983103ed9";
+    openwrt.flake = false;
+
+    # TODO: would be nice if this worked but it throws an error when using the input as a patch:
+    # error: flake input has unsupported input type 'file'
+    # hostapd_patch_vlan_no_bridge = {
+    #   url = "file+https://raw.githubusercontent.com/openwrt/openwrt/847984c773d819d5579d5abae4b80a4983103ed9/package/network/services/hostapd/patches/710-vlan_no_bridge.patch";
+    #   flake = false;
+    # };
+  };

  outputs = {
    self,
@ -28,24 +43,30 @@
    nixpkgs,
    bpir3,
    ...
-  } @ attrs: let
-    system = "aarch64-linux";
+  }: let
+    nativeSystem = "aarch64-linux";
    nodeName = "router0-dmz0";

+    pkgs = nixpkgs.legacyPackages.${nativeSystem};
+    pkgsCross = import self.inputs.nixpkgs {
+      system = "x86_64-linux";
+      crossSystem = {
+        config = "aarch64-unknown-linux-gnu";
+      };
+    };
+
    mkNixosConfiguration = {extraModules ? [], ...} @ attrs:
      nixpkgs.lib.nixosSystem (
        nixpkgs.lib.attrsets.recursiveUpdate
        attrs
        {
-          specialArgs = {
-            nodeFlake = self;
-            repoFlake = get-flake ../../../..;
+          specialArgs = (import ./default.nix {
+            system = nativeSystem;
            inherit nodeName;
-            inherit
-              (bpir3.packages.${system})
-              armTrustedFirmwareMT7986
-              ;
-          };
+
+            repoFlake = get-flake ../../../..;
+            nodeFlake = self;
+          }).meta.nodeSpecialArgs.${nodeName};

          modules =
            [
@ -64,8 +85,10 @@
                    inherit
                      (bpir3Pkgs)
                      linuxPackages_bpir3
+                      linuxPackages_bpir3_latest
                      ;
                  })
+
                ];
              }
            ]
@ -75,17 +98,33 @@
  in {
    nixosConfigurations = {
      native = mkNixosConfiguration {
-        inherit system;
+        system = nativeSystem;
      };

      cross = mkNixosConfiguration {
        extraModules = [
          {
            nixpkgs.buildPlatform.system = "x86_64-linux";
-            nixpkgs.hostPlatform.system = system;
+            nixpkgs.hostPlatform.system = nativeSystem;
          }
        ];
      };
    };
+
+    packages = let
+      mkPatchedHostapd = pkgs: pkgs.hostapd.overrideDerivation(attrs: {
+        patches = attrs.patches ++ [
+          "${self.inputs.openwrt}/package/network/services/hostapd/patches/710-vlan_no_bridge.patch"
+        ];
+      });
+    in {
+        "${nativeSystem}" = {
+          hostapd_patched = mkPatchedHostapd pkgs;
+        };
+
+        cross = {
+          hostapd_patched = mkPatchedHostapd pkgsCross;
+        };
+    };
  };
 }