From f42fc3b9867bb480a8b6f5488b622fd8f195fbd3 Mon Sep 17 00:00:00 2001 From: Sebastien Bourdeauducq Date: Thu, 4 Mar 2021 15:54:55 +0800 Subject: [PATCH] nixops: create ext wifi network --- nixbld-etc-nixos/secret_permissions.txt | 1 + nixops/rpi-server.nix | 42 +++++++++++++++++++++++++ 2 files changed, 43 insertions(+) diff --git a/nixbld-etc-nixos/secret_permissions.txt b/nixbld-etc-nixos/secret_permissions.txt index 34242ea..acbcc4f 100644 --- a/nixbld-etc-nixos/secret_permissions.txt +++ b/nixbld-etc-nixos/secret_permissions.txt @@ -10,3 +10,4 @@ -rw-rw---- 1 hydra hydra nix_id_rsa -rw------- 1 root root rclone.conf -rw------- 1 root root wifi_password.nix +-rw------- 1 sb users wifi_ext_password.nix diff --git a/nixops/rpi-server.nix b/nixops/rpi-server.nix index d02a535..0a4b869 100644 --- a/nixops/rpi-server.nix +++ b/nixops/rpi-server.nix @@ -45,6 +45,47 @@ networking.hostName = host; time.timeZone = "Asia/Hong_Kong"; + hardware.enableRedistributableFirmware = true; + services.hostapd = { + enable = true; + interface = "wlan0"; + hwMode = "g"; + ssid = "M-Labs-ext"; + wpaPassphrase = (import /etc/nixos/secret/wifi_ext_password.nix); + extraConfig = '' + ieee80211d=1 + country_code=HK + ieee80211n=1 + wmm_enabled=1 + auth_algs=1 + wpa_key_mgmt=WPA-PSK + rsn_pairwise=CCMP + ''; + }; + networking.interfaces.wlan0 = { + ipv4.addresses = [{ + address = "192.168.13.1"; + prefixLength = 24; + }]; + ipv6.addresses = [{ + address = "2001:470:f821:3::"; + prefixLength = 64; + }]; + }; + services.dnsmasq = { + enable = true; + extraConfig = '' + interface=wlan0 + bind-interfaces + dhcp-range=192.168.13.10,192.168.13.254,24h + enable-ra + dhcp-range=::,constructor:wlan0,ra-only + ''; + }; + boot.kernel.sysctl."net.ipv4.ip_forward" = 1; + boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = "1"; + boot.kernel.sysctl."net.ipv6.conf.default.forwarding" = "1"; + users.mutableUsers = false; users.defaultUserShell = pkgs.fish; users.extraUsers = import ./common-users.nix { inherit pkgs; }; @@ -67,6 +108,7 @@ hardware.sane.enable = true; hardware.sane.extraBackends = [ pkgs.hplip ]; networking.firewall.allowedTCPPorts = [ 631 ]; + networking.firewall.allowedUDPPorts = [ 53 67 ]; nix.binaryCachePublicKeys = ["nixbld.m-labs.hk-1:5aSRVA5b320xbNvu30tqxVPXpld73bhtOeH6uAjRyHc="]; nix.binaryCaches = ["https://cache.nixos.org" "https://nixbld.m-labs.hk"];