diff --git a/common.nix b/common.nix index a8274b0..d34e31e 100644 --- a/common.nix +++ b/common.nix @@ -1,4 +1,10 @@ -{ lib, pkgs, config, self, ... }: +{ + lib, + pkgs, + config, + self, + ... +}: { networking = { wireless = { diff --git a/flake.nix b/flake.nix index 344ed2a..f238a69 100644 --- a/flake.nix +++ b/flake.nix @@ -46,9 +46,12 @@ inputs@{ self, nixpkgs, ... }: { nixosConfigurations = import ./systems.nix { inherit self inputs nixpkgs; }; - packages = nixpkgs.lib.attrsets.genAttrs nixpkgs.lib.systems.flakeExposed (system: import ./mikrotik.nix { - inherit system inputs; - pkgs = nixpkgs.legacyPackages.${system}; - }); + packages = nixpkgs.lib.attrsets.genAttrs nixpkgs.lib.systems.flakeExposed ( + system: + import ./mikrotik.nix { + inherit system inputs; + pkgs = nixpkgs.legacyPackages.${system}; + } + ); }; } diff --git a/mikrotik.nix b/mikrotik.nix index d393fe3..6897b45 100644 --- a/mikrotik.nix +++ b/mikrotik.nix @@ -1,4 +1,9 @@ -{ mikrotik-config ? ./router.nix, pkgs, inputs, system}: +{ + mikrotik-config ? ./router.nix, + pkgs, + inputs, + system, +}: with pkgs; with lib; with builtins; @@ -6,14 +11,15 @@ with builtins; let rtr = (import mikrotik-config); - formatValue = key: value: + formatValue = + key: value: if key == "comment" then ''${key}="${value}"'' else if key == "no_label" then formatValue null value - #''${key}="${value}"'' + #''${key}="${value}"'' else if isAttrs value && key != null then - concatStringsSep " " (["${key}"] ++ (mapAttrsToList (k: v: formatValue k v) value)) + concatStringsSep " " ([ "${key}" ] ++ (mapAttrsToList (k: v: formatValue k v) value)) else if isAttrs value then concatStringsSep " " (mapAttrsToList (k: v: formatValue k v) value) @@ -21,19 +27,24 @@ let else "${key}=${value}"; - formatSection = name: opts: - [ "${name}" ] ++ (if isAttrs opts then - (mapAttrsToList (k: v: "set ${formatValue k v}") opts) - else - (map (x: "add ${formatValue null x}") opts)); - -in rec { + formatSection = + name: opts: + [ "${name}" ] + ++ ( + if isAttrs opts then + (mapAttrsToList (k: v: "set ${formatValue k v}") opts) + else + (map (x: "add ${formatValue null x}") opts) + ); +in +rec { mikrotik-router = stdenv.mkDerivation rec { version = "0.0.1"; name = "mikrotik-router-${version}"; - src = builtins.toFile "router-config.rsc" (concatStringsSep "\n" - (flatten (mapAttrsToList (key: values: formatSection key values) rtr))); + src = builtins.toFile "router-config.rsc" ( + concatStringsSep "\n" (flatten (mapAttrsToList (key: values: formatSection key values) rtr)) + ); builder = builtins.toFile "builder.sh" '' source $stdenv/setup diff --git a/router.nix b/router.nix index e1cc0f5..63ed4cc 100644 --- a/router.nix +++ b/router.nix @@ -7,59 +7,215 @@ } ]; "/interface list" = [ - { comment = "defconf"; name = "WAN"; } - { comment = "defconf"; name = "LAN"; } + { + comment = "defconf"; + name = "WAN"; + } + { + comment = "defconf"; + name = "LAN"; + } + ]; + "/interface wireless security-profiles" = [ + { + find.default = "yes"; + supplicant-identity = "MikroTik"; + } ]; - "/interface wireless security-profiles" = [{ find.default = "yes"; supplicant-identity = "MikroTik"; }]; "/ip pool" = [ - { name = "default-dhcp"; ranges = "192.168.88.10-192.168.88.254"; } + { + name = "default-dhcp"; + ranges = "192.168.88.10-192.168.88.254"; + } ]; "/ip dhcp-server" = [ - { address-pool = "default-dhcp"; disabled = "no"; interface = "bridge"; name = "defconf"; } + { + address-pool = "default-dhcp"; + disabled = "no"; + interface = "bridge"; + name = "defconf"; + } ]; "/interface bridge port" = [ - { bridge = "bridge"; comment = "defconf"; interface = "ether2"; } - { bridge = "bridge"; comment = "defconf"; interface = "ether3"; } - { bridge = "bridge"; comment = "defconf"; interface = "ether4"; } - { bridge = "bridge"; comment = "defconf"; interface = "ether5"; } + { + bridge = "bridge"; + comment = "defconf"; + interface = "ether2"; + } + { + bridge = "bridge"; + comment = "defconf"; + interface = "ether3"; + } + { + bridge = "bridge"; + comment = "defconf"; + interface = "ether4"; + } + { + bridge = "bridge"; + comment = "defconf"; + interface = "ether5"; + } ]; - "/ip neighbor discovery-settings" = { discover-interface-list = "LAN"; }; + "/ip neighbor discovery-settings" = { + discover-interface-list = "LAN"; + }; "/interface ethernet switch vlan" = [ - { "independent-learning" = "no"; ports = "ether2,ether3"; switch = "switch1"; "vlan-id" = "20"; } - { "independent-learning" = "no"; ports = "ether4"; switch = "switch1"; "vlan-id" = "30"; } - { "independent-learning" = "no"; ports = "ether5"; switch = "switch1"; "vlan-id" = "40"; } + { + "independent-learning" = "no"; + ports = "ether2,ether3"; + switch = "switch1"; + "vlan-id" = "20"; + } + { + "independent-learning" = "no"; + ports = "ether4"; + switch = "switch1"; + "vlan-id" = "30"; + } + { + "independent-learning" = "no"; + ports = "ether5"; + switch = "switch1"; + "vlan-id" = "40"; + } ]; "/interface list member" = [ - { comment = "defconf"; interface = "bridge"; list = "LAN"; } - { comment = "defconf"; interface = "ether1"; list = "WAN"; } + { + comment = "defconf"; + interface = "bridge"; + list = "LAN"; + } + { + comment = "defconf"; + interface = "ether1"; + list = "WAN"; + } ]; "/ip address" = [ - { address = "192.168.88.1/24"; comment = "defconf"; interface = "bridge"; network = "192.168.88.0"; } + { + address = "192.168.88.1/24"; + comment = "defconf"; + interface = "bridge"; + network = "192.168.88.0"; + } ]; "/ip dhcp-client" = [ - { comment = "defconf"; "dhcp-options" = "hostname,clientid"; disabled = "no"; interface = "ether1"; } + { + comment = "defconf"; + "dhcp-options" = "hostname,clientid"; + disabled = "no"; + interface = "ether1"; + } + ]; + "/ip dhcp-server lease" = [ + { + address = "192.168.88.253"; + "allow-dual-stack-queue" = "no"; + "mac-address" = "D8:3A:DD:28:1D:3B"; + } + ]; + "/ip dhcp-server network" = [ + { + address = "192.168.88.0/24"; + comment = "defconf"; + gateway = "192.168.88.1"; + } + ]; + "/ip dns" = { + "allow-remote-requests" = "yes"; + servers = "192.168.88.253"; + }; + "/ip dns static" = [ + { + address = "192.168.88.1"; + name = "router.lan"; + } ]; - "/ip dhcp-server lease" = [{ address = "192.168.88.253"; "allow-dual-stack-queue" = "no"; "mac-address" = "D8:3A:DD:28:1D:3B"; }]; - "/ip dhcp-server network" = [{ address = "192.168.88.0/24"; comment = "defconf"; gateway = "192.168.88.1"; }]; - "/ip dns" = { "allow-remote-requests" = "yes"; servers = "192.168.88.253"; }; - "/ip dns static" = [{ address = "192.168.88.1"; name = "router.lan"; }]; "/ip firewall filter" = [ - { action = "accept"; chain = "input"; comment = "defconf: accept established,related,untracked"; "connection-state" = "established,related,untracked"; } - { action = "drop"; chain = "input"; comment = "defconf: drop invalid"; "connection-state" = "invalid"; } - { action = "accept"; chain = "input"; comment = "defconf: accept ICMP"; protocol = "icmp"; } - { action = "drop"; chain = "input"; comment = "defconf: drop all not coming from LAN"; "in-interface-list" = "!LAN"; } - { action = "accept"; chain = "forward"; comment = "defconf: accept in ipsec policy"; "ipsec-policy" = "in,ipsec"; } - { action = "accept"; chain = "forward"; comment = "defconf: accept out ipsec policy"; "ipsec-policy" = "out,ipsec"; } - { action = "fasttrack-connection"; chain = "forward"; comment = "defconf: fasttrack"; "connection-state" = "established,related"; } - { action = "accept"; chain = "forward"; comment = "defconf: accept established,related, untracked"; "connection-state" = "established,related,untracked"; } - { action = "drop"; chain = "forward"; comment = "defconf: drop invalid"; "connection-state" = "invalid"; } - { action = "drop"; chain = "forward"; comment = "defconf: drop all from WAN not DSTNATed"; "connection-nat-state" = "!dstnat"; "connection-state" = "new"; "in-interface-list" = "WAN"; } + { + action = "accept"; + chain = "input"; + comment = "defconf: accept established,related,untracked"; + "connection-state" = "established,related,untracked"; + } + { + action = "drop"; + chain = "input"; + comment = "defconf: drop invalid"; + "connection-state" = "invalid"; + } + { + action = "accept"; + chain = "input"; + comment = "defconf: accept ICMP"; + protocol = "icmp"; + } + { + action = "drop"; + chain = "input"; + comment = "defconf: drop all not coming from LAN"; + "in-interface-list" = "!LAN"; + } + { + action = "accept"; + chain = "forward"; + comment = "defconf: accept in ipsec policy"; + "ipsec-policy" = "in,ipsec"; + } + { + action = "accept"; + chain = "forward"; + comment = "defconf: accept out ipsec policy"; + "ipsec-policy" = "out,ipsec"; + } + { + action = "fasttrack-connection"; + chain = "forward"; + comment = "defconf: fasttrack"; + "connection-state" = "established,related"; + } + { + action = "accept"; + chain = "forward"; + comment = "defconf: accept established,related, untracked"; + "connection-state" = "established,related,untracked"; + } + { + action = "drop"; + chain = "forward"; + comment = "defconf: drop invalid"; + "connection-state" = "invalid"; + } + { + action = "drop"; + chain = "forward"; + comment = "defconf: drop all from WAN not DSTNATed"; + "connection-nat-state" = "!dstnat"; + "connection-state" = "new"; + "in-interface-list" = "WAN"; + } ]; "/ip firewall nat" = [ - { action = "masquerade"; chain = "srcnat"; comment = "defconf: masquerade"; "ipsec-policy" = "out,none"; "out-interface-list" = "WAN"; } + { + action = "masquerade"; + chain = "srcnat"; + comment = "defconf: masquerade"; + "ipsec-policy" = "out,none"; + "out-interface-list" = "WAN"; + } ]; - "/system clock" = { "time-zone-name" = "Europe/Berlin"; }; - "/system routerboard settings" = { "silent-boot" = "no"; }; - "/tool mac-server" = { "allowed-interface-list" = "LAN"; }; - "/tool mac-server mac-winbox" = { "allowed-interface-list" = "LAN"; }; + "/system clock" = { + "time-zone-name" = "Europe/Berlin"; + }; + "/system routerboard settings" = { + "silent-boot" = "no"; + }; + "/tool mac-server" = { + "allowed-interface-list" = "LAN"; + }; + "/tool mac-server mac-winbox" = { + "allowed-interface-list" = "LAN"; + }; } diff --git a/systems/club-mate/default.nix b/systems/club-mate/default.nix index 38b08b1..b40ebcb 100644 --- a/systems/club-mate/default.nix +++ b/systems/club-mate/default.nix @@ -65,8 +65,14 @@ source-han-serif-japanese ]; fontconfig.defaultFonts = { - serif = [ "Noto Serif" "Source Han Serif" ]; - sansSerif = [ "Noto Sans" "Source Han Sans" ]; + serif = [ + "Noto Serif" + "Source Han Serif" + ]; + sansSerif = [ + "Noto Sans" + "Source Han Sans" + ]; }; }; @@ -115,7 +121,9 @@ }; }; - environment.variables = { LOG_ICONS = "true"; }; + environment.variables = { + LOG_ICONS = "true"; + }; services = { xserver = { xkb.layout = "de"; diff --git a/systems/fritz-mate/default.nix b/systems/fritz-mate/default.nix index 8805ac5..322a0fa 100644 --- a/systems/fritz-mate/default.nix +++ b/systems/fritz-mate/default.nix @@ -7,9 +7,7 @@ }: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; boot = { loader = { @@ -19,12 +17,14 @@ kernelPackages = self.inputs.rpi_5.legacyPackages.aarch64-linux.linuxPackages_rpi5; kernelModules = [ ]; initrd = { - availableKernelModules = [ "usbhid" "usb_storage" ]; + availableKernelModules = [ + "usbhid" + "usb_storage" + ]; kernelModules = [ ]; }; }; - networking = { useDHCP = lib.mkDefault true; wireless.iwd = { diff --git a/systems/mio-mio-mate/default.nix b/systems/mio-mio-mate/default.nix index 7e8a19f..0c51bc5 100644 --- a/systems/mio-mio-mate/default.nix +++ b/systems/mio-mio-mate/default.nix @@ -35,8 +35,16 @@ networking.firewall = { enable = true; - allowedTCPPorts = [ 80 443 53 ]; - allowedUDPPorts = [ 80 443 53 ]; + allowedTCPPorts = [ + 80 + 443 + 53 + ]; + allowedUDPPorts = [ + 80 + 443 + 53 + ]; }; services.nginx = { diff --git a/users/default.nix b/users/default.nix index 3cc8526..bfe68b4 100644 --- a/users/default.nix +++ b/users/default.nix @@ -1,8 +1,4 @@ -{ - pkgs, - config, - ... -}: +{ pkgs, config, ... }: { home = {