lf3/server-conf
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

format

Browse source
This commit is contained in:
jopejoe1 2024-05-01 10:40:26 +02:00
parent a7589ad4fe
commit 0e56405038
8 changed files with 257 additions and 69 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
common.nix
View file

@ -1,4 +1,10 @@
{ lib, pkgs, config, self, ... }: {
lib,
pkgs,
config,
self,
...
}:
{ {
networking = { networking = {
wireless = { wireless = {

11
flake.nix
View file

@ -46,9 +46,12 @@
inputs@{ self, nixpkgs, ... }: inputs@{ self, nixpkgs, ... }:
{ {
nixosConfigurations = import ./systems.nix { inherit self inputs nixpkgs; }; nixosConfigurations = import ./systems.nix { inherit self inputs nixpkgs; };
packages = nixpkgs.lib.attrsets.genAttrs nixpkgs.lib.systems.flakeExposed (system: import ./mikrotik.nix { packages = nixpkgs.lib.attrsets.genAttrs nixpkgs.lib.systems.flakeExposed (
inherit system inputs; system:
pkgs = nixpkgs.legacyPackages.${system}; import ./mikrotik.nix {
}); inherit system inputs;
pkgs = nixpkgs.legacyPackages.${system};
}
);
}; };
} }

37
mikrotik.nix
View file

@ -1,4 +1,9 @@
{ mikrotik-config ? ./router.nix, pkgs, inputs, system}: {
mikrotik-config ? ./router.nix,
pkgs,
inputs,
system,
}:
with pkgs; with pkgs;
with lib; with lib;
with builtins; with builtins;
@ -6,14 +11,15 @@ with builtins;
let let
rtr = (import mikrotik-config); rtr = (import mikrotik-config);
formatValue = key: value: formatValue =
key: value:
if key == "comment" then if key == "comment" then
''${key}="${value}"'' ''${key}="${value}"''
else if key == "no_label" then else if key == "no_label" then
formatValue null value formatValue null value
#''${key}="${value}"'' #''${key}="${value}"''
else if isAttrs value && key != null then else if isAttrs value && key != null then
concatStringsSep " " (["${key}"] ++ (mapAttrsToList (k: v: formatValue k v) value)) concatStringsSep " " ([ "${key}" ] ++ (mapAttrsToList (k: v: formatValue k v) value))
else if isAttrs value then else if isAttrs value then
concatStringsSep " " (mapAttrsToList (k: v: formatValue k v) value) concatStringsSep " " (mapAttrsToList (k: v: formatValue k v) value)
@ -21,19 +27,24 @@ let
else else
"${key}=${value}"; "${key}=${value}";
formatSection = name: opts: formatSection =
[ "${name}" ] ++ (if isAttrs opts then name: opts:
(mapAttrsToList (k: v: "set ${formatValue k v}") opts) [ "${name}" ]
else ++ (
(map (x: "add ${formatValue null x}") opts)); if isAttrs opts then
(mapAttrsToList (k: v: "set ${formatValue k v}") opts)
in rec { else
(map (x: "add ${formatValue null x}") opts)
);
in
rec {
mikrotik-router = stdenv.mkDerivation rec { mikrotik-router = stdenv.mkDerivation rec {
version = "0.0.1"; version = "0.0.1";
name = "mikrotik-router-${version}"; name = "mikrotik-router-${version}";
src = builtins.toFile "router-config.rsc" (concatStringsSep "\n" src = builtins.toFile "router-config.rsc" (
(flatten (mapAttrsToList (key: values: formatSection key values) rtr))); concatStringsSep "\n" (flatten (mapAttrsToList (key: values: formatSection key values) rtr))
);
builder = builtins.toFile "builder.sh" '' builder = builtins.toFile "builder.sh" ''
source $stdenv/setup source $stdenv/setup

228
router.nix
View file

@ -7,59 +7,215 @@
} }
]; ];
"/interface list" = [ "/interface list" = [
{ comment = "defconf"; name = "WAN"; } {
{ comment = "defconf"; name = "LAN"; } comment = "defconf";
name = "WAN";
}
{
comment = "defconf";
name = "LAN";
}
];
"/interface wireless security-profiles" = [
{
find.default = "yes";
supplicant-identity = "MikroTik";
}
]; ];
"/interface wireless security-profiles" = [{ find.default = "yes"; supplicant-identity = "MikroTik"; }];
"/ip pool" = [ "/ip pool" = [
{ name = "default-dhcp"; ranges = "192.168.88.10-192.168.88.254"; } {
name = "default-dhcp";
ranges = "192.168.88.10-192.168.88.254";
}
]; ];
"/ip dhcp-server" = [ "/ip dhcp-server" = [
{ address-pool = "default-dhcp"; disabled = "no"; interface = "bridge"; name = "defconf"; } {
address-pool = "default-dhcp";
disabled = "no";
interface = "bridge";
name = "defconf";
}
]; ];
"/interface bridge port" = [ "/interface bridge port" = [
{ bridge = "bridge"; comment = "defconf"; interface = "ether2"; } {
{ bridge = "bridge"; comment = "defconf"; interface = "ether3"; } bridge = "bridge";
{ bridge = "bridge"; comment = "defconf"; interface = "ether4"; } comment = "defconf";
{ bridge = "bridge"; comment = "defconf"; interface = "ether5"; } interface = "ether2";
}
{
bridge = "bridge";
comment = "defconf";
interface = "ether3";
}
{
bridge = "bridge";
comment = "defconf";
interface = "ether4";
}
{
bridge = "bridge";
comment = "defconf";
interface = "ether5";
}
]; ];
"/ip neighbor discovery-settings" = { discover-interface-list = "LAN"; }; "/ip neighbor discovery-settings" = {
discover-interface-list = "LAN";
};
"/interface ethernet switch vlan" = [ "/interface ethernet switch vlan" = [
{ "independent-learning" = "no"; ports = "ether2,ether3"; switch = "switch1"; "vlan-id" = "20"; } {
{ "independent-learning" = "no"; ports = "ether4"; switch = "switch1"; "vlan-id" = "30"; } "independent-learning" = "no";
{ "independent-learning" = "no"; ports = "ether5"; switch = "switch1"; "vlan-id" = "40"; } ports = "ether2,ether3";
switch = "switch1";
"vlan-id" = "20";
}
{
"independent-learning" = "no";
ports = "ether4";
switch = "switch1";
"vlan-id" = "30";
}
{
"independent-learning" = "no";
ports = "ether5";
switch = "switch1";
"vlan-id" = "40";
}
]; ];
"/interface list member" = [ "/interface list member" = [
{ comment = "defconf"; interface = "bridge"; list = "LAN"; } {
{ comment = "defconf"; interface = "ether1"; list = "WAN"; } comment = "defconf";
interface = "bridge";
list = "LAN";
}
{
comment = "defconf";
interface = "ether1";
list = "WAN";
}
]; ];
"/ip address" = [ "/ip address" = [
{ address = "192.168.88.1/24"; comment = "defconf"; interface = "bridge"; network = "192.168.88.0"; } {
address = "192.168.88.1/24";
comment = "defconf";
interface = "bridge";
network = "192.168.88.0";
}
]; ];
"/ip dhcp-client" = [ "/ip dhcp-client" = [
{ comment = "defconf"; "dhcp-options" = "hostname,clientid"; disabled = "no"; interface = "ether1"; } {
comment = "defconf";
"dhcp-options" = "hostname,clientid";
disabled = "no";
interface = "ether1";
}
];
"/ip dhcp-server lease" = [
{
address = "192.168.88.253";
"allow-dual-stack-queue" = "no";
"mac-address" = "D8:3A:DD:28:1D:3B";
}
];
"/ip dhcp-server network" = [
{
address = "192.168.88.0/24";
comment = "defconf";
gateway = "192.168.88.1";
}
];
"/ip dns" = {
"allow-remote-requests" = "yes";
servers = "192.168.88.253";
};
"/ip dns static" = [
{
address = "192.168.88.1";
name = "router.lan";
}
]; ];
"/ip dhcp-server lease" = [{ address = "192.168.88.253"; "allow-dual-stack-queue" = "no"; "mac-address" = "D8:3A:DD:28:1D:3B"; }];
"/ip dhcp-server network" = [{ address = "192.168.88.0/24"; comment = "defconf"; gateway = "192.168.88.1"; }];
"/ip dns" = { "allow-remote-requests" = "yes"; servers = "192.168.88.253"; };
"/ip dns static" = [{ address = "192.168.88.1"; name = "router.lan"; }];
"/ip firewall filter" = [ "/ip firewall filter" = [
{ action = "accept"; chain = "input"; comment = "defconf: accept established,related,untracked"; "connection-state" = "established,related,untracked"; } {
{ action = "drop"; chain = "input"; comment = "defconf: drop invalid"; "connection-state" = "invalid"; } action = "accept";
{ action = "accept"; chain = "input"; comment = "defconf: accept ICMP"; protocol = "icmp"; } chain = "input";
{ action = "drop"; chain = "input"; comment = "defconf: drop all not coming from LAN"; "in-interface-list" = "!LAN"; } comment = "defconf: accept established,related,untracked";
{ action = "accept"; chain = "forward"; comment = "defconf: accept in ipsec policy"; "ipsec-policy" = "in,ipsec"; } "connection-state" = "established,related,untracked";
{ action = "accept"; chain = "forward"; comment = "defconf: accept out ipsec policy"; "ipsec-policy" = "out,ipsec"; } }
{ action = "fasttrack-connection"; chain = "forward"; comment = "defconf: fasttrack"; "connection-state" = "established,related"; } {
{ action = "accept"; chain = "forward"; comment = "defconf: accept established,related, untracked"; "connection-state" = "established,related,untracked"; } action = "drop";
{ action = "drop"; chain = "forward"; comment = "defconf: drop invalid"; "connection-state" = "invalid"; } chain = "input";
{ action = "drop"; chain = "forward"; comment = "defconf: drop all from WAN not DSTNATed"; "connection-nat-state" = "!dstnat"; "connection-state" = "new"; "in-interface-list" = "WAN"; } comment = "defconf: drop invalid";
"connection-state" = "invalid";
}
{
action = "accept";
chain = "input";
comment = "defconf: accept ICMP";
protocol = "icmp";
}
{
action = "drop";
chain = "input";
comment = "defconf: drop all not coming from LAN";
"in-interface-list" = "!LAN";
}
{
action = "accept";
chain = "forward";
comment = "defconf: accept in ipsec policy";
"ipsec-policy" = "in,ipsec";
}
{
action = "accept";
chain = "forward";
comment = "defconf: accept out ipsec policy";
"ipsec-policy" = "out,ipsec";
}
{
action = "fasttrack-connection";
chain = "forward";
comment = "defconf: fasttrack";
"connection-state" = "established,related";
}
{
action = "accept";
chain = "forward";
comment = "defconf: accept established,related, untracked";
"connection-state" = "established,related,untracked";
}
{
action = "drop";
chain = "forward";
comment = "defconf: drop invalid";
"connection-state" = "invalid";
}
{
action = "drop";
chain = "forward";
comment = "defconf: drop all from WAN not DSTNATed";
"connection-nat-state" = "!dstnat";
"connection-state" = "new";
"in-interface-list" = "WAN";
}
]; ];
"/ip firewall nat" = [ "/ip firewall nat" = [
{ action = "masquerade"; chain = "srcnat"; comment = "defconf: masquerade"; "ipsec-policy" = "out,none"; "out-interface-list" = "WAN"; } {
action = "masquerade";
chain = "srcnat";
comment = "defconf: masquerade";
"ipsec-policy" = "out,none";
"out-interface-list" = "WAN";
}
]; ];
"/system clock" = { "time-zone-name" = "Europe/Berlin"; }; "/system clock" = {
"/system routerboard settings" = { "silent-boot" = "no"; }; "time-zone-name" = "Europe/Berlin";
"/tool mac-server" = { "allowed-interface-list" = "LAN"; }; };
"/tool mac-server mac-winbox" = { "allowed-interface-list" = "LAN"; }; "/system routerboard settings" = {
"silent-boot" = "no";
};
"/tool mac-server" = {
"allowed-interface-list" = "LAN";
};
"/tool mac-server mac-winbox" = {
"allowed-interface-list" = "LAN";
};
} }

14
systems/club-mate/default.nix
View file

@ -65,8 +65,14 @@
source-han-serif-japanese source-han-serif-japanese
]; ];
fontconfig.defaultFonts = { fontconfig.defaultFonts = {
serif = [ "Noto Serif" "Source Han Serif" ]; serif = [
sansSerif = [ "Noto Sans" "Source Han Sans" ]; "Noto Serif"
"Source Han Serif"
];
sansSerif = [
"Noto Sans"
"Source Han Sans"
];
}; };
}; };
@ -115,7 +121,9 @@
}; };
}; };
environment.variables = { LOG_ICONS = "true"; }; environment.variables = {
LOG_ICONS = "true";
};
services = { services = {
xserver = { xserver = {
xkb.layout = "de"; xkb.layout = "de";

10
systems/fritz-mate/default.nix
View file

@ -7,9 +7,7 @@
}: }:
{ {
imports = [ imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
(modulesPath + "/installer/scan/not-detected.nix")
];
boot = { boot = {
loader = { loader = {
@ -19,12 +17,14 @@
kernelPackages = self.inputs.rpi_5.legacyPackages.aarch64-linux.linuxPackages_rpi5; kernelPackages = self.inputs.rpi_5.legacyPackages.aarch64-linux.linuxPackages_rpi5;
kernelModules = [ ]; kernelModules = [ ];
initrd = { initrd = {
availableKernelModules = [ "usbhid" "usb_storage" ]; availableKernelModules = [
"usbhid"
"usb_storage"
];
kernelModules = [ ]; kernelModules = [ ];
}; };
}; };
networking = { networking = {
useDHCP = lib.mkDefault true; useDHCP = lib.mkDefault true;
wireless.iwd = { wireless.iwd = {

12
systems/mio-mio-mate/default.nix
View file

@ -35,8 +35,16 @@
networking.firewall = { networking.firewall = {
enable = true; enable = true;
allowedTCPPorts = [ 80 443 53 ]; allowedTCPPorts = [
allowedUDPPorts = [ 80 443 53 ]; 80
443
53
];
allowedUDPPorts = [
80
443
53
];
}; };
services.nginx = { services.nginx = {

6
users/default.nix
View file

@ -1,8 +1,4 @@
{ { pkgs, config, ... }:
pkgs,
config,
...
}:
{ {
home = { home = {