From 605a2005bb92dc47556ea6e540d4d2d1c515ffdc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kjetil=20=C3=98rbekk?= <kj@orbekk.com>
Date: Sun, 8 Nov 2020 18:23:56 -0500
Subject: dragon config

---
 config/ap.nix | 186 ----------------------------------------------------------
 1 file changed, 186 deletions(-)
 delete mode 100644 config/ap.nix

(limited to 'config/ap.nix')

diff --git a/config/ap.nix b/config/ap.nix
deleted file mode 100644
index 4f3c634..0000000
--- a/config/ap.nix
+++ /dev/null
@@ -1,186 +0,0 @@
-{ config, lib, pkgs, ... }:
-let
-  wan-dev = "enp37s0";
-  lan-dev = "wlp39s0";
-in
-{
-  networking.networkmanager.enable = lib.mkForce false;
-
-  # networking.vlans.lan = {
-  #   id = 110;
-  #   interface = wan-dev;
-  # };
-  # networking.vlans.wan = {
-  #   id = 100;
-  #   interface = wan-dev;
-  # };
-
-  networking.firewall = {
-    enable = lib.mkForce false;
-    allowedTCPPorts = lib.mkForce [ ];
-    allowedUDPPorts = lib.mkForce [ ];
-    allowPing = true;
-    logRefusedConnections = false;
-    checkReversePath = false;
-    trustedInterfaces = [ "${lan-dev}" ];
-  };
-
-  services.ferm = {
-    enable = true;
-    config = ''
-      @def $DEV_LAN = ${lan-dev};
-      @def $DEV_WAN = ${wan-dev};
-      @def $NET_LAN = 10.64.30.0/24;
-
-      domain ip6 table filter chain INPUT {
-        proto ipv6-icmp ACCEPT;
-        proto udp dport (dhcpv6-client dhcpv6-server) ACCEPT;
-      }
-
-      domain (ip ip6) table filter {
-        chain INPUT {
-          policy DROP;
-
-          mod state state INVALID DROP;
-          mod state state (ESTABLISHED RELATED) ACCEPT;
-
-          interface lo ACCEPT;
-          proto icmp icmp-type echo-request ACCEPT;
-
-          interface $DEV_WAN {
-	    # RTMP
-            # proto (tcp udp) dport 1935 ACCEPT;
-
-	    # Factorio
-	    proto udp dport 34197 ACCEPT;
-	  }
-
-          interface $DEV_LAN @subchain "services" {
-	    # 1935 for rtmp testing
-            proto (tcp udp) dport (ssh domain bootps 1935 4317 5353) ACCEPT;
-
-	    # Chromecast
-            # proto udp dport 32768:61000 ACCEPT;
-	    # proto udp dport (5353 1900) ACCEPT;
-	    # proto tcp dport (8008 8009) ACCEPT;
-
-	    # chain logdrop {
-            #   LOG log-level warning log-prefix "dropped-lan ";
-	    #   DROP;
-	    # }
-	    # jump logdrop;
-          }
-        }
-
-        chain OUTPUT policy ACCEPT;
-
-        chain FORWARD {
-          policy DROP;
-
-          mod state state INVALID DROP;
-          mod state state (ESTABLISHED RELATED) ACCEPT;
-
-          interface $DEV_LAN ACCEPT;
-        }
-      }
-
-      domain ip6 table filter chain INPUT {
-        chain logdrop { 
-          LOG log-level warning log-prefix "dropped-6 "; 
-          DROP;
-        }
-        jump logdrop;
-      }
-
-      domain ip table nat {
-        chain POSTROUTING {
-          saddr $NET_LAN outerface $DEV_WAN MASQUERADE;
-        }
-      }
-    '';
-  };
-
-  services = {
-    openssh.enable = lib.mkDefault true;
-    openssh.passwordAuthentication = false;
-  };
-
-  boot.kernel.sysctl = {
-    # Something wrong with Spectrum ipv6 :(
-    "net.ipv6.conf.all.disable_ipv6" = true;
-    "net.ipv4.conf.all.forwarding" = true;
-    "net.ipv4.conf.default.forwarding" = true;
-    "net.ipv6.conf.all.forwarding" = true;
-    "net.ipv6.conf.default.forwarding" = true;
-  };
-
-  services.hostapd = {
-    enable = true;
-    ssid = "2c";
-    wpaPassphrase = "mintchip";
-    interface = "${lan-dev}";
-    hwMode = "g";
-    channel = 11;
-    extraConfig = ''
-      country_code=US
-      wpa_key_mgmt=WPA-PSK  
-      rsn_pairwise=CCMP
-    '';
-  };
-
-  networking.useDHCP = true;
-  networking.dhcpcd = {
-    enable = true;
-    denyInterfaces = [ lan-dev ];
-    extraConfig = ''
-      # debug
-      noipv6rs
-      interface ${wan-dev}
-        dhcp
-        ipv6rs
-	ia_na 1
-        ia_pd 1/::/56 ${lan-dev}/0/64
-    '';
-    wait = "background";
-  };
-
-  services.dnsmasq = {
-    enable = true;
-    servers = [ "8.8.8.8" "8.8.4.4" ];
-    extraConfig = ''
-      dhcp-authoritative
-      dhcp-range=10.64.30.100,10.64.30.255,255.255.255.0,24h
-      dhcp-option=option:router,10.64.30.1
-      dhcp-option=option:dns-server,10.64.30.1
-      dhcp-option=option:netmask,255.255.255.0
-
-      #dhcp-range=::,constructor:${lan-dev},slaac
-    '';
-  };
-
-  networking.nat = {
-    enable = true;
-    externalInterface = "${wan-dev}";    
-    internalInterfaces = [ "${lan-dev}" ];
-    # internalIPs = [ "10.0.0.0/24" ];
-  };
-
-  # Error matching on link that was already renamed.
-  # systemd.network.links."40-enp37s0".matchConfig = {
-  #   # OriginalName = lib.mkForce null;
-  #   # MACAddress = "00:d8:61:c2:c6:6c";
-  # };
-  # systemd.services.dhcpcd.preStart = lib.mkAfter ''
-  #   ${pkgs.iproute}/bin/ip link set dev ${wan-dev} address ${config.networking.interfaces.${wan-dev}.macAddress};
-  # '';
-  # networking.interfaces.${wan-dev} = {
-  #   macAddress = "3c:97:0e:19:7e:5c";
-  # };
-
-  networking.interfaces."${lan-dev}" = {
-    ipv4.addresses = [ {
-      address = "10.64.30.1";
-      prefixLength = 24;
-    } ];
-  };
-}
-- 
cgit v1.2.3