blob: 4ea1678b20416cd47bcef06be1fc926b0bacd1b3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
{ config, pkgs, lib, ... }:
let
user = "nixos";
password = "";
SSID = "%p%p%p";
SSIDpassword = "";
interface = "wlan0";
hostname = "gamont";
keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPZi43zHEsoWaQomLGaftPE5k0RqVrZyiTtGqZlpWsew emile@caladan"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEzLZ56SEgwZZ0OusTdSDDhpMlxSg1zPNdRLuxKOfrR5 emile@chusuk"
];
in {
boot = {
kernelPackages = pkgs.linuxKernel.packages.linux_rpi4;
kernel.sysctl = {
"net.ipv4.conf.all.forwarding" = true;
};
initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" ];
loader = {
grub.enable = false;
generic-extlinux-compatible.enable = true;
};
};
fileSystems = {
"/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
options = [ "noatime" ];
};
};
networking = {
hostName = hostname;
wireless = {
enable = true;
networks."${SSID}".psk = SSIDpassword;
interfaces = [ interface ];
};
firewall = {
allowedTCPPorts = [ 53 ];
allowedUDPPorts = [ 53 ];
};
interfaces.end0 = {
ipv4.addresses = [ { address = "192.168.1.1"; prefixLength = 24; } ];
};
nftables = {
enable = true;
ruleset = ''
table inet filter {
chain input {
type filter hook input priority 0;
accept
}
chain output {
type filter hook output priority 0;
accept
}
chain forward {
type filter hook forward priority 0;
accept
}
}
table ip nat {
chain postrouting {
type nat hook postrouting priority srcnat; policy accept;
masquerade
}
}
'';
};
};
environment.systemPackages = with pkgs; [
helix
vim
dnsmasq
tcpdump
curl
iptables nftables
];
services = {
openssh.enable = true;
dnsmasq = {
enable = true;
settings = {
server = [
"8.8.8.8"
"8.8.4.4"
];
dhcp-authoritative = true;
domain-needed = true;
dhcp-range = [ "192.168.1.10,192.168.1.254" ];
interface = [ "end0" ];
};
};
};
users = {
mutableUsers = false;
users."${user}" = {
isNormalUser = true;
password = password;
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = keys;
};
users.root = {
openssh.authorizedKeys.keys = keys;
};
};
hardware.enableRedistributableFirmware = true;
system.stateVersion = "23.11";
}
|
