~

nixos/docker/default.nix

@@ -1,6 +1,5 @@
 { ... }: {
 	imports = [
 		./pihole
-		./raspap
 	];
 }

nixos/docker/pihole/default.nix

@@ -37,6 +37,7 @@ in with lib; {
 
 			networking.firewall = mkIf cfg.openFirewall {
 				allowedTCPPorts = [ 53 cfg.listenPortHTTP cfg.listenPortHTTPS ];
+				allowedUDPPorts = [ 53 67 ];
 			};
 		}
 	]);

nixos/docker/pihole/docker-compose.nix

@@ -21,6 +21,7 @@
     ports = [
       "53:53/tcp"
       "53:53/udp"
+      "67:67/udp"
       "80:80/tcp"
       "443:443/tcp"
     ];

nixos/docker/pihole/docker-compose.yml

@@ -13,7 +13,7 @@ services:
       # Default HTTPs Port. FTL will generate a self-signed certificate
       - "443:443/tcp"
       # Uncomment the line below if you are using Pi-hole as your DHCP server
-      #- "67:67/udp"
+      - "67:67/udp"
       # Uncomment the line below if you are using Pi-hole as your NTP server
       #- "123:123/udp"
     environment:

nixos/docker/raspap/default.nix

@@ -1,64 +0,0 @@
-{ pkgs, lib, config, ... }: let
-	cfg = config.r5e.containers.raspap;
-in with lib; {
-	options.r5e.containers.raspap = {
-		enable = mkEnableOption "raspap";
-		ssid = mkOption {
-			type = types.str;
-			default = "raspap-webgui";
-		};
-		password = mkOption {
-			type = types.str;
-			default = "ChangeMe";
-		};
-		country = mkOption {
-			type = types.str;
-			default = "US";
-		};
-		listenPort = mkOption {
-			type = types.int;
-			default = 8081;
-		};
-		openFirewall = mkOption {
-			type = types.bool;
-			default = false;
-		};
-		webgui = {
-			username = mkOption {
-				type = types.str;
-				default = "admin";
-			};
-			password = mkOption {
-				type = types.str;
-				default = "secret";
-			};
-			listenPort = mkOption {
-				type = types.int;
-				default = 80;
-			};
-		};
-	};
-
-	config = mkIf cfg.enable (mkMerge [
-		(import ./docker-compose.nix { inherit pkgs lib; })
-		{
-			virtualisation.oci-containers.containers.raspap = {
-				ports = [
-					(builtins.toString cfg.listenPort + ":8081/tcp")
-				];
-				environment = {
-					RASPAP_SSID = cfg.ssid;
-					RASPAP_SSID_PASS = cfg.password;
-					RASPAP_COUNTRY = cfg.country;
-					RASPAP_WEBGUI_USER = cfg.webgui.username;
-					RASPAP_WEBGUI_PASS = cfg.webgui.password;
-					RASPAP_WEBGUI_PORT = builtins.toString cfg.webgui.listenPort;
-				};
-			};
-
-			networking.firewall = mkIf cfg.openFirewall {
-				allowedTCPPorts = [ cfg.listenPort cfg.webgui.listenPort ];
-			};
-		}
-	]);
-}

nixos/docker/raspap/docker-compose.nix

@@ -1,49 +0,0 @@
-# Auto-generated using compose2nix v0.3.1.
-{ pkgs, lib, ... }:
-
-{
-	# Runtime
-	virtualisation.docker = {
-		enable = true;
-		autoPrune.enable = true;
-	};
-	virtualisation.oci-containers.backend = "docker";
-
-	# Containers
-	virtualisation.oci-containers.containers."raspap" = {
-		image = "ghcr.io/raspap/raspap-docker:latest";
-		volumes = [
-			"/sys/fs/cgroup:/sys/fs/cgroup:rw"
-		];
-		log-driver = "journald";
-		extraOptions = [
-			"--cap-add=SYS_ADMIN"
-			"--network=host"
-			"--privileged"
-		];
-	};
-	systemd.services."docker-raspap" = {
-		serviceConfig = {
-			Restart = lib.mkOverride 90 "always";
-			RestartMaxDelaySec = lib.mkOverride 90 "1m";
-			RestartSec = lib.mkOverride 90 "100ms";
-			RestartSteps = lib.mkOverride 90 9;
-		};
-		partOf = [
-			"docker-compose-raspap-root.target"
-		];
-		wantedBy = [
-			"docker-compose-raspap-root.target"
-		];
-	};
-
-	# Root service
-	# When started, this will automatically create all resources and start
-	# the containers. When stopped, this will teardown all resources.
-	systemd.targets."docker-compose-raspap-root" = {
-		unitConfig = {
-			Description = "Root target generated by compose2nix.";
-		};
-		wantedBy = [ "multi-user.target" ];
-	};
-}

nixos/docker/raspap/docker-compose.yml

@@ -1,15 +0,0 @@
-name: raspap
-version: "3.8"
-services:
-  raspap:
-    container_name: raspap
-    image: ghcr.io/raspap/raspap-docker:latest
-    #build: .
-    privileged: true
-    network_mode: host
-    cgroup: host # uncomment when using an ARM device
-    cap_add:
-      - SYS_ADMIN
-    volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:rw
-    restart: unless-stopped

nixos/hosts/near/configuration.nix

@@ -7,6 +7,8 @@
 		../../docker
 	];
 
+	hardware.enableRedistributableFirmware = true;
+
 	users.users.root.openssh.authorizedKeys.keys = [
 		"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPyZFWvrboUTM/dKzz5kQHEKjNqI410VJUGiVckhjOve rae@ioides"
 	];
@@ -22,12 +24,37 @@
 		};
 	};
 
-	networking = {
+	services = {
-		hostName = "near";
+		# dnsmasq = {
-		firewall.allowedTCPPorts = [ 22 ];
+		# 	enable = true;
+		# 	extraConfig = ''
+		# 		interface=wlan0
+		# 		bind-interfaces
+		# 	'';
+		# };
+		hostapd = {
+			enable = true;
+			interface = "wlan0";
+			hwMode = "g";
+			ssid = "near";
+			wpaPassphrase = "RjkVTYUZE08HN"; #! world readable
+		};
 	};
 
-	environment.systemPackages = with pkgs; [ git ];
+	networking = {
+		bridges.br0.interfaces = [ "end0" "wlan0" ];
+		firewall.allowedTCPPorts = [ 22 ];
+		hostName = "near";
+		networkmanager.unmanaged = [ "interface-name:wlan0" ];
+		wireless.enable = true;
+	};
+
+	environment.systemPackages = with pkgs; [
+		bridge-utils
+		# dnsmasq
+		git
+		hostapd
+	];
 
 	time.timeZone = "America/New_York";