diff --git a/.gitignore b/.gitignore index 19d6ab6..47b8b75 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ result/ result *.img +*.img.* diff --git a/nixos/docker/pihole/docker-compose.nix b/nixos/docker/pihole/docker-compose.nix index 57acdb8..dd9687b 100644 --- a/nixos/docker/pihole/docker-compose.nix +++ b/nixos/docker/pihole/docker-compose.nix @@ -27,6 +27,7 @@ ]; log-driver = "journald"; extraOptions = [ + "--cap-add=NET_ADMIN" "--cap-add=SYS_NICE" "--network-alias=pihole" "--network=pihole_default" diff --git a/nixos/docker/pihole/docker-compose.yml b/nixos/docker/pihole/docker-compose.yml index 74129e2..729bb4d 100644 --- a/nixos/docker/pihole/docker-compose.yml +++ b/nixos/docker/pihole/docker-compose.yml @@ -28,7 +28,7 @@ services: cap_add: # See https://github.com/pi-hole/docker-pi-hole#note-on-capabilities # Required if you are using Pi-hole as your DHCP server, else not needed - # - NET_ADMIN + - NET_ADMIN # Required if you are using Pi-hole as your NTP client to be able to set the host's system time # - SYS_TIME # Optional, if Pi-hole should get some more processing time diff --git a/nixos/hosts/ioides/configuration.nix b/nixos/hosts/ioides/configuration.nix index ad0c7df..b4b2c12 100644 --- a/nixos/hosts/ioides/configuration.nix +++ b/nixos/hosts/ioides/configuration.nix @@ -37,7 +37,7 @@ networking = { hostName = "ioides"; hosts = { - "10.0.0.39" = [ "near" "near.local" ]; + "10.0.0.2" = [ "near" "near.local" ]; }; }; diff --git a/nixos/hosts/near/configuration.nix b/nixos/hosts/near/configuration.nix index 3223440..177d67e 100644 --- a/nixos/hosts/near/configuration.nix +++ b/nixos/hosts/near/configuration.nix @@ -1,4 +1,4 @@ -{ inputs, pkgs, ... }: { +{ inputs, pkgs, lib, ... }: { imports = [ inputs.raspberry-pi-nix.nixosModules.raspberry-pi inputs.raspberry-pi-nix.nixosModules.sd-image @@ -7,8 +7,6 @@ ../../docker ]; - hardware.enableRedistributableFirmware = true; - users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPyZFWvrboUTM/dKzz5kQHEKjNqI410VJUGiVckhjOve rae@ioides" ]; @@ -17,44 +15,67 @@ virtualisation.docker.enable = true; r5e.containers = { pihole = { - enable = true; + enable = false; openFirewall = true; - listenPortHTTP = 8081; + listenPortHTTP = 8080; listenPortHTTPS = 8443; }; }; services = { - # dnsmasq = { - # enable = true; - # extraConfig = '' - # interface=wlan0 - # bind-interfaces - # ''; - # }; + dnsmasq = { + enable = true; + settings = { + dhcp-range = [ "192.168.14.10,192.168.14.254,24h" ]; + interface = "wlan0"; + }; + }; hostapd = { enable = true; - interface = "wlan0"; - hwMode = "g"; - ssid = "near"; - wpaPassphrase = "RjkVTYUZE08HN"; #! world readable + radios.wlan0 = { + band = "2g"; + channel = 7; + countryCode = "US"; + networks.wlan0 = { + ssid = "near [2.4ghz]"; + authentication = { + mode = "wpa2-sha256"; + wpaPassword = "techcat8"; + }; + }; + settings = { + ht_capab = lib.mkForce "[HT40][SHORT-GI-20]"; + }; + }; }; }; networking = { - bridges.br0.interfaces = [ "end0" "wlan0" ]; - firewall.allowedTCPPorts = [ 22 ]; + # bridges.br0 = { + # interfaces = [ "end0" "wlan0" ]; + # }; + defaultGateway.address = "10.0.0.1"; + firewall.allowedTCPPorts = [ 53 22 ]; + firewall.allowedUDPPorts = [ 53 67 68 ]; hostName = "near"; - networkmanager.unmanaged = [ "interface-name:wlan0" ]; + interfaces = { + # br0 = { + # ipv4.addresses = [ + # { + # address = "10.0.0.2"; + # prefixLength = 24; + # } + # ]; + # }; + end0.useDHCP = true; + wlan0.useDHCP = true; + }; + networkmanager.unmanaged = [ "interface-name:wlan*" ]; + useDHCP = false; wireless.enable = true; }; - environment.systemPackages = with pkgs; [ - bridge-utils - # dnsmasq - git - hostapd - ]; + environment.etc."wpa_supplicant.conf".text = ""; time.timeZone = "America/New_York";