openwrt-images: add uci-config

This commit is contained in:
Astro 2022-05-27 01:37:03 +02:00
parent 8acc5bcb59
commit 1854ec5819
4 changed files with 112 additions and 91 deletions

View File

@ -77,68 +77,17 @@ let
'') (builtins.attrValues rootfs-packages)}
'';
openwrt = import ./openwrt { inherit self nixpkgs system openwrt-imagebuilder; };
openwrt-images = builtins.foldl' (images: hostName:
let
inherit (config.site.hosts.${hostName}) model;
matches = (openwrt-imagebuilder.lib.profiles {
inherit pkgs;
}).identifyProfiles model;
fallbackProfile =
if model == "dir-615-d"
then (openwrt-imagebuilder.lib.profiles {
inherit pkgs;
release = "19.07.10";
}).identifyProfile model
else if builtins.match "tl-wr.*" model != null
then {
release = "18.06.9";
packagesArch = "mips_24kc";
target = "ar71xx";
variant = "tiny";
profile = model;
sha256 = "109a2557gwmgib7r500qn9ygd8j4r4cv5jl5rpn9vczsm4ilkc1z";
feedsSha256 = {
base = "0xklqsk6d5d6bai0ry2hzfjr4sycf6241ihv8v1lmmf9r7d47cr1";
packages = "05g048saibh304ndnlczyq92b1c67c3cqvbhdamw1xqbsp6jzifp";
};
}
else null;
build = args:
openwrt-imagebuilder.lib.build (args // {
extraImageName = "zw-${hostName}";
packages = [
# remove unused default .ipk
"-dnsmasq" "-ppp" "-ppp-mod-pppoe" "-odhcp6c" "-odhcpd-ipv6only"
# debugging
"tcpdump"
# monitoring
"collectd" "collectd-mod-interface" "collectd-mod-load"
"collectd-mod-cpu" "collectd-mod-iwinfo" "collectd-mod-network"
];
disabledServices = [ "dnsmasq" "uhttpd" ];
# TODO: files
});
image = openwrt.buildImage hostName;
in
if matches == [] && fallbackProfile != null
if image != null
then images // {
"${hostName}-image" = build fallbackProfile;
"${hostName}-image" = image;
}
else if matches == []
then builtins.trace "${hostName} (${model}) not supported by OpenWRT"
images
else if builtins.length matches == 1
then
images // {
"${hostName}-image" = build (
builtins.elemAt matches 0
);
}
else builtins.trace "${hostName} (${model}) has multiple models!"
images // {
"${hostName}-image" = build (
builtins.elemAt matches 0
);
}
else images
) {} (
builtins.attrNames (
nixpkgs.lib.filterAttrs (_: { role, ... }: role == "ap")
@ -147,7 +96,7 @@ let
);
device-templates = import ./device-templates.nix {
inherit self nixpkgs system;
inherit self nixpkgs system openwrt;
};
dns-slaves = import ./dns-slaves.nix {

View File

@ -1,4 +1,4 @@
{ self, nixpkgs, system }:
{ self, nixpkgs, system, openwrt }:
with nixpkgs.lib;
let
pkgs = nixpkgs.legacyPackages.${system};
@ -12,7 +12,7 @@ let
inherit self hostName config hostConfig pkgs;
};
in {
ap = import ./ap.nix args;
ap = openwrt.sshScript hostName;
switch = import (./switches + "/${model}.nix")
(args //
import ./switches/shared.nix args

View File

@ -0,0 +1,86 @@
{ self, nixpkgs, system, openwrt-imagebuilder }:
let
inherit (self.lib) config;
pkgs = nixpkgs.legacyPackages.${system};
uciConfig = hostName: import ./uci-config.nix { inherit self pkgs hostName; };
in
{
sshScript = hostName: ''
#! ${pkgs.runtimeShell} -e
${if config.site.hosts.${hostName}.firstboot
then ''
ssh-keygen -R 192.168.1.1
ssh root@192.168.1.1 \
"ash -e -x" <<__SSH__
'' else ''
ssh root@${config.site.net.mgmt.hosts4.${hostName}} \
"ash -e -x" <<__SSH__
${uciConfig hostName}
__SSH__
echo "Base configuration done \\o/"
echo "Later run: ap_install_collectd.sh ${config.site.net.mgmt.hosts4.${hostName}}"
''}
'';
buildImage = hostName:
let
inherit (config.site.hosts.${hostName}) model;
matches = (openwrt-imagebuilder.lib.profiles {
inherit pkgs;
}).identifyProfiles model;
fallbackProfile =
if model == "dir-615-d"
then (openwrt-imagebuilder.lib.profiles {
inherit pkgs;
release = "19.07.10";
}).identifyProfile model
else if builtins.match "tl-wr.*" model != null
then {
release = "18.06.9";
packagesArch = "mips_24kc";
target = "ar71xx";
variant = "tiny";
profile = model;
sha256 = "109a2557gwmgib7r500qn9ygd8j4r4cv5jl5rpn9vczsm4ilkc1z";
feedsSha256 = {
base = "0xklqsk6d5d6bai0ry2hzfjr4sycf6241ihv8v1lmmf9r7d47cr1";
packages = "05g048saibh304ndnlczyq92b1c67c3cqvbhdamw1xqbsp6jzifp";
};
}
else null;
build = args:
openwrt-imagebuilder.lib.build (args // {
extraImageName = "zw-${hostName}";
packages = [
# remove unused default .ipk
"-dnsmasq" "-ppp" "-ppp-mod-pppoe" "-odhcp6c" "-odhcpd-ipv6only"
# debugging
"tcpdump"
# monitoring
"collectd" "collectd-mod-interface" "collectd-mod-load"
"collectd-mod-cpu" "collectd-mod-iwinfo" "collectd-mod-network"
];
disabledServices = [ "dnsmasq" "uhttpd" ];
files = pkgs.runCommandNoCC "image-files" {} ''
mkdir -p $out/etc/uci-defaults
cat > $out/etc/uci-defaults/99-zentralwerk <<EOF
${uciConfig hostName}
EOF
'';
});
in
if matches == [] && fallbackProfile != null
then build fallbackProfile
else if matches == []
then builtins.trace "${hostName} (${model}) not supported by OpenWRT"
null
else if builtins.length matches == 1
then build (builtins.elemAt matches 0)
else builtins.trace "${hostName} (${model}) has multiple models!" (
build (builtins.elemAt matches 0)
);
}

View File

@ -1,7 +1,10 @@
{ self, pkgs, hostName, config, hostConfig, ... }:
{ self, pkgs, hostName }:
with pkgs;
with lib;
let
inherit (self.lib) config;
hostConfig = config.site.hosts.${hostName};
ports = self.lib.getOpenwrtPorts hostConfig.model;
uciDeleteAll = key: ''
@ -26,7 +29,7 @@ let
then port.index
else if port ? interface
then port.interface
else "How to identify port ${lib.generators.toPretty {} port}?";
else "How to identify port ${generators.toPretty {} port}?";
in result // {
"${key}" = port;
}
@ -38,7 +41,7 @@ let
then portByIndex.${index}.port
else if portByIndex.${index} ? interface
then portByIndex.${index}.interface
else throw "${hostName}: What is port ${lib.generators.toPretty {} portByIndex.${index}.port}?"
else throw "${hostName}: What is port ${generators.toPretty {} portByIndex.${index}.port}?"
}"
) (
builtins.sort builtins.lessThan (
@ -118,7 +121,7 @@ let
else []
) (builtins.attrValues openwrtModel.ports)
++
lib.optionals (hostConfig.interfaces ? ${port} && vlan != null) [ "${port}.${toString vlan}" ]
optionals (hostConfig.interfaces ? ${port} && vlan != null) [ "${port}.${toString vlan}" ]
) ports
) (
builtins.attrValues (
@ -129,19 +132,8 @@ let
)
);
in ''
#! ${pkgs.runtimeShell} -e
${if hostConfig.firstboot
then ''
ssh-keygen -R 192.168.1.1
ssh root@192.168.1.1 \
"ash -e -x" <<__SSH__
'' else ''
ssh root@${config.site.net.mgmt.hosts4.${hostName}} \
"ash -e -x" <<__SSH__
''}
in
''
# Set root password
echo -e '${hostConfig.password}\n${hostConfig.password}' | passwd
@ -186,11 +178,11 @@ in ''
uci set network.mgmt=interface
uci set network.mgmt.ifname='${
if builtins.length (networkInterfaces "mgmt") > 0
then lib.concatStringsSep " " (networkInterfaces "mgmt")
then concatStringsSep " " (networkInterfaces "mgmt")
else throw "${hostName}: No interface for mgmt"
}'
uci set network.mgmt.proto=static
${lib.optionalString (hostConfig.interfaces.mgmt.type == "bridge") ''
${optionalString (hostConfig.interfaces.mgmt.type == "bridge") ''
uci set network.mgmt.type=bridge
''}
uci set network.mgmt.ipaddr=${config.site.net.mgmt.hosts4.${hostName}}
@ -205,7 +197,7 @@ in ''
uci -q delete network.globals.ula_prefix || true
# delete unused networks
${concatMapStrings (net:
lib.optionalString (! hostConfig.interfaces ? ${net}) ''
optionalString (! hostConfig.interfaces ? ${net}) ''
uci -q delete network.${net} || true
''
) ([ "lan" "wan" "wan6" ] ++ builtins.attrNames config.site.net)}
@ -216,22 +208,22 @@ in ''
iface = hostConfig.interfaces.${net};
in optionalString (net != "mgmt" && builtins.elem iface.type ["bridge" "phys"]) ''
uci set network.${net}=interface
${lib.optionalString (iface.type == "bridge") ''
${optionalString (iface.type == "bridge") ''
uci set network.${net}.type=bridge
''}
uci set network.${net}.proto=static
uci set network.${net}.ifname='${concatStringsSep " " (networkInterfaces net)}'
${lib.optionalString (config.site.net.${net}.mtu != null) ''
${optionalString (config.site.net.${net}.mtu != null) ''
uci set network.${net}.mtu=${toString config.site.net.${net}.mtu}
''}
${lib.optionalString (config.site.net.${net}.hosts4 ? ${hostName}) ''
${optionalString (config.site.net.${net}.hosts4 ? ${hostName}) ''
# address in net
uci set network.${net}.ipaddr=${config.site.net.${net}.hosts4.${hostName}}
uci set network.${net}.netmask=${self.lib.netmasks.${toString config.site.net.${net}.subnet4Len}}
''}
${lib.concatMapStrings (hosts6: lib.optionalString (hosts6 ? ${hostName}) ''
${concatMapStrings (hosts6: optionalString (hosts6 ? ${hostName}) ''
uci set network.${net}.ip6addr=${hosts6.${hostName}}/64
'') (builtins.attrValues config.site.net.${net}.hosts6)}
'') (builtins.attrNames hostConfig.interfaces)
@ -298,7 +290,7 @@ in ''
uci commit
${lib.optionalString hostConfig.wifiOnLink.enable ''
${optionalString hostConfig.wifiOnLink.enable ''
# Cronjob that makes sure WiFi is only visible when server with all
# the gateways is reachable
cat >/etc/crontabs/root <<__CRON__
@ -338,10 +330,4 @@ in ''
rm -f /etc/rc.d/*\$svc
/etc/init.d/\$svc stop || true
done
${lib.optionalString hostConfig.firstboot "reboot"}
__SSH__
echo "Base configuration done \\o/"
echo "Later run: ap_install_collectd.sh ${config.site.net.mgmt.hosts4.${hostName}}"
''