From 51919fa5d22afc93385c85aa2739210609c4ae5f Mon Sep 17 00:00:00 2001
From: Astro <astro@spaceboyz.net>
Date: Sun, 4 Feb 2024 19:54:50 +0100
Subject: [PATCH] c3d2iot: prepare

---
 config/ap.nix                   |  4 +++
 config/net/c3d2iot.nix          | 46 +++++++++++++++++++++++++++++++++
 config/net/core.nix             |  3 +++
 config/vlan.nix                 |  2 ++
 nix/lib/config/options.nix      |  4 +++
 nix/pkgs/openwrt/uci-config.nix |  1 +
 6 files changed, 60 insertions(+)
 create mode 100644 config/net/c3d2iot.nix

diff --git a/config/ap.nix b/config/ap.nix
index a11e7e4..f4c24d5 100644
--- a/config/ap.nix
+++ b/config/ap.nix
@@ -279,6 +279,7 @@
     ap2 = {
       interfaces = {
         c3d2.type = "bridge";
+        c3d2iot.type = "bridge";
         mgmt = {
           gw4 = "mgmt-gw";
           gw6 = "mgmt-gw";
@@ -311,6 +312,7 @@
           htmode = "HT20";
           ssids = {
             "C3D2 legacy" = { net = "c3d2"; };
+            "C3D2 IoT" = { net = "c3d2"; hidden = true; };
             "ZW public legacy" = { net = "pub"; };
           };
         };
@@ -681,6 +683,7 @@
     ap31 = {
       interfaces = {
         c3d2.type = "bridge";
+        c3d2iot.type = "bridge";
         mgmt = {
           gw4 = "mgmt-gw";
           gw6 = "mgmt-gw";
@@ -711,6 +714,7 @@
           htmode = "HT20";
           ssids = {
             "C3D2 legacy" = { net = "c3d2"; };
+            "C3D2 IoT" = { net = "c3d2"; hidden = true; };
             FOTOAKADEMIEdd = { net = "priv39"; };
             "ZW public legacy" = { net = "pub"; };
           };
diff --git a/config/net/c3d2iot.nix b/config/net/c3d2iot.nix
new file mode 100644
index 000000000..011dffd
--- /dev/null
+++ b/config/net/c3d2iot.nix
@@ -0,0 +1,46 @@
+{
+  site.net.c3d2iot = {
+    dhcp = {
+      start = "10.22.0.2";
+      end = "10.22.255.253";
+      router = "c3d2iot-gw";
+      server = "c3d2iot-gw";
+      time = 120;
+      max-time = 12 * 3600;
+    };
+    dynamicDomain = true;
+    domainName = "c3d2iot.zentralwerk.org";
+    hosts4 = {
+      c3d2iot-gw = "10.0.0.254";
+    };
+    hosts6 = {
+      dn42 = {
+        c3d2iot-gw = "fd23:42:c3d2:587:ffff:ffff:ffff:ffff";
+      };
+    };
+    subnet4 = "10.22.0.0/16";
+    subnets6 = {
+      dn42 = "fd23:42:c3d2:587::/64";
+      up4 = "2a00:8180:2c00:287::/64";
+    };
+  };
+
+  site.hosts.c3d2iot-gw = {
+    firewall.enable = true;
+    interfaces = {
+      core = {
+        hwaddr = "0A:22:48:01:24:01";
+        type = "veth";
+      };
+      c3d2iot = {
+        hwaddr = "0A:22:48:01:24:00";
+        type = "veth";
+      };
+    };
+    ospf = {
+      allowedUpstreams =
+        [ "upstream4" "upstream3" "anon1" "freifunk" ];
+    };
+    role = "container";
+  };
+}
diff --git a/config/net/core.nix b/config/net/core.nix
index 349eb11..349818b 100644
--- a/config/net/core.nix
+++ b/config/net/core.nix
@@ -74,6 +74,7 @@
       coloradio-gw = "172.20.72.62";
       vpn-gw = "172.20.72.69";
       flpk-gw = "172.20.72.71";
+      c3d2iot-gw = "172.20.72.77";
     };
     hosts6 = {
       dn42 = {
@@ -86,6 +87,7 @@
         cls-gw = "fd23:42:c3d2:581::c3d2:4";
         freifunk = "fd23:42:c3d2:581:8000::1";
         mgmt-gw = "fd23:42:c3d2:581::8:3";
+        c3d2iot-gw = "fd23:42:c3d2:581::8:7";
         priv1-gw = "fd23:42:c3d2:581::c:0";
         priv10-gw = "fd23:42:c3d2:581::c:9";
         priv11-gw = "fd23:42:c3d2:581::c:a";
@@ -152,6 +154,7 @@
         cls-gw = "2a00:8180:2c00:281::8:4";
         freifunk = "2a00:8180:2c00:281:8000::1";
         mgmt-gw = "2a00:8180:2c00:281::8:3";
+        c3d2iot-gw = "2a00:8180:2c00:281::8:7";
         priv1-gw = "2a00:8180:2c00:281::c:0";
         priv10-gw = "2a00:8180:2c00:281::c:9";
         priv11-gw = "2a00:8180:2c00:281::c:a";
diff --git a/config/vlan.nix b/config/vlan.nix
index 76de987..bfbf1c9 100644
--- a/config/vlan.nix
+++ b/config/vlan.nix
@@ -25,6 +25,8 @@ in
     up2 = 11;
     up3 = 12;
     up4 = 13;
+    # Isolated other stuff
+    c3d2iot = 20;
     # Isolated neighbors directly connectied with their modems
     iso1 = 101;
     iso2 = 102;
diff --git a/nix/lib/config/options.nix b/nix/lib/config/options.nix
index c633f9e..22f01d7 100644
--- a/nix/lib/config/options.nix
+++ b/nix/lib/config/options.nix
@@ -464,6 +464,10 @@ let
                       type = nullOr str;
                       default = null;
                     };
+                    hidden = mkOption {
+                      type = bool;
+                      default = false;
+                    };
                     encryption = mkOption {
                       type = enum [ "none" "owe" "wpa2" "wpa3" ];
                       default =
diff --git a/nix/pkgs/openwrt/uci-config.nix b/nix/pkgs/openwrt/uci-config.nix
index f08b99e..155d531 100644
--- a/nix/pkgs/openwrt/uci-config.nix
+++ b/nix/pkgs/openwrt/uci-config.nix
@@ -375,6 +375,7 @@ in
           uci set wireless.@wifi-iface[-1].mode=${ssidConfig.mode}
           uci set wireless.@wifi-iface[-1].network=${ssidConfig.net}
           uci set wireless.@wifi-iface[-1].mcast_rate=18000
+          uci set wireless.@wifi-iface[-1].hidden=${if ssidConfig.hidden then "1" else "0"}
           uci set wireless.@wifi-iface[-1].encryption='${encryption}'
           ${if (ssidConfig.psk != null)
             then ''