merge porcorosso/swann
This commit is contained in:
commit
237f843e44
4 changed files with 234 additions and 4 deletions
|
@ -81,4 +81,6 @@
|
||||||
callPackage ./archipelago {
|
callPackage ./archipelago {
|
||||||
factorio-rcon-py = callPackage ./archipelago/factorio-rcon-py.nix { };
|
factorio-rcon-py = callPackage ./archipelago/factorio-rcon-py.nix { };
|
||||||
};
|
};
|
||||||
|
|
||||||
|
freeswitch-sounds = pkgs.callPackage ./freeswitch-sounds.nix { };
|
||||||
} // (import ./heptapod-runner args)
|
} // (import ./heptapod-runner args)
|
||||||
|
|
38
nix/pkgs/freeswitch-sounds.nix
Normal file
38
nix/pkgs/freeswitch-sounds.nix
Normal file
|
@ -0,0 +1,38 @@
|
||||||
|
{ stdenv
|
||||||
|
, fetchFromGitHub
|
||||||
|
, ... }:
|
||||||
|
|
||||||
|
stdenv.mkDerivation rec {
|
||||||
|
pname = "freeswitch-sounds";
|
||||||
|
version = "1.0.53";
|
||||||
|
|
||||||
|
src = fetchFromGitHub {
|
||||||
|
owner = "freeswitch";
|
||||||
|
repo = "freeswitch-sounds";
|
||||||
|
rev = "fbe44d17b3cb13fcc8dff190d232162e411ce2db";
|
||||||
|
sha256 = "sha256:021qbdvbhc63va32xndqbdanjysijx2b5an3bzw4ya7b2icnfl0s";
|
||||||
|
};
|
||||||
|
|
||||||
|
installPhase = ''
|
||||||
|
runHook preInstall
|
||||||
|
|
||||||
|
mkdir $out
|
||||||
|
for voice in en/ca/june en/us/{allison,callie} es/ar/mario fr/ca/june pt/BR/karina ru/RU/{elena,kirill,vika} sv/se/jakob zh/{cn,hk}/sinmei; do
|
||||||
|
mkdir -p $out/$voice
|
||||||
|
for category in $voice/*; do
|
||||||
|
test -d $category || continue
|
||||||
|
|
||||||
|
for f in $category/*/*; do
|
||||||
|
filename=$(basename $f)
|
||||||
|
rootname=$(dirname $(dirname $f))
|
||||||
|
mkdir -p $out/$rootname
|
||||||
|
cp $f $out/$rootname/$filename
|
||||||
|
done
|
||||||
|
done
|
||||||
|
done
|
||||||
|
|
||||||
|
cp -Rv music $out/music
|
||||||
|
|
||||||
|
runHook postInstall
|
||||||
|
'';
|
||||||
|
}
|
|
@ -13,8 +13,19 @@ let
|
||||||
};
|
};
|
||||||
}) nmFiles);
|
}) nmFiles);
|
||||||
|
|
||||||
boot-builder = pkgs.callPackage ./boot-builder.nix { };
|
uboot-envtools = pkgs.ubootTools.override {
|
||||||
populate-boot-builder = pkgs.buildPackages.callPackage ./boot-builder.nix { };
|
extraMakeFlags = [ "HOST_TOOLS_ALL=y" "CROSS_BUILD_TOOLS=1" "NO_SDL=1" "envtools" ];
|
||||||
|
|
||||||
|
outputs = [ "out" "man" ];
|
||||||
|
|
||||||
|
postInstall = ''
|
||||||
|
ln -s $out/bin/fw_printenv $out/bin/fw_setenv
|
||||||
|
installManPage doc/*.1
|
||||||
|
'';
|
||||||
|
filesToInstall = [
|
||||||
|
"tools/env/fw_printenv"
|
||||||
|
];
|
||||||
|
};
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
fileSystems = {
|
fileSystems = {
|
||||||
|
@ -97,6 +108,7 @@ in
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
libqmi screen minicom conntrack-tools modemmanager android-tools
|
libqmi screen minicom conntrack-tools modemmanager android-tools
|
||||||
|
uboot-envtools
|
||||||
];
|
];
|
||||||
services.udev.packages = with pkgs; [
|
services.udev.packages = with pkgs; [
|
||||||
modemmanager
|
modemmanager
|
||||||
|
@ -119,4 +131,51 @@ in
|
||||||
systemd.services."systemd-networkd-wait-online".wantedBy = lib.mkForce [];
|
systemd.services."systemd-networkd-wait-online".wantedBy = lib.mkForce [];
|
||||||
|
|
||||||
system.stateVersion = "23.05";
|
system.stateVersion = "23.05";
|
||||||
|
|
||||||
|
hardware.deviceTree = {
|
||||||
|
enable = true;
|
||||||
|
name = "marvell/armada-7040-mochabin.dtb";
|
||||||
|
filter = "armada-7040-mochabin.dtb";
|
||||||
|
overlays = [{
|
||||||
|
name = "spi";
|
||||||
|
filter = "armada-7040-mochabin.dtb";
|
||||||
|
dtsText = ''
|
||||||
|
/dts-v1/;
|
||||||
|
/plugin/;
|
||||||
|
|
||||||
|
/ {
|
||||||
|
compatible = "globalscale,mochabin marvell,armada7040 marvell,armada-ap806-quad marvell,armada-ap806";
|
||||||
|
};
|
||||||
|
|
||||||
|
&cp0_spi1 {
|
||||||
|
flash@0 {
|
||||||
|
status = "disabled";
|
||||||
|
};
|
||||||
|
flash-real@0 {
|
||||||
|
#address-cells = <1>;
|
||||||
|
#size-cells = <1>;
|
||||||
|
compatible = "jedec,spi-nor";
|
||||||
|
reg = <0>;
|
||||||
|
spi-max-frequency = <20000000>;
|
||||||
|
|
||||||
|
partitions {
|
||||||
|
compatible = "fixed-partitions";
|
||||||
|
#address-cells = <1>;
|
||||||
|
#size-cells = <1>;
|
||||||
|
|
||||||
|
partition@0 {
|
||||||
|
label = "firmware";
|
||||||
|
reg = <0x0 0x3e0000>;
|
||||||
|
read-only;
|
||||||
|
};
|
||||||
|
partition@3e0000 {
|
||||||
|
label = "u-boot-env";
|
||||||
|
reg = <0x3e0000 0x20000>;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
'';
|
||||||
|
}];
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -140,7 +140,7 @@ in {
|
||||||
|
|
||||||
{
|
{
|
||||||
routeConfig = {
|
routeConfig = {
|
||||||
Destination = "${replaceV6Octet v6Linknet (n: n - 1)}/112";
|
Destination = "${replaceV6Octet v6Linknet (n: 0)}/112";
|
||||||
Table = rtID;
|
Table = rtID;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -195,6 +195,7 @@ in {
|
||||||
bgp = 150;
|
bgp = 150;
|
||||||
wg-ee = 152;
|
wg-ee = 152;
|
||||||
wg-gnet = 153;
|
wg-gnet = 153;
|
||||||
|
wg-eta = 160;
|
||||||
ee = 201;
|
ee = 201;
|
||||||
gnet = 203;
|
gnet = 203;
|
||||||
};
|
};
|
||||||
|
@ -215,6 +216,13 @@ in {
|
||||||
v4Linknet = "92.118.30.4";
|
v4Linknet = "92.118.30.4";
|
||||||
v6Linknet = "2a09:a442::3:1";
|
v6Linknet = "2a09:a442::3:1";
|
||||||
};
|
};
|
||||||
|
networks."50-wg-eta" = wireguardNetwork {
|
||||||
|
linkName = "wg-eta";
|
||||||
|
relativePriority = 10;
|
||||||
|
rtID = routeTables.wg-eta;
|
||||||
|
v4Linknet = "169.254.2.1";
|
||||||
|
v6Linknet = "fe80:1234::b";
|
||||||
|
};
|
||||||
networks."40-lo" = {
|
networks."40-lo" = {
|
||||||
routingPolicyRules = let
|
routingPolicyRules = let
|
||||||
viaMain = priority: to: {
|
viaMain = priority: to: {
|
||||||
|
@ -352,6 +360,30 @@ in {
|
||||||
endpoint = "92.118.28.252:51822";
|
endpoint = "92.118.28.252:51822";
|
||||||
fwmark = "0xcafe";
|
fwmark = "0xcafe";
|
||||||
};
|
};
|
||||||
|
"50-wg-eta" = {
|
||||||
|
netdevConfig = {
|
||||||
|
Name = "wg-eta";
|
||||||
|
Kind = "wireguard";
|
||||||
|
Description = "WireGuard tunnel wg-eta";
|
||||||
|
};
|
||||||
|
wireguardConfig = {
|
||||||
|
ListenPort = 51830;
|
||||||
|
PrivateKeyFile = config.my.vault.secrets.wg-eta-private.path;
|
||||||
|
RouteTable = "off";
|
||||||
|
FirewallMark = hexToInt "0xcafe"; # over gnet
|
||||||
|
};
|
||||||
|
wireguardPeers = [{
|
||||||
|
wireguardPeerConfig = {
|
||||||
|
Endpoint = "shenfield-mythic.i.eta.st:51825";
|
||||||
|
#PublicKey = config.my.vault.secrets.wg-eta-public.path;
|
||||||
|
PublicKey = "JDelaz8FQBtJBRVd9CMYikO/25gKipYgfyXtjL6jgS8=";
|
||||||
|
AllowedIPs = [
|
||||||
|
"0.0.0.0/0"
|
||||||
|
"::/0"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}];
|
||||||
|
};
|
||||||
"20-br-internal" = {
|
"20-br-internal" = {
|
||||||
netdevConfig = {
|
netdevConfig = {
|
||||||
Name = "br-internal";
|
Name = "br-internal";
|
||||||
|
@ -380,6 +412,24 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
my.vault.secrets = {
|
||||||
|
wg-eta-public = {
|
||||||
|
group = "systemd-network";
|
||||||
|
template = ''
|
||||||
|
{{- with secret "kv/apps/wireguard/swann" -}}
|
||||||
|
{{- .Data.data.publicKeyFromEta -}}
|
||||||
|
{{- end -}}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
wg-eta-private = {
|
||||||
|
group = "systemd-network";
|
||||||
|
template = ''
|
||||||
|
{{- with secret "kv/apps/wireguard/swann" -}}
|
||||||
|
{{- .Data.data.privateKeyToEta -}}
|
||||||
|
{{- end -}}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
services.mstpd.enable = true;
|
services.mstpd.enable = true;
|
||||||
my.ip.tailscale = "100.102.224.95";
|
my.ip.tailscale = "100.102.224.95";
|
||||||
my.ip.tailscale6 = "fd7a:115c:a1e0:ab12:4843:cd96:6266:e05f";
|
my.ip.tailscale6 = "fd7a:115c:a1e0:ab12:4843:cd96:6266:e05f";
|
||||||
|
@ -551,6 +601,8 @@ in {
|
||||||
allowedUDPPorts = [
|
allowedUDPPorts = [
|
||||||
3478 10001 # Unifi
|
3478 10001 # Unifi
|
||||||
53 # DNS
|
53 # DNS
|
||||||
|
69 # TFTP
|
||||||
|
80 # HTTP
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
interfaces.vl-eduroam = {
|
interfaces.vl-eduroam = {
|
||||||
|
@ -581,6 +633,11 @@ in {
|
||||||
3784 # BFD
|
3784 # BFD
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
interfaces.wg-eta = {
|
||||||
|
allowedTCPPorts = [
|
||||||
|
179 # BGP
|
||||||
|
];
|
||||||
|
};
|
||||||
extraCommands = ''
|
extraCommands = ''
|
||||||
ip46tables -F FORWARD
|
ip46tables -F FORWARD
|
||||||
|
|
||||||
|
@ -592,6 +649,7 @@ in {
|
||||||
|
|
||||||
ip46tables -A FORWARD -i vl-eduroam -o wg-tuvok-ee -j ACCEPT
|
ip46tables -A FORWARD -i vl-eduroam -o wg-tuvok-ee -j ACCEPT
|
||||||
ip46tables -A FORWARD -i vl-eduroam -o wg-tuvok-gnet -j ACCEPT
|
ip46tables -A FORWARD -i vl-eduroam -o wg-tuvok-gnet -j ACCEPT
|
||||||
|
ip46tables -A FORWARD -i vl-eduroam -o wg-eta -j ACCEPT
|
||||||
ip46tables -A FORWARD -i vl-eduroam -m state --state NEW,RELATED -j REJECT
|
ip46tables -A FORWARD -i vl-eduroam -m state --state NEW,RELATED -j REJECT
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -728,6 +786,16 @@ in {
|
||||||
# GNetwork
|
# GNetwork
|
||||||
preference = 200;
|
preference = 200;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
route 92.118.30.0/24 unreachable {
|
||||||
|
bgp_ext_community.add((ro, 205479, 1000)); # export this
|
||||||
|
};
|
||||||
|
route 92.118.30.16/28 via "br-internal";
|
||||||
|
route 92.118.30.254/32 via "lo";
|
||||||
|
route 92.118.30.253/32 via "lo";
|
||||||
|
# route 92.118.30.0/31 via "wg-tuvok-vm";
|
||||||
|
route 92.118.30.2/31 via "wg-tuvok-ee";
|
||||||
|
route 92.118.30.4/31 via "wg-tuvok-gnet";
|
||||||
};
|
};
|
||||||
protocol static export6 {
|
protocol static export6 {
|
||||||
ipv6 {};
|
ipv6 {};
|
||||||
|
@ -752,7 +820,9 @@ in {
|
||||||
route 2a09:a443:1::/48 via "br-internal";
|
route 2a09:a443:1::/48 via "br-internal";
|
||||||
route 2a09:a443:2::/64 via "vl-eduroam";
|
route 2a09:a443:2::/64 via "vl-eduroam";
|
||||||
route 2a09:a443:3::/48 via "vl-eduroam";
|
route 2a09:a443:3::/48 via "vl-eduroam";
|
||||||
route 2a09:a443::/32 unreachable;
|
route 2a09:a443::/32 unreachable {
|
||||||
|
bgp_ext_community.add((ro, 205479, 1000)); # export this
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
protocol bfd {
|
protocol bfd {
|
||||||
|
@ -769,6 +839,51 @@ in {
|
||||||
neighbor 92.118.30.5;
|
neighbor 92.118.30.5;
|
||||||
neighbor 2a09:a442::3:2;
|
neighbor 2a09:a442::3:2;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
protocol bgp eta4 {
|
||||||
|
local 169.254.2.1 as 205479;
|
||||||
|
neighbor 169.254.2.0 as 213185;
|
||||||
|
interface "wg-eta";
|
||||||
|
|
||||||
|
ipv4 {
|
||||||
|
export filter {
|
||||||
|
if source != RTS_STATIC then reject;
|
||||||
|
if ! ((ro, 205479, 1000) ~ bgp_ext_community) then reject;
|
||||||
|
|
||||||
|
bgp_ext_community.delete([(ro, 205479, *)]);
|
||||||
|
accept;
|
||||||
|
};
|
||||||
|
import filter {
|
||||||
|
if ! (net ~ [
|
||||||
|
44.31.189.0/24
|
||||||
|
]) then reject;
|
||||||
|
accept;
|
||||||
|
};
|
||||||
|
next hop self;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
protocol bgp eta6 {
|
||||||
|
local fe80:1234::b as 205479;
|
||||||
|
neighbor fe80:1234::a as 213185;
|
||||||
|
interface "wg-eta";
|
||||||
|
|
||||||
|
ipv6 {
|
||||||
|
export filter {
|
||||||
|
if source != RTS_STATIC then reject;
|
||||||
|
if ! ((ro, 205479, 1000) ~ bgp_ext_community) then reject;
|
||||||
|
|
||||||
|
bgp_ext_community.delete([(ro, 205479, *)]);
|
||||||
|
accept;
|
||||||
|
};
|
||||||
|
import filter {
|
||||||
|
if ! (net ~ [
|
||||||
|
2a0d:1a40:7553::/48{48,64}
|
||||||
|
]) then reject;
|
||||||
|
accept;
|
||||||
|
};
|
||||||
|
next hop self;
|
||||||
|
};
|
||||||
|
};
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -853,6 +968,14 @@ in {
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.atftpd = {
|
||||||
|
enable = true;
|
||||||
|
};
|
||||||
|
services.nginx = {
|
||||||
|
enable = true;
|
||||||
|
virtualHosts."192.168.1.1".root = "/srv/tftp";
|
||||||
|
};
|
||||||
|
|
||||||
services.kea = {
|
services.kea = {
|
||||||
dhcp4.enable = true;
|
dhcp4.enable = true;
|
||||||
dhcp4.settings = {
|
dhcp4.settings = {
|
||||||
|
@ -879,6 +1002,14 @@ in {
|
||||||
hw-address = "9c:93:4e:ad:1f:7b";
|
hw-address = "9c:93:4e:ad:1f:7b";
|
||||||
ip-address = "192.168.1.51";
|
ip-address = "192.168.1.51";
|
||||||
hostname = "printer-xerox";
|
hostname = "printer-xerox";
|
||||||
|
} {
|
||||||
|
hw-address = "e8:ed:f3:6a:b9:24";
|
||||||
|
ip-address = "192.168.1.52";
|
||||||
|
hostname = "phone-lukegb-desk";
|
||||||
|
option-data = [{
|
||||||
|
name = "tftp-server-name";
|
||||||
|
data = "192.168.1.1";
|
||||||
|
}];
|
||||||
} {
|
} {
|
||||||
hw-address = "bc:33:29:26:01:5c";
|
hw-address = "bc:33:29:26:01:5c";
|
||||||
ip-address = "92.118.30.18";
|
ip-address = "92.118.30.18";
|
||||||
|
|
Loading…
Reference in a new issue