diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2021-12-31 15:13:52 +0100 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2021-12-31 15:13:52 +0100 |
commit | f4301a77c9410f931c61b851bc5c1076d25dae80 (patch) | |
tree | 7245a5387860fe748c25aaf0a3569d1a5564a852 /hosts/vidhar/dsl.nix | |
parent | 80023979b3541bfb6881fe939dda0f9ed5a687b4 (diff) | |
download | nixos-f4301a77c9410f931c61b851bc5c1076d25dae80.tar nixos-f4301a77c9410f931c61b851bc5c1076d25dae80.tar.gz nixos-f4301a77c9410f931c61b851bc5c1076d25dae80.tar.bz2 nixos-f4301a77c9410f931c61b851bc5c1076d25dae80.tar.xz nixos-f4301a77c9410f931c61b851bc5c1076d25dae80.zip |
vidhar: ...
Diffstat (limited to 'hosts/vidhar/dsl.nix')
-rw-r--r-- | hosts/vidhar/dsl.nix | 134 |
1 files changed, 132 insertions, 2 deletions
diff --git a/hosts/vidhar/dsl.nix b/hosts/vidhar/dsl.nix index 0f92a079..8cbfc1e7 100644 --- a/hosts/vidhar/dsl.nix +++ b/hosts/vidhar/dsl.nix | |||
@@ -67,9 +67,9 @@ in { | |||
67 | }; | 67 | }; |
68 | }; | 68 | }; |
69 | 69 | ||
70 | systemd.network.networks."dsl" = { | 70 | systemd.network.networks.${pppInterface} = { |
71 | matchConfig = { | 71 | matchConfig = { |
72 | Name = "dsl"; | 72 | Name = pppInterface; |
73 | }; | 73 | }; |
74 | dns = [ "::1" "127.0.0.1" ]; | 74 | dns = [ "::1" "127.0.0.1" ]; |
75 | domains = [ "~." ]; | 75 | domains = [ "~." ]; |
@@ -78,5 +78,135 @@ in { | |||
78 | DNSSEC = true; | 78 | DNSSEC = true; |
79 | }; | 79 | }; |
80 | }; | 80 | }; |
81 | |||
82 | services.corerad = { | ||
83 | enable = true; | ||
84 | settings = { | ||
85 | interfaces = [ | ||
86 | { name = pppInterface; | ||
87 | monitor = true; | ||
88 | verbose = true; | ||
89 | } | ||
90 | { name = "lan"; | ||
91 | advertise = true; | ||
92 | verbose = true; | ||
93 | prefix = [{ prefix = "::/64"; }]; | ||
94 | route = [{ prefix = "::/0"; }]; | ||
95 | rdnss = [{ servers = ["::"]; }]; | ||
96 | dnssl = [{ domain_names = ["yggdrasil"]; }]; | ||
97 | } | ||
98 | ]; | ||
99 | }; | ||
100 | }; | ||
101 | services.ndppd = { | ||
102 | enable = true; | ||
103 | proxies = { | ||
104 | ${pppInterface} = { | ||
105 | router = true; | ||
106 | rules.lan = { | ||
107 | method = "iface"; | ||
108 | interface = "lan"; | ||
109 | network = "::/0"; | ||
110 | }; | ||
111 | }; | ||
112 | }; | ||
113 | }; | ||
114 | boot.kernel.sysctl = { | ||
115 | "net.ipv6.conf.all.forwarding" = true; | ||
116 | "net.ipv6.conf.default.forwarding" = true; | ||
117 | "net.ipv4.conf.all.forwarding" = true; | ||
118 | "net.ipv4.conf.default.forwarding" = true; | ||
119 | |||
120 | "net.core.rmem_max" = "4194304"; | ||
121 | "net.core.wmem_max" = "4194304"; | ||
122 | }; | ||
123 | systemd.services."pppd-telekom" = { | ||
124 | bindsTo = [ "sys-subsystem-net-devices-${pppInterface}.device" ]; | ||
125 | after = [ "sys-subsystem-net-devices-${pppInterface}.device" ]; | ||
126 | }; | ||
127 | systemd.services."dhcpcd-telekom" = { | ||
128 | wantedBy = [ "multi-user.target" "network-online.target" "pppd-telekom.service" ]; | ||
129 | bindsTo = [ "pppd-telekom.service" "sys-subsystem-net-devices-${pppInterface}.device" ]; | ||
130 | after = [ "pppd-telekom.service" "sys-subsystem-net-devices-${pppInterface}.device" ]; | ||
131 | wants = [ "network.target" ]; | ||
132 | before = [ "network-online.target" ]; | ||
133 | |||
134 | path = with pkgs; [ dhcpcd nettools openresolv ]; | ||
135 | unitConfig.ConditionCapability = "CAP_NET_ADMIN"; | ||
136 | |||
137 | stopIfChanged = false; | ||
138 | |||
139 | preStart = '' | ||
140 | i=0 | ||
141 | |||
142 | while [[ -z "$(${pkgs.iproute2}/bin/ip -6 addr show dev ${pppInterface} scope link)" ]]; do | ||
143 | ${pkgs.coreutils}/bin/sleep 0.1 | ||
144 | i=$((i + 1)) | ||
145 | if [[ "$i" -ge 10 ]]; then | ||
146 | exit 1 | ||
147 | fi | ||
148 | done | ||
149 | ''; | ||
150 | |||
151 | serviceConfig = let | ||
152 | dhcpcdConf = pkgs.writeText "dhcpcd.conf" '' | ||
153 | duid | ||
154 | vendorclassid | ||
155 | ipv6only | ||
156 | |||
157 | nooption domain_name_servers, domain_name, domain_search | ||
158 | option classless_static_routes | ||
159 | option interface_mtu | ||
160 | |||
161 | option host_name | ||
162 | option rapid_commit | ||
163 | require dhcp_server_identifier | ||
164 | slaac private | ||
165 | |||
166 | nohook resolv.conf | ||
167 | ipv6ra_autoconf | ||
168 | iaid 1195061668 | ||
169 | ipv6rs # enable routing solicitation for WAN adapter | ||
170 | ia_pd 1 lan/0/64/0 # request a PD and assign it to the LAN | ||
171 | |||
172 | reboot 0 | ||
173 | |||
174 | waitip 6 | ||
175 | ''; | ||
176 | in { | ||
177 | Type = "forking"; | ||
178 | PIDFile = "/run/dhcpcd/pid"; | ||
179 | RuntimeDirectory = "dhcpcd"; | ||
180 | ExecStart = "@${pkgs.dhcpcd}/sbin/dhcpcd dhcpcd -q --config ${dhcpcdConf} ${pppInterface}"; | ||
181 | ExecReload = "${pkgs.dhcpcd}/sbin/dhcpcd --rebind ${pppInterface}"; | ||
182 | Restart = "always"; | ||
183 | RestartSec = "5"; | ||
184 | }; | ||
185 | }; | ||
186 | systemd.services.ndppd = { | ||
187 | wantedBy = [ "dhcpcd-telekom.service" ]; | ||
188 | bindsTo = [ "dhcpcd-telekom.service" ]; | ||
189 | after = [ "dhcpcd-telekom.service" ]; | ||
190 | |||
191 | serviceConfig = { | ||
192 | Restart = "always"; | ||
193 | RestartSec = "5"; | ||
194 | }; | ||
195 | }; | ||
196 | systemd.services.corerad = { | ||
197 | wantedBy = [ "dhcpcd-telekom.service" ]; | ||
198 | bindsTo = [ "dhcpcd-telekom.service" ]; | ||
199 | after = [ "dhcpcd-telekom.service" ]; | ||
200 | |||
201 | serviceConfig = { | ||
202 | Restart = lib.mkForce "always"; | ||
203 | RestartSec = "5"; | ||
204 | }; | ||
205 | }; | ||
206 | users.users.dhcpcd = { | ||
207 | isSystemUser = true; | ||
208 | group = "dhcpcd"; | ||
209 | }; | ||
210 | users.groups.dhcpcd = {}; | ||
81 | }; | 211 | }; |
82 | } | 212 | } |