vidhar: ...

author: Gregor Kleen <gkleen@yggdrasil.li> 2021-12-31 15:13:52 +0100
committer: Gregor Kleen <gkleen@yggdrasil.li> 2021-12-31 15:13:52 +0100
commit: f4301a77c9410f931c61b851bc5c1076d25dae80 (patch)
tree: 7245a5387860fe748c25aaf0a3569d1a5564a852 /hosts/vidhar/dsl.nix
parent: 80023979b3541bfb6881fe939dda0f9ed5a687b4 (diff)
download: nixos-f4301a77c9410f931c61b851bc5c1076d25dae80.tar
nixos-f4301a77c9410f931c61b851bc5c1076d25dae80.tar.gz
nixos-f4301a77c9410f931c61b851bc5c1076d25dae80.tar.bz2
nixos-f4301a77c9410f931c61b851bc5c1076d25dae80.tar.xz
nixos-f4301a77c9410f931c61b851bc5c1076d25dae80.zip
1 files changed, 132 insertions, 2 deletions
diff --git a/hosts/vidhar/dsl.nix b/hosts/vidhar/dsl.nix
index 0f92a079..8cbfc1e7 100644
--- a/hosts/vidhar/dsl.nix
+++ b/hosts/vidhar/dsl.nix
@@ -67,9 +67,9 @@ in {
      };
    };
-    systemd.network.networks."dsl" = {
+    systemd.network.networks.${pppInterface} = {
      matchConfig = {
-        Name = "dsl";
+        Name = pppInterface;
      };
      dns = [ "::1" "127.0.0.1" ];
      domains = [ "~." ];
@@ -78,5 +78,135 @@ in {
        DNSSEC = true;
      };
    };
+    services.corerad = {
+      enable = true;
+      settings = {
+        interfaces = [
+          { name = pppInterface;
+            monitor = true;
+            verbose = true;
+          }
+          { name = "lan";
+            advertise = true;
+            verbose = true;
+            prefix = [{ prefix = "::/64"; }];
+            route = [{ prefix = "::/0"; }];
+            rdnss = [{ servers = ["::"]; }];
+            dnssl = [{ domain_names = ["yggdrasil"]; }];
+          }
+        ];
+      };
+    };
+    services.ndppd = {
+      enable = true;
+      proxies = {
+        ${pppInterface} = {
+          router = true;
+          rules.lan = {
+            method = "iface";
+            interface = "lan";
+            network = "::/0";
+          };
+        };
+      };
+    };
+    boot.kernel.sysctl = {
+      "net.ipv6.conf.all.forwarding" = true;
+      "net.ipv6.conf.default.forwarding" = true;
+      "net.ipv4.conf.all.forwarding" = true;
+      "net.ipv4.conf.default.forwarding" = true;
+      "net.core.rmem_max" = "4194304";
+      "net.core.wmem_max" = "4194304";
+    };
+    systemd.services."pppd-telekom" = {
+      bindsTo = [ "sys-subsystem-net-devices-${pppInterface}.device" ];
+      after = [ "sys-subsystem-net-devices-${pppInterface}.device" ];
+    };
+    systemd.services."dhcpcd-telekom" = {
+      wantedBy = [ "multi-user.target" "network-online.target" "pppd-telekom.service" ];
+      bindsTo = [ "pppd-telekom.service" "sys-subsystem-net-devices-${pppInterface}.device" ];
+      after = [ "pppd-telekom.service" "sys-subsystem-net-devices-${pppInterface}.device" ];
+      wants = [ "network.target" ];
+      before = [ "network-online.target" ];
+      path = with pkgs; [ dhcpcd nettools openresolv ];
+      unitConfig.ConditionCapability = "CAP_NET_ADMIN";
+      stopIfChanged = false;
+      preStart = ''
+        i=0
+        while [[ -z "$(${pkgs.iproute2}/bin/ip -6 addr show dev ${pppInterface} scope link)" ]]; do
+          ${pkgs.coreutils}/bin/sleep 0.1
+          i=$((i + 1))
+          if [[ "$i" -ge 10 ]]; then
+            exit 1
+          fi
+        done
+      '';
+      serviceConfig = let
+        dhcpcdConf = pkgs.writeText "dhcpcd.conf" ''
+          duid
+          vendorclassid
+          ipv6only
+          nooption domain_name_servers, domain_name, domain_search
+          option classless_static_routes
+          option interface_mtu
+          option host_name
+          option rapid_commit
+          require dhcp_server_identifier
+          slaac private
+          nohook resolv.conf
+          ipv6ra_autoconf
+          iaid 1195061668
+          ipv6rs                 # enable routing solicitation for WAN adapter
+          ia_pd 1 lan/0/64/0     # request a PD and assign it to the LAN
+          reboot 0
+          waitip 6
+        '';
+      in {
+        Type = "forking";
+        PIDFile = "/run/dhcpcd/pid";
+        RuntimeDirectory = "dhcpcd";
+        ExecStart = "@${pkgs.dhcpcd}/sbin/dhcpcd dhcpcd -q --config ${dhcpcdConf} ${pppInterface}";
+        ExecReload = "${pkgs.dhcpcd}/sbin/dhcpcd --rebind ${pppInterface}";
+        Restart = "always";
+        RestartSec = "5";
+      };
+    };
+    systemd.services.ndppd = {
+      wantedBy = [ "dhcpcd-telekom.service" ];
+      bindsTo = [ "dhcpcd-telekom.service" ];
+      after = [ "dhcpcd-telekom.service" ];
+      serviceConfig = {
+        Restart = "always";
+        RestartSec = "5";
+      };
+    };
+    systemd.services.corerad = {
+      wantedBy = [ "dhcpcd-telekom.service" ];
+      bindsTo = [ "dhcpcd-telekom.service" ];
+      after = [ "dhcpcd-telekom.service" ];
+      serviceConfig = {
+        Restart = lib.mkForce "always";
+        RestartSec = "5";
+      };
+    };
+    users.users.dhcpcd = {
+      isSystemUser = true;
+      group = "dhcpcd";
+    };
+    users.groups.dhcpcd = {};
  };
 }
author	Gregor Kleen <gkleen@yggdrasil.li>	2021-12-31 15:13:52 +0100
committer	Gregor Kleen <gkleen@yggdrasil.li>	2021-12-31 15:13:52 +0100
commit	f4301a77c9410f931c61b851bc5c1076d25dae80 (patch)
tree	7245a5387860fe748c25aaf0a3569d1a5564a852 /hosts/vidhar/dsl.nix
parent	80023979b3541bfb6881fe939dda0f9ed5a687b4 (diff)
download	nixos-f4301a77c9410f931c61b851bc5c1076d25dae80.tar nixos-f4301a77c9410f931c61b851bc5c1076d25dae80.tar.gz nixos-f4301a77c9410f931c61b851bc5c1076d25dae80.tar.bz2 nixos-f4301a77c9410f931c61b851bc5c1076d25dae80.tar.xz nixos-f4301a77c9410f931c61b851bc5c1076d25dae80.zip

diff --git a/hosts/vidhar/dsl.nix b/hosts/vidhar/dsl.nix index 0f92a079..8cbfc1e7 100644 --- a/hosts/vidhar/dsl.nix +++ b/hosts/vidhar/dsl.nix
@@ -67,9 +67,9 @@ in {
67	};	67	};
68	};	68	};
69		69
70	systemd.network.networks."dsl" = {	70	systemd.network.networks.${pppInterface} = {
71	matchConfig = {	71	matchConfig = {
72	Name = "dsl";	72	Name = pppInterface;
73	};	73	};
74	dns = [ "::1" "127.0.0.1" ];	74	dns = [ "::1" "127.0.0.1" ];
75	domains = [ "~." ];	75	domains = [ "~." ];
@@ -78,5 +78,135 @@ in {
78	DNSSEC = true;	78	DNSSEC = true;
79	};	79	};
80	};	80	};
		81
		82	services.corerad = {
		83	enable = true;
		84	settings = {
		85	interfaces = [
		86	{ name = pppInterface;
		87	monitor = true;
		88	verbose = true;
		89	}
		90	{ name = "lan";
		91	advertise = true;
		92	verbose = true;
		93	prefix = [{ prefix = "::/64"; }];
		94	route = [{ prefix = "::/0"; }];
		95	rdnss = [{ servers = ["::"]; }];
		96	dnssl = [{ domain_names = ["yggdrasil"]; }];
		97	}
		98	];
		99	};
		100	};
		101	services.ndppd = {
		102	enable = true;
		103	proxies = {
		104	${pppInterface} = {
		105	router = true;
		106	rules.lan = {
		107	method = "iface";
		108	interface = "lan";
		109	network = "::/0";
		110	};
		111	};
		112	};
		113	};
		114	boot.kernel.sysctl = {
		115	"net.ipv6.conf.all.forwarding" = true;
		116	"net.ipv6.conf.default.forwarding" = true;
		117	"net.ipv4.conf.all.forwarding" = true;
		118	"net.ipv4.conf.default.forwarding" = true;
		119
		120	"net.core.rmem_max" = "4194304";
		121	"net.core.wmem_max" = "4194304";
		122	};
		123	systemd.services."pppd-telekom" = {
		124	bindsTo = [ "sys-subsystem-net-devices-${pppInterface}.device" ];
		125	after = [ "sys-subsystem-net-devices-${pppInterface}.device" ];
		126	};
		127	systemd.services."dhcpcd-telekom" = {
		128	wantedBy = [ "multi-user.target" "network-online.target" "pppd-telekom.service" ];
		129	bindsTo = [ "pppd-telekom.service" "sys-subsystem-net-devices-${pppInterface}.device" ];
		130	after = [ "pppd-telekom.service" "sys-subsystem-net-devices-${pppInterface}.device" ];
		131	wants = [ "network.target" ];
		132	before = [ "network-online.target" ];
		133
		134	path = with pkgs; [ dhcpcd nettools openresolv ];
		135	unitConfig.ConditionCapability = "CAP_NET_ADMIN";
		136
		137	stopIfChanged = false;
		138
		139	preStart = ''
		140	i=0
		141
		142	while [[ -z "$(${pkgs.iproute2}/bin/ip -6 addr show dev ${pppInterface} scope link)" ]]; do
		143	${pkgs.coreutils}/bin/sleep 0.1
		144	i=$((i + 1))
		145	if [[ "$i" -ge 10 ]]; then
		146	exit 1
		147	fi
		148	done
		149	'';
		150
		151	serviceConfig = let
		152	dhcpcdConf = pkgs.writeText "dhcpcd.conf" ''
		153	duid
		154	vendorclassid
		155	ipv6only
		156
		157	nooption domain_name_servers, domain_name, domain_search
		158	option classless_static_routes
		159	option interface_mtu
		160
		161	option host_name
		162	option rapid_commit
		163	require dhcp_server_identifier
		164	slaac private
		165
		166	nohook resolv.conf
		167	ipv6ra_autoconf
		168	iaid 1195061668
		169	ipv6rs # enable routing solicitation for WAN adapter
		170	ia_pd 1 lan/0/64/0 # request a PD and assign it to the LAN
		171
		172	reboot 0
		173
		174	waitip 6
		175	'';
		176	in {
		177	Type = "forking";
		178	PIDFile = "/run/dhcpcd/pid";
		179	RuntimeDirectory = "dhcpcd";
		180	ExecStart = "@${pkgs.dhcpcd}/sbin/dhcpcd dhcpcd -q --config ${dhcpcdConf} ${pppInterface}";
		181	ExecReload = "${pkgs.dhcpcd}/sbin/dhcpcd --rebind ${pppInterface}";
		182	Restart = "always";
		183	RestartSec = "5";
		184	};
		185	};
		186	systemd.services.ndppd = {
		187	wantedBy = [ "dhcpcd-telekom.service" ];
		188	bindsTo = [ "dhcpcd-telekom.service" ];
		189	after = [ "dhcpcd-telekom.service" ];
		190
		191	serviceConfig = {
		192	Restart = "always";
		193	RestartSec = "5";
		194	};
		195	};
		196	systemd.services.corerad = {
		197	wantedBy = [ "dhcpcd-telekom.service" ];
		198	bindsTo = [ "dhcpcd-telekom.service" ];
		199	after = [ "dhcpcd-telekom.service" ];
		200
		201	serviceConfig = {
		202	Restart = lib.mkForce "always";
		203	RestartSec = "5";
		204	};
		205	};
		206	users.users.dhcpcd = {
		207	isSystemUser = true;
		208	group = "dhcpcd";
		209	};
		210	users.groups.dhcpcd = {};
81	};	211	};
82	}	212	}