...

author: Gregor Kleen <gkleen@yggdrasil.li> 2025-11-21 14:51:23 +0100
committer: Gregor Kleen <gkleen@yggdrasil.li> 2025-11-21 14:51:23 +0100
commit: 4c46e82769847177f6582447f027a56f9b555fd0 (patch)
tree: c797e1ecf691e8e05399d83ad3042c52ac08111e /hosts/vidhar/network/pppoe.nix
parent: 4341d2d9b0e5d57adf676bfad3d39cefdf7eca6f (diff)
download: nixos-4c46e82769847177f6582447f027a56f9b555fd0.tar
nixos-4c46e82769847177f6582447f027a56f9b555fd0.tar.gz
nixos-4c46e82769847177f6582447f027a56f9b555fd0.tar.bz2
nixos-4c46e82769847177f6582447f027a56f9b555fd0.tar.xz
nixos-4c46e82769847177f6582447f027a56f9b555fd0.zip
1 files changed, 99 insertions, 66 deletions
diff --git a/hosts/vidhar/network/pppoe.nix b/hosts/vidhar/network/pppoe.nix
index 5cc84862..d17be349 100644
--- a/hosts/vidhar/network/pppoe.nix
+++ b/hosts/vidhar/network/pppoe.nix
@@ -4,6 +4,48 @@ with lib;
 let
  pppInterface = config.networking.pppInterface;
+  corerad-deprecated = pkgs.writers.writeBashBin "corerad-deprecated" ''
+    exec -- ${lib.getExe' config.systemd.package "systemd-run"} \
+      --unit=corerad-deprecated@$(${lib.getExe' config.systemd.package "systemd-escape"} $1) \
+      --property=AmbientCapabilities="CAP_NET_ADMIN CAP_NET_RAW" \
+      --property=CapabilityBoundingSet="CAP_NET_ADMIN CAP_NET_RAW" \
+      --property=DynamicUser=yes \
+      --property=LimitNOFILE=1048576 \
+      --property=LimitNPROC=512 \
+      --property=NotifyAccess=main \
+      --property=Type=notify \
+      --property=RuntimeMaxSec=4h \
+      ${pkgs.writers.writeBash "corerad-deprecated" ''
+        exec -- ${lib.getExe pkgs.corerad} -c=<(${pkgs.writers.writePython3 "corerad-config" {
+            libraries = with pkgs.python3Packages; [ toml ];
+            flakeIgnore = [ "E124" "E121" ];
+          } ''
+            import toml
+            import sys
+            import re
+            match = re.fullmatch(r'(?P<interface>[^/]+)/(?P<prefix>.+)', sys.argv[1])
+            toml.dump({
+              "interfaces": [
+                {
+                  "name": match.group("interface"),
+                  "advertise": True,
+                  "prefix": [
+                    {
+                      "prefix": match.group("prefix"),
+                      "preferred_lifetime": "1s",
+                      "valid_lifetime": "14400s",
+                      "deprecated": True,
+                    },
+                  ],
+                },
+              ],
+            }, sys.stdout)
+          ''} $@)
+      ''} $@
+  '';
 in {
  options = {
    networking.pppInterface = mkOption {
@@ -131,6 +173,8 @@ in {
        };
      };
    };
+    environment.systemPackages = [ corerad-deprecated ];
    services.ndppd = {
      enable = true;
      proxies = {
@@ -160,75 +204,69 @@ in {
      bindsTo = [ "sys-subsystem-net-devices-telekom.device" ];
      after = [ "sys-subsystem-net-devices-telekom.device" ];
    };
-    systemd.services."dhcpcd-${pppInterface}" = {
-      wantedBy = [ "multi-user.target" "network-online.target" "pppd-telekom.service" ];
-      bindsTo = [ "pppd-telekom.service" ];
-      after = [ "pppd-telekom.service" ];
-      wants = [ "network.target" ];
-      before = [ "network-online.target" ];
-      path = with pkgs; [ dhcpcd nettools openresolv ];
+    networking.interfaces.${pppInterface}.useDHCP = true;
-      unitConfig.ConditionCapability = "CAP_NET_ADMIN";
+    networking.dhcpcd = {
+      enable = true;
-      stopIfChanged = true;
+      persistent = false;
+      setHostname = false;
+      wait = "ipv6";
+      IPv6rs = false;
-      preStart = ''
+      extraConfig = ''
-        i=0
+        duid
+        vendorclassid
+        ipv6only
-        while [[ -z "$(${pkgs.iproute2}/bin/ip -6 addr show dev ${pppInterface} scope link)" ]]; do
+        require dhcp_server_identifier
-          ${pkgs.coreutils}/bin/sleep 0.1
-          i=$((i + 1))
-          if [[ "$i" -ge 10 ]]; then
-            exit 1
-          fi
-        done
-      '';
-      postStop = ''
+        reboot 0
-        for dev in lan; do
-          ${pkgs.iproute2}/bin/ip -6 a show dev "''${dev}" scope global | ${pkgs.gnugrep}/bin/grep inet6 | ${pkgs.gawk}/bin/awk '{ print $2; }' | ${pkgs.findutils}/bin/xargs -I '{}' -- ${pkgs.iproute2}/bin/ip addr del '{}' dev "''${dev}"
-        done
-      '';
-      serviceConfig = let
+        interface ${pppInterface}
-        dhcpcdConf = pkgs.writeText "dhcpcd.conf" ''
+          nooption domain_name_servers, domain_name, domain_search, ntp_servers
-          duid
+          nohook hostname, resolv.conf
-          vendorclassid
+          option rapid_commit
-          ipv6only
-          nooption domain_name_servers, domain_name, domain_search
+          ipv6rs
-          option classless_static_routes
-          option interface_mtu
-          option host_name
+          ia_pd 1 lan/0/64/0
-          option rapid_commit
+      '';
-          require dhcp_server_identifier
+    };
-          slaac private
+    systemd.services.dhcpcd = {
+      wantedBy = [ "multi-user.target" "network-online.target" "pppd-telekom.service" ];
+      bindsTo = [ "pppd-telekom.service" ];
+      after = [ "pppd-telekom.service" ];
+      wants = [ "network.target" ];
+      before = [ "network-online.target" ];
-          nohook resolv.conf
+      serviceConfig = {
-          ipv6ra_autoconf
+        ExecStartPre = [
-          iaid 1195061668
+          (pkgs.resholve.writeScript "wait-${pppInterface}-ip" {
-          ipv6rs                 # enable routing solicitation for WAN adapter
+            interpreter = pkgs.runtimeShell;
-          ia_pd 1 lan/0/64/0     # request a PD and assign it to the LAN
+            inputs = with pkgs; [ iproute2 coreutils ];
+            execer = [
+              "cannot:${lib.getExe' pkgs.iproute2 "ip"}"
+            ];
+          } ''
+            i=0
-          reboot 0
+            while [[ -z "$(ip -6 addr show dev ${pppInterface} scope link)" ]]; do
+              sleep 0.1
+              i=$((i + 1))
+              if [[ "$i" -ge 10 ]]; then
+                exit 1
+              fi
+            done
+          '')
+        ];
-          waitip 6
-        '';
-      in {
-        Type = "forking";
-        PIDFile = "/var/run/dhcpcd/${pppInterface}.pid";
-        RuntimeDirectory = "dhcpcd";
-        ExecStart = "@${pkgs.dhcpcd}/sbin/dhcpcd dhcpcd -q --config ${dhcpcdConf} ${pppInterface}";
-        ExecReload = "${pkgs.dhcpcd}/sbin/dhcpcd --rebind ${pppInterface}";
-        Restart = "always";
        RestartSec = "5";
      };
    };
    systemd.services.ndppd = {
-      wantedBy = [ "dhcpcd-${pppInterface}.service" ];
+      wantedBy = [ "dhcpcd.service" ];
-      bindsTo = [ "dhcpcd-${pppInterface}.service" ];
+      bindsTo = [ "dhcpcd.service" ];
-      after = [ "dhcpcd-${pppInterface}.service" ];
+      after = [ "dhcpcd.service" ];
      serviceConfig = {
        Restart = "always";
@@ -236,25 +274,20 @@ in {
      };
    };
    systemd.services.corerad = {
-      wantedBy = [ "dhcpcd-${pppInterface}.service" ];
+      wantedBy = [ "dhcpcd.service" ];
-      bindsTo = [ "dhcpcd-${pppInterface}.service" ];
+      bindsTo = [ "dhcpcd.service" ];
-      after = [ "dhcpcd-${pppInterface}.service" ];
+      after = [ "dhcpcd.service" ];
      serviceConfig = {
        Restart = lib.mkForce "always";
        RestartSec = "5";
      };
    };
-    users.users.dhcpcd = {
-      isSystemUser = true;
-      group = "dhcpcd";
-    };
-    users.groups.dhcpcd = {};
    systemd.services.unbound = {
-      wantedBy = [ "dhcpcd-${pppInterface}.service" ];
+      wantedBy = [ "dhcpcd.service" ];
-      bindsTo = [ "dhcpcd-${pppInterface}.service" ];
+      bindsTo = [ "dhcpcd.service" ];
-      after = [ "dhcpcd-${pppInterface}.service" ];
+      after = [ "dhcpcd.service" ];
      serviceConfig = {
        Restart = lib.mkForce "always";
author	Gregor Kleen <gkleen@yggdrasil.li>	2025-11-21 14:51:23 +0100
committer	Gregor Kleen <gkleen@yggdrasil.li>	2025-11-21 14:51:23 +0100
commit	4c46e82769847177f6582447f027a56f9b555fd0 (patch)
tree	c797e1ecf691e8e05399d83ad3042c52ac08111e /hosts/vidhar/network/pppoe.nix
parent	4341d2d9b0e5d57adf676bfad3d39cefdf7eca6f (diff)
download	nixos-4c46e82769847177f6582447f027a56f9b555fd0.tar nixos-4c46e82769847177f6582447f027a56f9b555fd0.tar.gz nixos-4c46e82769847177f6582447f027a56f9b555fd0.tar.bz2 nixos-4c46e82769847177f6582447f027a56f9b555fd0.tar.xz nixos-4c46e82769847177f6582447f027a56f9b555fd0.zip

diff --git a/hosts/vidhar/network/pppoe.nix b/hosts/vidhar/network/pppoe.nix index 5cc84862..d17be349 100644 --- a/hosts/vidhar/network/pppoe.nix +++ b/hosts/vidhar/network/pppoe.nix
@@ -4,6 +4,48 @@ with lib;
4		4
5	let	5	let
6	pppInterface = config.networking.pppInterface;	6	pppInterface = config.networking.pppInterface;
		7
		8	corerad-deprecated = pkgs.writers.writeBashBin "corerad-deprecated" ''
		9	exec -- ${lib.getExe' config.systemd.package "systemd-run"} \
		10	--unit=corerad-deprecated@$(${lib.getExe' config.systemd.package "systemd-escape"} $1) \
		11	--property=AmbientCapabilities="CAP_NET_ADMIN CAP_NET_RAW" \
		12	--property=CapabilityBoundingSet="CAP_NET_ADMIN CAP_NET_RAW" \
		13	--property=DynamicUser=yes \
		14	--property=LimitNOFILE=1048576 \
		15	--property=LimitNPROC=512 \
		16	--property=NotifyAccess=main \
		17	--property=Type=notify \
		18	--property=RuntimeMaxSec=4h \
		19	${pkgs.writers.writeBash "corerad-deprecated" ''
		20	exec -- ${lib.getExe pkgs.corerad} -c=<(${pkgs.writers.writePython3 "corerad-config" {
		21	libraries = with pkgs.python3Packages; [ toml ];
		22	flakeIgnore = [ "E124" "E121" ];
		23	} ''
		24	import toml
		25	import sys
		26	import re
		27
		28	match = re.fullmatch(r'(?P<interface>[^/]+)/(?P<prefix>.+)', sys.argv[1])
		29
		30	toml.dump({
		31	"interfaces": [
		32	{
		33	"name": match.group("interface"),
		34	"advertise": True,
		35	"prefix": [
		36	{
		37	"prefix": match.group("prefix"),
		38	"preferred_lifetime": "1s",
		39	"valid_lifetime": "14400s",
		40	"deprecated": True,
		41	},
		42	],
		43	},
		44	],
		45	}, sys.stdout)
		46	''} $@)
		47	''} $@
		48	'';
7	in {	49	in {
8	options = {	50	options = {
9	networking.pppInterface = mkOption {	51	networking.pppInterface = mkOption {
@@ -131,6 +173,8 @@ in {
131	};	173	};
132	};	174	};
133	};	175	};
		176	environment.systemPackages = [ corerad-deprecated ];
		177
134	services.ndppd = {	178	services.ndppd = {
135	enable = true;	179	enable = true;
136	proxies = {	180	proxies = {
@@ -160,75 +204,69 @@ in {
160	bindsTo = [ "sys-subsystem-net-devices-telekom.device" ];	204	bindsTo = [ "sys-subsystem-net-devices-telekom.device" ];
161	after = [ "sys-subsystem-net-devices-telekom.device" ];	205	after = [ "sys-subsystem-net-devices-telekom.device" ];
162	};	206	};
163	systemd.services."dhcpcd-${pppInterface}" = {
164	wantedBy = [ "multi-user.target" "network-online.target" "pppd-telekom.service" ];
165	bindsTo = [ "pppd-telekom.service" ];
166	after = [ "pppd-telekom.service" ];
167	wants = [ "network.target" ];
168	before = [ "network-online.target" ];
169		207
170	path = with pkgs; [ dhcpcd nettools openresolv ];	208	networking.interfaces.${pppInterface}.useDHCP = true;
171	unitConfig.ConditionCapability = "CAP_NET_ADMIN";	209	networking.dhcpcd = {
172		210	enable = true;
173	stopIfChanged = true;	211	persistent = false;
		212	setHostname = false;
		213	wait = "ipv6";
		214	IPv6rs = false;
174		215
175	preStart = ''	216	extraConfig = ''
176	i=0	217	duid
		218	vendorclassid
		219	ipv6only
177		220
178	while [[ -z "$(${pkgs.iproute2}/bin/ip -6 addr show dev ${pppInterface} scope link)" ]]; do	221	require dhcp_server_identifier
179	${pkgs.coreutils}/bin/sleep 0.1
180	i=$((i + 1))
181	if [[ "$i" -ge 10 ]]; then
182	exit 1
183	fi
184	done
185	'';
186		222
187	postStop = ''	223	reboot 0
188	for dev in lan; do
189	${pkgs.iproute2}/bin/ip -6 a show dev "''${dev}" scope global \| ${pkgs.gnugrep}/bin/grep inet6 \| ${pkgs.gawk}/bin/awk '{ print $2; }' \| ${pkgs.findutils}/bin/xargs -I '{}' -- ${pkgs.iproute2}/bin/ip addr del '{}' dev "''${dev}"
190	done
191	'';
192		224
193	serviceConfig = let	225	interface ${pppInterface}
194	dhcpcdConf = pkgs.writeText "dhcpcd.conf" ''	226	nooption domain_name_servers, domain_name, domain_search, ntp_servers
195	duid	227	nohook hostname, resolv.conf
196	vendorclassid	228	option rapid_commit
197	ipv6only
198		229
199	nooption domain_name_servers, domain_name, domain_search	230	ipv6rs
200	option classless_static_routes
201	option interface_mtu
202		231
203	option host_name	232	ia_pd 1 lan/0/64/0
204	option rapid_commit	233	'';
205	require dhcp_server_identifier	234	};
206	slaac private	235	systemd.services.dhcpcd = {
		236	wantedBy = [ "multi-user.target" "network-online.target" "pppd-telekom.service" ];
		237	bindsTo = [ "pppd-telekom.service" ];
		238	after = [ "pppd-telekom.service" ];
		239	wants = [ "network.target" ];
		240	before = [ "network-online.target" ];
207		241
208	nohook resolv.conf	242	serviceConfig = {
209	ipv6ra_autoconf	243	ExecStartPre = [
210	iaid 1195061668	244	(pkgs.resholve.writeScript "wait-${pppInterface}-ip" {
211	ipv6rs # enable routing solicitation for WAN adapter	245	interpreter = pkgs.runtimeShell;
212	ia_pd 1 lan/0/64/0 # request a PD and assign it to the LAN	246	inputs = with pkgs; [ iproute2 coreutils ];
		247	execer = [
		248	"cannot:${lib.getExe' pkgs.iproute2 "ip"}"
		249	];
		250	} ''
		251	i=0
213		252
214	reboot 0	253	while [[ -z "$(ip -6 addr show dev ${pppInterface} scope link)" ]]; do
		254	sleep 0.1
		255	i=$((i + 1))
		256	if [[ "$i" -ge 10 ]]; then
		257	exit 1
		258	fi
		259	done
		260	'')
		261	];
215		262
216	waitip 6
217	'';
218	in {
219	Type = "forking";
220	PIDFile = "/var/run/dhcpcd/${pppInterface}.pid";
221	RuntimeDirectory = "dhcpcd";
222	ExecStart = "@${pkgs.dhcpcd}/sbin/dhcpcd dhcpcd -q --config ${dhcpcdConf} ${pppInterface}";
223	ExecReload = "${pkgs.dhcpcd}/sbin/dhcpcd --rebind ${pppInterface}";
224	Restart = "always";
225	RestartSec = "5";	263	RestartSec = "5";
226	};	264	};
227	};	265	};
228	systemd.services.ndppd = {	266	systemd.services.ndppd = {
229	wantedBy = [ "dhcpcd-${pppInterface}.service" ];	267	wantedBy = [ "dhcpcd.service" ];
230	bindsTo = [ "dhcpcd-${pppInterface}.service" ];	268	bindsTo = [ "dhcpcd.service" ];
231	after = [ "dhcpcd-${pppInterface}.service" ];	269	after = [ "dhcpcd.service" ];
232		270
233	serviceConfig = {	271	serviceConfig = {
234	Restart = "always";	272	Restart = "always";
@@ -236,25 +274,20 @@ in {
236	};	274	};
237	};	275	};
238	systemd.services.corerad = {	276	systemd.services.corerad = {
239	wantedBy = [ "dhcpcd-${pppInterface}.service" ];	277	wantedBy = [ "dhcpcd.service" ];
240	bindsTo = [ "dhcpcd-${pppInterface}.service" ];	278	bindsTo = [ "dhcpcd.service" ];
241	after = [ "dhcpcd-${pppInterface}.service" ];	279	after = [ "dhcpcd.service" ];
242		280
243	serviceConfig = {	281	serviceConfig = {
244	Restart = lib.mkForce "always";	282	Restart = lib.mkForce "always";
245	RestartSec = "5";	283	RestartSec = "5";
246	};	284	};
247	};	285	};
248	users.users.dhcpcd = {
249	isSystemUser = true;
250	group = "dhcpcd";
251	};
252	users.groups.dhcpcd = {};
253		286
254	systemd.services.unbound = {	287	systemd.services.unbound = {
255	wantedBy = [ "dhcpcd-${pppInterface}.service" ];	288	wantedBy = [ "dhcpcd.service" ];
256	bindsTo = [ "dhcpcd-${pppInterface}.service" ];	289	bindsTo = [ "dhcpcd.service" ];
257	after = [ "dhcpcd-${pppInterface}.service" ];	290	after = [ "dhcpcd.service" ];
258		291
259	serviceConfig = {	292	serviceConfig = {
260	Restart = lib.mkForce "always";	293	Restart = lib.mkForce "always";