bump vidhar

author: Gregor Kleen <gkleen@yggdrasil.li> 2026-04-16 19:15:46 +0200
committer: Gregor Kleen <gkleen@yggdrasil.li> 2026-04-16 19:15:46 +0200
commit: d02070251ba23429ba2514d71f30eebece187b7f (patch)
tree: 8bb792fd3aca1f5d6a57c934c4759195889eedc8 /hosts/vidhar/network/pppoe/default.nix
parent: 75152da49a7f6b6ade429b69bde169c810c674ee (diff)
download: nixos-d02070251ba23429ba2514d71f30eebece187b7f.tar
nixos-d02070251ba23429ba2514d71f30eebece187b7f.tar.gz
nixos-d02070251ba23429ba2514d71f30eebece187b7f.tar.bz2
nixos-d02070251ba23429ba2514d71f30eebece187b7f.tar.xz
nixos-d02070251ba23429ba2514d71f30eebece187b7f.zip
1 files changed, 156 insertions, 0 deletions
diff --git a/hosts/vidhar/network/pppoe/default.nix b/hosts/vidhar/network/pppoe/default.nix
new file mode 100644
index 00000000..36bf4f49
--- /dev/null
+++ b/hosts/vidhar/network/pppoe/default.nix
@@ -0,0 +1,156 @@
+{ config, lib, pkgs, ... }:
+with lib;
+let
+  inherit (config.networking) pppInterface;
+in {
+  options = {
+    networking.pppInterface = mkOption {
+      type = types.str;
+      default = "ppp";
+    };
+  };
+  config = {
+    networking.vlans = {
+      telekom = {
+        id = 7;
+        interface = "eno2";
+      };
+    };
+    services.pppd = {
+      enable = true;
+      package = pkgs.ppp.overrideAttrs (oldAttrs: {
+        patches = (oldAttrs.patches or []) ++ [
+          ./no-double-timeout.patch
+        ];
+      });
+      peers = {
+        o2.config = ''
+          user DSL0004874856014@s93.bbi-o2.de
+        '';
+      };
+    };
+    systemd.services."pppd-o2" = {
+      stopIfChanged = true;
+      restartTriggers = with config; [
+        environment.etc."ppp/pap-secrets".source
+        environment.etc."ppp/options".source
+        environment.etc."ppp/ip-pre-up".source
+        environment.etc."ppp/ip-up".source
+        environment.etc."ppp/ip-down".source
+      ];
+      serviceConfig.LoadCredential = [
+        "password:${config.sops.secrets."o2-password".path}"
+      ];
+      bindsTo = [ "sys-subsystem-net-devices-telekom.device" ];
+      after = [ "sys-subsystem-net-devices-telekom.device" ];
+    };
+    sops.secrets."o2-password" = {
+      format = "binary";
+      sopsFile = ./o2-password;
+    };
+    environment.etc = {
+      "ppp/options".text = ''
+        nodefaultroute
+        ifname ${pppInterface}
+        lcp-echo-adaptive
+        lcp-echo-failure 10
+        lcp-echo-interval 1
+        maxfail 0
+        mtu 1492
+        mru 1492
+        plugin pppoe.so
+        pppoe-padi-timeout 1
+        pppoe-padi-attempts 10
+        nic-telekom
+        debug
+        +ipv6
+      '';
+      "ppp/pap-secrets".text = ''
+        congstar * congstar *
+        DSL0004874856014@s93.bbi-o2.de * @/run/credentials/pppd-o2.service/password *
+      '';
+      "ppp/ip-pre-up".source = pkgs.resholve.writeScript "ip-pre-up" {
+        interpreter = pkgs.runtimeShell;
+        inputs = [ pkgs.iproute2 pkgs.ethtool ];
+        execer = [
+          "cannot:${lib.getExe' pkgs.iproute2 "ip"}"
+          "cannot:${lib.getExe' pkgs.iproute2 "tc"}"
+        ];
+      } ''
+        ethtool -K telekom tso off gso off gro off
+        ip link del "ifb4$1" || true
+        ip link add name "ifb4$1" type ifb
+        ip link set "ifb4$1" up
+        tc qdisc del dev "ifb4$1" root || true
+        tc qdisc del dev "$1" ingress || true
+        tc qdisc del dev "$1" root || true
+        tc qdisc add dev "$1" handle ffff: ingress
+        tc filter add dev "$1" parent ffff: basic action ctinfo dscp 0x0000003f 0x00000040 action mirred egress redirect dev "ifb4$1"
+        tc qdisc replace dev "ifb4$1" root cake memlimit 128Mb overhead 35 mpu 74 regional diffserv4 bandwidth ${toString (builtins.floor (177968 * 0.95))}kbit
+        tc qdisc replace dev "$1" root cake memlimit 128Mb overhead 35 mpu 74 regional nat diffserv4 wash bandwidth ${toString (builtins.floor (41216 * 0.95))}kbit
+      '';
+      "ppp/ip-up".source = pkgs.resholve.writeScript "ip-up" {
+        interpreter = pkgs.runtimeShell;
+        inputs = [ pkgs.iproute2 ];
+        execer = [ "cannot:${lib.getExe' pkgs.iproute2 "ip"}" ];
+      } ''
+        ip addr add "$4" peer "$5"/32 dev "$1"
+        ip route add default dev "$1" metric 512
+      '';
+      "ppp/ip-down".source = pkgs.resholve.writeScript "ip-down" {
+        interpreter = pkgs.runtimeShell;
+        inputs = [ pkgs.iproute2 ];
+        execer = [ "cannot:${lib.getExe' pkgs.iproute2 "ip"}" ];
+      } ''
+        ip link del "ifb4$1"
+      '';
+    };
+    systemd.package = pkgs.systemd.overrideAttrs (oldAttrs: {
+      patches = (oldAttrs.patches or []) ++ [
+        (pkgs.fetchpatch {
+          url = "https://github.com/sysedwinistrator/systemd/commit/b9691a43551739ddacdb8d53a4312964c3ddfa08.patch";
+          hash = "sha256-TLfOTFodLzCVywnF4Xp4BR2Pja0Qq4ItE/yaKkzI414=";
+        })
+      ];
+    });
+    systemd.network.networks = {
+      "40-${pppInterface}" = {
+        matchConfig.Name = pppInterface;
+        dns = [ "::1" "127.0.0.1" ];
+        domains = [ "~." ];
+        networkConfig = {
+          DHCP = true;
+          DNSSEC = true;
+        };
+        dhcpV6Config = {
+          PrefixDelegationHint = "::/64";
+          WithoutRA = "solicit";
+        };
+      };
+    };
+    boot.kernelModules = [ "ifb" ];
+    boot.kernel.sysctl = {
+      "net.ipv6.conf.all.forwarding" = true;
+      "net.ipv6.conf.default.forwarding" = true;
+      "net.ipv4.conf.all.forwarding" = true;
+      "net.ipv4.conf.default.forwarding" = true;
+      "net.core.rmem_max" = 4194304;
+      "net.core.wmem_max" = 4194304;
+    };
+  };
+}
author	Gregor Kleen <gkleen@yggdrasil.li>	2026-04-16 19:15:46 +0200
committer	Gregor Kleen <gkleen@yggdrasil.li>	2026-04-16 19:15:46 +0200
commit	d02070251ba23429ba2514d71f30eebece187b7f (patch)
tree	8bb792fd3aca1f5d6a57c934c4759195889eedc8 /hosts/vidhar/network/pppoe/default.nix
parent	75152da49a7f6b6ade429b69bde169c810c674ee (diff)
download	nixos-d02070251ba23429ba2514d71f30eebece187b7f.tar nixos-d02070251ba23429ba2514d71f30eebece187b7f.tar.gz nixos-d02070251ba23429ba2514d71f30eebece187b7f.tar.bz2 nixos-d02070251ba23429ba2514d71f30eebece187b7f.tar.xz nixos-d02070251ba23429ba2514d71f30eebece187b7f.zip

diff --git a/hosts/vidhar/network/pppoe/default.nix b/hosts/vidhar/network/pppoe/default.nix new file mode 100644 index 00000000..36bf4f49 --- /dev/null +++ b/hosts/vidhar/network/pppoe/default.nix
@@ -0,0 +1,156 @@
	1	{ config, lib, pkgs, ... }:
	2
	3	with lib;
	4
	5	let
	6	inherit (config.networking) pppInterface;
	7	in {
	8	options = {
	9	networking.pppInterface = mkOption {
	10	type = types.str;
	11	default = "ppp";
	12	};
	13	};
	14
	15	config = {
	16	networking.vlans = {
	17	telekom = {
	18	id = 7;
	19	interface = "eno2";
	20	};
	21	};
	22
	23	services.pppd = {
	24	enable = true;
	25	package = pkgs.ppp.overrideAttrs (oldAttrs: {
	26	patches = (oldAttrs.patches or []) ++ [
	27	./no-double-timeout.patch
	28	];
	29	});
	30	peers = {
	31	o2.config = ''
	32	user DSL0004874856014@s93.bbi-o2.de
	33	'';
	34	};
	35	};
	36	systemd.services."pppd-o2" = {
	37	stopIfChanged = true;
	38
	39	restartTriggers = with config; [
	40	environment.etc."ppp/pap-secrets".source
	41	environment.etc."ppp/options".source
	42	environment.etc."ppp/ip-pre-up".source
	43	environment.etc."ppp/ip-up".source
	44	environment.etc."ppp/ip-down".source
	45	];
	46
	47	serviceConfig.LoadCredential = [
	48	"password:${config.sops.secrets."o2-password".path}"
	49	];
	50
	51	bindsTo = [ "sys-subsystem-net-devices-telekom.device" ];
	52	after = [ "sys-subsystem-net-devices-telekom.device" ];
	53	};
	54	sops.secrets."o2-password" = {
	55	format = "binary";
	56	sopsFile = ./o2-password;
	57	};
	58
	59	environment.etc = {
	60	"ppp/options".text = ''
	61	nodefaultroute
	62	ifname ${pppInterface}
	63	lcp-echo-adaptive
	64	lcp-echo-failure 10
	65	lcp-echo-interval 1
	66	maxfail 0
	67	mtu 1492
	68	mru 1492
	69	plugin pppoe.so
	70	pppoe-padi-timeout 1
	71	pppoe-padi-attempts 10
	72	nic-telekom
	73	debug
	74	+ipv6
	75	'';
	76	"ppp/pap-secrets".text = ''
	77	congstar * congstar *
	78	DSL0004874856014@s93.bbi-o2.de * @/run/credentials/pppd-o2.service/password *
	79	'';
	80	"ppp/ip-pre-up".source = pkgs.resholve.writeScript "ip-pre-up" {
	81	interpreter = pkgs.runtimeShell;
	82	inputs = [ pkgs.iproute2 pkgs.ethtool ];
	83	execer = [
	84	"cannot:${lib.getExe' pkgs.iproute2 "ip"}"
	85	"cannot:${lib.getExe' pkgs.iproute2 "tc"}"
	86	];
	87	} ''
	88	ethtool -K telekom tso off gso off gro off
	89
	90	ip link del "ifb4$1" \|\| true
	91	ip link add name "ifb4$1" type ifb
	92	ip link set "ifb4$1" up
	93
	94	tc qdisc del dev "ifb4$1" root \|\| true
	95	tc qdisc del dev "$1" ingress \|\| true
	96	tc qdisc del dev "$1" root \|\| true
	97
	98	tc qdisc add dev "$1" handle ffff: ingress
	99	tc filter add dev "$1" parent ffff: basic action ctinfo dscp 0x0000003f 0x00000040 action mirred egress redirect dev "ifb4$1"
	100	tc qdisc replace dev "ifb4$1" root cake memlimit 128Mb overhead 35 mpu 74 regional diffserv4 bandwidth ${toString (builtins.floor (177968 * 0.95))}kbit
	101	tc qdisc replace dev "$1" root cake memlimit 128Mb overhead 35 mpu 74 regional nat diffserv4 wash bandwidth ${toString (builtins.floor (41216 * 0.95))}kbit
	102	'';
	103	"ppp/ip-up".source = pkgs.resholve.writeScript "ip-up" {
	104	interpreter = pkgs.runtimeShell;
	105	inputs = [ pkgs.iproute2 ];
	106	execer = [ "cannot:${lib.getExe' pkgs.iproute2 "ip"}" ];
	107	} ''
	108	ip addr add "$4" peer "$5"/32 dev "$1"
	109	ip route add default dev "$1" metric 512
	110	'';
	111	"ppp/ip-down".source = pkgs.resholve.writeScript "ip-down" {
	112	interpreter = pkgs.runtimeShell;
	113	inputs = [ pkgs.iproute2 ];
	114	execer = [ "cannot:${lib.getExe' pkgs.iproute2 "ip"}" ];
	115	} ''
	116	ip link del "ifb4$1"
	117	'';
	118	};
	119
	120	systemd.package = pkgs.systemd.overrideAttrs (oldAttrs: {
	121	patches = (oldAttrs.patches or []) ++ [
	122	(pkgs.fetchpatch {
	123	url = "https://github.com/sysedwinistrator/systemd/commit/b9691a43551739ddacdb8d53a4312964c3ddfa08.patch";
	124	hash = "sha256-TLfOTFodLzCVywnF4Xp4BR2Pja0Qq4ItE/yaKkzI414=";
	125	})
	126	];
	127	});
	128
	129	systemd.network.networks = {
	130	"40-${pppInterface}" = {
	131	matchConfig.Name = pppInterface;
	132	dns = [ "::1" "127.0.0.1" ];
	133	domains = [ "~." ];
	134	networkConfig = {
	135	DHCP = true;
	136	DNSSEC = true;
	137	};
	138	dhcpV6Config = {
	139	PrefixDelegationHint = "::/64";
	140	WithoutRA = "solicit";
	141	};
	142	};
	143	};
	144
	145	boot.kernelModules = [ "ifb" ];
	146	boot.kernel.sysctl = {
	147	"net.ipv6.conf.all.forwarding" = true;
	148	"net.ipv6.conf.default.forwarding" = true;
	149	"net.ipv4.conf.all.forwarding" = true;
	150	"net.ipv4.conf.default.forwarding" = true;
	151
	152	"net.core.rmem_max" = 4194304;
	153	"net.core.wmem_max" = 4194304;
	154	};
	155	};
	156	}