bump vidhar

author: Gregor Kleen <gkleen@yggdrasil.li> 2026-04-16 19:15:46 +0200
committer: Gregor Kleen <gkleen@yggdrasil.li> 2026-04-16 19:15:46 +0200
commit: d02070251ba23429ba2514d71f30eebece187b7f (patch)
tree: 8bb792fd3aca1f5d6a57c934c4759195889eedc8 /hosts
parent: 75152da49a7f6b6ade429b69bde169c810c674ee (diff)
download: nixos-d02070251ba23429ba2514d71f30eebece187b7f.tar
nixos-d02070251ba23429ba2514d71f30eebece187b7f.tar.gz
nixos-d02070251ba23429ba2514d71f30eebece187b7f.tar.bz2
nixos-d02070251ba23429ba2514d71f30eebece187b7f.tar.xz
nixos-d02070251ba23429ba2514d71f30eebece187b7f.zip
6 files changed, 56 insertions, 68 deletions
diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix
index 9639cbd3..f15dfebe 100644
--- a/hosts/vidhar/default.nix
+++ b/hosts/vidhar/default.nix
@@ -296,41 +296,6 @@ with lib;
        "ASSUME_NO_MOVING_GC_UNSAFE_RISK_IT_WITH=go1.19"
      ];
    };
-    services.promtail = {
-      enable = true;
-      configuration = {
-        server = {
-          http_listen_port = 9080;
-          grpc_listen_port = 0;
-        };
-        clients = [
-          { url = "http://localhost:9094/loki/api/v1/push"; }
-        ];
-        scrape_configs = [
-          { job_name = "journal";
-            journal = {
-              json = true;
-              max_age = "12h";
-              path = "/var/log/journal";
-              labels = {
-                job = "systemd-journal";
-              };
-            };
-            relabel_configs = [
-              { source_labels = ["__journal__systemd_unit"];
-                target_label = "unit";
-              }
-              { source_labels = ["__journal__hostname"];
-                target_label = "nodename";
-              }
-            ];
-          }
-        ];
-      };
-    };
-    systemd.services.promtail.serviceConfig.Environment = [
-      "ASSUME_NO_MOVING_GC_UNSAFE_RISK_IT_WITH=go1.19"
-    ];
    services.apcupsd = {
      enable = true;
diff --git a/hosts/vidhar/network/default.nix b/hosts/vidhar/network/default.nix
index 02a8d648..3b48a7fc 100644
--- a/hosts/vidhar/network/default.nix
+++ b/hosts/vidhar/network/default.nix
@@ -3,7 +3,7 @@
 with lib;
 {
-  imports = [ ./pppoe.nix ./bifrost ./dhcp ];
+  imports = [ ./pppoe ./bifrost ./dhcp ];
  config = {
    networking = {
@@ -132,6 +132,7 @@ with lib;
      "/srv/nfs/nix-store" = {
        device = "/nix/store";
        options = [ "bind" ];
+        fsType = "none";
      };
    };
  };
diff --git a/hosts/vidhar/network/pppoe.nix b/hosts/vidhar/network/pppoe/default.nix
index 7b342b69..36bf4f49 100644
--- a/hosts/vidhar/network/pppoe.nix
+++ b/hosts/vidhar/network/pppoe/default.nix
@@ -27,7 +27,37 @@ in {
          ./no-double-timeout.patch
        ];
      });
-      peers.telekom.config = ''
+      peers = {
+        o2.config = ''
+          user DSL0004874856014@s93.bbi-o2.de
+        '';
+      };
+    };
+    systemd.services."pppd-o2" = {
+      stopIfChanged = true;
+      restartTriggers = with config; [
+        environment.etc."ppp/pap-secrets".source
+        environment.etc."ppp/options".source
+        environment.etc."ppp/ip-pre-up".source
+        environment.etc."ppp/ip-up".source
+        environment.etc."ppp/ip-down".source
+      ];
+      serviceConfig.LoadCredential = [
+        "password:${config.sops.secrets."o2-password".path}"
+      ];
+      bindsTo = [ "sys-subsystem-net-devices-telekom.device" ];
+      after = [ "sys-subsystem-net-devices-telekom.device" ];
+    };
+    sops.secrets."o2-password" = {
+      format = "binary";
+      sopsFile = ./o2-password;
+    };
+    environment.etc = {
+      "ppp/options".text = ''
        nodefaultroute
        ifname ${pppInterface}
        lcp-echo-adaptive
@@ -39,29 +69,14 @@ in {
        plugin pppoe.so
        pppoe-padi-timeout 1
        pppoe-padi-attempts 10
-        user congstar
-        password congstar
        nic-telekom
        debug
        +ipv6
      '';
-    };
+      "ppp/pap-secrets".text = ''
-    systemd.services."pppd-telekom" = {
+        congstar * congstar *
-      stopIfChanged = true;
+        DSL0004874856014@s93.bbi-o2.de * @/run/credentials/pppd-o2.service/password *
+      '';
-      serviceConfig = {
-        Type = lib.mkForce "notify";
-        ExecStart = lib.mkForce "${getBin config.services.pppd.package}/sbin/pppd call telekom up_sdnotify nolog";
-        PIDFile = "/run/pppd/${pppInterface}.pid";
-      };
-      restartTriggers = with config; [
-        environment.etc."ppp/ip-pre-up".source
-        environment.etc."ppp/ip-up".source
-        environment.etc."ppp/ip-down".source
-      ];
-    };
-    environment.etc = {
      "ppp/ip-pre-up".source = pkgs.resholve.writeScript "ip-pre-up" {
        interpreter = pkgs.runtimeShell;
        inputs = [ pkgs.iproute2 pkgs.ethtool ];
@@ -137,9 +152,5 @@ in {
      "net.core.rmem_max" = 4194304;
      "net.core.wmem_max" = 4194304;
    };
-    systemd.services."pppd-telekom" = {
-      bindsTo = [ "sys-subsystem-net-devices-telekom.device" ];
-      after = [ "sys-subsystem-net-devices-telekom.device" ];
-    };
  };
 }
diff --git a/hosts/vidhar/network/no-double-timeout.patch b/hosts/vidhar/network/pppoe/no-double-timeout.patch
index 53f41ae1..53f41ae1 100644
--- a/hosts/vidhar/network/no-double-timeout.patch
+++ b/hosts/vidhar/network/pppoe/no-double-timeout.patch
diff --git a/hosts/vidhar/network/pppoe/o2-password b/hosts/vidhar/network/pppoe/o2-password
new file mode 100644
index 00000000..cd3aed78
--- /dev/null
+++ b/hosts/vidhar/network/pppoe/o2-password
@@ -0,0 +1,18 @@
+{
+        "data": "ENC[AES256_GCM,data:mxHA3rrs5Sc50jAP,iv:iW1ua7wjZR8rPwXw21TdFK+fbfosc1CmnrTG34OJ2zM=,tag:pZ/FAHupnKy0wHtF6RN7yA==,type:str]",
+        "sops": {
+                "age": [
+                        {
+                                "recipient": "age1rmmhetcmllq0ahl5qznlr0eya2zdxwl9h6y5wnl97d2wtyx5t99sm2u866",
+                                "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpUzAvSlJkSFhhRTFLY0VO\nU1VYbFhpMEpxaFhlb2NyS0xDNU5oMm9EZzJnCm5vbTM4c3lFMU5EajhwTGd6MTVx\nZTFmNVlyaVZuRy9hL2VnWFR0TTNEemsKLS0tIDdTemNMTTllQ1pmb0JNTlVGcTlU\nWjQ2MW4yVmtvRng3TlRDbmpHdmRkbUEKtIVAq4aZD6rhtX7+67EE5eOKAtGsVpBg\nPkfjkyV8ifBEx/lwDaJSHpLPfkbI9oArTL8BloodJEEGql5PXZxtvg==\n-----END AGE ENCRYPTED FILE-----\n"
+                        },
+                        {
+                                "recipient": "age1qffdqvy9arld9zd5a5cylt0n98xhcns5shxhrhwjq5g4qa844ejselaa4l",
+                                "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmUk1oZGdjL25YbGRzdFFh\nRllkcU1IM0x6a2M2S0JicDBFYnBxMWluaEFzCjJ3WHozNkw0RThCMG5BNE5uUkZa\nTnV1OHpaSkMrTk9XM1NRWmxlTmRuUFkKLS0tIE9qdXVWOG9CL0MyS1JXbzhmbVdC\nZlRBWm1SSTZWYzBDc1U4ci94a0hMcHcKLgbJSAMUJ9VaXVmYQe+Uj13KrWFe4QvJ\nRcibCyOJH/VO3rmxU8RAkx0jaH448h9klWhs583Od5yNg7GleC+/qg==\n-----END AGE ENCRYPTED FILE-----\n"
+                        }
+                ],
+                "lastmodified": "2026-04-14T15:24:19Z",
+                "mac": "ENC[AES256_GCM,data:/dr0bXAf0v5K9LdKw7RzTTL8Qw/WqiHqLk0EbahDnFg3cVplV0s+ImCnxmhutv3hxdtMZ2dmLBfb8CYb/ZLc4HtNT/K2iKGQM7pF4+XxIjS35Q1JUcXxLrsGZcpARuCZ0AJnKo8yFgtM64dYcbxHlRwGG4u4Ds9fEHHLUMigNM0=,iv:jfFlfscUB7S1JjL/uBeW3uD4bugCT9Cj/vigGvGXrlA=,tag:suol02QD4jRH/QulWoV21A==,type:str]",
+                "version": "3.12.2"
+        }
+}
diff --git a/hosts/vidhar/prometheus/default.nix b/hosts/vidhar/prometheus/default.nix
index 35942c53..c0941688 100644
--- a/hosts/vidhar/prometheus/default.nix
+++ b/hosts/vidhar/prometheus/default.nix
@@ -59,7 +59,7 @@ in {
        systemd = {
          enable = true;
          extraFlags = [
-            "--systemd.collector.unit-include=(dhcpcd|pppd-telekom|radvd|ndppd)\.service"
+            "--systemd.collector.unit-include=(dhcpcd|pppd-.+|radvd|ndppd)\.service"
            "--systemd.collector.enable-restart-count"
            "--systemd.collector.enable-ip-accounting"
          ];
@@ -202,13 +202,6 @@ in {
          relabel_configs = relabelHosts;
          scrape_interval = "1s";
        }
-        { job_name = "promtail";
-          static_configs = [
-            { targets = ["localhost:9080"]; }
-          ];
-          relabel_configs = relabelHosts;
-          scrape_interval = "1s";
-        }
        { job_name = "apcupsd";
          static_configs = [
            { targets = ["localhost:${toString config.services.prometheus.exporters.apcupsd.port}"]; }
author	Gregor Kleen <gkleen@yggdrasil.li>	2026-04-16 19:15:46 +0200
committer	Gregor Kleen <gkleen@yggdrasil.li>	2026-04-16 19:15:46 +0200
commit	d02070251ba23429ba2514d71f30eebece187b7f (patch)
tree	8bb792fd3aca1f5d6a57c934c4759195889eedc8 /hosts
parent	75152da49a7f6b6ade429b69bde169c810c674ee (diff)
download	nixos-d02070251ba23429ba2514d71f30eebece187b7f.tar nixos-d02070251ba23429ba2514d71f30eebece187b7f.tar.gz nixos-d02070251ba23429ba2514d71f30eebece187b7f.tar.bz2 nixos-d02070251ba23429ba2514d71f30eebece187b7f.tar.xz nixos-d02070251ba23429ba2514d71f30eebece187b7f.zip

diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix index 9639cbd3..f15dfebe 100644 --- a/hosts/vidhar/default.nix +++ b/hosts/vidhar/default.nix
@@ -296,41 +296,6 @@ with lib;
296	"ASSUME_NO_MOVING_GC_UNSAFE_RISK_IT_WITH=go1.19"	296	"ASSUME_NO_MOVING_GC_UNSAFE_RISK_IT_WITH=go1.19"
297	];	297	];
298	};	298	};
299	services.promtail = {
300	enable = true;
301	configuration = {
302	server = {
303	http_listen_port = 9080;
304	grpc_listen_port = 0;
305	};
306	clients = [
307	{ url = "http://localhost:9094/loki/api/v1/push"; }
308	];
309	scrape_configs = [
310	{ job_name = "journal";
311	journal = {
312	json = true;
313	max_age = "12h";
314	path = "/var/log/journal";
315	labels = {
316	job = "systemd-journal";
317	};
318	};
319	relabel_configs = [
320	{ source_labels = ["__journal__systemd_unit"];
321	target_label = "unit";
322	}
323	{ source_labels = ["__journal__hostname"];
324	target_label = "nodename";
325	}
326	];
327	}
328	];
329	};
330	};
331	systemd.services.promtail.serviceConfig.Environment = [
332	"ASSUME_NO_MOVING_GC_UNSAFE_RISK_IT_WITH=go1.19"
333	];
334		299
335	services.apcupsd = {	300	services.apcupsd = {
336	enable = true;	301	enable = true;


diff --git a/hosts/vidhar/network/default.nix b/hosts/vidhar/network/default.nix index 02a8d648..3b48a7fc 100644 --- a/hosts/vidhar/network/default.nix +++ b/hosts/vidhar/network/default.nix
@@ -3,7 +3,7 @@
3	with lib;	3	with lib;
4		4
5	{	5	{
6	imports = [ ./pppoe.nix ./bifrost ./dhcp ];	6	imports = [ ./pppoe ./bifrost ./dhcp ];
7		7
8	config = {	8	config = {
9	networking = {	9	networking = {
@@ -132,6 +132,7 @@ with lib;
132	"/srv/nfs/nix-store" = {	132	"/srv/nfs/nix-store" = {
133	device = "/nix/store";	133	device = "/nix/store";
134	options = [ "bind" ];	134	options = [ "bind" ];
		135	fsType = "none";
135	};	136	};
136	};	137	};
137	};	138	};


diff --git a/hosts/vidhar/network/pppoe.nix b/hosts/vidhar/network/pppoe/default.nix index 7b342b69..36bf4f49 100644 --- a/hosts/vidhar/network/pppoe.nix +++ b/hosts/vidhar/network/pppoe/default.nix
@@ -27,7 +27,37 @@ in {
27	./no-double-timeout.patch	27	./no-double-timeout.patch
28	];	28	];
29	});	29	});
30	peers.telekom.config = ''	30	peers = {
		31	o2.config = ''
		32	user DSL0004874856014@s93.bbi-o2.de
		33	'';
		34	};
		35	};
		36	systemd.services."pppd-o2" = {
		37	stopIfChanged = true;
		38
		39	restartTriggers = with config; [
		40	environment.etc."ppp/pap-secrets".source
		41	environment.etc."ppp/options".source
		42	environment.etc."ppp/ip-pre-up".source
		43	environment.etc."ppp/ip-up".source
		44	environment.etc."ppp/ip-down".source
		45	];
		46
		47	serviceConfig.LoadCredential = [
		48	"password:${config.sops.secrets."o2-password".path}"
		49	];
		50
		51	bindsTo = [ "sys-subsystem-net-devices-telekom.device" ];
		52	after = [ "sys-subsystem-net-devices-telekom.device" ];
		53	};
		54	sops.secrets."o2-password" = {
		55	format = "binary";
		56	sopsFile = ./o2-password;
		57	};
		58
		59	environment.etc = {
		60	"ppp/options".text = ''
31	nodefaultroute	61	nodefaultroute
32	ifname ${pppInterface}	62	ifname ${pppInterface}
33	lcp-echo-adaptive	63	lcp-echo-adaptive
@@ -39,29 +69,14 @@ in {
39	plugin pppoe.so	69	plugin pppoe.so
40	pppoe-padi-timeout 1	70	pppoe-padi-timeout 1
41	pppoe-padi-attempts 10	71	pppoe-padi-attempts 10
42	user congstar
43	password congstar
44	nic-telekom	72	nic-telekom
45	debug	73	debug
46	+ipv6	74	+ipv6
47	'';	75	'';
48	};	76	"ppp/pap-secrets".text = ''
49	systemd.services."pppd-telekom" = {	77	congstar * congstar *
50	stopIfChanged = true;	78	DSL0004874856014@s93.bbi-o2.de * @/run/credentials/pppd-o2.service/password *
51		79	'';
52	serviceConfig = {
53	Type = lib.mkForce "notify";
54	ExecStart = lib.mkForce "${getBin config.services.pppd.package}/sbin/pppd call telekom up_sdnotify nolog";
55	PIDFile = "/run/pppd/${pppInterface}.pid";
56	};
57	restartTriggers = with config; [
58	environment.etc."ppp/ip-pre-up".source
59	environment.etc."ppp/ip-up".source
60	environment.etc."ppp/ip-down".source
61	];
62	};
63
64	environment.etc = {
65	"ppp/ip-pre-up".source = pkgs.resholve.writeScript "ip-pre-up" {	80	"ppp/ip-pre-up".source = pkgs.resholve.writeScript "ip-pre-up" {
66	interpreter = pkgs.runtimeShell;	81	interpreter = pkgs.runtimeShell;
67	inputs = [ pkgs.iproute2 pkgs.ethtool ];	82	inputs = [ pkgs.iproute2 pkgs.ethtool ];
@@ -137,9 +152,5 @@ in {
137	"net.core.rmem_max" = 4194304;	152	"net.core.rmem_max" = 4194304;
138	"net.core.wmem_max" = 4194304;	153	"net.core.wmem_max" = 4194304;
139	};	154	};
140	systemd.services."pppd-telekom" = {
141	bindsTo = [ "sys-subsystem-net-devices-telekom.device" ];
142	after = [ "sys-subsystem-net-devices-telekom.device" ];
143	};
144	};	155	};
145	}	156	}


diff --git a/hosts/vidhar/network/no-double-timeout.patch b/hosts/vidhar/network/pppoe/no-double-timeout.patch index 53f41ae1..53f41ae1 100644 --- a/hosts/vidhar/network/no-double-timeout.patch +++ b/hosts/vidhar/network/pppoe/no-double-timeout.patch


diff --git a/hosts/vidhar/network/pppoe/o2-password b/hosts/vidhar/network/pppoe/o2-password new file mode 100644 index 00000000..cd3aed78 --- /dev/null +++ b/hosts/vidhar/network/pppoe/o2-password
@@ -0,0 +1,18 @@
		1	{
		2	"data": "ENC[AES256_GCM,data:mxHA3rrs5Sc50jAP,iv:iW1ua7wjZR8rPwXw21TdFK+fbfosc1CmnrTG34OJ2zM=,tag:pZ/FAHupnKy0wHtF6RN7yA==,type:str]",
		3	"sops": {
		4	"age": [
		5	{
		6	"recipient": "age1rmmhetcmllq0ahl5qznlr0eya2zdxwl9h6y5wnl97d2wtyx5t99sm2u866",
		7	"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpUzAvSlJkSFhhRTFLY0VO\nU1VYbFhpMEpxaFhlb2NyS0xDNU5oMm9EZzJnCm5vbTM4c3lFMU5EajhwTGd6MTVx\nZTFmNVlyaVZuRy9hL2VnWFR0TTNEemsKLS0tIDdTemNMTTllQ1pmb0JNTlVGcTlU\nWjQ2MW4yVmtvRng3TlRDbmpHdmRkbUEKtIVAq4aZD6rhtX7+67EE5eOKAtGsVpBg\nPkfjkyV8ifBEx/lwDaJSHpLPfkbI9oArTL8BloodJEEGql5PXZxtvg==\n-----END AGE ENCRYPTED FILE-----\n"
		8	},
		9	{
		10	"recipient": "age1qffdqvy9arld9zd5a5cylt0n98xhcns5shxhrhwjq5g4qa844ejselaa4l",
		11	"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmUk1oZGdjL25YbGRzdFFh\nRllkcU1IM0x6a2M2S0JicDBFYnBxMWluaEFzCjJ3WHozNkw0RThCMG5BNE5uUkZa\nTnV1OHpaSkMrTk9XM1NRWmxlTmRuUFkKLS0tIE9qdXVWOG9CL0MyS1JXbzhmbVdC\nZlRBWm1SSTZWYzBDc1U4ci94a0hMcHcKLgbJSAMUJ9VaXVmYQe+Uj13KrWFe4QvJ\nRcibCyOJH/VO3rmxU8RAkx0jaH448h9klWhs583Od5yNg7GleC+/qg==\n-----END AGE ENCRYPTED FILE-----\n"
		12	}
		13	],
		14	"lastmodified": "2026-04-14T15:24:19Z",
		15	"mac": "ENC[AES256_GCM,data:/dr0bXAf0v5K9LdKw7RzTTL8Qw/WqiHqLk0EbahDnFg3cVplV0s+ImCnxmhutv3hxdtMZ2dmLBfb8CYb/ZLc4HtNT/K2iKGQM7pF4+XxIjS35Q1JUcXxLrsGZcpARuCZ0AJnKo8yFgtM64dYcbxHlRwGG4u4Ds9fEHHLUMigNM0=,iv:jfFlfscUB7S1JjL/uBeW3uD4bugCT9Cj/vigGvGXrlA=,tag:suol02QD4jRH/QulWoV21A==,type:str]",
		16	"version": "3.12.2"
		17	}
		18	}


diff --git a/hosts/vidhar/prometheus/default.nix b/hosts/vidhar/prometheus/default.nix index 35942c53..c0941688 100644 --- a/hosts/vidhar/prometheus/default.nix +++ b/hosts/vidhar/prometheus/default.nix
@@ -59,7 +59,7 @@ in {
59	systemd = {	59	systemd = {
60	enable = true;	60	enable = true;
61	extraFlags = [	61	extraFlags = [
62	"--systemd.collector.unit-include=(dhcpcd\|pppd-telekom\|radvd\|ndppd)\.service"	62	"--systemd.collector.unit-include=(dhcpcd\|pppd-.+\|radvd\|ndppd)\.service"
63	"--systemd.collector.enable-restart-count"	63	"--systemd.collector.enable-restart-count"
64	"--systemd.collector.enable-ip-accounting"	64	"--systemd.collector.enable-ip-accounting"
65	];	65	];
@@ -202,13 +202,6 @@ in {
202	relabel_configs = relabelHosts;	202	relabel_configs = relabelHosts;
203	scrape_interval = "1s";	203	scrape_interval = "1s";
204	}	204	}
205	{ job_name = "promtail";
206	static_configs = [
207	{ targets = ["localhost:9080"]; }
208	];
209	relabel_configs = relabelHosts;
210	scrape_interval = "1s";
211	}
212	{ job_name = "apcupsd";	205	{ job_name = "apcupsd";
213	static_configs = [	206	static_configs = [
214	{ targets = ["localhost:${toString config.services.prometheus.exporters.apcupsd.port}"]; }	207	{ targets = ["localhost:${toString config.services.prometheus.exporters.apcupsd.port}"]; }