...

2 files changed, 100 insertions, 67 deletions

diff --git a/hosts/vidhar/network/pppoe.nix b/hosts/vidhar/network/pppoe.nix
index 5cc84862..d17be349 100644
--- a/hosts/vidhar/network/pppoe.nix
+++ b/hosts/vidhar/network/pppoe.nix
@@ -4,6 +4,48 @@ with lib;
 
 let
   pppInterface = config.networking.pppInterface;
+
+  corerad-deprecated = pkgs.writers.writeBashBin "corerad-deprecated" ''
+    exec -- ${lib.getExe' config.systemd.package "systemd-run"} \
+      --unit=corerad-deprecated@$(${lib.getExe' config.systemd.package "systemd-escape"} $1) \
+      --property=AmbientCapabilities="CAP_NET_ADMIN CAP_NET_RAW" \
+      --property=CapabilityBoundingSet="CAP_NET_ADMIN CAP_NET_RAW" \
+      --property=DynamicUser=yes \
+      --property=LimitNOFILE=1048576 \
+      --property=LimitNPROC=512 \
+      --property=NotifyAccess=main \
+      --property=Type=notify \
+      --property=RuntimeMaxSec=4h \
+      ${pkgs.writers.writeBash "corerad-deprecated" ''
+        exec -- ${lib.getExe pkgs.corerad} -c=<(${pkgs.writers.writePython3 "corerad-config" {
+            libraries = with pkgs.python3Packages; [ toml ];
+            flakeIgnore = [ "E124" "E121" ];
+          } ''
+            import toml
+            import sys
+            import re
+
+            match = re.fullmatch(r'(?P<interface>[^/]+)/(?P<prefix>.+)', sys.argv[1])
+
+            toml.dump({
+              "interfaces": [
+                {
+                  "name": match.group("interface"),
+                  "advertise": True,
+                  "prefix": [
+                    {
+                      "prefix": match.group("prefix"),
+                      "preferred_lifetime": "1s",
+                      "valid_lifetime": "14400s",
+                      "deprecated": True,
+                    },
+                  ],
+                },
+              ],
+            }, sys.stdout)
+          ''} $@)
+      ''} $@
+  '';
 in {
   options = {
     networking.pppInterface = mkOption {
@@ -131,6 +173,8 @@ in {
         };
       };
     };
+    environment.systemPackages = [ corerad-deprecated ];
+
     services.ndppd = {
       enable = true;
       proxies = {
@@ -160,75 +204,69 @@ in {
       bindsTo = [ "sys-subsystem-net-devices-telekom.device" ];
       after = [ "sys-subsystem-net-devices-telekom.device" ];
     };
-    systemd.services."dhcpcd-${pppInterface}" = {
-      wantedBy = [ "multi-user.target" "network-online.target" "pppd-telekom.service" ];
-      bindsTo = [ "pppd-telekom.service" ];
-      after = [ "pppd-telekom.service" ];
-      wants = [ "network.target" ];
-      before = [ "network-online.target" ];
 
-      path = with pkgs; [ dhcpcd nettools openresolv ];
-      unitConfig.ConditionCapability = "CAP_NET_ADMIN";
-
-      stopIfChanged = true;
+    networking.interfaces.${pppInterface}.useDHCP = true;
+    networking.dhcpcd = {
+      enable = true;
+      persistent = false;
+      setHostname = false;
+      wait = "ipv6";
+      IPv6rs = false;
 
-      preStart = ''
-        i=0
+      extraConfig = ''
+        duid
+        vendorclassid
+        ipv6only
 
-        while [[ -z "$(${pkgs.iproute2}/bin/ip -6 addr show dev ${pppInterface} scope link)" ]]; do
-          ${pkgs.coreutils}/bin/sleep 0.1
-          i=$((i + 1))
-          if [[ "$i" -ge 10 ]]; then
-            exit 1
-          fi
-        done
-      '';
+        require dhcp_server_identifier
 
-      postStop = ''
-        for dev in lan; do
-          ${pkgs.iproute2}/bin/ip -6 a show dev "''${dev}" scope global | ${pkgs.gnugrep}/bin/grep inet6 | ${pkgs.gawk}/bin/awk '{ print $2; }' | ${pkgs.findutils}/bin/xargs -I '{}' -- ${pkgs.iproute2}/bin/ip addr del '{}' dev "''${dev}"
-        done
-      '';
+        reboot 0
 
-      serviceConfig = let
-        dhcpcdConf = pkgs.writeText "dhcpcd.conf" ''
-          duid
-          vendorclassid
-          ipv6only
+        interface ${pppInterface}
+          nooption domain_name_servers, domain_name, domain_search, ntp_servers
+          nohook hostname, resolv.conf
+          option rapid_commit
 
-          nooption domain_name_servers, domain_name, domain_search
-          option classless_static_routes
-          option interface_mtu
+          ipv6rs
 
-          option host_name
-          option rapid_commit
-          require dhcp_server_identifier
-          slaac private
+          ia_pd 1 lan/0/64/0
+      '';
+    };
+    systemd.services.dhcpcd = {
+      wantedBy = [ "multi-user.target" "network-online.target" "pppd-telekom.service" ];
+      bindsTo = [ "pppd-telekom.service" ];
+      after = [ "pppd-telekom.service" ];
+      wants = [ "network.target" ];
+      before = [ "network-online.target" ];
 
-          nohook resolv.conf
-          ipv6ra_autoconf
-          iaid 1195061668
-          ipv6rs                 # enable routing solicitation for WAN adapter
-          ia_pd 1 lan/0/64/0     # request a PD and assign it to the LAN
+      serviceConfig = {
+        ExecStartPre = [
+          (pkgs.resholve.writeScript "wait-${pppInterface}-ip" {
+            interpreter = pkgs.runtimeShell;
+            inputs = with pkgs; [ iproute2 coreutils ];
+            execer = [
+              "cannot:${lib.getExe' pkgs.iproute2 "ip"}"
+            ];
+          } ''
+            i=0
 
-          reboot 0
+            while [[ -z "$(ip -6 addr show dev ${pppInterface} scope link)" ]]; do
+              sleep 0.1
+              i=$((i + 1))
+              if [[ "$i" -ge 10 ]]; then
+                exit 1
+              fi
+            done
+          '')
+        ];
 
-          waitip 6
-        '';
-      in {
-        Type = "forking";
-        PIDFile = "/var/run/dhcpcd/${pppInterface}.pid";
-        RuntimeDirectory = "dhcpcd";
-        ExecStart = "@${pkgs.dhcpcd}/sbin/dhcpcd dhcpcd -q --config ${dhcpcdConf} ${pppInterface}";
-        ExecReload = "${pkgs.dhcpcd}/sbin/dhcpcd --rebind ${pppInterface}";
-        Restart = "always";
         RestartSec = "5";
       };
     };
     systemd.services.ndppd = {
-      wantedBy = [ "dhcpcd-${pppInterface}.service" ];
-      bindsTo = [ "dhcpcd-${pppInterface}.service" ];
-      after = [ "dhcpcd-${pppInterface}.service" ];
+      wantedBy = [ "dhcpcd.service" ];
+      bindsTo = [ "dhcpcd.service" ];
+      after = [ "dhcpcd.service" ];
 
       serviceConfig = {
         Restart = "always";
@@ -236,25 +274,20 @@ in {
       };
     };
     systemd.services.corerad = {
-      wantedBy = [ "dhcpcd-${pppInterface}.service" ];
-      bindsTo = [ "dhcpcd-${pppInterface}.service" ];
-      after = [ "dhcpcd-${pppInterface}.service" ];
+      wantedBy = [ "dhcpcd.service" ];
+      bindsTo = [ "dhcpcd.service" ];
+      after = [ "dhcpcd.service" ];
 
       serviceConfig = {
         Restart = lib.mkForce "always";
         RestartSec = "5";
       };
     };
-    users.users.dhcpcd = {
-      isSystemUser = true;
-      group = "dhcpcd";
-    };
-    users.groups.dhcpcd = {};
 
     systemd.services.unbound = {
-      wantedBy = [ "dhcpcd-${pppInterface}.service" ];
-      bindsTo = [ "dhcpcd-${pppInterface}.service" ];
-      after = [ "dhcpcd-${pppInterface}.service" ];
+      wantedBy = [ "dhcpcd.service" ];
+      bindsTo = [ "dhcpcd.service" ];
+      after = [ "dhcpcd.service" ];
 
       serviceConfig = {
         Restart = lib.mkForce "always";
diff --git a/hosts/vidhar/prometheus/default.nix b/hosts/vidhar/prometheus/default.nix
index df135b58..125fd568 100644
--- a/hosts/vidhar/prometheus/default.nix
+++ b/hosts/vidhar/prometheus/default.nix
@@ -64,7 +64,7 @@ in {
         systemd = {
           enable = true;
           extraFlags = [
-            "--systemd.collector.unit-include=(dhcpcd-.*|pppd-telekom|corerad|ndppd)\.service"
+            "--systemd.collector.unit-include=(dhcpcd|pppd-telekom|corerad|ndppd)\.service"
             "--systemd.collector.enable-restart-count"
             "--systemd.collector.enable-ip-accounting"
           ];