1 files changed, 265 insertions, 0 deletions
diff --git a/hosts/vidhar/network/gpon.nix b/hosts/vidhar/network/gpon.nix
new file mode 100644
index 00000000..c15a6e8d
--- /dev/null
+++ b/hosts/vidhar/network/gpon.nix
@@ -0,0 +1,265 @@
+{ config, lib, pkgs, ... }:
+with lib;
+let
+  pppInterface = config.networking.pppInterface;
+in {
+  options = {
+    networking.pppInterface = mkOption {
+      type = types.str;
+      default = "gpon";
+    };
+  };
+  config = {
+    networking.vlans = {
+      telekom = {
+        id = 7;
+        interface = "eno2";
+      };
+    };
+    services.pppd = {
+      enable = true;
+      peers.telekom.config = ''
+        nodefaultroute
+        ifname ${pppInterface}
+        lcp-echo-adaptive
+        lcp-echo-failure 5
+        lcp-echo-interval 1
+        maxfail 0
+        mtu 1492
+        mru 1492
+        plugin pppoe.so
+        name telekom
+        user 002576900250551137425220#0001@t-online.de
+        nic-telekom
+        debug
+        +ipv6
+      '';
+    };
+    systemd.services."pppd-telekom" = {
+      stopIfChanged = true;
+      serviceConfig = {
+        PIDFile = "/run/pppd/${pppInterface}.pid";
+      };
+    };
+    sops.secrets."pap-secrets" = {
+      format = "binary";
+      sopsFile = ./pap-secrets;
+      path = "/etc/ppp/pap-secrets";
+    };
+    environment.etc = {
+      "ppp/ip-pre-up".source = let
+        app = pkgs.writeShellApplication {
+          name = "ip-pre-up";
+          runtimeInputs = with pkgs; [ iproute2 ethtool ];
+          text = ''
+            ethtool -K telekom tso off gso off gro off
+            ip link del "ifb4${pppInterface}" || true
+            ip link add name "ifb4${pppInterface}" type ifb
+            ip link set "ifb4${pppInterface}" up
+            tc qdisc del dev "ifb4${pppInterface}" root || true
+            tc qdisc del dev "${pppInterface}" ingress || true
+            tc qdisc del dev "${pppInterface}" root || true
+            tc qdisc add dev "${pppInterface}" handle ffff: ingress
+            tc filter add dev "${pppInterface}" parent ffff: basic action ctinfo dscp 0x0000003f 0x00000040 action mirred egress redirect dev "ifb4${pppInterface}"
+            tc qdisc replace dev "ifb4${pppInterface}" root cake memlimit 128Mb pppoe-ptm diffserv4 bandwidth 238mbit
+            tc qdisc replace dev "${pppInterface}" root cake memlimit 128Mb pppoe-ptm nat diffserv4 wash bandwidth 48mbit
+          '';
+        };
+      in "${app}/bin/${app.meta.mainProgram}";
+      "ppp/ip-up".source = let
+        app = pkgs.writeShellApplication {
+          name = "ip-up";
+          runtimeInputs = with pkgs; [ iproute2 ];
+          text = ''
+            ip route add default via "$5" dev "${pppInterface}" metric 512
+          '';
+        };
+      in "${app}/bin/${app.meta.mainProgram}";
+      "ppp/ip-down".source = let
+        app = pkgs.writeShellApplication {
+          name = "ip-down";
+          runtimeInputs = with pkgs; [ iproute2 ];
+          text = ''
+            ip link del "ifb4${pppInterface}"
+          '';
+        };
+      in "${app}/bin/${app.meta.mainProgram}";
+    };
+    systemd.network.networks.${pppInterface} = {
+      matchConfig = {
+        Name = pppInterface;
+      };
+      dns = [ "::1" "127.0.0.1" ];
+      domains = [ "~." ];
+      networkConfig = {
+        LinkLocalAddressing = "no";
+        DNSSEC = true;
+      };
+    };
+    services.corerad = {
+      enable = true;
+      settings = {
+        interfaces = [
+          { name = pppInterface;
+            monitor = true;
+            verbose = true;
+          }
+          { name = "lan";
+            advertise = true;
+            verbose = true;
+            prefix = [{ prefix = "::/64"; }];
+            route = [{ prefix = "::/0"; }];
+            rdnss = [{ servers = ["::"]; }];
+            dnssl = [{ domain_names = ["yggdrasil"]; }];
+            # other_config = true;
+          }
+        ];
+        debug = {
+          address = "localhost:9430";
+          prometheus = true;
+        };
+      };
+    };
+    services.ndppd = {
+      enable = true;
+      proxies = {
+        ${pppInterface} = {
+          router = true;
+          rules = {
+            lan = {
+              method = "iface";
+              interface = "lan";
+              network = "::/0";
+            };
+          };
+        };
+      };
+    };
+    boot.kernelModules = [ "ifb" ];
+    boot.kernel.sysctl = {
+      "net.ipv6.conf.all.forwarding" = true;
+      "net.ipv6.conf.default.forwarding" = true;
+      "net.ipv4.conf.all.forwarding" = true;
+      "net.ipv4.conf.default.forwarding" = true;
+      "net.core.rmem_max" = 4194304;
+      "net.core.wmem_max" = 4194304;
+    };
+    systemd.services."pppd-telekom" = {
+      bindsTo = [ "sys-subsystem-net-devices-telekom.device" ];
+      after = [ "sys-subsystem-net-devices-telekom.device" ];
+    };
+    systemd.services."dhcpcd-${pppInterface}" = {
+      wantedBy = [ "multi-user.target" "network-online.target" "pppd-telekom.service" ];
+      bindsTo = [ "pppd-telekom.service" ];
+      after = [ "pppd-telekom.service" ];
+      wants = [ "network.target" ];
+      before = [ "network-online.target" ];
+      path = with pkgs; [ dhcpcd nettools openresolv ];
+      unitConfig.ConditionCapability = "CAP_NET_ADMIN";
+      stopIfChanged = true;
+      preStart = ''
+        i=0
+        while [[ -z "$(${pkgs.iproute2}/bin/ip -6 addr show dev ${pppInterface} scope link)" ]]; do
+          ${pkgs.coreutils}/bin/sleep 0.1
+          i=$((i + 1))
+          if [[ "$i" -ge 10 ]]; then
+            exit 1
+          fi
+        done
+      '';
+      postStop = ''
+        for dev in lan; do
+          ${pkgs.iproute2}/bin/ip -6 a show dev "''${dev}" scope global | ${pkgs.gnugrep}/bin/grep inet6 | ${pkgs.gawk}/bin/awk '{ print $2; }' | ${pkgs.findutils}/bin/xargs -I '{}' -- ${pkgs.iproute2}/bin/ip addr del '{}' dev "''${dev}"
+        done
+      '';
+      serviceConfig = let
+        dhcpcdConf = pkgs.writeText "dhcpcd.conf" ''
+          duid
+          vendorclassid
+          ipv6only
+          nooption domain_name_servers, domain_name, domain_search
+          option classless_static_routes
+          option interface_mtu
+          option host_name
+          option rapid_commit
+          require dhcp_server_identifier
+          slaac private
+          nohook resolv.conf
+          ipv6ra_autoconf
+          iaid 1195061668
+          ipv6rs                 # enable routing solicitation for WAN adapter
+          ia_pd 1 lan/0/64/0     # request a PD and assign it to the LAN
+          reboot 0
+          waitip 6
+        '';
+      in {
+        Type = "forking";
+        PIDFile = "/var/run/dhcpcd/${pppInterface}.pid";
+        RuntimeDirectory = "dhcpcd";
+        ExecStart = "@${pkgs.dhcpcd}/sbin/dhcpcd dhcpcd -q --config ${dhcpcdConf} ${pppInterface}";
+        ExecReload = "${pkgs.dhcpcd}/sbin/dhcpcd --rebind ${pppInterface}";
+        Restart = "always";
+        RestartSec = "5";
+      };
+    };
+    systemd.services.ndppd = {
+      wantedBy = [ "dhcpcd-${pppInterface}.service" ];
+      bindsTo = [ "dhcpcd-${pppInterface}.service" ];
+      after = [ "dhcpcd-${pppInterface}.service" ];
+      serviceConfig = {
+        Restart = "always";
+        RestartSec = "5";
+      };
+    };
+    systemd.services.corerad = {
+      wantedBy = [ "dhcpcd-${pppInterface}.service" ];
+      bindsTo = [ "dhcpcd-${pppInterface}.service" ];
+      after = [ "dhcpcd-${pppInterface}.service" ];
+      serviceConfig = {
+        Restart = lib.mkForce "always";
+        RestartSec = "5";
+      };
+    };
+    users.users.dhcpcd = {
+      isSystemUser = true;
+      group = "dhcpcd";
+    };
+    users.groups.dhcpcd = {};
+    systemd.services.unbound = {
+      wantedBy = [ "dhcpcd-${pppInterface}.service" ];
+      bindsTo = [ "dhcpcd-${pppInterface}.service" ];
+      after = [ "dhcpcd-${pppInterface}.service" ];
+      serviceConfig = {
+        Restart = lib.mkForce "always";
+      };
+    };
+  };
+}

diff --git a/hosts/vidhar/network/gpon.nix b/hosts/vidhar/network/gpon.nix new file mode 100644 index 00000000..c15a6e8d --- /dev/null +++ b/hosts/vidhar/network/gpon.nix
@@ -0,0 +1,265 @@
	1	{ config, lib, pkgs, ... }:
	2
	3	with lib;
	4
	5	let
	6	pppInterface = config.networking.pppInterface;
	7	in {
	8	options = {
	9	networking.pppInterface = mkOption {
	10	type = types.str;
	11	default = "gpon";
	12	};
	13	};
	14
	15	config = {
	16	networking.vlans = {
	17	telekom = {
	18	id = 7;
	19	interface = "eno2";
	20	};
	21	};
	22
	23	services.pppd = {
	24	enable = true;
	25	peers.telekom.config = ''
	26	nodefaultroute
	27	ifname ${pppInterface}
	28	lcp-echo-adaptive
	29	lcp-echo-failure 5
	30	lcp-echo-interval 1
	31	maxfail 0
	32	mtu 1492
	33	mru 1492
	34	plugin pppoe.so
	35	name telekom
	36	user 002576900250551137425220#0001@t-online.de
	37	nic-telekom
	38	debug
	39	+ipv6
	40	'';
	41	};
	42	systemd.services."pppd-telekom" = {
	43	stopIfChanged = true;
	44
	45	serviceConfig = {
	46	PIDFile = "/run/pppd/${pppInterface}.pid";
	47	};
	48	};
	49	sops.secrets."pap-secrets" = {
	50	format = "binary";
	51	sopsFile = ./pap-secrets;
	52	path = "/etc/ppp/pap-secrets";
	53	};
	54
	55	environment.etc = {
	56	"ppp/ip-pre-up".source = let
	57	app = pkgs.writeShellApplication {
	58	name = "ip-pre-up";
	59	runtimeInputs = with pkgs; [ iproute2 ethtool ];
	60	text = ''
	61	ethtool -K telekom tso off gso off gro off
	62
	63	ip link del "ifb4${pppInterface}" \|\| true
	64	ip link add name "ifb4${pppInterface}" type ifb
	65	ip link set "ifb4${pppInterface}" up
	66
	67	tc qdisc del dev "ifb4${pppInterface}" root \|\| true
	68	tc qdisc del dev "${pppInterface}" ingress \|\| true
	69	tc qdisc del dev "${pppInterface}" root \|\| true
	70
	71	tc qdisc add dev "${pppInterface}" handle ffff: ingress
	72	tc filter add dev "${pppInterface}" parent ffff: basic action ctinfo dscp 0x0000003f 0x00000040 action mirred egress redirect dev "ifb4${pppInterface}"
	73	tc qdisc replace dev "ifb4${pppInterface}" root cake memlimit 128Mb pppoe-ptm diffserv4 bandwidth 238mbit
	74	tc qdisc replace dev "${pppInterface}" root cake memlimit 128Mb pppoe-ptm nat diffserv4 wash bandwidth 48mbit
	75	'';
	76	};
	77	in "${app}/bin/${app.meta.mainProgram}";
	78	"ppp/ip-up".source = let
	79	app = pkgs.writeShellApplication {
	80	name = "ip-up";
	81	runtimeInputs = with pkgs; [ iproute2 ];
	82	text = ''
	83	ip route add default via "$5" dev "${pppInterface}" metric 512
	84	'';
	85	};
	86	in "${app}/bin/${app.meta.mainProgram}";
	87	"ppp/ip-down".source = let
	88	app = pkgs.writeShellApplication {
	89	name = "ip-down";
	90	runtimeInputs = with pkgs; [ iproute2 ];
	91	text = ''
	92	ip link del "ifb4${pppInterface}"
	93	'';
	94	};
	95	in "${app}/bin/${app.meta.mainProgram}";
	96	};
	97
	98	systemd.network.networks.${pppInterface} = {
	99	matchConfig = {
	100	Name = pppInterface;
	101	};
	102	dns = [ "::1" "127.0.0.1" ];
	103	domains = [ "~." ];
	104	networkConfig = {
	105	LinkLocalAddressing = "no";
	106	DNSSEC = true;
	107	};
	108	};
	109
	110	services.corerad = {
	111	enable = true;
	112	settings = {
	113	interfaces = [
	114	{ name = pppInterface;
	115	monitor = true;
	116	verbose = true;
	117	}
	118	{ name = "lan";
	119	advertise = true;
	120	verbose = true;
	121	prefix = [{ prefix = "::/64"; }];
	122	route = [{ prefix = "::/0"; }];
	123	rdnss = [{ servers = ["::"]; }];
	124	dnssl = [{ domain_names = ["yggdrasil"]; }];
	125	# other_config = true;
	126	}
	127	];
	128
	129	debug = {
	130	address = "localhost:9430";
	131	prometheus = true;
	132	};
	133	};
	134	};
	135	services.ndppd = {
	136	enable = true;
	137	proxies = {
	138	${pppInterface} = {
	139	router = true;
	140	rules = {
	141	lan = {
	142	method = "iface";
	143	interface = "lan";
	144	network = "::/0";
	145	};
	146	};
	147	};
	148	};
	149	};
	150	boot.kernelModules = [ "ifb" ];
	151	boot.kernel.sysctl = {
	152	"net.ipv6.conf.all.forwarding" = true;
	153	"net.ipv6.conf.default.forwarding" = true;
	154	"net.ipv4.conf.all.forwarding" = true;
	155	"net.ipv4.conf.default.forwarding" = true;
	156
	157	"net.core.rmem_max" = 4194304;
	158	"net.core.wmem_max" = 4194304;
	159	};
	160	systemd.services."pppd-telekom" = {
	161	bindsTo = [ "sys-subsystem-net-devices-telekom.device" ];
	162	after = [ "sys-subsystem-net-devices-telekom.device" ];
	163	};
	164	systemd.services."dhcpcd-${pppInterface}" = {
	165	wantedBy = [ "multi-user.target" "network-online.target" "pppd-telekom.service" ];
	166	bindsTo = [ "pppd-telekom.service" ];
	167	after = [ "pppd-telekom.service" ];
	168	wants = [ "network.target" ];
	169	before = [ "network-online.target" ];
	170
	171	path = with pkgs; [ dhcpcd nettools openresolv ];
	172	unitConfig.ConditionCapability = "CAP_NET_ADMIN";
	173
	174	stopIfChanged = true;
	175
	176	preStart = ''
	177	i=0
	178
	179	while [[ -z "$(${pkgs.iproute2}/bin/ip -6 addr show dev ${pppInterface} scope link)" ]]; do
	180	${pkgs.coreutils}/bin/sleep 0.1
	181	i=$((i + 1))
	182	if [[ "$i" -ge 10 ]]; then
	183	exit 1
	184	fi
	185	done
	186	'';
	187
	188	postStop = ''
	189	for dev in lan; do
	190	${pkgs.iproute2}/bin/ip -6 a show dev "''${dev}" scope global \| ${pkgs.gnugrep}/bin/grep inet6 \| ${pkgs.gawk}/bin/awk '{ print $2; }' \| ${pkgs.findutils}/bin/xargs -I '{}' -- ${pkgs.iproute2}/bin/ip addr del '{}' dev "''${dev}"
	191	done
	192	'';
	193
	194	serviceConfig = let
	195	dhcpcdConf = pkgs.writeText "dhcpcd.conf" ''
	196	duid
	197	vendorclassid
	198	ipv6only
	199
	200	nooption domain_name_servers, domain_name, domain_search
	201	option classless_static_routes
	202	option interface_mtu
	203
	204	option host_name
	205	option rapid_commit
	206	require dhcp_server_identifier
	207	slaac private
	208
	209	nohook resolv.conf
	210	ipv6ra_autoconf
	211	iaid 1195061668
	212	ipv6rs # enable routing solicitation for WAN adapter
	213	ia_pd 1 lan/0/64/0 # request a PD and assign it to the LAN
	214
	215	reboot 0
	216
	217	waitip 6
	218	'';
	219	in {
	220	Type = "forking";
	221	PIDFile = "/var/run/dhcpcd/${pppInterface}.pid";
	222	RuntimeDirectory = "dhcpcd";
	223	ExecStart = "@${pkgs.dhcpcd}/sbin/dhcpcd dhcpcd -q --config ${dhcpcdConf} ${pppInterface}";
	224	ExecReload = "${pkgs.dhcpcd}/sbin/dhcpcd --rebind ${pppInterface}";
	225	Restart = "always";
	226	RestartSec = "5";
	227	};
	228	};
	229	systemd.services.ndppd = {
	230	wantedBy = [ "dhcpcd-${pppInterface}.service" ];
	231	bindsTo = [ "dhcpcd-${pppInterface}.service" ];
	232	after = [ "dhcpcd-${pppInterface}.service" ];
	233
	234	serviceConfig = {
	235	Restart = "always";
	236	RestartSec = "5";
	237	};
	238	};
	239	systemd.services.corerad = {
	240	wantedBy = [ "dhcpcd-${pppInterface}.service" ];
	241	bindsTo = [ "dhcpcd-${pppInterface}.service" ];
	242	after = [ "dhcpcd-${pppInterface}.service" ];
	243
	244	serviceConfig = {
	245	Restart = lib.mkForce "always";
	246	RestartSec = "5";
	247	};
	248	};
	249	users.users.dhcpcd = {
	250	isSystemUser = true;
	251	group = "dhcpcd";
	252	};
	253	users.groups.dhcpcd = {};
	254
	255	systemd.services.unbound = {
	256	wantedBy = [ "dhcpcd-${pppInterface}.service" ];
	257	bindsTo = [ "dhcpcd-${pppInterface}.service" ];
	258	after = [ "dhcpcd-${pppInterface}.service" ];
	259
	260	serviceConfig = {
	261	Restart = lib.mkForce "always";
	262	};
	263	};
	264	};
	265	}