1 files changed, 22 insertions, 178 deletions
diff --git a/hosts/vidhar/network/pppoe.nix b/hosts/vidhar/network/pppoe.nix
index 6b4942a6..7b342b69 100644
--- a/hosts/vidhar/network/pppoe.nix
+++ b/hosts/vidhar/network/pppoe.nix
@@ -102,33 +102,31 @@ in {
      '';
    };
-    systemd.network.networks.${pppInterface} = {
+    systemd.package = pkgs.systemd.overrideAttrs (oldAttrs: {
-      matchConfig = {
+      patches = (oldAttrs.patches or []) ++ [
-        Name = pppInterface;
+        (pkgs.fetchpatch {
-      };
+          url = "https://github.com/sysedwinistrator/systemd/commit/b9691a43551739ddacdb8d53a4312964c3ddfa08.patch";
-      dns = [ "::1" "127.0.0.1" ];
+          hash = "sha256-TLfOTFodLzCVywnF4Xp4BR2Pja0Qq4ItE/yaKkzI414=";
-      domains = [ "~." ];
+        })
-      networkConfig = {
+      ];
-        LinkLocalAddressing = "no";
+    });
-        DNSSEC = true;
-      };
+    systemd.network.networks = {
-    };
+      "40-${pppInterface}" = {
+        matchConfig.Name = pppInterface;
-    services.ndppd = {
+        dns = [ "::1" "127.0.0.1" ];
-      enable = true;
+        domains = [ "~." ];
-      proxies = {
+        networkConfig = {
-        ${pppInterface} = {
+          DHCP = true;
-          router = true;
+          DNSSEC = true;
-          rules = {
+        };
-            lan = {
+        dhcpV6Config = {
-              method = "iface";
+          PrefixDelegationHint = "::/64";
-              interface = "lan";
+          WithoutRA = "solicit";
-              network = "::/0";
-            };
-          };
        };
      };
    };
    boot.kernelModules = [ "ifb" ];
    boot.kernel.sysctl = {
      "net.ipv6.conf.all.forwarding" = true;
@@ -143,159 +141,5 @@ in {
      bindsTo = [ "sys-subsystem-net-devices-telekom.device" ];
      after = [ "sys-subsystem-net-devices-telekom.device" ];
    };
-    networking.interfaces.${pppInterface}.useDHCP = true;
-    networking.dhcpcd = {
-      enable = true;
-      persistent = false;
-      setHostname = false;
-      wait = "ipv6";
-      IPv6rs = false;
-      extraConfig = ''
-        duid
-        vendorclassid
-        ipv6only
-        require dhcp_server_identifier
-        reboot 0
-        interface ${pppInterface}
-          nooption domain_name_servers, domain_name, domain_search, ntp_servers
-          nohook hostname, resolv.conf
-          option rapid_commit
-          ipv6rs
-          ia_pd 1 lan/0/64/0
-      '';
-    };
-    systemd.services.dhcpcd = {
-      wantedBy = [ "multi-user.target" "network-online.target" "pppd-telekom.service" ];
-      bindsTo = [ "pppd-telekom.service" ];
-      after = [ "pppd-telekom.service" ];
-      wants = [ "network.target" ];
-      before = [ "network-online.target" ];
-      serviceConfig = {
-        ExecStartPre = [
-          (pkgs.resholve.writeScript "wait-${pppInterface}-ip" {
-            interpreter = pkgs.runtimeShell;
-            inputs = with pkgs; [ iproute2 coreutils ];
-            execer = [
-              "cannot:${lib.getExe' pkgs.iproute2 "ip"}"
-            ];
-          } ''
-            i=0
-            while [[ -z "$(ip -6 addr show dev ${pppInterface} scope link)" ]]; do
-              sleep 0.1
-              i=$((i + 1))
-              if [[ "$i" -ge 10 ]]; then
-                exit 1
-              fi
-            done
-          '')
-        ];
-        RestartSec = "5";
-      };
-    };
-    systemd.services.ndppd = {
-      wantedBy = [ "dhcpcd.service" ];
-      bindsTo = [ "dhcpcd.service" ];
-      after = [ "dhcpcd.service" ];
-      serviceConfig = {
-        Restart = "always";
-        RestartSec = "5";
-      };
-    };
-    systemd.services.radvd = {
-      wantedBy = [ "dhcpcd.service" "multi-user.target" ];
-      bindsTo = [ "dhcpcd.service" ];
-      after = [ "dhcpcd.service" "network.target" ];
-      serviceConfig = {
-        Restart = "always";
-        RestartSec = "5";
-        DynamicUser = true;
-        AmbientCapabilities = ["CAP_NET_ADMIN" "CAP_NET_RAW"];
-        CapabilityBoundingSet = ["CAP_NET_ADMIN" "CAP_NET_RAW"];
-        RuntimeDirectory = "radvd";
-        PIDFile = "$RUNTIME_DIRECTORY/radvd.pid";
-        ExecStart = pkgs.writers.writePython3 "radvd-genconfig" {
-          libraries = with pkgs.python3Packages; [ jinja2 ];
-          doCheck = false;
-        } ''
-          import os
-          import sys
-          from tempfile import NamedTemporaryFile
-          import subprocess
-          import json
-          import jinja2
-          from pathlib import Path
-          from ipaddress import IPv6Network
-          def network_address(value, prefixlen):
-              return IPv6Network(value + "/" + str(prefixlen), strict=False).network_address
-          with subprocess.Popen(["${lib.getExe' pkgs.iproute2 "ip"}", "-j", "addr", "show", "dev", "lan"], stdout=subprocess.PIPE) as proc:
-              addresses = json.load(proc.stdout)
-          global_addresses = [ addr for addr in addresses[0]["addr_info"] if addr["family"] == "inet6" and addr["scope"] == "global" ]
-          if not global_addresses:
-            sys.exit(1)
-          with NamedTemporaryFile(mode='w', dir=os.environ["RUNTIME_DIRECTORY"], prefix="radvd.", suffix=".conf", delete=False) as fh:
-              config_file = fh.name
-              env = jinja2.Environment(
-                  loader = jinja2.FileSystemLoader("${pkgs.writeTextDir "radvd.conf.jinja2" ''
-                    interface lan {
-                      IgnoreIfMissing off;
-                      AdvSendAdvert on;
-                      MaxRtrAdvInterval 240;
-                      {% for addr in addrs %}
-                      prefix {{addr["local"] | network_address(addr["prefixlen"])}}/{{addr["prefixlen"]}} {
-                        AdvValidLifetime 86400;
-                        AdvPreferredLifetime 300;
-                        DeprecatePrefix on;
-                      };
-                      route {{addr["local"] | network_address(56)}}/56 {
-                        AdvRouteLifetime 300;
-                        RemoveRoute on;
-                      };
-                      RDNSS {{addr["local"]}} {
-                        AdvRDNSSLifetime 300;
-                      };
-                      {%- endfor %}
-                      DNSSL yggdrasil {};
-                    };
-                  ''}"),
-                  autoescape = False,
-              )
-              env.filters["network_address"] = network_address
-              env.get_template("radvd.conf.jinja2").stream({
-                "addrs": global_addresses,
-              }).dump(fh)
-          os.execv("${lib.getExe' pkgs.radvd "radvd"}", ["radvd", "-n", "-p", str(Path(os.environ["RUNTIME_DIRECTORY"]) / "radvd.pid"), "-d", "1", "-C", config_file])
-        '';
-      };
-    };
-    systemd.services.unbound = {
-      wantedBy = [ "dhcpcd.service" ];
-      bindsTo = [ "dhcpcd.service" ];
-      after = [ "dhcpcd.service" ];
-      serviceConfig = {
-        Restart = lib.mkForce "always";
-      };
-    };
  };
 }

diff --git a/hosts/vidhar/network/pppoe.nix b/hosts/vidhar/network/pppoe.nix index 6b4942a6..7b342b69 100644 --- a/hosts/vidhar/network/pppoe.nix +++ b/hosts/vidhar/network/pppoe.nix
@@ -102,33 +102,31 @@ in {
102	'';	102	'';
103	};	103	};
104		104
105	systemd.network.networks.${pppInterface} = {	105	systemd.package = pkgs.systemd.overrideAttrs (oldAttrs: {
106	matchConfig = {	106	patches = (oldAttrs.patches or []) ++ [
107	Name = pppInterface;	107	(pkgs.fetchpatch {
108	};	108	url = "https://github.com/sysedwinistrator/systemd/commit/b9691a43551739ddacdb8d53a4312964c3ddfa08.patch";
109	dns = [ "::1" "127.0.0.1" ];	109	hash = "sha256-TLfOTFodLzCVywnF4Xp4BR2Pja0Qq4ItE/yaKkzI414=";
110	domains = [ "~." ];	110	})
111	networkConfig = {	111	];
112	LinkLocalAddressing = "no";	112	});
113	DNSSEC = true;	113
114	};	114	systemd.network.networks = {
115	};	115	"40-${pppInterface}" = {
116		116	matchConfig.Name = pppInterface;
117	services.ndppd = {	117	dns = [ "::1" "127.0.0.1" ];
118	enable = true;	118	domains = [ "~." ];
119	proxies = {	119	networkConfig = {
120	${pppInterface} = {	120	DHCP = true;
121	router = true;	121	DNSSEC = true;
122	rules = {	122	};
123	lan = {	123	dhcpV6Config = {
124	method = "iface";	124	PrefixDelegationHint = "::/64";
125	interface = "lan";	125	WithoutRA = "solicit";
126	network = "::/0";
127	};
128	};
129	};	126	};
130	};	127	};
131	};	128	};
		129
132	boot.kernelModules = [ "ifb" ];	130	boot.kernelModules = [ "ifb" ];
133	boot.kernel.sysctl = {	131	boot.kernel.sysctl = {
134	"net.ipv6.conf.all.forwarding" = true;	132	"net.ipv6.conf.all.forwarding" = true;
@@ -143,159 +141,5 @@ in {
143	bindsTo = [ "sys-subsystem-net-devices-telekom.device" ];	141	bindsTo = [ "sys-subsystem-net-devices-telekom.device" ];
144	after = [ "sys-subsystem-net-devices-telekom.device" ];	142	after = [ "sys-subsystem-net-devices-telekom.device" ];
145	};	143	};
146
147	networking.interfaces.${pppInterface}.useDHCP = true;
148	networking.dhcpcd = {
149	enable = true;
150	persistent = false;
151	setHostname = false;
152	wait = "ipv6";
153	IPv6rs = false;
154
155	extraConfig = ''
156	duid
157	vendorclassid
158	ipv6only
159
160	require dhcp_server_identifier
161
162	reboot 0
163
164	interface ${pppInterface}
165	nooption domain_name_servers, domain_name, domain_search, ntp_servers
166	nohook hostname, resolv.conf
167	option rapid_commit
168
169	ipv6rs
170
171	ia_pd 1 lan/0/64/0
172	'';
173	};
174	systemd.services.dhcpcd = {
175	wantedBy = [ "multi-user.target" "network-online.target" "pppd-telekom.service" ];
176	bindsTo = [ "pppd-telekom.service" ];
177	after = [ "pppd-telekom.service" ];
178	wants = [ "network.target" ];
179	before = [ "network-online.target" ];
180
181	serviceConfig = {
182	ExecStartPre = [
183	(pkgs.resholve.writeScript "wait-${pppInterface}-ip" {
184	interpreter = pkgs.runtimeShell;
185	inputs = with pkgs; [ iproute2 coreutils ];
186	execer = [
187	"cannot:${lib.getExe' pkgs.iproute2 "ip"}"
188	];
189	} ''
190	i=0
191
192	while [[ -z "$(ip -6 addr show dev ${pppInterface} scope link)" ]]; do
193	sleep 0.1
194	i=$((i + 1))
195	if [[ "$i" -ge 10 ]]; then
196	exit 1
197	fi
198	done
199	'')
200	];
201
202	RestartSec = "5";
203	};
204	};
205	systemd.services.ndppd = {
206	wantedBy = [ "dhcpcd.service" ];
207	bindsTo = [ "dhcpcd.service" ];
208	after = [ "dhcpcd.service" ];
209
210	serviceConfig = {
211	Restart = "always";
212	RestartSec = "5";
213	};
214	};
215	systemd.services.radvd = {
216	wantedBy = [ "dhcpcd.service" "multi-user.target" ];
217	bindsTo = [ "dhcpcd.service" ];
218	after = [ "dhcpcd.service" "network.target" ];
219
220	serviceConfig = {
221	Restart = "always";
222	RestartSec = "5";
223	DynamicUser = true;
224	AmbientCapabilities = ["CAP_NET_ADMIN" "CAP_NET_RAW"];
225	CapabilityBoundingSet = ["CAP_NET_ADMIN" "CAP_NET_RAW"];
226	RuntimeDirectory = "radvd";
227	PIDFile = "$RUNTIME_DIRECTORY/radvd.pid";
228	ExecStart = pkgs.writers.writePython3 "radvd-genconfig" {
229	libraries = with pkgs.python3Packages; [ jinja2 ];
230	doCheck = false;
231	} ''
232	import os
233	import sys
234	from tempfile import NamedTemporaryFile
235	import subprocess
236	import json
237	import jinja2
238	from pathlib import Path
239	from ipaddress import IPv6Network
240
241
242	def network_address(value, prefixlen):
243	return IPv6Network(value + "/" + str(prefixlen), strict=False).network_address
244
245
246	with subprocess.Popen(["${lib.getExe' pkgs.iproute2 "ip"}", "-j", "addr", "show", "dev", "lan"], stdout=subprocess.PIPE) as proc:
247	addresses = json.load(proc.stdout)
248
249	global_addresses = [ addr for addr in addresses[0]["addr_info"] if addr["family"] == "inet6" and addr["scope"] == "global" ]
250
251	if not global_addresses:
252	sys.exit(1)
253
254	with NamedTemporaryFile(mode='w', dir=os.environ["RUNTIME_DIRECTORY"], prefix="radvd.", suffix=".conf", delete=False) as fh:
255	config_file = fh.name
256	env = jinja2.Environment(
257	loader = jinja2.FileSystemLoader("${pkgs.writeTextDir "radvd.conf.jinja2" ''
258	interface lan {
259	IgnoreIfMissing off;
260	AdvSendAdvert on;
261	MaxRtrAdvInterval 240;
262	{% for addr in addrs %}
263	prefix {{addr["local"] \| network_address(addr["prefixlen"])}}/{{addr["prefixlen"]}} {
264	AdvValidLifetime 86400;
265	AdvPreferredLifetime 300;
266	DeprecatePrefix on;
267	};
268	route {{addr["local"] \| network_address(56)}}/56 {
269	AdvRouteLifetime 300;
270	RemoveRoute on;
271	};
272	RDNSS {{addr["local"]}} {
273	AdvRDNSSLifetime 300;
274	};
275	{%- endfor %}
276	DNSSL yggdrasil {};
277	};
278	''}"),
279	autoescape = False,
280	)
281	env.filters["network_address"] = network_address
282	env.get_template("radvd.conf.jinja2").stream({
283	"addrs": global_addresses,
284	}).dump(fh)
285
286	os.execv("${lib.getExe' pkgs.radvd "radvd"}", ["radvd", "-n", "-p", str(Path(os.environ["RUNTIME_DIRECTORY"]) / "radvd.pid"), "-d", "1", "-C", config_file])
287	'';
288	};
289	};
290
291	systemd.services.unbound = {
292	wantedBy = [ "dhcpcd.service" ];
293	bindsTo = [ "dhcpcd.service" ];
294	after = [ "dhcpcd.service" ];
295
296	serviceConfig = {
297	Restart = lib.mkForce "always";
298	};
299	};
300	};	144	};
301	}	145	}