1 files changed, 301 insertions, 0 deletions
diff --git a/hosts/vidhar/network/pppoe.nix b/hosts/vidhar/network/pppoe.nix
new file mode 100644
index 00000000..6b4942a6
--- /dev/null
+++ b/hosts/vidhar/network/pppoe.nix
@@ -0,0 +1,301 @@
+{ config, lib, pkgs, ... }:
+with lib;
+let
+  inherit (config.networking) pppInterface;
+in {
+  options = {
+    networking.pppInterface = mkOption {
+      type = types.str;
+      default = "ppp";
+    };
+  };
+  config = {
+    networking.vlans = {
+      telekom = {
+        id = 7;
+        interface = "eno2";
+      };
+    };
+    services.pppd = {
+      enable = true;
+      package = pkgs.ppp.overrideAttrs (oldAttrs: {
+        patches = (oldAttrs.patches or []) ++ [
+          ./no-double-timeout.patch
+        ];
+      });
+      peers.telekom.config = ''
+        nodefaultroute
+        ifname ${pppInterface}
+        lcp-echo-adaptive
+        lcp-echo-failure 10
+        lcp-echo-interval 1
+        maxfail 0
+        mtu 1492
+        mru 1492
+        plugin pppoe.so
+        pppoe-padi-timeout 1
+        pppoe-padi-attempts 10
+        user congstar
+        password congstar
+        nic-telekom
+        debug
+        +ipv6
+      '';
+    };
+    systemd.services."pppd-telekom" = {
+      stopIfChanged = true;
+      serviceConfig = {
+        Type = lib.mkForce "notify";
+        ExecStart = lib.mkForce "${getBin config.services.pppd.package}/sbin/pppd call telekom up_sdnotify nolog";
+        PIDFile = "/run/pppd/${pppInterface}.pid";
+      };
+      restartTriggers = with config; [
+        environment.etc."ppp/ip-pre-up".source
+        environment.etc."ppp/ip-up".source
+        environment.etc."ppp/ip-down".source
+      ];
+    };
+    environment.etc = {
+      "ppp/ip-pre-up".source = pkgs.resholve.writeScript "ip-pre-up" {
+        interpreter = pkgs.runtimeShell;
+        inputs = [ pkgs.iproute2 pkgs.ethtool ];
+        execer = [
+          "cannot:${lib.getExe' pkgs.iproute2 "ip"}"
+          "cannot:${lib.getExe' pkgs.iproute2 "tc"}"
+        ];
+      } ''
+        ethtool -K telekom tso off gso off gro off
+        ip link del "ifb4$1" || true
+        ip link add name "ifb4$1" type ifb
+        ip link set "ifb4$1" up
+        tc qdisc del dev "ifb4$1" root || true
+        tc qdisc del dev "$1" ingress || true
+        tc qdisc del dev "$1" root || true
+        tc qdisc add dev "$1" handle ffff: ingress
+        tc filter add dev "$1" parent ffff: basic action ctinfo dscp 0x0000003f 0x00000040 action mirred egress redirect dev "ifb4$1"
+        tc qdisc replace dev "ifb4$1" root cake memlimit 128Mb overhead 35 mpu 74 regional diffserv4 bandwidth ${toString (builtins.floor (177968 * 0.95))}kbit
+        tc qdisc replace dev "$1" root cake memlimit 128Mb overhead 35 mpu 74 regional nat diffserv4 wash bandwidth ${toString (builtins.floor (41216 * 0.95))}kbit
+      '';
+      "ppp/ip-up".source = pkgs.resholve.writeScript "ip-up" {
+        interpreter = pkgs.runtimeShell;
+        inputs = [ pkgs.iproute2 ];
+        execer = [ "cannot:${lib.getExe' pkgs.iproute2 "ip"}" ];
+      } ''
+        ip addr add "$4" peer "$5"/32 dev "$1"
+        ip route add default dev "$1" metric 512
+      '';
+      "ppp/ip-down".source = pkgs.resholve.writeScript "ip-down" {
+        interpreter = pkgs.runtimeShell;
+        inputs = [ pkgs.iproute2 ];
+        execer = [ "cannot:${lib.getExe' pkgs.iproute2 "ip"}" ];
+      } ''
+        ip link del "ifb4$1"
+      '';
+    };
+    systemd.network.networks.${pppInterface} = {
+      matchConfig = {
+        Name = pppInterface;
+      };
+      dns = [ "::1" "127.0.0.1" ];
+      domains = [ "~." ];
+      networkConfig = {
+        LinkLocalAddressing = "no";
+        DNSSEC = true;
+      };
+    };
+    services.ndppd = {
+      enable = true;
+      proxies = {
+        ${pppInterface} = {
+          router = true;
+          rules = {
+            lan = {
+              method = "iface";
+              interface = "lan";
+              network = "::/0";
+            };
+          };
+        };
+      };
+    };
+    boot.kernelModules = [ "ifb" ];
+    boot.kernel.sysctl = {
+      "net.ipv6.conf.all.forwarding" = true;
+      "net.ipv6.conf.default.forwarding" = true;
+      "net.ipv4.conf.all.forwarding" = true;
+      "net.ipv4.conf.default.forwarding" = true;
+      "net.core.rmem_max" = 4194304;
+      "net.core.wmem_max" = 4194304;
+    };
+    systemd.services."pppd-telekom" = {
+      bindsTo = [ "sys-subsystem-net-devices-telekom.device" ];
+      after = [ "sys-subsystem-net-devices-telekom.device" ];
+    };
+    networking.interfaces.${pppInterface}.useDHCP = true;
+    networking.dhcpcd = {
+      enable = true;
+      persistent = false;
+      setHostname = false;
+      wait = "ipv6";
+      IPv6rs = false;
+      extraConfig = ''
+        duid
+        vendorclassid
+        ipv6only
+        require dhcp_server_identifier
+        reboot 0
+        interface ${pppInterface}
+          nooption domain_name_servers, domain_name, domain_search, ntp_servers
+          nohook hostname, resolv.conf
+          option rapid_commit
+          ipv6rs
+          ia_pd 1 lan/0/64/0
+      '';
+    };
+    systemd.services.dhcpcd = {
+      wantedBy = [ "multi-user.target" "network-online.target" "pppd-telekom.service" ];
+      bindsTo = [ "pppd-telekom.service" ];
+      after = [ "pppd-telekom.service" ];
+      wants = [ "network.target" ];
+      before = [ "network-online.target" ];
+      serviceConfig = {
+        ExecStartPre = [
+          (pkgs.resholve.writeScript "wait-${pppInterface}-ip" {
+            interpreter = pkgs.runtimeShell;
+            inputs = with pkgs; [ iproute2 coreutils ];
+            execer = [
+              "cannot:${lib.getExe' pkgs.iproute2 "ip"}"
+            ];
+          } ''
+            i=0
+            while [[ -z "$(ip -6 addr show dev ${pppInterface} scope link)" ]]; do
+              sleep 0.1
+              i=$((i + 1))
+              if [[ "$i" -ge 10 ]]; then
+                exit 1
+              fi
+            done
+          '')
+        ];
+        RestartSec = "5";
+      };
+    };
+    systemd.services.ndppd = {
+      wantedBy = [ "dhcpcd.service" ];
+      bindsTo = [ "dhcpcd.service" ];
+      after = [ "dhcpcd.service" ];
+      serviceConfig = {
+        Restart = "always";
+        RestartSec = "5";
+      };
+    };
+    systemd.services.radvd = {
+      wantedBy = [ "dhcpcd.service" "multi-user.target" ];
+      bindsTo = [ "dhcpcd.service" ];
+      after = [ "dhcpcd.service" "network.target" ];
+      serviceConfig = {
+        Restart = "always";
+        RestartSec = "5";
+        DynamicUser = true;
+        AmbientCapabilities = ["CAP_NET_ADMIN" "CAP_NET_RAW"];
+        CapabilityBoundingSet = ["CAP_NET_ADMIN" "CAP_NET_RAW"];
+        RuntimeDirectory = "radvd";
+        PIDFile = "$RUNTIME_DIRECTORY/radvd.pid";
+        ExecStart = pkgs.writers.writePython3 "radvd-genconfig" {
+          libraries = with pkgs.python3Packages; [ jinja2 ];
+          doCheck = false;
+        } ''
+          import os
+          import sys
+          from tempfile import NamedTemporaryFile
+          import subprocess
+          import json
+          import jinja2
+          from pathlib import Path
+          from ipaddress import IPv6Network
+          def network_address(value, prefixlen):
+              return IPv6Network(value + "/" + str(prefixlen), strict=False).network_address
+          with subprocess.Popen(["${lib.getExe' pkgs.iproute2 "ip"}", "-j", "addr", "show", "dev", "lan"], stdout=subprocess.PIPE) as proc:
+              addresses = json.load(proc.stdout)
+          global_addresses = [ addr for addr in addresses[0]["addr_info"] if addr["family"] == "inet6" and addr["scope"] == "global" ]
+          if not global_addresses:
+            sys.exit(1)
+          with NamedTemporaryFile(mode='w', dir=os.environ["RUNTIME_DIRECTORY"], prefix="radvd.", suffix=".conf", delete=False) as fh:
+              config_file = fh.name
+              env = jinja2.Environment(
+                  loader = jinja2.FileSystemLoader("${pkgs.writeTextDir "radvd.conf.jinja2" ''
+                    interface lan {
+                      IgnoreIfMissing off;
+                      AdvSendAdvert on;
+                      MaxRtrAdvInterval 240;
+                      {% for addr in addrs %}
+                      prefix {{addr["local"] | network_address(addr["prefixlen"])}}/{{addr["prefixlen"]}} {
+                        AdvValidLifetime 86400;
+                        AdvPreferredLifetime 300;
+                        DeprecatePrefix on;
+                      };
+                      route {{addr["local"] | network_address(56)}}/56 {
+                        AdvRouteLifetime 300;
+                        RemoveRoute on;
+                      };
+                      RDNSS {{addr["local"]}} {
+                        AdvRDNSSLifetime 300;
+                      };
+                      {%- endfor %}
+                      DNSSL yggdrasil {};
+                    };
+                  ''}"),
+                  autoescape = False,
+              )
+              env.filters["network_address"] = network_address
+              env.get_template("radvd.conf.jinja2").stream({
+                "addrs": global_addresses,
+              }).dump(fh)
+          os.execv("${lib.getExe' pkgs.radvd "radvd"}", ["radvd", "-n", "-p", str(Path(os.environ["RUNTIME_DIRECTORY"]) / "radvd.pid"), "-d", "1", "-C", config_file])
+        '';
+      };
+    };
+    systemd.services.unbound = {
+      wantedBy = [ "dhcpcd.service" ];
+      bindsTo = [ "dhcpcd.service" ];
+      after = [ "dhcpcd.service" ];
+      serviceConfig = {
+        Restart = lib.mkForce "always";
+      };
+    };
+  };
+}

diff --git a/hosts/vidhar/network/pppoe.nix b/hosts/vidhar/network/pppoe.nix new file mode 100644 index 00000000..6b4942a6 --- /dev/null +++ b/hosts/vidhar/network/pppoe.nix
@@ -0,0 +1,301 @@
	1	{ config, lib, pkgs, ... }:
	2
	3	with lib;
	4
	5	let
	6	inherit (config.networking) pppInterface;
	7	in {
	8	options = {
	9	networking.pppInterface = mkOption {
	10	type = types.str;
	11	default = "ppp";
	12	};
	13	};
	14
	15	config = {
	16	networking.vlans = {
	17	telekom = {
	18	id = 7;
	19	interface = "eno2";
	20	};
	21	};
	22
	23	services.pppd = {
	24	enable = true;
	25	package = pkgs.ppp.overrideAttrs (oldAttrs: {
	26	patches = (oldAttrs.patches or []) ++ [
	27	./no-double-timeout.patch
	28	];
	29	});
	30	peers.telekom.config = ''
	31	nodefaultroute
	32	ifname ${pppInterface}
	33	lcp-echo-adaptive
	34	lcp-echo-failure 10
	35	lcp-echo-interval 1
	36	maxfail 0
	37	mtu 1492
	38	mru 1492
	39	plugin pppoe.so
	40	pppoe-padi-timeout 1
	41	pppoe-padi-attempts 10
	42	user congstar
	43	password congstar
	44	nic-telekom
	45	debug
	46	+ipv6
	47	'';
	48	};
	49	systemd.services."pppd-telekom" = {
	50	stopIfChanged = true;
	51
	52	serviceConfig = {
	53	Type = lib.mkForce "notify";
	54	ExecStart = lib.mkForce "${getBin config.services.pppd.package}/sbin/pppd call telekom up_sdnotify nolog";
	55	PIDFile = "/run/pppd/${pppInterface}.pid";
	56	};
	57	restartTriggers = with config; [
	58	environment.etc."ppp/ip-pre-up".source
	59	environment.etc."ppp/ip-up".source
	60	environment.etc."ppp/ip-down".source
	61	];
	62	};
	63
	64	environment.etc = {
	65	"ppp/ip-pre-up".source = pkgs.resholve.writeScript "ip-pre-up" {
	66	interpreter = pkgs.runtimeShell;
	67	inputs = [ pkgs.iproute2 pkgs.ethtool ];
	68	execer = [
	69	"cannot:${lib.getExe' pkgs.iproute2 "ip"}"
	70	"cannot:${lib.getExe' pkgs.iproute2 "tc"}"
	71	];
	72	} ''
	73	ethtool -K telekom tso off gso off gro off
	74
	75	ip link del "ifb4$1" \|\| true
	76	ip link add name "ifb4$1" type ifb
	77	ip link set "ifb4$1" up
	78
	79	tc qdisc del dev "ifb4$1" root \|\| true
	80	tc qdisc del dev "$1" ingress \|\| true
	81	tc qdisc del dev "$1" root \|\| true
	82
	83	tc qdisc add dev "$1" handle ffff: ingress
	84	tc filter add dev "$1" parent ffff: basic action ctinfo dscp 0x0000003f 0x00000040 action mirred egress redirect dev "ifb4$1"
	85	tc qdisc replace dev "ifb4$1" root cake memlimit 128Mb overhead 35 mpu 74 regional diffserv4 bandwidth ${toString (builtins.floor (177968 * 0.95))}kbit
	86	tc qdisc replace dev "$1" root cake memlimit 128Mb overhead 35 mpu 74 regional nat diffserv4 wash bandwidth ${toString (builtins.floor (41216 * 0.95))}kbit
	87	'';
	88	"ppp/ip-up".source = pkgs.resholve.writeScript "ip-up" {
	89	interpreter = pkgs.runtimeShell;
	90	inputs = [ pkgs.iproute2 ];
	91	execer = [ "cannot:${lib.getExe' pkgs.iproute2 "ip"}" ];
	92	} ''
	93	ip addr add "$4" peer "$5"/32 dev "$1"
	94	ip route add default dev "$1" metric 512
	95	'';
	96	"ppp/ip-down".source = pkgs.resholve.writeScript "ip-down" {
	97	interpreter = pkgs.runtimeShell;
	98	inputs = [ pkgs.iproute2 ];
	99	execer = [ "cannot:${lib.getExe' pkgs.iproute2 "ip"}" ];
	100	} ''
	101	ip link del "ifb4$1"
	102	'';
	103	};
	104
	105	systemd.network.networks.${pppInterface} = {
	106	matchConfig = {
	107	Name = pppInterface;
	108	};
	109	dns = [ "::1" "127.0.0.1" ];
	110	domains = [ "~." ];
	111	networkConfig = {
	112	LinkLocalAddressing = "no";
	113	DNSSEC = true;
	114	};
	115	};
	116
	117	services.ndppd = {
	118	enable = true;
	119	proxies = {
	120	${pppInterface} = {
	121	router = true;
	122	rules = {
	123	lan = {
	124	method = "iface";
	125	interface = "lan";
	126	network = "::/0";
	127	};
	128	};
	129	};
	130	};
	131	};
	132	boot.kernelModules = [ "ifb" ];
	133	boot.kernel.sysctl = {
	134	"net.ipv6.conf.all.forwarding" = true;
	135	"net.ipv6.conf.default.forwarding" = true;
	136	"net.ipv4.conf.all.forwarding" = true;
	137	"net.ipv4.conf.default.forwarding" = true;
	138
	139	"net.core.rmem_max" = 4194304;
	140	"net.core.wmem_max" = 4194304;
	141	};
	142	systemd.services."pppd-telekom" = {
	143	bindsTo = [ "sys-subsystem-net-devices-telekom.device" ];
	144	after = [ "sys-subsystem-net-devices-telekom.device" ];
	145	};
	146
	147	networking.interfaces.${pppInterface}.useDHCP = true;
	148	networking.dhcpcd = {
	149	enable = true;
	150	persistent = false;
	151	setHostname = false;
	152	wait = "ipv6";
	153	IPv6rs = false;
	154
	155	extraConfig = ''
	156	duid
	157	vendorclassid
	158	ipv6only
	159
	160	require dhcp_server_identifier
	161
	162	reboot 0
	163
	164	interface ${pppInterface}
	165	nooption domain_name_servers, domain_name, domain_search, ntp_servers
	166	nohook hostname, resolv.conf
	167	option rapid_commit
	168
	169	ipv6rs
	170
	171	ia_pd 1 lan/0/64/0
	172	'';
	173	};
	174	systemd.services.dhcpcd = {
	175	wantedBy = [ "multi-user.target" "network-online.target" "pppd-telekom.service" ];
	176	bindsTo = [ "pppd-telekom.service" ];
	177	after = [ "pppd-telekom.service" ];
	178	wants = [ "network.target" ];
	179	before = [ "network-online.target" ];
	180
	181	serviceConfig = {
	182	ExecStartPre = [
	183	(pkgs.resholve.writeScript "wait-${pppInterface}-ip" {
	184	interpreter = pkgs.runtimeShell;
	185	inputs = with pkgs; [ iproute2 coreutils ];
	186	execer = [
	187	"cannot:${lib.getExe' pkgs.iproute2 "ip"}"
	188	];
	189	} ''
	190	i=0
	191
	192	while [[ -z "$(ip -6 addr show dev ${pppInterface} scope link)" ]]; do
	193	sleep 0.1
	194	i=$((i + 1))
	195	if [[ "$i" -ge 10 ]]; then
	196	exit 1
	197	fi
	198	done
	199	'')
	200	];
	201
	202	RestartSec = "5";
	203	};
	204	};
	205	systemd.services.ndppd = {
	206	wantedBy = [ "dhcpcd.service" ];
	207	bindsTo = [ "dhcpcd.service" ];
	208	after = [ "dhcpcd.service" ];
	209
	210	serviceConfig = {
	211	Restart = "always";
	212	RestartSec = "5";
	213	};
	214	};
	215	systemd.services.radvd = {
	216	wantedBy = [ "dhcpcd.service" "multi-user.target" ];
	217	bindsTo = [ "dhcpcd.service" ];
	218	after = [ "dhcpcd.service" "network.target" ];
	219
	220	serviceConfig = {
	221	Restart = "always";
	222	RestartSec = "5";
	223	DynamicUser = true;
	224	AmbientCapabilities = ["CAP_NET_ADMIN" "CAP_NET_RAW"];
	225	CapabilityBoundingSet = ["CAP_NET_ADMIN" "CAP_NET_RAW"];
	226	RuntimeDirectory = "radvd";
	227	PIDFile = "$RUNTIME_DIRECTORY/radvd.pid";
	228	ExecStart = pkgs.writers.writePython3 "radvd-genconfig" {
	229	libraries = with pkgs.python3Packages; [ jinja2 ];
	230	doCheck = false;
	231	} ''
	232	import os
	233	import sys
	234	from tempfile import NamedTemporaryFile
	235	import subprocess
	236	import json
	237	import jinja2
	238	from pathlib import Path
	239	from ipaddress import IPv6Network
	240
	241
	242	def network_address(value, prefixlen):
	243	return IPv6Network(value + "/" + str(prefixlen), strict=False).network_address
	244
	245
	246	with subprocess.Popen(["${lib.getExe' pkgs.iproute2 "ip"}", "-j", "addr", "show", "dev", "lan"], stdout=subprocess.PIPE) as proc:
	247	addresses = json.load(proc.stdout)
	248
	249	global_addresses = [ addr for addr in addresses[0]["addr_info"] if addr["family"] == "inet6" and addr["scope"] == "global" ]
	250
	251	if not global_addresses:
	252	sys.exit(1)
	253
	254	with NamedTemporaryFile(mode='w', dir=os.environ["RUNTIME_DIRECTORY"], prefix="radvd.", suffix=".conf", delete=False) as fh:
	255	config_file = fh.name
	256	env = jinja2.Environment(
	257	loader = jinja2.FileSystemLoader("${pkgs.writeTextDir "radvd.conf.jinja2" ''
	258	interface lan {
	259	IgnoreIfMissing off;
	260	AdvSendAdvert on;
	261	MaxRtrAdvInterval 240;
	262	{% for addr in addrs %}
	263	prefix {{addr["local"] \| network_address(addr["prefixlen"])}}/{{addr["prefixlen"]}} {
	264	AdvValidLifetime 86400;
	265	AdvPreferredLifetime 300;
	266	DeprecatePrefix on;
	267	};
	268	route {{addr["local"] \| network_address(56)}}/56 {
	269	AdvRouteLifetime 300;
	270	RemoveRoute on;
	271	};
	272	RDNSS {{addr["local"]}} {
	273	AdvRDNSSLifetime 300;
	274	};
	275	{%- endfor %}
	276	DNSSL yggdrasil {};
	277	};
	278	''}"),
	279	autoescape = False,
	280	)
	281	env.filters["network_address"] = network_address
	282	env.get_template("radvd.conf.jinja2").stream({
	283	"addrs": global_addresses,
	284	}).dump(fh)
	285
	286	os.execv("${lib.getExe' pkgs.radvd "radvd"}", ["radvd", "-n", "-p", str(Path(os.environ["RUNTIME_DIRECTORY"]) / "radvd.pid"), "-d", "1", "-C", config_file])
	287	'';
	288	};
	289	};
	290
	291	systemd.services.unbound = {
	292	wantedBy = [ "dhcpcd.service" ];
	293	bindsTo = [ "dhcpcd.service" ];
	294	after = [ "dhcpcd.service" ];
	295
	296	serviceConfig = {
	297	Restart = lib.mkForce "always";
	298	};
	299	};
	300	};
	301	}