1 files changed, 264 insertions, 0 deletions
diff --git a/hosts/vidhar/network/pppoe.nix b/hosts/vidhar/network/pppoe.nix
new file mode 100644
index 00000000..5cc84862
--- /dev/null
+++ b/hosts/vidhar/network/pppoe.nix
@@ -0,0 +1,264 @@
+{ config, lib, pkgs, ... }:
+with lib;
+let
+  pppInterface = config.networking.pppInterface;
+in {
+  options = {
+    networking.pppInterface = mkOption {
+      type = types.str;
+      default = "ppp";
+    };
+  };
+  config = {
+    networking.vlans = {
+      telekom = {
+        id = 7;
+        interface = "eno2";
+      };
+    };
+    services.pppd = {
+      enable = true;
+      peers.telekom.config = ''
+        nodefaultroute
+        ifname ${pppInterface}
+        lcp-echo-adaptive
+        lcp-echo-failure 10
+        lcp-echo-interval 1
+        maxfail 0
+        mtu 1492
+        mru 1492
+        plugin pppoe.so
+        user congstar
+        password congstar
+        nic-telekom
+        debug
+        +ipv6
+      '';
+    };
+    systemd.services."pppd-telekom" = {
+      stopIfChanged = true;
+      serviceConfig = {
+        Type = lib.mkForce "notify";
+        ExecStart = lib.mkForce "${getBin config.services.pppd.package}/sbin/pppd call telekom up_sdnotify nolog";
+        PIDFile = "/run/pppd/${pppInterface}.pid";
+      };
+      restartTriggers = with config; [
+        environment.etc."ppp/ip-pre-up".source
+        environment.etc."ppp/ip-up".source
+        environment.etc."ppp/ip-down".source
+      ];
+    };
+    environment.etc = {
+      "ppp/ip-pre-up".source = pkgs.resholve.writeScript "ip-pre-up" {
+        interpreter = pkgs.runtimeShell;
+        inputs = [ pkgs.iproute2 pkgs.ethtool ];
+        execer = [
+          "cannot:${lib.getExe' pkgs.iproute2 "ip"}"
+          "cannot:${lib.getExe' pkgs.iproute2 "tc"}"
+        ];
+      } ''
+        ethtool -K telekom tso off gso off gro off
+        ip link del "ifb4${pppInterface}" || true
+        ip link add name "ifb4${pppInterface}" type ifb
+        ip link set "ifb4${pppInterface}" up
+        tc qdisc del dev "ifb4${pppInterface}" root || true
+        tc qdisc del dev "${pppInterface}" ingress || true
+        tc qdisc del dev "${pppInterface}" root || true
+        tc qdisc add dev "${pppInterface}" handle ffff: ingress
+        tc filter add dev "${pppInterface}" parent ffff: basic action ctinfo dscp 0x0000003f 0x00000040 action mirred egress redirect dev "ifb4${pppInterface}"
+        tc qdisc replace dev "ifb4${pppInterface}" root cake memlimit 128Mb overhead 35 mpu 74 regional diffserv4 bandwidth ${toString (builtins.floor (177968 * 0.95))}kbit
+        tc qdisc replace dev "${pppInterface}" root cake memlimit 128Mb overhead 35 mpu 74 regional nat diffserv4 wash bandwidth ${toString (builtins.floor (41216 * 0.95))}kbit
+      '';
+      "ppp/ip-up".source = pkgs.resholve.writeScript "ip-up" {
+        interpreter = pkgs.runtimeShell;
+        inputs = [ pkgs.iproute2 ];
+        execer = [ "cannot:${lib.getExe' pkgs.iproute2 "ip"}" ];
+      } ''
+        ip route add default via "$5" dev "${pppInterface}" metric 512
+      '';
+      "ppp/ip-down".source = pkgs.resholve.writeScript "ip-down" {
+        interpreter = pkgs.runtimeShell;
+        inputs = [ pkgs.iproute2 ];
+        execer = [ "cannot:${lib.getExe' pkgs.iproute2 "ip"}" ];
+      } ''
+        ip link del "ifb4${pppInterface}"
+      '';
+    };
+    systemd.network.networks.${pppInterface} = {
+      matchConfig = {
+        Name = pppInterface;
+      };
+      dns = [ "::1" "127.0.0.1" ];
+      domains = [ "~." ];
+      networkConfig = {
+        LinkLocalAddressing = "no";
+        DNSSEC = true;
+      };
+    };
+    services.corerad = {
+      enable = true;
+      settings = {
+        interfaces = [
+          { name = pppInterface;
+            monitor = true;
+            verbose = true;
+          }
+          { name = "lan";
+            advertise = true;
+            verbose = true;
+            prefix = [{ prefix = "::/64"; }];
+            route = [{ prefix = "::/0"; }];
+            rdnss = [{ servers = ["::"]; }];
+            dnssl = [{ domain_names = ["yggdrasil"]; }];
+            # other_config = true;
+          }
+        ];
+        debug = {
+          address = "localhost:9430";
+          prometheus = true;
+        };
+      };
+    };
+    services.ndppd = {
+      enable = true;
+      proxies = {
+        ${pppInterface} = {
+          router = true;
+          rules = {
+            lan = {
+              method = "iface";
+              interface = "lan";
+              network = "::/0";
+            };
+          };
+        };
+      };
+    };
+    boot.kernelModules = [ "ifb" ];
+    boot.kernel.sysctl = {
+      "net.ipv6.conf.all.forwarding" = true;
+      "net.ipv6.conf.default.forwarding" = true;
+      "net.ipv4.conf.all.forwarding" = true;
+      "net.ipv4.conf.default.forwarding" = true;
+      "net.core.rmem_max" = 4194304;
+      "net.core.wmem_max" = 4194304;
+    };
+    systemd.services."pppd-telekom" = {
+      bindsTo = [ "sys-subsystem-net-devices-telekom.device" ];
+      after = [ "sys-subsystem-net-devices-telekom.device" ];
+    };
+    systemd.services."dhcpcd-${pppInterface}" = {
+      wantedBy = [ "multi-user.target" "network-online.target" "pppd-telekom.service" ];
+      bindsTo = [ "pppd-telekom.service" ];
+      after = [ "pppd-telekom.service" ];
+      wants = [ "network.target" ];
+      before = [ "network-online.target" ];
+      path = with pkgs; [ dhcpcd nettools openresolv ];
+      unitConfig.ConditionCapability = "CAP_NET_ADMIN";
+      stopIfChanged = true;
+      preStart = ''
+        i=0
+        while [[ -z "$(${pkgs.iproute2}/bin/ip -6 addr show dev ${pppInterface} scope link)" ]]; do
+          ${pkgs.coreutils}/bin/sleep 0.1
+          i=$((i + 1))
+          if [[ "$i" -ge 10 ]]; then
+            exit 1
+          fi
+        done
+      '';
+      postStop = ''
+        for dev in lan; do
+          ${pkgs.iproute2}/bin/ip -6 a show dev "''${dev}" scope global | ${pkgs.gnugrep}/bin/grep inet6 | ${pkgs.gawk}/bin/awk '{ print $2; }' | ${pkgs.findutils}/bin/xargs -I '{}' -- ${pkgs.iproute2}/bin/ip addr del '{}' dev "''${dev}"
+        done
+      '';
+      serviceConfig = let
+        dhcpcdConf = pkgs.writeText "dhcpcd.conf" ''
+          duid
+          vendorclassid
+          ipv6only
+          nooption domain_name_servers, domain_name, domain_search
+          option classless_static_routes
+          option interface_mtu
+          option host_name
+          option rapid_commit
+          require dhcp_server_identifier
+          slaac private
+          nohook resolv.conf
+          ipv6ra_autoconf
+          iaid 1195061668
+          ipv6rs                 # enable routing solicitation for WAN adapter
+          ia_pd 1 lan/0/64/0     # request a PD and assign it to the LAN
+          reboot 0
+          waitip 6
+        '';
+      in {
+        Type = "forking";
+        PIDFile = "/var/run/dhcpcd/${pppInterface}.pid";
+        RuntimeDirectory = "dhcpcd";
+        ExecStart = "@${pkgs.dhcpcd}/sbin/dhcpcd dhcpcd -q --config ${dhcpcdConf} ${pppInterface}";
+        ExecReload = "${pkgs.dhcpcd}/sbin/dhcpcd --rebind ${pppInterface}";
+        Restart = "always";
+        RestartSec = "5";
+      };
+    };
+    systemd.services.ndppd = {
+      wantedBy = [ "dhcpcd-${pppInterface}.service" ];
+      bindsTo = [ "dhcpcd-${pppInterface}.service" ];
+      after = [ "dhcpcd-${pppInterface}.service" ];
+      serviceConfig = {
+        Restart = "always";
+        RestartSec = "5";
+      };
+    };
+    systemd.services.corerad = {
+      wantedBy = [ "dhcpcd-${pppInterface}.service" ];
+      bindsTo = [ "dhcpcd-${pppInterface}.service" ];
+      after = [ "dhcpcd-${pppInterface}.service" ];
+      serviceConfig = {
+        Restart = lib.mkForce "always";
+        RestartSec = "5";
+      };
+    };
+    users.users.dhcpcd = {
+      isSystemUser = true;
+      group = "dhcpcd";
+    };
+    users.groups.dhcpcd = {};
+    systemd.services.unbound = {
+      wantedBy = [ "dhcpcd-${pppInterface}.service" ];
+      bindsTo = [ "dhcpcd-${pppInterface}.service" ];
+      after = [ "dhcpcd-${pppInterface}.service" ];
+      serviceConfig = {
+        Restart = lib.mkForce "always";
+      };
+    };
+  };
+}

diff --git a/hosts/vidhar/network/pppoe.nix b/hosts/vidhar/network/pppoe.nix new file mode 100644 index 00000000..5cc84862 --- /dev/null +++ b/hosts/vidhar/network/pppoe.nix
@@ -0,0 +1,264 @@
	1	{ config, lib, pkgs, ... }:
	2
	3	with lib;
	4
	5	let
	6	pppInterface = config.networking.pppInterface;
	7	in {
	8	options = {
	9	networking.pppInterface = mkOption {
	10	type = types.str;
	11	default = "ppp";
	12	};
	13	};
	14
	15	config = {
	16	networking.vlans = {
	17	telekom = {
	18	id = 7;
	19	interface = "eno2";
	20	};
	21	};
	22
	23	services.pppd = {
	24	enable = true;
	25	peers.telekom.config = ''
	26	nodefaultroute
	27	ifname ${pppInterface}
	28	lcp-echo-adaptive
	29	lcp-echo-failure 10
	30	lcp-echo-interval 1
	31	maxfail 0
	32	mtu 1492
	33	mru 1492
	34	plugin pppoe.so
	35	user congstar
	36	password congstar
	37	nic-telekom
	38	debug
	39	+ipv6
	40	'';
	41	};
	42	systemd.services."pppd-telekom" = {
	43	stopIfChanged = true;
	44
	45	serviceConfig = {
	46	Type = lib.mkForce "notify";
	47	ExecStart = lib.mkForce "${getBin config.services.pppd.package}/sbin/pppd call telekom up_sdnotify nolog";
	48	PIDFile = "/run/pppd/${pppInterface}.pid";
	49	};
	50	restartTriggers = with config; [
	51	environment.etc."ppp/ip-pre-up".source
	52	environment.etc."ppp/ip-up".source
	53	environment.etc."ppp/ip-down".source
	54	];
	55	};
	56
	57	environment.etc = {
	58	"ppp/ip-pre-up".source = pkgs.resholve.writeScript "ip-pre-up" {
	59	interpreter = pkgs.runtimeShell;
	60	inputs = [ pkgs.iproute2 pkgs.ethtool ];
	61	execer = [
	62	"cannot:${lib.getExe' pkgs.iproute2 "ip"}"
	63	"cannot:${lib.getExe' pkgs.iproute2 "tc"}"
	64	];
	65	} ''
	66	ethtool -K telekom tso off gso off gro off
	67
	68	ip link del "ifb4${pppInterface}" \|\| true
	69	ip link add name "ifb4${pppInterface}" type ifb
	70	ip link set "ifb4${pppInterface}" up
	71
	72	tc qdisc del dev "ifb4${pppInterface}" root \|\| true
	73	tc qdisc del dev "${pppInterface}" ingress \|\| true
	74	tc qdisc del dev "${pppInterface}" root \|\| true
	75
	76	tc qdisc add dev "${pppInterface}" handle ffff: ingress
	77	tc filter add dev "${pppInterface}" parent ffff: basic action ctinfo dscp 0x0000003f 0x00000040 action mirred egress redirect dev "ifb4${pppInterface}"
	78	tc qdisc replace dev "ifb4${pppInterface}" root cake memlimit 128Mb overhead 35 mpu 74 regional diffserv4 bandwidth ${toString (builtins.floor (177968 * 0.95))}kbit
	79	tc qdisc replace dev "${pppInterface}" root cake memlimit 128Mb overhead 35 mpu 74 regional nat diffserv4 wash bandwidth ${toString (builtins.floor (41216 * 0.95))}kbit
	80	'';
	81	"ppp/ip-up".source = pkgs.resholve.writeScript "ip-up" {
	82	interpreter = pkgs.runtimeShell;
	83	inputs = [ pkgs.iproute2 ];
	84	execer = [ "cannot:${lib.getExe' pkgs.iproute2 "ip"}" ];
	85	} ''
	86	ip route add default via "$5" dev "${pppInterface}" metric 512
	87	'';
	88	"ppp/ip-down".source = pkgs.resholve.writeScript "ip-down" {
	89	interpreter = pkgs.runtimeShell;
	90	inputs = [ pkgs.iproute2 ];
	91	execer = [ "cannot:${lib.getExe' pkgs.iproute2 "ip"}" ];
	92	} ''
	93	ip link del "ifb4${pppInterface}"
	94	'';
	95	};
	96
	97	systemd.network.networks.${pppInterface} = {
	98	matchConfig = {
	99	Name = pppInterface;
	100	};
	101	dns = [ "::1" "127.0.0.1" ];
	102	domains = [ "~." ];
	103	networkConfig = {
	104	LinkLocalAddressing = "no";
	105	DNSSEC = true;
	106	};
	107	};
	108
	109	services.corerad = {
	110	enable = true;
	111	settings = {
	112	interfaces = [
	113	{ name = pppInterface;
	114	monitor = true;
	115	verbose = true;
	116	}
	117	{ name = "lan";
	118	advertise = true;
	119	verbose = true;
	120	prefix = [{ prefix = "::/64"; }];
	121	route = [{ prefix = "::/0"; }];
	122	rdnss = [{ servers = ["::"]; }];
	123	dnssl = [{ domain_names = ["yggdrasil"]; }];
	124	# other_config = true;
	125	}
	126	];
	127
	128	debug = {
	129	address = "localhost:9430";
	130	prometheus = true;
	131	};
	132	};
	133	};
	134	services.ndppd = {
	135	enable = true;
	136	proxies = {
	137	${pppInterface} = {
	138	router = true;
	139	rules = {
	140	lan = {
	141	method = "iface";
	142	interface = "lan";
	143	network = "::/0";
	144	};
	145	};
	146	};
	147	};
	148	};
	149	boot.kernelModules = [ "ifb" ];
	150	boot.kernel.sysctl = {
	151	"net.ipv6.conf.all.forwarding" = true;
	152	"net.ipv6.conf.default.forwarding" = true;
	153	"net.ipv4.conf.all.forwarding" = true;
	154	"net.ipv4.conf.default.forwarding" = true;
	155
	156	"net.core.rmem_max" = 4194304;
	157	"net.core.wmem_max" = 4194304;
	158	};
	159	systemd.services."pppd-telekom" = {
	160	bindsTo = [ "sys-subsystem-net-devices-telekom.device" ];
	161	after = [ "sys-subsystem-net-devices-telekom.device" ];
	162	};
	163	systemd.services."dhcpcd-${pppInterface}" = {
	164	wantedBy = [ "multi-user.target" "network-online.target" "pppd-telekom.service" ];
	165	bindsTo = [ "pppd-telekom.service" ];
	166	after = [ "pppd-telekom.service" ];
	167	wants = [ "network.target" ];
	168	before = [ "network-online.target" ];
	169
	170	path = with pkgs; [ dhcpcd nettools openresolv ];
	171	unitConfig.ConditionCapability = "CAP_NET_ADMIN";
	172
	173	stopIfChanged = true;
	174
	175	preStart = ''
	176	i=0
	177
	178	while [[ -z "$(${pkgs.iproute2}/bin/ip -6 addr show dev ${pppInterface} scope link)" ]]; do
	179	${pkgs.coreutils}/bin/sleep 0.1
	180	i=$((i + 1))
	181	if [[ "$i" -ge 10 ]]; then
	182	exit 1
	183	fi
	184	done
	185	'';
	186
	187	postStop = ''
	188	for dev in lan; do
	189	${pkgs.iproute2}/bin/ip -6 a show dev "''${dev}" scope global \| ${pkgs.gnugrep}/bin/grep inet6 \| ${pkgs.gawk}/bin/awk '{ print $2; }' \| ${pkgs.findutils}/bin/xargs -I '{}' -- ${pkgs.iproute2}/bin/ip addr del '{}' dev "''${dev}"
	190	done
	191	'';
	192
	193	serviceConfig = let
	194	dhcpcdConf = pkgs.writeText "dhcpcd.conf" ''
	195	duid
	196	vendorclassid
	197	ipv6only
	198
	199	nooption domain_name_servers, domain_name, domain_search
	200	option classless_static_routes
	201	option interface_mtu
	202
	203	option host_name
	204	option rapid_commit
	205	require dhcp_server_identifier
	206	slaac private
	207
	208	nohook resolv.conf
	209	ipv6ra_autoconf
	210	iaid 1195061668
	211	ipv6rs # enable routing solicitation for WAN adapter
	212	ia_pd 1 lan/0/64/0 # request a PD and assign it to the LAN
	213
	214	reboot 0
	215
	216	waitip 6
	217	'';
	218	in {
	219	Type = "forking";
	220	PIDFile = "/var/run/dhcpcd/${pppInterface}.pid";
	221	RuntimeDirectory = "dhcpcd";
	222	ExecStart = "@${pkgs.dhcpcd}/sbin/dhcpcd dhcpcd -q --config ${dhcpcdConf} ${pppInterface}";
	223	ExecReload = "${pkgs.dhcpcd}/sbin/dhcpcd --rebind ${pppInterface}";
	224	Restart = "always";
	225	RestartSec = "5";
	226	};
	227	};
	228	systemd.services.ndppd = {
	229	wantedBy = [ "dhcpcd-${pppInterface}.service" ];
	230	bindsTo = [ "dhcpcd-${pppInterface}.service" ];
	231	after = [ "dhcpcd-${pppInterface}.service" ];
	232
	233	serviceConfig = {
	234	Restart = "always";
	235	RestartSec = "5";
	236	};
	237	};
	238	systemd.services.corerad = {
	239	wantedBy = [ "dhcpcd-${pppInterface}.service" ];
	240	bindsTo = [ "dhcpcd-${pppInterface}.service" ];
	241	after = [ "dhcpcd-${pppInterface}.service" ];
	242
	243	serviceConfig = {
	244	Restart = lib.mkForce "always";
	245	RestartSec = "5";
	246	};
	247	};
	248	users.users.dhcpcd = {
	249	isSystemUser = true;
	250	group = "dhcpcd";
	251	};
	252	users.groups.dhcpcd = {};
	253
	254	systemd.services.unbound = {
	255	wantedBy = [ "dhcpcd-${pppInterface}.service" ];
	256	bindsTo = [ "dhcpcd-${pppInterface}.service" ];
	257	after = [ "dhcpcd-${pppInterface}.service" ];
	258
	259	serviceConfig = {
	260	Restart = lib.mkForce "always";
	261	};
	262	};
	263	};
	264	}