1 files changed, 155 insertions, 0 deletions
diff --git a/hosts/vidhar/network/pppoe/default.nix b/hosts/vidhar/network/pppoe/default.nix
new file mode 100644
index 00000000..f652c29d
--- /dev/null
+++ b/hosts/vidhar/network/pppoe/default.nix
@@ -0,0 +1,155 @@
+{ config, lib, pkgs, ... }:
+with lib;
+let
+  inherit (config.networking) pppInterface;
+in {
+  options = {
+    networking.pppInterface = mkOption {
+      type = types.str;
+      default = "ppp";
+    };
+  };
+  config = {
+    networking.vlans = {
+      pppoe = {
+        id = 7;
+        interface = "eno2";
+      };
+    };
+    services.pppd = {
+      enable = true;
+      package = pkgs.ppp.overrideAttrs (oldAttrs: {
+        patches = [
+          ./no-double-timeout.patch
+        ] ++ (oldAttrs.patches or []);
+      });
+      peers = {
+        o2.config = ''
+          user DSL0004874856014@s93.bbi-o2.de
+        '';
+      };
+    };
+    systemd.services."pppd-o2" = {
+      stopIfChanged = true;
+      restartTriggers = with config; [
+        environment.etc."ppp/pap-secrets".source
+        environment.etc."ppp/options".source
+        environment.etc."ppp/ip-pre-up".source
+        environment.etc."ppp/ip-up".source
+        environment.etc."ppp/ip-down".source
+      ];
+      serviceConfig.LoadCredential = [
+        "password:${config.sops.secrets."o2-password".path}"
+      ];
+      bindsTo = [ "sys-subsystem-net-devices-pppoe.device" ];
+      after = [ "sys-subsystem-net-devices-pppoe.device" ];
+    };
+    sops.secrets."o2-password" = {
+      format = "binary";
+      sopsFile = ./o2-password;
+    };
+    environment.etc = {
+      "ppp/options".text = ''
+        nodefaultroute
+        ifname ${pppInterface}
+        lcp-echo-adaptive
+        lcp-echo-failure 10
+        lcp-echo-interval 1
+        maxfail 0
+        mtu 1492
+        mru 1492
+        plugin pppoe.so
+        pppoe-padi-timeout 1
+        pppoe-padi-attempts 10
+        nic-pppoe
+        debug
+        +ipv6
+      '';
+      "ppp/pap-secrets".text = ''
+        DSL0004874856014@s93.bbi-o2.de * @/run/credentials/pppd-o2.service/password *
+      '';
+      "ppp/ip-pre-up".source = pkgs.resholve.writeScript "ip-pre-up" {
+        interpreter = pkgs.runtimeShell;
+        inputs = [ pkgs.iproute2 pkgs.ethtool ];
+        execer = [
+          "cannot:${lib.getExe' pkgs.iproute2 "ip"}"
+          "cannot:${lib.getExe' pkgs.iproute2 "tc"}"
+        ];
+      } ''
+        ethtool -K pppoe tso off gso off gro off
+        ip link del "ifb4$1" || true
+        ip link add name "ifb4$1" type ifb
+        ip link set "ifb4$1" up
+        tc qdisc del dev "ifb4$1" root || true
+        tc qdisc del dev "$1" ingress || true
+        tc qdisc del dev "$1" root || true
+        tc qdisc add dev "$1" handle ffff: ingress
+        tc filter add dev "$1" parent ffff: basic action ctinfo dscp 0x0000003f 0x00000040 action mirred egress redirect dev "ifb4$1"
+        tc qdisc replace dev "ifb4$1" root cake memlimit 128Mb overhead 35 mpu 74 regional diffserv4 bandwidth 175mbit
+        tc qdisc replace dev "$1" root cake memlimit 128Mb overhead 35 mpu 74 regional nat diffserv4 wash bandwidth 40mbit
+      '';
+      "ppp/ip-up".source = pkgs.resholve.writeScript "ip-up" {
+        interpreter = pkgs.runtimeShell;
+        inputs = [ pkgs.iproute2 ];
+        execer = [ "cannot:${lib.getExe' pkgs.iproute2 "ip"}" ];
+      } ''
+        ip addr add "$4" peer "$5"/32 dev "$1"
+        ip route add default dev "$1" metric 512
+      '';
+      "ppp/ip-down".source = pkgs.resholve.writeScript "ip-down" {
+        interpreter = pkgs.runtimeShell;
+        inputs = [ pkgs.iproute2 ];
+        execer = [ "cannot:${lib.getExe' pkgs.iproute2 "ip"}" ];
+      } ''
+        ip link del "ifb4$1"
+      '';
+    };
+    systemd.package = pkgs.systemd.overrideAttrs (oldAttrs: {
+      patches = (oldAttrs.patches or []) ++ [
+        (pkgs.fetchpatch {
+          url = "https://github.com/sysedwinistrator/systemd/commit/b9691a43551739ddacdb8d53a4312964c3ddfa08.patch";
+          hash = "sha256-TLfOTFodLzCVywnF4Xp4BR2Pja0Qq4ItE/yaKkzI414=";
+        })
+      ];
+    });
+    systemd.network.networks = {
+      "40-${pppInterface}" = {
+        matchConfig.Name = pppInterface;
+        dns = [ "::1" "127.0.0.1" ];
+        domains = [ "~." ];
+        networkConfig = {
+          DHCP = true;
+          DNSSEC = true;
+        };
+        dhcpV6Config = {
+          PrefixDelegationHint = "::/64";
+          WithoutRA = "solicit";
+        };
+      };
+    };
+    boot.kernelModules = [ "ifb" ];
+    boot.kernel.sysctl = {
+      "net.ipv6.conf.all.forwarding" = true;
+      "net.ipv6.conf.default.forwarding" = true;
+      "net.ipv4.conf.all.forwarding" = true;
+      "net.ipv4.conf.default.forwarding" = true;
+      "net.core.rmem_max" = 4194304;
+      "net.core.wmem_max" = 4194304;
+    };
+  };
+}

diff --git a/hosts/vidhar/network/pppoe/default.nix b/hosts/vidhar/network/pppoe/default.nix new file mode 100644 index 00000000..f652c29d --- /dev/null +++ b/hosts/vidhar/network/pppoe/default.nix
@@ -0,0 +1,155 @@
	1	{ config, lib, pkgs, ... }:
	2
	3	with lib;
	4
	5	let
	6	inherit (config.networking) pppInterface;
	7	in {
	8	options = {
	9	networking.pppInterface = mkOption {
	10	type = types.str;
	11	default = "ppp";
	12	};
	13	};
	14
	15	config = {
	16	networking.vlans = {
	17	pppoe = {
	18	id = 7;
	19	interface = "eno2";
	20	};
	21	};
	22
	23	services.pppd = {
	24	enable = true;
	25	package = pkgs.ppp.overrideAttrs (oldAttrs: {
	26	patches = [
	27	./no-double-timeout.patch
	28	] ++ (oldAttrs.patches or []);
	29	});
	30	peers = {
	31	o2.config = ''
	32	user DSL0004874856014@s93.bbi-o2.de
	33	'';
	34	};
	35	};
	36	systemd.services."pppd-o2" = {
	37	stopIfChanged = true;
	38
	39	restartTriggers = with config; [
	40	environment.etc."ppp/pap-secrets".source
	41	environment.etc."ppp/options".source
	42	environment.etc."ppp/ip-pre-up".source
	43	environment.etc."ppp/ip-up".source
	44	environment.etc."ppp/ip-down".source
	45	];
	46
	47	serviceConfig.LoadCredential = [
	48	"password:${config.sops.secrets."o2-password".path}"
	49	];
	50
	51	bindsTo = [ "sys-subsystem-net-devices-pppoe.device" ];
	52	after = [ "sys-subsystem-net-devices-pppoe.device" ];
	53	};
	54	sops.secrets."o2-password" = {
	55	format = "binary";
	56	sopsFile = ./o2-password;
	57	};
	58
	59	environment.etc = {
	60	"ppp/options".text = ''
	61	nodefaultroute
	62	ifname ${pppInterface}
	63	lcp-echo-adaptive
	64	lcp-echo-failure 10
	65	lcp-echo-interval 1
	66	maxfail 0
	67	mtu 1492
	68	mru 1492
	69	plugin pppoe.so
	70	pppoe-padi-timeout 1
	71	pppoe-padi-attempts 10
	72	nic-pppoe
	73	debug
	74	+ipv6
	75	'';
	76	"ppp/pap-secrets".text = ''
	77	DSL0004874856014@s93.bbi-o2.de * @/run/credentials/pppd-o2.service/password *
	78	'';
	79	"ppp/ip-pre-up".source = pkgs.resholve.writeScript "ip-pre-up" {
	80	interpreter = pkgs.runtimeShell;
	81	inputs = [ pkgs.iproute2 pkgs.ethtool ];
	82	execer = [
	83	"cannot:${lib.getExe' pkgs.iproute2 "ip"}"
	84	"cannot:${lib.getExe' pkgs.iproute2 "tc"}"
	85	];
	86	} ''
	87	ethtool -K pppoe tso off gso off gro off
	88
	89	ip link del "ifb4$1" \|\| true
	90	ip link add name "ifb4$1" type ifb
	91	ip link set "ifb4$1" up
	92
	93	tc qdisc del dev "ifb4$1" root \|\| true
	94	tc qdisc del dev "$1" ingress \|\| true
	95	tc qdisc del dev "$1" root \|\| true
	96
	97	tc qdisc add dev "$1" handle ffff: ingress
	98	tc filter add dev "$1" parent ffff: basic action ctinfo dscp 0x0000003f 0x00000040 action mirred egress redirect dev "ifb4$1"
	99	tc qdisc replace dev "ifb4$1" root cake memlimit 128Mb overhead 35 mpu 74 regional diffserv4 bandwidth 175mbit
	100	tc qdisc replace dev "$1" root cake memlimit 128Mb overhead 35 mpu 74 regional nat diffserv4 wash bandwidth 40mbit
	101	'';
	102	"ppp/ip-up".source = pkgs.resholve.writeScript "ip-up" {
	103	interpreter = pkgs.runtimeShell;
	104	inputs = [ pkgs.iproute2 ];
	105	execer = [ "cannot:${lib.getExe' pkgs.iproute2 "ip"}" ];
	106	} ''
	107	ip addr add "$4" peer "$5"/32 dev "$1"
	108	ip route add default dev "$1" metric 512
	109	'';
	110	"ppp/ip-down".source = pkgs.resholve.writeScript "ip-down" {
	111	interpreter = pkgs.runtimeShell;
	112	inputs = [ pkgs.iproute2 ];
	113	execer = [ "cannot:${lib.getExe' pkgs.iproute2 "ip"}" ];
	114	} ''
	115	ip link del "ifb4$1"
	116	'';
	117	};
	118
	119	systemd.package = pkgs.systemd.overrideAttrs (oldAttrs: {
	120	patches = (oldAttrs.patches or []) ++ [
	121	(pkgs.fetchpatch {
	122	url = "https://github.com/sysedwinistrator/systemd/commit/b9691a43551739ddacdb8d53a4312964c3ddfa08.patch";
	123	hash = "sha256-TLfOTFodLzCVywnF4Xp4BR2Pja0Qq4ItE/yaKkzI414=";
	124	})
	125	];
	126	});
	127
	128	systemd.network.networks = {
	129	"40-${pppInterface}" = {
	130	matchConfig.Name = pppInterface;
	131	dns = [ "::1" "127.0.0.1" ];
	132	domains = [ "~." ];
	133	networkConfig = {
	134	DHCP = true;
	135	DNSSEC = true;
	136	};
	137	dhcpV6Config = {
	138	PrefixDelegationHint = "::/64";
	139	WithoutRA = "solicit";
	140	};
	141	};
	142	};
	143
	144	boot.kernelModules = [ "ifb" ];
	145	boot.kernel.sysctl = {
	146	"net.ipv6.conf.all.forwarding" = true;
	147	"net.ipv6.conf.default.forwarding" = true;
	148	"net.ipv4.conf.all.forwarding" = true;
	149	"net.ipv4.conf.default.forwarding" = true;
	150
	151	"net.core.rmem_max" = 4194304;
	152	"net.core.wmem_max" = 4194304;
	153	};
	154	};
	155	}