4 files changed, 55 insertions, 25 deletions
diff --git a/hosts/vidhar/network/default.nix b/hosts/vidhar/network/default.nix
index 02a8d648..3b48a7fc 100644
--- a/hosts/vidhar/network/default.nix
+++ b/hosts/vidhar/network/default.nix
@@ -3,7 +3,7 @@
 with lib;
 {
-  imports = [ ./pppoe.nix ./bifrost ./dhcp ];
+  imports = [ ./pppoe ./bifrost ./dhcp ];
  config = {
    networking = {
@@ -132,6 +132,7 @@ with lib;
      "/srv/nfs/nix-store" = {
        device = "/nix/store";
        options = [ "bind" ];
+        fsType = "none";
      };
    };
  };
diff --git a/hosts/vidhar/network/pppoe.nix b/hosts/vidhar/network/pppoe/default.nix
index 7b342b69..36bf4f49 100644
--- a/hosts/vidhar/network/pppoe.nix
+++ b/hosts/vidhar/network/pppoe/default.nix
@@ -27,7 +27,37 @@ in {
          ./no-double-timeout.patch
        ];
      });
-      peers.telekom.config = ''
+      peers = {
+        o2.config = ''
+          user DSL0004874856014@s93.bbi-o2.de
+        '';
+      };
+    };
+    systemd.services."pppd-o2" = {
+      stopIfChanged = true;
+      restartTriggers = with config; [
+        environment.etc."ppp/pap-secrets".source
+        environment.etc."ppp/options".source
+        environment.etc."ppp/ip-pre-up".source
+        environment.etc."ppp/ip-up".source
+        environment.etc."ppp/ip-down".source
+      ];
+      serviceConfig.LoadCredential = [
+        "password:${config.sops.secrets."o2-password".path}"
+      ];
+      bindsTo = [ "sys-subsystem-net-devices-telekom.device" ];
+      after = [ "sys-subsystem-net-devices-telekom.device" ];
+    };
+    sops.secrets."o2-password" = {
+      format = "binary";
+      sopsFile = ./o2-password;
+    };
+    environment.etc = {
+      "ppp/options".text = ''
        nodefaultroute
        ifname ${pppInterface}
        lcp-echo-adaptive
@@ -39,29 +69,14 @@ in {
        plugin pppoe.so
        pppoe-padi-timeout 1
        pppoe-padi-attempts 10
-        user congstar
-        password congstar
        nic-telekom
        debug
        +ipv6
      '';
-    };
+      "ppp/pap-secrets".text = ''
-    systemd.services."pppd-telekom" = {
+        congstar * congstar *
-      stopIfChanged = true;
+        DSL0004874856014@s93.bbi-o2.de * @/run/credentials/pppd-o2.service/password *
+      '';
-      serviceConfig = {
-        Type = lib.mkForce "notify";
-        ExecStart = lib.mkForce "${getBin config.services.pppd.package}/sbin/pppd call telekom up_sdnotify nolog";
-        PIDFile = "/run/pppd/${pppInterface}.pid";
-      };
-      restartTriggers = with config; [
-        environment.etc."ppp/ip-pre-up".source
-        environment.etc."ppp/ip-up".source
-        environment.etc."ppp/ip-down".source
-      ];
-    };
-    environment.etc = {
      "ppp/ip-pre-up".source = pkgs.resholve.writeScript "ip-pre-up" {
        interpreter = pkgs.runtimeShell;
        inputs = [ pkgs.iproute2 pkgs.ethtool ];
@@ -137,9 +152,5 @@ in {
      "net.core.rmem_max" = 4194304;
      "net.core.wmem_max" = 4194304;
    };
-    systemd.services."pppd-telekom" = {
-      bindsTo = [ "sys-subsystem-net-devices-telekom.device" ];
-      after = [ "sys-subsystem-net-devices-telekom.device" ];
-    };
  };
 }
diff --git a/hosts/vidhar/network/no-double-timeout.patch b/hosts/vidhar/network/pppoe/no-double-timeout.patch
index 53f41ae1..53f41ae1 100644
--- a/hosts/vidhar/network/no-double-timeout.patch
+++ b/hosts/vidhar/network/pppoe/no-double-timeout.patch
diff --git a/hosts/vidhar/network/pppoe/o2-password b/hosts/vidhar/network/pppoe/o2-password
new file mode 100644
index 00000000..cd3aed78
--- /dev/null
+++ b/hosts/vidhar/network/pppoe/o2-password
@@ -0,0 +1,18 @@
+{
+        "data": "ENC[AES256_GCM,data:mxHA3rrs5Sc50jAP,iv:iW1ua7wjZR8rPwXw21TdFK+fbfosc1CmnrTG34OJ2zM=,tag:pZ/FAHupnKy0wHtF6RN7yA==,type:str]",
+        "sops": {
+                "age": [
+                        {
+                                "recipient": "age1rmmhetcmllq0ahl5qznlr0eya2zdxwl9h6y5wnl97d2wtyx5t99sm2u866",
+                                "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpUzAvSlJkSFhhRTFLY0VO\nU1VYbFhpMEpxaFhlb2NyS0xDNU5oMm9EZzJnCm5vbTM4c3lFMU5EajhwTGd6MTVx\nZTFmNVlyaVZuRy9hL2VnWFR0TTNEemsKLS0tIDdTemNMTTllQ1pmb0JNTlVGcTlU\nWjQ2MW4yVmtvRng3TlRDbmpHdmRkbUEKtIVAq4aZD6rhtX7+67EE5eOKAtGsVpBg\nPkfjkyV8ifBEx/lwDaJSHpLPfkbI9oArTL8BloodJEEGql5PXZxtvg==\n-----END AGE ENCRYPTED FILE-----\n"
+                        },
+                        {
+                                "recipient": "age1qffdqvy9arld9zd5a5cylt0n98xhcns5shxhrhwjq5g4qa844ejselaa4l",
+                                "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmUk1oZGdjL25YbGRzdFFh\nRllkcU1IM0x6a2M2S0JicDBFYnBxMWluaEFzCjJ3WHozNkw0RThCMG5BNE5uUkZa\nTnV1OHpaSkMrTk9XM1NRWmxlTmRuUFkKLS0tIE9qdXVWOG9CL0MyS1JXbzhmbVdC\nZlRBWm1SSTZWYzBDc1U4ci94a0hMcHcKLgbJSAMUJ9VaXVmYQe+Uj13KrWFe4QvJ\nRcibCyOJH/VO3rmxU8RAkx0jaH448h9klWhs583Od5yNg7GleC+/qg==\n-----END AGE ENCRYPTED FILE-----\n"
+                        }
+                ],
+                "lastmodified": "2026-04-14T15:24:19Z",
+                "mac": "ENC[AES256_GCM,data:/dr0bXAf0v5K9LdKw7RzTTL8Qw/WqiHqLk0EbahDnFg3cVplV0s+ImCnxmhutv3hxdtMZ2dmLBfb8CYb/ZLc4HtNT/K2iKGQM7pF4+XxIjS35Q1JUcXxLrsGZcpARuCZ0AJnKo8yFgtM64dYcbxHlRwGG4u4Ds9fEHHLUMigNM0=,iv:jfFlfscUB7S1JjL/uBeW3uD4bugCT9Cj/vigGvGXrlA=,tag:suol02QD4jRH/QulWoV21A==,type:str]",
+                "version": "3.12.2"
+        }
+}

diff --git a/hosts/vidhar/network/default.nix b/hosts/vidhar/network/default.nix index 02a8d648..3b48a7fc 100644 --- a/hosts/vidhar/network/default.nix +++ b/hosts/vidhar/network/default.nix
@@ -3,7 +3,7 @@
3	with lib;	3	with lib;
4		4
5	{	5	{
6	imports = [ ./pppoe.nix ./bifrost ./dhcp ];	6	imports = [ ./pppoe ./bifrost ./dhcp ];
7		7
8	config = {	8	config = {
9	networking = {	9	networking = {
@@ -132,6 +132,7 @@ with lib;
132	"/srv/nfs/nix-store" = {	132	"/srv/nfs/nix-store" = {
133	device = "/nix/store";	133	device = "/nix/store";
134	options = [ "bind" ];	134	options = [ "bind" ];
		135	fsType = "none";
135	};	136	};
136	};	137	};
137	};	138	};


diff --git a/hosts/vidhar/network/pppoe.nix b/hosts/vidhar/network/pppoe/default.nix index 7b342b69..36bf4f49 100644 --- a/hosts/vidhar/network/pppoe.nix +++ b/hosts/vidhar/network/pppoe/default.nix
@@ -27,7 +27,37 @@ in {
27	./no-double-timeout.patch	27	./no-double-timeout.patch
28	];	28	];
29	});	29	});
30	peers.telekom.config = ''	30	peers = {
		31	o2.config = ''
		32	user DSL0004874856014@s93.bbi-o2.de
		33	'';
		34	};
		35	};
		36	systemd.services."pppd-o2" = {
		37	stopIfChanged = true;
		38
		39	restartTriggers = with config; [
		40	environment.etc."ppp/pap-secrets".source
		41	environment.etc."ppp/options".source
		42	environment.etc."ppp/ip-pre-up".source
		43	environment.etc."ppp/ip-up".source
		44	environment.etc."ppp/ip-down".source
		45	];
		46
		47	serviceConfig.LoadCredential = [
		48	"password:${config.sops.secrets."o2-password".path}"
		49	];
		50
		51	bindsTo = [ "sys-subsystem-net-devices-telekom.device" ];
		52	after = [ "sys-subsystem-net-devices-telekom.device" ];
		53	};
		54	sops.secrets."o2-password" = {
		55	format = "binary";
		56	sopsFile = ./o2-password;
		57	};
		58
		59	environment.etc = {
		60	"ppp/options".text = ''
31	nodefaultroute	61	nodefaultroute
32	ifname ${pppInterface}	62	ifname ${pppInterface}
33	lcp-echo-adaptive	63	lcp-echo-adaptive
@@ -39,29 +69,14 @@ in {
39	plugin pppoe.so	69	plugin pppoe.so
40	pppoe-padi-timeout 1	70	pppoe-padi-timeout 1
41	pppoe-padi-attempts 10	71	pppoe-padi-attempts 10
42	user congstar
43	password congstar
44	nic-telekom	72	nic-telekom
45	debug	73	debug
46	+ipv6	74	+ipv6
47	'';	75	'';
48	};	76	"ppp/pap-secrets".text = ''
49	systemd.services."pppd-telekom" = {	77	congstar * congstar *
50	stopIfChanged = true;	78	DSL0004874856014@s93.bbi-o2.de * @/run/credentials/pppd-o2.service/password *
51		79	'';
52	serviceConfig = {
53	Type = lib.mkForce "notify";
54	ExecStart = lib.mkForce "${getBin config.services.pppd.package}/sbin/pppd call telekom up_sdnotify nolog";
55	PIDFile = "/run/pppd/${pppInterface}.pid";
56	};
57	restartTriggers = with config; [
58	environment.etc."ppp/ip-pre-up".source
59	environment.etc."ppp/ip-up".source
60	environment.etc."ppp/ip-down".source
61	];
62	};
63
64	environment.etc = {
65	"ppp/ip-pre-up".source = pkgs.resholve.writeScript "ip-pre-up" {	80	"ppp/ip-pre-up".source = pkgs.resholve.writeScript "ip-pre-up" {
66	interpreter = pkgs.runtimeShell;	81	interpreter = pkgs.runtimeShell;
67	inputs = [ pkgs.iproute2 pkgs.ethtool ];	82	inputs = [ pkgs.iproute2 pkgs.ethtool ];
@@ -137,9 +152,5 @@ in {
137	"net.core.rmem_max" = 4194304;	152	"net.core.rmem_max" = 4194304;
138	"net.core.wmem_max" = 4194304;	153	"net.core.wmem_max" = 4194304;
139	};	154	};
140	systemd.services."pppd-telekom" = {
141	bindsTo = [ "sys-subsystem-net-devices-telekom.device" ];
142	after = [ "sys-subsystem-net-devices-telekom.device" ];
143	};
144	};	155	};
145	}	156	}


diff --git a/hosts/vidhar/network/no-double-timeout.patch b/hosts/vidhar/network/pppoe/no-double-timeout.patch index 53f41ae1..53f41ae1 100644 --- a/hosts/vidhar/network/no-double-timeout.patch +++ b/hosts/vidhar/network/pppoe/no-double-timeout.patch


diff --git a/hosts/vidhar/network/pppoe/o2-password b/hosts/vidhar/network/pppoe/o2-password new file mode 100644 index 00000000..cd3aed78 --- /dev/null +++ b/hosts/vidhar/network/pppoe/o2-password
@@ -0,0 +1,18 @@
		1	{
		2	"data": "ENC[AES256_GCM,data:mxHA3rrs5Sc50jAP,iv:iW1ua7wjZR8rPwXw21TdFK+fbfosc1CmnrTG34OJ2zM=,tag:pZ/FAHupnKy0wHtF6RN7yA==,type:str]",
		3	"sops": {
		4	"age": [
		5	{
		6	"recipient": "age1rmmhetcmllq0ahl5qznlr0eya2zdxwl9h6y5wnl97d2wtyx5t99sm2u866",
		7	"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpUzAvSlJkSFhhRTFLY0VO\nU1VYbFhpMEpxaFhlb2NyS0xDNU5oMm9EZzJnCm5vbTM4c3lFMU5EajhwTGd6MTVx\nZTFmNVlyaVZuRy9hL2VnWFR0TTNEemsKLS0tIDdTemNMTTllQ1pmb0JNTlVGcTlU\nWjQ2MW4yVmtvRng3TlRDbmpHdmRkbUEKtIVAq4aZD6rhtX7+67EE5eOKAtGsVpBg\nPkfjkyV8ifBEx/lwDaJSHpLPfkbI9oArTL8BloodJEEGql5PXZxtvg==\n-----END AGE ENCRYPTED FILE-----\n"
		8	},
		9	{
		10	"recipient": "age1qffdqvy9arld9zd5a5cylt0n98xhcns5shxhrhwjq5g4qa844ejselaa4l",
		11	"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmUk1oZGdjL25YbGRzdFFh\nRllkcU1IM0x6a2M2S0JicDBFYnBxMWluaEFzCjJ3WHozNkw0RThCMG5BNE5uUkZa\nTnV1OHpaSkMrTk9XM1NRWmxlTmRuUFkKLS0tIE9qdXVWOG9CL0MyS1JXbzhmbVdC\nZlRBWm1SSTZWYzBDc1U4ci94a0hMcHcKLgbJSAMUJ9VaXVmYQe+Uj13KrWFe4QvJ\nRcibCyOJH/VO3rmxU8RAkx0jaH448h9klWhs583Od5yNg7GleC+/qg==\n-----END AGE ENCRYPTED FILE-----\n"
		12	}
		13	],
		14	"lastmodified": "2026-04-14T15:24:19Z",
		15	"mac": "ENC[AES256_GCM,data:/dr0bXAf0v5K9LdKw7RzTTL8Qw/WqiHqLk0EbahDnFg3cVplV0s+ImCnxmhutv3hxdtMZ2dmLBfb8CYb/ZLc4HtNT/K2iKGQM7pF4+XxIjS35Q1JUcXxLrsGZcpARuCZ0AJnKo8yFgtM64dYcbxHlRwGG4u4Ds9fEHHLUMigNM0=,iv:jfFlfscUB7S1JjL/uBeW3uD4bugCT9Cj/vigGvGXrlA=,tag:suol02QD4jRH/QulWoV21A==,type:str]",
		16	"version": "3.12.2"
		17	}
		18	}