From d1cf2303f41e69fb32b043597ff10603befe1eb3 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Sat, 21 Mar 2026 21:19:22 +0100 Subject: vidhar/pppoe: switch to networkd --- hosts/vidhar/kimai/default.nix | 6 +- hosts/vidhar/network/default.nix | 13 ++- hosts/vidhar/network/pppoe.nix | 194 +++++---------------------------------- 3 files changed, 38 insertions(+), 175 deletions(-) diff --git a/hosts/vidhar/kimai/default.nix b/hosts/vidhar/kimai/default.nix index 0258697b..4d1057a9 100644 --- a/hosts/vidhar/kimai/default.nix +++ b/hosts/vidhar/kimai/default.nix @@ -6,6 +6,10 @@ boot.kernel.sysctl = { "net.netfilter.nf_log_all_netns" = true; }; + systemd.network = { + networks."80-container-ve".enable = false; + links."80-container-ve".enable = false; + }; containers."kimai" = { autoStart = true; @@ -50,7 +54,7 @@ }; }; - services.resolved.fallbackDns = [ + services.resolved.settings.Resolve.FallbackDns = [ "9.9.9.10#dns10.quad9.net" "149.112.112.10#dns10.quad9.net" "2620:fe::10#dns10.quad9.net" diff --git a/hosts/vidhar/network/default.nix b/hosts/vidhar/network/default.nix index c7e72087..02a8d648 100644 --- a/hosts/vidhar/network/default.nix +++ b/hosts/vidhar/network/default.nix @@ -90,9 +90,18 @@ with lib; matchConfig.Name = "eno2"; networkConfig.LinkLocalAddressing = "no"; }; - "80-container-ve".enable = false; + "40-lan" = { + matchConfig.Name = "lan"; + networkConfig = { + IPv6SendRA = true; + DHCPPrefixDelegation = true; + }; + ipv6SendRAConfig = { + DNS = "_link_local"; + Domains = ["lan.yggdrasil" "yggdrasil"]; + }; + }; }; - links."80-container-ve".enable = false; }; services.nfs = { diff --git a/hosts/vidhar/network/pppoe.nix b/hosts/vidhar/network/pppoe.nix index 6b4942a6..52a1818b 100644 --- a/hosts/vidhar/network/pppoe.nix +++ b/hosts/vidhar/network/pppoe.nix @@ -102,33 +102,31 @@ in { ''; }; - systemd.network.networks.${pppInterface} = { - matchConfig = { - Name = pppInterface; - }; - dns = [ "::1" "127.0.0.1" ]; - domains = [ "~." ]; - networkConfig = { - LinkLocalAddressing = "no"; - DNSSEC = true; - }; - }; - - services.ndppd = { - enable = true; - proxies = { - ${pppInterface} = { - router = true; - rules = { - lan = { - method = "iface"; - interface = "lan"; - network = "::/0"; - }; - }; + systemd.package = pkgs.systemd.overrideAttrs (oldAttrs: { + patches = (oldAttrs.patches or []) ++ [ + (pkgs.fetchpatch { + url = "https://github.com/sysedwinistrator/systemd/commit/b9691a43551739ddacdb8d53a4312964c3ddfa08.patch"; + hash = "sha256-TLfOTFodLzCVywnF4Xp4BR2Pja0Qq4ItE/yaKkzI414="; + }) + ]; + }); + + systemd.network.networks = { + "40-${pppInterface}" = { + matchConfig.Name = pppInterface; + dns = [ "::1" "127.0.0.1" ]; + domains = [ "~." ]; + networkConfig = { + DHCP = true; + DNSSEC = true; + }; + dhcpV6Config = { + PrefixDelegationHint = "::/64"; + WithoutRA = "solicit"; }; }; }; + boot.kernelModules = [ "ifb" ]; boot.kernel.sysctl = { "net.ipv6.conf.all.forwarding" = true; @@ -144,155 +142,7 @@ in { after = [ "sys-subsystem-net-devices-telekom.device" ]; }; - networking.interfaces.${pppInterface}.useDHCP = true; - networking.dhcpcd = { - enable = true; - persistent = false; - setHostname = false; - wait = "ipv6"; - IPv6rs = false; - - extraConfig = '' - duid - vendorclassid - ipv6only - - require dhcp_server_identifier - - reboot 0 - - interface ${pppInterface} - nooption domain_name_servers, domain_name, domain_search, ntp_servers - nohook hostname, resolv.conf - option rapid_commit - - ipv6rs - - ia_pd 1 lan/0/64/0 - ''; - }; - systemd.services.dhcpcd = { - wantedBy = [ "multi-user.target" "network-online.target" "pppd-telekom.service" ]; - bindsTo = [ "pppd-telekom.service" ]; - after = [ "pppd-telekom.service" ]; - wants = [ "network.target" ]; - before = [ "network-online.target" ]; - - serviceConfig = { - ExecStartPre = [ - (pkgs.resholve.writeScript "wait-${pppInterface}-ip" { - interpreter = pkgs.runtimeShell; - inputs = with pkgs; [ iproute2 coreutils ]; - execer = [ - "cannot:${lib.getExe' pkgs.iproute2 "ip"}" - ]; - } '' - i=0 - - while [[ -z "$(ip -6 addr show dev ${pppInterface} scope link)" ]]; do - sleep 0.1 - i=$((i + 1)) - if [[ "$i" -ge 10 ]]; then - exit 1 - fi - done - '') - ]; - - RestartSec = "5"; - }; - }; - systemd.services.ndppd = { - wantedBy = [ "dhcpcd.service" ]; - bindsTo = [ "dhcpcd.service" ]; - after = [ "dhcpcd.service" ]; - - serviceConfig = { - Restart = "always"; - RestartSec = "5"; - }; - }; - systemd.services.radvd = { - wantedBy = [ "dhcpcd.service" "multi-user.target" ]; - bindsTo = [ "dhcpcd.service" ]; - after = [ "dhcpcd.service" "network.target" ]; - - serviceConfig = { - Restart = "always"; - RestartSec = "5"; - DynamicUser = true; - AmbientCapabilities = ["CAP_NET_ADMIN" "CAP_NET_RAW"]; - CapabilityBoundingSet = ["CAP_NET_ADMIN" "CAP_NET_RAW"]; - RuntimeDirectory = "radvd"; - PIDFile = "$RUNTIME_DIRECTORY/radvd.pid"; - ExecStart = pkgs.writers.writePython3 "radvd-genconfig" { - libraries = with pkgs.python3Packages; [ jinja2 ]; - doCheck = false; - } '' - import os - import sys - from tempfile import NamedTemporaryFile - import subprocess - import json - import jinja2 - from pathlib import Path - from ipaddress import IPv6Network - - - def network_address(value, prefixlen): - return IPv6Network(value + "/" + str(prefixlen), strict=False).network_address - - - with subprocess.Popen(["${lib.getExe' pkgs.iproute2 "ip"}", "-j", "addr", "show", "dev", "lan"], stdout=subprocess.PIPE) as proc: - addresses = json.load(proc.stdout) - - global_addresses = [ addr for addr in addresses[0]["addr_info"] if addr["family"] == "inet6" and addr["scope"] == "global" ] - - if not global_addresses: - sys.exit(1) - - with NamedTemporaryFile(mode='w', dir=os.environ["RUNTIME_DIRECTORY"], prefix="radvd.", suffix=".conf", delete=False) as fh: - config_file = fh.name - env = jinja2.Environment( - loader = jinja2.FileSystemLoader("${pkgs.writeTextDir "radvd.conf.jinja2" '' - interface lan { - IgnoreIfMissing off; - AdvSendAdvert on; - MaxRtrAdvInterval 240; - {% for addr in addrs %} - prefix {{addr["local"] | network_address(addr["prefixlen"])}}/{{addr["prefixlen"]}} { - AdvValidLifetime 86400; - AdvPreferredLifetime 300; - DeprecatePrefix on; - }; - route {{addr["local"] | network_address(56)}}/56 { - AdvRouteLifetime 300; - RemoveRoute on; - }; - RDNSS {{addr["local"]}} { - AdvRDNSSLifetime 300; - }; - {%- endfor %} - DNSSL yggdrasil {}; - }; - ''}"), - autoescape = False, - ) - env.filters["network_address"] = network_address - env.get_template("radvd.conf.jinja2").stream({ - "addrs": global_addresses, - }).dump(fh) - - os.execv("${lib.getExe' pkgs.radvd "radvd"}", ["radvd", "-n", "-p", str(Path(os.environ["RUNTIME_DIRECTORY"]) / "radvd.pid"), "-d", "1", "-C", config_file]) - ''; - }; - }; - systemd.services.unbound = { - wantedBy = [ "dhcpcd.service" ]; - bindsTo = [ "dhcpcd.service" ]; - after = [ "dhcpcd.service" ]; - serviceConfig = { Restart = lib.mkForce "always"; }; -- cgit v1.2.3