From 68f7b6dcf0d388ea14b0782fb62f6cb7b7ea941c Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Tue, 9 Jul 2024 14:24:14 +0200 Subject: dsl -> gpon --- hosts/vidhar/network/gpon.nix | 265 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 265 insertions(+) create mode 100644 hosts/vidhar/network/gpon.nix (limited to 'hosts/vidhar/network/gpon.nix') diff --git a/hosts/vidhar/network/gpon.nix b/hosts/vidhar/network/gpon.nix new file mode 100644 index 00000000..c15a6e8d --- /dev/null +++ b/hosts/vidhar/network/gpon.nix @@ -0,0 +1,265 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + pppInterface = config.networking.pppInterface; +in { + options = { + networking.pppInterface = mkOption { + type = types.str; + default = "gpon"; + }; + }; + + config = { + networking.vlans = { + telekom = { + id = 7; + interface = "eno2"; + }; + }; + + services.pppd = { + enable = true; + peers.telekom.config = '' + nodefaultroute + ifname ${pppInterface} + lcp-echo-adaptive + lcp-echo-failure 5 + lcp-echo-interval 1 + maxfail 0 + mtu 1492 + mru 1492 + plugin pppoe.so + name telekom + user 002576900250551137425220#0001@t-online.de + nic-telekom + debug + +ipv6 + ''; + }; + systemd.services."pppd-telekom" = { + stopIfChanged = true; + + serviceConfig = { + PIDFile = "/run/pppd/${pppInterface}.pid"; + }; + }; + sops.secrets."pap-secrets" = { + format = "binary"; + sopsFile = ./pap-secrets; + path = "/etc/ppp/pap-secrets"; + }; + + environment.etc = { + "ppp/ip-pre-up".source = let + app = pkgs.writeShellApplication { + name = "ip-pre-up"; + runtimeInputs = with pkgs; [ iproute2 ethtool ]; + text = '' + ethtool -K telekom tso off gso off gro off + + ip link del "ifb4${pppInterface}" || true + ip link add name "ifb4${pppInterface}" type ifb + ip link set "ifb4${pppInterface}" up + + tc qdisc del dev "ifb4${pppInterface}" root || true + tc qdisc del dev "${pppInterface}" ingress || true + tc qdisc del dev "${pppInterface}" root || true + + tc qdisc add dev "${pppInterface}" handle ffff: ingress + tc filter add dev "${pppInterface}" parent ffff: basic action ctinfo dscp 0x0000003f 0x00000040 action mirred egress redirect dev "ifb4${pppInterface}" + tc qdisc replace dev "ifb4${pppInterface}" root cake memlimit 128Mb pppoe-ptm diffserv4 bandwidth 238mbit + tc qdisc replace dev "${pppInterface}" root cake memlimit 128Mb pppoe-ptm nat diffserv4 wash bandwidth 48mbit + ''; + }; + in "${app}/bin/${app.meta.mainProgram}"; + "ppp/ip-up".source = let + app = pkgs.writeShellApplication { + name = "ip-up"; + runtimeInputs = with pkgs; [ iproute2 ]; + text = '' + ip route add default via "$5" dev "${pppInterface}" metric 512 + ''; + }; + in "${app}/bin/${app.meta.mainProgram}"; + "ppp/ip-down".source = let + app = pkgs.writeShellApplication { + name = "ip-down"; + runtimeInputs = with pkgs; [ iproute2 ]; + text = '' + ip link del "ifb4${pppInterface}" + ''; + }; + in "${app}/bin/${app.meta.mainProgram}"; + }; + + systemd.network.networks.${pppInterface} = { + matchConfig = { + Name = pppInterface; + }; + dns = [ "::1" "127.0.0.1" ]; + domains = [ "~." ]; + networkConfig = { + LinkLocalAddressing = "no"; + DNSSEC = true; + }; + }; + + services.corerad = { + enable = true; + settings = { + interfaces = [ + { name = pppInterface; + monitor = true; + verbose = true; + } + { name = "lan"; + advertise = true; + verbose = true; + prefix = [{ prefix = "::/64"; }]; + route = [{ prefix = "::/0"; }]; + rdnss = [{ servers = ["::"]; }]; + dnssl = [{ domain_names = ["yggdrasil"]; }]; + # other_config = true; + } + ]; + + debug = { + address = "localhost:9430"; + prometheus = true; + }; + }; + }; + services.ndppd = { + enable = true; + proxies = { + ${pppInterface} = { + router = true; + rules = { + lan = { + method = "iface"; + interface = "lan"; + network = "::/0"; + }; + }; + }; + }; + }; + boot.kernelModules = [ "ifb" ]; + boot.kernel.sysctl = { + "net.ipv6.conf.all.forwarding" = true; + "net.ipv6.conf.default.forwarding" = true; + "net.ipv4.conf.all.forwarding" = true; + "net.ipv4.conf.default.forwarding" = true; + + "net.core.rmem_max" = 4194304; + "net.core.wmem_max" = 4194304; + }; + systemd.services."pppd-telekom" = { + bindsTo = [ "sys-subsystem-net-devices-telekom.device" ]; + after = [ "sys-subsystem-net-devices-telekom.device" ]; + }; + systemd.services."dhcpcd-${pppInterface}" = { + wantedBy = [ "multi-user.target" "network-online.target" "pppd-telekom.service" ]; + bindsTo = [ "pppd-telekom.service" ]; + after = [ "pppd-telekom.service" ]; + wants = [ "network.target" ]; + before = [ "network-online.target" ]; + + path = with pkgs; [ dhcpcd nettools openresolv ]; + unitConfig.ConditionCapability = "CAP_NET_ADMIN"; + + stopIfChanged = true; + + preStart = '' + i=0 + + while [[ -z "$(${pkgs.iproute2}/bin/ip -6 addr show dev ${pppInterface} scope link)" ]]; do + ${pkgs.coreutils}/bin/sleep 0.1 + i=$((i + 1)) + if [[ "$i" -ge 10 ]]; then + exit 1 + fi + done + ''; + + postStop = '' + for dev in lan; do + ${pkgs.iproute2}/bin/ip -6 a show dev "''${dev}" scope global | ${pkgs.gnugrep}/bin/grep inet6 | ${pkgs.gawk}/bin/awk '{ print $2; }' | ${pkgs.findutils}/bin/xargs -I '{}' -- ${pkgs.iproute2}/bin/ip addr del '{}' dev "''${dev}" + done + ''; + + serviceConfig = let + dhcpcdConf = pkgs.writeText "dhcpcd.conf" '' + duid + vendorclassid + ipv6only + + nooption domain_name_servers, domain_name, domain_search + option classless_static_routes + option interface_mtu + + option host_name + option rapid_commit + require dhcp_server_identifier + slaac private + + nohook resolv.conf + ipv6ra_autoconf + iaid 1195061668 + ipv6rs # enable routing solicitation for WAN adapter + ia_pd 1 lan/0/64/0 # request a PD and assign it to the LAN + + reboot 0 + + waitip 6 + ''; + in { + Type = "forking"; + PIDFile = "/var/run/dhcpcd/${pppInterface}.pid"; + RuntimeDirectory = "dhcpcd"; + ExecStart = "@${pkgs.dhcpcd}/sbin/dhcpcd dhcpcd -q --config ${dhcpcdConf} ${pppInterface}"; + ExecReload = "${pkgs.dhcpcd}/sbin/dhcpcd --rebind ${pppInterface}"; + Restart = "always"; + RestartSec = "5"; + }; + }; + systemd.services.ndppd = { + wantedBy = [ "dhcpcd-${pppInterface}.service" ]; + bindsTo = [ "dhcpcd-${pppInterface}.service" ]; + after = [ "dhcpcd-${pppInterface}.service" ]; + + serviceConfig = { + Restart = "always"; + RestartSec = "5"; + }; + }; + systemd.services.corerad = { + wantedBy = [ "dhcpcd-${pppInterface}.service" ]; + bindsTo = [ "dhcpcd-${pppInterface}.service" ]; + after = [ "dhcpcd-${pppInterface}.service" ]; + + serviceConfig = { + Restart = lib.mkForce "always"; + RestartSec = "5"; + }; + }; + users.users.dhcpcd = { + isSystemUser = true; + group = "dhcpcd"; + }; + users.groups.dhcpcd = {}; + + systemd.services.unbound = { + wantedBy = [ "dhcpcd-${pppInterface}.service" ]; + bindsTo = [ "dhcpcd-${pppInterface}.service" ]; + after = [ "dhcpcd-${pppInterface}.service" ]; + + serviceConfig = { + Restart = lib.mkForce "always"; + }; + }; + }; +} -- cgit v1.2.3