From 3fcc1a7f1ea8acd7236eb632268fa8e382b2e270 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Sat, 22 Nov 2025 13:59:13 +0100 Subject: ... --- hosts/vidhar/network/pppoe.nix | 141 ++++++++++++++++++++--------------------- 1 file changed, 68 insertions(+), 73 deletions(-) (limited to 'hosts/vidhar/network/pppoe.nix') diff --git a/hosts/vidhar/network/pppoe.nix b/hosts/vidhar/network/pppoe.nix index d17be349..7cdf3cb6 100644 --- a/hosts/vidhar/network/pppoe.nix +++ b/hosts/vidhar/network/pppoe.nix @@ -4,48 +4,6 @@ with lib; let pppInterface = config.networking.pppInterface; - - corerad-deprecated = pkgs.writers.writeBashBin "corerad-deprecated" '' - exec -- ${lib.getExe' config.systemd.package "systemd-run"} \ - --unit=corerad-deprecated@$(${lib.getExe' config.systemd.package "systemd-escape"} $1) \ - --property=AmbientCapabilities="CAP_NET_ADMIN CAP_NET_RAW" \ - --property=CapabilityBoundingSet="CAP_NET_ADMIN CAP_NET_RAW" \ - --property=DynamicUser=yes \ - --property=LimitNOFILE=1048576 \ - --property=LimitNPROC=512 \ - --property=NotifyAccess=main \ - --property=Type=notify \ - --property=RuntimeMaxSec=4h \ - ${pkgs.writers.writeBash "corerad-deprecated" '' - exec -- ${lib.getExe pkgs.corerad} -c=<(${pkgs.writers.writePython3 "corerad-config" { - libraries = with pkgs.python3Packages; [ toml ]; - flakeIgnore = [ "E124" "E121" ]; - } '' - import toml - import sys - import re - - match = re.fullmatch(r'(?P[^/]+)/(?P.+)', sys.argv[1]) - - toml.dump({ - "interfaces": [ - { - "name": match.group("interface"), - "advertise": True, - "prefix": [ - { - "prefix": match.group("prefix"), - "preferred_lifetime": "1s", - "valid_lifetime": "14400s", - "deprecated": True, - }, - ], - }, - ], - }, sys.stdout) - ''} $@) - ''} $@ - ''; in { options = { networking.pppInterface = mkOption { @@ -148,33 +106,6 @@ in { }; }; - services.corerad = { - enable = true; - settings = { - interfaces = [ - { name = pppInterface; - monitor = true; - verbose = true; - } - { name = "lan"; - advertise = true; - verbose = true; - prefix = [{ prefix = "::/64"; }]; - route = [{ prefix = "::/0"; }]; - rdnss = [{ servers = ["::"]; }]; - dnssl = [{ domain_names = ["yggdrasil"]; }]; - # other_config = true; - } - ]; - - debug = { - address = "localhost:9430"; - prometheus = true; - }; - }; - }; - environment.systemPackages = [ corerad-deprecated ]; - services.ndppd = { enable = true; proxies = { @@ -273,14 +204,78 @@ in { RestartSec = "5"; }; }; - systemd.services.corerad = { - wantedBy = [ "dhcpcd.service" ]; + systemd.services.radvd = { + wantedBy = [ "dhcpcd.service" "multi-user.target" ]; bindsTo = [ "dhcpcd.service" ]; - after = [ "dhcpcd.service" ]; + after = [ "dhcpcd.service" "network.target" ]; serviceConfig = { - Restart = lib.mkForce "always"; + Restart = "always"; RestartSec = "5"; + DynamicUser = true; + AmbientCapabilities = ["CAP_NET_ADMIN" "CAP_NET_RAW"]; + CapabilityBoundingSet = ["CAP_NET_ADMIN" "CAP_NET_RAW"]; + RuntimeDirectory = "radvd"; + PIDFile = "$RUNTIME_DIRECTORY/radvd.pid"; + ExecStart = pkgs.writers.writePython3 "radvd-genconfig" { + libraries = with pkgs.python3Packages; [ jinja2 ]; + doCheck = false; + } '' + import os + from tempfile import NamedTemporaryFile + import subprocess + import json + import jinja2 + from pathlib import Path + from ipaddress import IPv6Network + + + def network_address(value, prefixlen): + return IPv6Network(value + "/" + str(prefixlen), strict=False).network_address + + + with subprocess.Popen(["${lib.getExe' pkgs.iproute2 "ip"}", "-j", "addr", "show", "dev", "lan"], stdout=subprocess.PIPE) as proc: + addresses = json.load(proc.stdout) + + global_addresses = [ addr for addr in addresses[0]["addr_info"] if addr["family"] == "inet6" and addr["scope"] == "global" ] + + if not global_addresses: + sys.exit(1) + + with NamedTemporaryFile(mode='w', dir=os.environ["RUNTIME_DIRECTORY"], prefix="radvd.", suffix=".conf", delete=False) as fh: + config_file = fh.name + env = jinja2.Environment( + loader = jinja2.FileSystemLoader("${pkgs.writeTextDir "radvd.conf.jinja2" '' + interface lan { + IgnoreIfMissing off; + AdvSendAdvert on; + MaxRtrAdvInterval 240; + {% for addr in addrs %} + prefix {{addr["local"] | network_address(addr["prefixlen"])}}/{{addr["prefixlen"]}} { + AdvValidLifetime 86400; + AdvPreferredLifetime 300; + DeprecatePrefix on; + }; + route {{addr["local"] | network_address(56)}}/56 { + AdvRouteLifetime 300; + RemoveRoute on; + }; + RDNSS {{addr["local"]}} { + AdvRDNSSLifetime 300; + }; + {%- endfor %} + DNSSL yggdrasil {}; + }; + ''}"), + autoescape = False, + ) + env.filters["network_address"] = network_address + env.get_template("radvd.conf.jinja2").stream({ + "addrs": global_addresses, + }).dump(fh) + + os.execv("${lib.getExe pkgs.radvd}", ["radvd", "-n", "-p", str(Path(os.environ["RUNTIME_DIRECTORY"]) / "radvd.pid"), "-d", "1", "-C", config_file]) + ''; }; }; -- cgit v1.2.3