From d02070251ba23429ba2514d71f30eebece187b7f Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Thu, 16 Apr 2026 19:15:46 +0200
Subject: bump vidhar

---
 hosts/vidhar/network/pppoe/default.nix | 156 +++++++++++++++++++++++++++++++++
 1 file changed, 156 insertions(+)
 create mode 100644 hosts/vidhar/network/pppoe/default.nix

(limited to 'hosts/vidhar/network/pppoe/default.nix')

diff --git a/hosts/vidhar/network/pppoe/default.nix b/hosts/vidhar/network/pppoe/default.nix
new file mode 100644
index 00000000..36bf4f49
--- /dev/null
+++ b/hosts/vidhar/network/pppoe/default.nix
@@ -0,0 +1,156 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  inherit (config.networking) pppInterface;
+in {
+  options = {
+    networking.pppInterface = mkOption {
+      type = types.str;
+      default = "ppp";
+    };
+  };
+
+  config = {
+    networking.vlans = {
+      telekom = {
+        id = 7;
+        interface = "eno2";
+      };
+    };
+
+    services.pppd = {
+      enable = true;
+      package = pkgs.ppp.overrideAttrs (oldAttrs: {
+        patches = (oldAttrs.patches or []) ++ [
+          ./no-double-timeout.patch
+        ];
+      });
+      peers = {
+        o2.config = ''
+          user DSL0004874856014@s93.bbi-o2.de
+        '';
+      };
+    };
+    systemd.services."pppd-o2" = {
+      stopIfChanged = true;
+
+      restartTriggers = with config; [
+        environment.etc."ppp/pap-secrets".source
+        environment.etc."ppp/options".source
+        environment.etc."ppp/ip-pre-up".source
+        environment.etc."ppp/ip-up".source
+        environment.etc."ppp/ip-down".source
+      ];
+
+      serviceConfig.LoadCredential = [
+        "password:${config.sops.secrets."o2-password".path}"
+      ];
+
+      bindsTo = [ "sys-subsystem-net-devices-telekom.device" ];
+      after = [ "sys-subsystem-net-devices-telekom.device" ];
+    };
+    sops.secrets."o2-password" = {
+      format = "binary";
+      sopsFile = ./o2-password;
+    };
+
+    environment.etc = {
+      "ppp/options".text = ''
+        nodefaultroute
+        ifname ${pppInterface}
+        lcp-echo-adaptive
+        lcp-echo-failure 10
+        lcp-echo-interval 1
+        maxfail 0
+        mtu 1492
+        mru 1492
+        plugin pppoe.so
+        pppoe-padi-timeout 1
+        pppoe-padi-attempts 10
+        nic-telekom
+        debug
+        +ipv6
+      '';
+      "ppp/pap-secrets".text = ''
+        congstar * congstar *
+        DSL0004874856014@s93.bbi-o2.de * @/run/credentials/pppd-o2.service/password *
+      '';
+      "ppp/ip-pre-up".source = pkgs.resholve.writeScript "ip-pre-up" {
+        interpreter = pkgs.runtimeShell;
+        inputs = [ pkgs.iproute2 pkgs.ethtool ];
+        execer = [
+          "cannot:${lib.getExe' pkgs.iproute2 "ip"}"
+          "cannot:${lib.getExe' pkgs.iproute2 "tc"}"
+        ];
+      } ''
+        ethtool -K telekom tso off gso off gro off
+
+        ip link del "ifb4$1" || true
+        ip link add name "ifb4$1" type ifb
+        ip link set "ifb4$1" up
+
+        tc qdisc del dev "ifb4$1" root || true
+        tc qdisc del dev "$1" ingress || true
+        tc qdisc del dev "$1" root || true
+
+        tc qdisc add dev "$1" handle ffff: ingress
+        tc filter add dev "$1" parent ffff: basic action ctinfo dscp 0x0000003f 0x00000040 action mirred egress redirect dev "ifb4$1"
+        tc qdisc replace dev "ifb4$1" root cake memlimit 128Mb overhead 35 mpu 74 regional diffserv4 bandwidth ${toString (builtins.floor (177968 * 0.95))}kbit
+        tc qdisc replace dev "$1" root cake memlimit 128Mb overhead 35 mpu 74 regional nat diffserv4 wash bandwidth ${toString (builtins.floor (41216 * 0.95))}kbit
+      '';
+      "ppp/ip-up".source = pkgs.resholve.writeScript "ip-up" {
+        interpreter = pkgs.runtimeShell;
+        inputs = [ pkgs.iproute2 ];
+        execer = [ "cannot:${lib.getExe' pkgs.iproute2 "ip"}" ];
+      } ''
+        ip addr add "$4" peer "$5"/32 dev "$1"
+        ip route add default dev "$1" metric 512
+      '';
+      "ppp/ip-down".source = pkgs.resholve.writeScript "ip-down" {
+        interpreter = pkgs.runtimeShell;
+        inputs = [ pkgs.iproute2 ];
+        execer = [ "cannot:${lib.getExe' pkgs.iproute2 "ip"}" ];
+      } ''
+        ip link del "ifb4$1"
+      '';
+    };
+
+    systemd.package = pkgs.systemd.overrideAttrs (oldAttrs: {
+      patches = (oldAttrs.patches or []) ++ [
+        (pkgs.fetchpatch {
+          url = "https://github.com/sysedwinistrator/systemd/commit/b9691a43551739ddacdb8d53a4312964c3ddfa08.patch";
+          hash = "sha256-TLfOTFodLzCVywnF4Xp4BR2Pja0Qq4ItE/yaKkzI414=";
+        })
+      ];
+    });
+
+    systemd.network.networks = {
+      "40-${pppInterface}" = {
+        matchConfig.Name = pppInterface;
+        dns = [ "::1" "127.0.0.1" ];
+        domains = [ "~." ];
+        networkConfig = {
+          DHCP = true;
+          DNSSEC = true;
+        };
+        dhcpV6Config = {
+          PrefixDelegationHint = "::/64";
+          WithoutRA = "solicit";
+        };
+      };
+    };
+
+    boot.kernelModules = [ "ifb" ];
+    boot.kernel.sysctl = {
+      "net.ipv6.conf.all.forwarding" = true;
+      "net.ipv6.conf.default.forwarding" = true;
+      "net.ipv4.conf.all.forwarding" = true;
+      "net.ipv4.conf.default.forwarding" = true;
+
+      "net.core.rmem_max" = 4194304;
+      "net.core.wmem_max" = 4194304;
+    };
+  };
+}
-- 
cgit v1.2.3