From d02070251ba23429ba2514d71f30eebece187b7f Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Thu, 16 Apr 2026 19:15:46 +0200 Subject: bump vidhar --- hosts/vidhar/network/default.nix | 3 +- hosts/vidhar/network/no-double-timeout.patch | 13 -- hosts/vidhar/network/pppoe.nix | 145 ------------------- hosts/vidhar/network/pppoe/default.nix | 156 +++++++++++++++++++++ hosts/vidhar/network/pppoe/no-double-timeout.patch | 13 ++ hosts/vidhar/network/pppoe/o2-password | 18 +++ 6 files changed, 189 insertions(+), 159 deletions(-) delete mode 100644 hosts/vidhar/network/no-double-timeout.patch delete mode 100644 hosts/vidhar/network/pppoe.nix create mode 100644 hosts/vidhar/network/pppoe/default.nix create mode 100644 hosts/vidhar/network/pppoe/no-double-timeout.patch create mode 100644 hosts/vidhar/network/pppoe/o2-password (limited to 'hosts/vidhar/network') diff --git a/hosts/vidhar/network/default.nix b/hosts/vidhar/network/default.nix index 02a8d648..3b48a7fc 100644 --- a/hosts/vidhar/network/default.nix +++ b/hosts/vidhar/network/default.nix @@ -3,7 +3,7 @@ with lib; { - imports = [ ./pppoe.nix ./bifrost ./dhcp ]; + imports = [ ./pppoe ./bifrost ./dhcp ]; config = { networking = { @@ -132,6 +132,7 @@ with lib; "/srv/nfs/nix-store" = { device = "/nix/store"; options = [ "bind" ]; + fsType = "none"; }; }; }; diff --git a/hosts/vidhar/network/no-double-timeout.patch b/hosts/vidhar/network/no-double-timeout.patch deleted file mode 100644 index 53f41ae1..00000000 --- a/hosts/vidhar/network/no-double-timeout.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git i/pppd/plugins/pppoe/discovery.c w/pppd/plugins/pppoe/discovery.c -index 86bda61..8060558 100644 ---- i/pppd/plugins/pppoe/discovery.c -+++ w/pppd/plugins/pppoe/discovery.c -@@ -686,7 +686,7 @@ discovery1(PPPoEConnection *conn, int waitWholeTimeoutForPADO) - conn->discoveryState = STATE_SENT_PADI; - waitForPADO(conn, timeout, waitWholeTimeoutForPADO); - -- timeout *= 2; -+ // timeout *= 2; - } while (conn->discoveryState == STATE_SENT_PADI); - } - diff --git a/hosts/vidhar/network/pppoe.nix b/hosts/vidhar/network/pppoe.nix deleted file mode 100644 index 7b342b69..00000000 --- a/hosts/vidhar/network/pppoe.nix +++ /dev/null @@ -1,145 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - inherit (config.networking) pppInterface; -in { - options = { - networking.pppInterface = mkOption { - type = types.str; - default = "ppp"; - }; - }; - - config = { - networking.vlans = { - telekom = { - id = 7; - interface = "eno2"; - }; - }; - - services.pppd = { - enable = true; - package = pkgs.ppp.overrideAttrs (oldAttrs: { - patches = (oldAttrs.patches or []) ++ [ - ./no-double-timeout.patch - ]; - }); - peers.telekom.config = '' - nodefaultroute - ifname ${pppInterface} - lcp-echo-adaptive - lcp-echo-failure 10 - lcp-echo-interval 1 - maxfail 0 - mtu 1492 - mru 1492 - plugin pppoe.so - pppoe-padi-timeout 1 - pppoe-padi-attempts 10 - user congstar - password congstar - nic-telekom - debug - +ipv6 - ''; - }; - systemd.services."pppd-telekom" = { - stopIfChanged = true; - - serviceConfig = { - Type = lib.mkForce "notify"; - ExecStart = lib.mkForce "${getBin config.services.pppd.package}/sbin/pppd call telekom up_sdnotify nolog"; - PIDFile = "/run/pppd/${pppInterface}.pid"; - }; - restartTriggers = with config; [ - environment.etc."ppp/ip-pre-up".source - environment.etc."ppp/ip-up".source - environment.etc."ppp/ip-down".source - ]; - }; - - environment.etc = { - "ppp/ip-pre-up".source = pkgs.resholve.writeScript "ip-pre-up" { - interpreter = pkgs.runtimeShell; - inputs = [ pkgs.iproute2 pkgs.ethtool ]; - execer = [ - "cannot:${lib.getExe' pkgs.iproute2 "ip"}" - "cannot:${lib.getExe' pkgs.iproute2 "tc"}" - ]; - } '' - ethtool -K telekom tso off gso off gro off - - ip link del "ifb4$1" || true - ip link add name "ifb4$1" type ifb - ip link set "ifb4$1" up - - tc qdisc del dev "ifb4$1" root || true - tc qdisc del dev "$1" ingress || true - tc qdisc del dev "$1" root || true - - tc qdisc add dev "$1" handle ffff: ingress - tc filter add dev "$1" parent ffff: basic action ctinfo dscp 0x0000003f 0x00000040 action mirred egress redirect dev "ifb4$1" - tc qdisc replace dev "ifb4$1" root cake memlimit 128Mb overhead 35 mpu 74 regional diffserv4 bandwidth ${toString (builtins.floor (177968 * 0.95))}kbit - tc qdisc replace dev "$1" root cake memlimit 128Mb overhead 35 mpu 74 regional nat diffserv4 wash bandwidth ${toString (builtins.floor (41216 * 0.95))}kbit - ''; - "ppp/ip-up".source = pkgs.resholve.writeScript "ip-up" { - interpreter = pkgs.runtimeShell; - inputs = [ pkgs.iproute2 ]; - execer = [ "cannot:${lib.getExe' pkgs.iproute2 "ip"}" ]; - } '' - ip addr add "$4" peer "$5"/32 dev "$1" - ip route add default dev "$1" metric 512 - ''; - "ppp/ip-down".source = pkgs.resholve.writeScript "ip-down" { - interpreter = pkgs.runtimeShell; - inputs = [ pkgs.iproute2 ]; - execer = [ "cannot:${lib.getExe' pkgs.iproute2 "ip"}" ]; - } '' - ip link del "ifb4$1" - ''; - }; - - systemd.package = pkgs.systemd.overrideAttrs (oldAttrs: { - patches = (oldAttrs.patches or []) ++ [ - (pkgs.fetchpatch { - url = "https://github.com/sysedwinistrator/systemd/commit/b9691a43551739ddacdb8d53a4312964c3ddfa08.patch"; - hash = "sha256-TLfOTFodLzCVywnF4Xp4BR2Pja0Qq4ItE/yaKkzI414="; - }) - ]; - }); - - systemd.network.networks = { - "40-${pppInterface}" = { - matchConfig.Name = pppInterface; - dns = [ "::1" "127.0.0.1" ]; - domains = [ "~." ]; - networkConfig = { - DHCP = true; - DNSSEC = true; - }; - dhcpV6Config = { - PrefixDelegationHint = "::/64"; - WithoutRA = "solicit"; - }; - }; - }; - - boot.kernelModules = [ "ifb" ]; - boot.kernel.sysctl = { - "net.ipv6.conf.all.forwarding" = true; - "net.ipv6.conf.default.forwarding" = true; - "net.ipv4.conf.all.forwarding" = true; - "net.ipv4.conf.default.forwarding" = true; - - "net.core.rmem_max" = 4194304; - "net.core.wmem_max" = 4194304; - }; - systemd.services."pppd-telekom" = { - bindsTo = [ "sys-subsystem-net-devices-telekom.device" ]; - after = [ "sys-subsystem-net-devices-telekom.device" ]; - }; - }; -} diff --git a/hosts/vidhar/network/pppoe/default.nix b/hosts/vidhar/network/pppoe/default.nix new file mode 100644 index 00000000..36bf4f49 --- /dev/null +++ b/hosts/vidhar/network/pppoe/default.nix @@ -0,0 +1,156 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + inherit (config.networking) pppInterface; +in { + options = { + networking.pppInterface = mkOption { + type = types.str; + default = "ppp"; + }; + }; + + config = { + networking.vlans = { + telekom = { + id = 7; + interface = "eno2"; + }; + }; + + services.pppd = { + enable = true; + package = pkgs.ppp.overrideAttrs (oldAttrs: { + patches = (oldAttrs.patches or []) ++ [ + ./no-double-timeout.patch + ]; + }); + peers = { + o2.config = '' + user DSL0004874856014@s93.bbi-o2.de + ''; + }; + }; + systemd.services."pppd-o2" = { + stopIfChanged = true; + + restartTriggers = with config; [ + environment.etc."ppp/pap-secrets".source + environment.etc."ppp/options".source + environment.etc."ppp/ip-pre-up".source + environment.etc."ppp/ip-up".source + environment.etc."ppp/ip-down".source + ]; + + serviceConfig.LoadCredential = [ + "password:${config.sops.secrets."o2-password".path}" + ]; + + bindsTo = [ "sys-subsystem-net-devices-telekom.device" ]; + after = [ "sys-subsystem-net-devices-telekom.device" ]; + }; + sops.secrets."o2-password" = { + format = "binary"; + sopsFile = ./o2-password; + }; + + environment.etc = { + "ppp/options".text = '' + nodefaultroute + ifname ${pppInterface} + lcp-echo-adaptive + lcp-echo-failure 10 + lcp-echo-interval 1 + maxfail 0 + mtu 1492 + mru 1492 + plugin pppoe.so + pppoe-padi-timeout 1 + pppoe-padi-attempts 10 + nic-telekom + debug + +ipv6 + ''; + "ppp/pap-secrets".text = '' + congstar * congstar * + DSL0004874856014@s93.bbi-o2.de * @/run/credentials/pppd-o2.service/password * + ''; + "ppp/ip-pre-up".source = pkgs.resholve.writeScript "ip-pre-up" { + interpreter = pkgs.runtimeShell; + inputs = [ pkgs.iproute2 pkgs.ethtool ]; + execer = [ + "cannot:${lib.getExe' pkgs.iproute2 "ip"}" + "cannot:${lib.getExe' pkgs.iproute2 "tc"}" + ]; + } '' + ethtool -K telekom tso off gso off gro off + + ip link del "ifb4$1" || true + ip link add name "ifb4$1" type ifb + ip link set "ifb4$1" up + + tc qdisc del dev "ifb4$1" root || true + tc qdisc del dev "$1" ingress || true + tc qdisc del dev "$1" root || true + + tc qdisc add dev "$1" handle ffff: ingress + tc filter add dev "$1" parent ffff: basic action ctinfo dscp 0x0000003f 0x00000040 action mirred egress redirect dev "ifb4$1" + tc qdisc replace dev "ifb4$1" root cake memlimit 128Mb overhead 35 mpu 74 regional diffserv4 bandwidth ${toString (builtins.floor (177968 * 0.95))}kbit + tc qdisc replace dev "$1" root cake memlimit 128Mb overhead 35 mpu 74 regional nat diffserv4 wash bandwidth ${toString (builtins.floor (41216 * 0.95))}kbit + ''; + "ppp/ip-up".source = pkgs.resholve.writeScript "ip-up" { + interpreter = pkgs.runtimeShell; + inputs = [ pkgs.iproute2 ]; + execer = [ "cannot:${lib.getExe' pkgs.iproute2 "ip"}" ]; + } '' + ip addr add "$4" peer "$5"/32 dev "$1" + ip route add default dev "$1" metric 512 + ''; + "ppp/ip-down".source = pkgs.resholve.writeScript "ip-down" { + interpreter = pkgs.runtimeShell; + inputs = [ pkgs.iproute2 ]; + execer = [ "cannot:${lib.getExe' pkgs.iproute2 "ip"}" ]; + } '' + ip link del "ifb4$1" + ''; + }; + + systemd.package = pkgs.systemd.overrideAttrs (oldAttrs: { + patches = (oldAttrs.patches or []) ++ [ + (pkgs.fetchpatch { + url = "https://github.com/sysedwinistrator/systemd/commit/b9691a43551739ddacdb8d53a4312964c3ddfa08.patch"; + hash = "sha256-TLfOTFodLzCVywnF4Xp4BR2Pja0Qq4ItE/yaKkzI414="; + }) + ]; + }); + + systemd.network.networks = { + "40-${pppInterface}" = { + matchConfig.Name = pppInterface; + dns = [ "::1" "127.0.0.1" ]; + domains = [ "~." ]; + networkConfig = { + DHCP = true; + DNSSEC = true; + }; + dhcpV6Config = { + PrefixDelegationHint = "::/64"; + WithoutRA = "solicit"; + }; + }; + }; + + boot.kernelModules = [ "ifb" ]; + boot.kernel.sysctl = { + "net.ipv6.conf.all.forwarding" = true; + "net.ipv6.conf.default.forwarding" = true; + "net.ipv4.conf.all.forwarding" = true; + "net.ipv4.conf.default.forwarding" = true; + + "net.core.rmem_max" = 4194304; + "net.core.wmem_max" = 4194304; + }; + }; +} diff --git a/hosts/vidhar/network/pppoe/no-double-timeout.patch b/hosts/vidhar/network/pppoe/no-double-timeout.patch new file mode 100644 index 00000000..53f41ae1 --- /dev/null +++ b/hosts/vidhar/network/pppoe/no-double-timeout.patch @@ -0,0 +1,13 @@ +diff --git i/pppd/plugins/pppoe/discovery.c w/pppd/plugins/pppoe/discovery.c +index 86bda61..8060558 100644 +--- i/pppd/plugins/pppoe/discovery.c ++++ w/pppd/plugins/pppoe/discovery.c +@@ -686,7 +686,7 @@ discovery1(PPPoEConnection *conn, int waitWholeTimeoutForPADO) + conn->discoveryState = STATE_SENT_PADI; + waitForPADO(conn, timeout, waitWholeTimeoutForPADO); + +- timeout *= 2; ++ // timeout *= 2; + } while (conn->discoveryState == STATE_SENT_PADI); + } + diff --git a/hosts/vidhar/network/pppoe/o2-password b/hosts/vidhar/network/pppoe/o2-password new file mode 100644 index 00000000..cd3aed78 --- /dev/null +++ b/hosts/vidhar/network/pppoe/o2-password @@ -0,0 +1,18 @@ +{ + "data": "ENC[AES256_GCM,data:mxHA3rrs5Sc50jAP,iv:iW1ua7wjZR8rPwXw21TdFK+fbfosc1CmnrTG34OJ2zM=,tag:pZ/FAHupnKy0wHtF6RN7yA==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1rmmhetcmllq0ahl5qznlr0eya2zdxwl9h6y5wnl97d2wtyx5t99sm2u866", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpUzAvSlJkSFhhRTFLY0VO\nU1VYbFhpMEpxaFhlb2NyS0xDNU5oMm9EZzJnCm5vbTM4c3lFMU5EajhwTGd6MTVx\nZTFmNVlyaVZuRy9hL2VnWFR0TTNEemsKLS0tIDdTemNMTTllQ1pmb0JNTlVGcTlU\nWjQ2MW4yVmtvRng3TlRDbmpHdmRkbUEKtIVAq4aZD6rhtX7+67EE5eOKAtGsVpBg\nPkfjkyV8ifBEx/lwDaJSHpLPfkbI9oArTL8BloodJEEGql5PXZxtvg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1qffdqvy9arld9zd5a5cylt0n98xhcns5shxhrhwjq5g4qa844ejselaa4l", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmUk1oZGdjL25YbGRzdFFh\nRllkcU1IM0x6a2M2S0JicDBFYnBxMWluaEFzCjJ3WHozNkw0RThCMG5BNE5uUkZa\nTnV1OHpaSkMrTk9XM1NRWmxlTmRuUFkKLS0tIE9qdXVWOG9CL0MyS1JXbzhmbVdC\nZlRBWm1SSTZWYzBDc1U4ci94a0hMcHcKLgbJSAMUJ9VaXVmYQe+Uj13KrWFe4QvJ\nRcibCyOJH/VO3rmxU8RAkx0jaH448h9klWhs583Od5yNg7GleC+/qg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-04-14T15:24:19Z", + "mac": "ENC[AES256_GCM,data:/dr0bXAf0v5K9LdKw7RzTTL8Qw/WqiHqLk0EbahDnFg3cVplV0s+ImCnxmhutv3hxdtMZ2dmLBfb8CYb/ZLc4HtNT/K2iKGQM7pF4+XxIjS35Q1JUcXxLrsGZcpARuCZ0AJnKo8yFgtM64dYcbxHlRwGG4u4Ds9fEHHLUMigNM0=,iv:jfFlfscUB7S1JjL/uBeW3uD4bugCT9Cj/vigGvGXrlA=,tag:suol02QD4jRH/QulWoV21A==,type:str]", + "version": "3.12.2" + } +} -- cgit v1.2.3