From 4c46e82769847177f6582447f027a56f9b555fd0 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Fri, 21 Nov 2025 14:51:23 +0100 Subject: ... --- hosts/vidhar/network/pppoe.nix | 165 +++++++++++++++++++++--------------- hosts/vidhar/prometheus/default.nix | 2 +- 2 files changed, 100 insertions(+), 67 deletions(-) (limited to 'hosts/vidhar') diff --git a/hosts/vidhar/network/pppoe.nix b/hosts/vidhar/network/pppoe.nix index 5cc84862..d17be349 100644 --- a/hosts/vidhar/network/pppoe.nix +++ b/hosts/vidhar/network/pppoe.nix @@ -4,6 +4,48 @@ with lib; let pppInterface = config.networking.pppInterface; + + corerad-deprecated = pkgs.writers.writeBashBin "corerad-deprecated" '' + exec -- ${lib.getExe' config.systemd.package "systemd-run"} \ + --unit=corerad-deprecated@$(${lib.getExe' config.systemd.package "systemd-escape"} $1) \ + --property=AmbientCapabilities="CAP_NET_ADMIN CAP_NET_RAW" \ + --property=CapabilityBoundingSet="CAP_NET_ADMIN CAP_NET_RAW" \ + --property=DynamicUser=yes \ + --property=LimitNOFILE=1048576 \ + --property=LimitNPROC=512 \ + --property=NotifyAccess=main \ + --property=Type=notify \ + --property=RuntimeMaxSec=4h \ + ${pkgs.writers.writeBash "corerad-deprecated" '' + exec -- ${lib.getExe pkgs.corerad} -c=<(${pkgs.writers.writePython3 "corerad-config" { + libraries = with pkgs.python3Packages; [ toml ]; + flakeIgnore = [ "E124" "E121" ]; + } '' + import toml + import sys + import re + + match = re.fullmatch(r'(?P[^/]+)/(?P.+)', sys.argv[1]) + + toml.dump({ + "interfaces": [ + { + "name": match.group("interface"), + "advertise": True, + "prefix": [ + { + "prefix": match.group("prefix"), + "preferred_lifetime": "1s", + "valid_lifetime": "14400s", + "deprecated": True, + }, + ], + }, + ], + }, sys.stdout) + ''} $@) + ''} $@ + ''; in { options = { networking.pppInterface = mkOption { @@ -131,6 +173,8 @@ in { }; }; }; + environment.systemPackages = [ corerad-deprecated ]; + services.ndppd = { enable = true; proxies = { @@ -160,75 +204,69 @@ in { bindsTo = [ "sys-subsystem-net-devices-telekom.device" ]; after = [ "sys-subsystem-net-devices-telekom.device" ]; }; - systemd.services."dhcpcd-${pppInterface}" = { - wantedBy = [ "multi-user.target" "network-online.target" "pppd-telekom.service" ]; - bindsTo = [ "pppd-telekom.service" ]; - after = [ "pppd-telekom.service" ]; - wants = [ "network.target" ]; - before = [ "network-online.target" ]; - path = with pkgs; [ dhcpcd nettools openresolv ]; - unitConfig.ConditionCapability = "CAP_NET_ADMIN"; - - stopIfChanged = true; + networking.interfaces.${pppInterface}.useDHCP = true; + networking.dhcpcd = { + enable = true; + persistent = false; + setHostname = false; + wait = "ipv6"; + IPv6rs = false; - preStart = '' - i=0 + extraConfig = '' + duid + vendorclassid + ipv6only - while [[ -z "$(${pkgs.iproute2}/bin/ip -6 addr show dev ${pppInterface} scope link)" ]]; do - ${pkgs.coreutils}/bin/sleep 0.1 - i=$((i + 1)) - if [[ "$i" -ge 10 ]]; then - exit 1 - fi - done - ''; + require dhcp_server_identifier - postStop = '' - for dev in lan; do - ${pkgs.iproute2}/bin/ip -6 a show dev "''${dev}" scope global | ${pkgs.gnugrep}/bin/grep inet6 | ${pkgs.gawk}/bin/awk '{ print $2; }' | ${pkgs.findutils}/bin/xargs -I '{}' -- ${pkgs.iproute2}/bin/ip addr del '{}' dev "''${dev}" - done - ''; + reboot 0 - serviceConfig = let - dhcpcdConf = pkgs.writeText "dhcpcd.conf" '' - duid - vendorclassid - ipv6only + interface ${pppInterface} + nooption domain_name_servers, domain_name, domain_search, ntp_servers + nohook hostname, resolv.conf + option rapid_commit - nooption domain_name_servers, domain_name, domain_search - option classless_static_routes - option interface_mtu + ipv6rs - option host_name - option rapid_commit - require dhcp_server_identifier - slaac private + ia_pd 1 lan/0/64/0 + ''; + }; + systemd.services.dhcpcd = { + wantedBy = [ "multi-user.target" "network-online.target" "pppd-telekom.service" ]; + bindsTo = [ "pppd-telekom.service" ]; + after = [ "pppd-telekom.service" ]; + wants = [ "network.target" ]; + before = [ "network-online.target" ]; - nohook resolv.conf - ipv6ra_autoconf - iaid 1195061668 - ipv6rs # enable routing solicitation for WAN adapter - ia_pd 1 lan/0/64/0 # request a PD and assign it to the LAN + serviceConfig = { + ExecStartPre = [ + (pkgs.resholve.writeScript "wait-${pppInterface}-ip" { + interpreter = pkgs.runtimeShell; + inputs = with pkgs; [ iproute2 coreutils ]; + execer = [ + "cannot:${lib.getExe' pkgs.iproute2 "ip"}" + ]; + } '' + i=0 - reboot 0 + while [[ -z "$(ip -6 addr show dev ${pppInterface} scope link)" ]]; do + sleep 0.1 + i=$((i + 1)) + if [[ "$i" -ge 10 ]]; then + exit 1 + fi + done + '') + ]; - waitip 6 - ''; - in { - Type = "forking"; - PIDFile = "/var/run/dhcpcd/${pppInterface}.pid"; - RuntimeDirectory = "dhcpcd"; - ExecStart = "@${pkgs.dhcpcd}/sbin/dhcpcd dhcpcd -q --config ${dhcpcdConf} ${pppInterface}"; - ExecReload = "${pkgs.dhcpcd}/sbin/dhcpcd --rebind ${pppInterface}"; - Restart = "always"; RestartSec = "5"; }; }; systemd.services.ndppd = { - wantedBy = [ "dhcpcd-${pppInterface}.service" ]; - bindsTo = [ "dhcpcd-${pppInterface}.service" ]; - after = [ "dhcpcd-${pppInterface}.service" ]; + wantedBy = [ "dhcpcd.service" ]; + bindsTo = [ "dhcpcd.service" ]; + after = [ "dhcpcd.service" ]; serviceConfig = { Restart = "always"; @@ -236,25 +274,20 @@ in { }; }; systemd.services.corerad = { - wantedBy = [ "dhcpcd-${pppInterface}.service" ]; - bindsTo = [ "dhcpcd-${pppInterface}.service" ]; - after = [ "dhcpcd-${pppInterface}.service" ]; + wantedBy = [ "dhcpcd.service" ]; + bindsTo = [ "dhcpcd.service" ]; + after = [ "dhcpcd.service" ]; serviceConfig = { Restart = lib.mkForce "always"; RestartSec = "5"; }; }; - users.users.dhcpcd = { - isSystemUser = true; - group = "dhcpcd"; - }; - users.groups.dhcpcd = {}; systemd.services.unbound = { - wantedBy = [ "dhcpcd-${pppInterface}.service" ]; - bindsTo = [ "dhcpcd-${pppInterface}.service" ]; - after = [ "dhcpcd-${pppInterface}.service" ]; + wantedBy = [ "dhcpcd.service" ]; + bindsTo = [ "dhcpcd.service" ]; + after = [ "dhcpcd.service" ]; serviceConfig = { Restart = lib.mkForce "always"; diff --git a/hosts/vidhar/prometheus/default.nix b/hosts/vidhar/prometheus/default.nix index df135b58..125fd568 100644 --- a/hosts/vidhar/prometheus/default.nix +++ b/hosts/vidhar/prometheus/default.nix @@ -64,7 +64,7 @@ in { systemd = { enable = true; extraFlags = [ - "--systemd.collector.unit-include=(dhcpcd-.*|pppd-telekom|corerad|ndppd)\.service" + "--systemd.collector.unit-include=(dhcpcd|pppd-telekom|corerad|ndppd)\.service" "--systemd.collector.enable-restart-count" "--systemd.collector.enable-ip-accounting" ]; -- cgit v1.2.3