From 9663c40408fde29d5ca7ea9a71373bef4b16ae8c Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Mon, 15 Nov 2021 09:07:04 +0059 Subject: vidhar: dsl --- hosts/vidhar/default.nix | 38 ++++++++++++++++++++++------ hosts/vidhar/dsl.nix | 64 ++++++++++++++++++++++++++++++++++++++++++++++++ hosts/vidhar/pap-secrets | 26 ++++++++++++++++++++ 3 files changed, 121 insertions(+), 7 deletions(-) create mode 100644 hosts/vidhar/dsl.nix create mode 100644 hosts/vidhar/pap-secrets (limited to 'hosts') diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix index 107906c7..7335ea8a 100644 --- a/hosts/vidhar/default.nix +++ b/hosts/vidhar/default.nix @@ -1,7 +1,7 @@ { hostName, flake, config, pkgs, lib, ... }: { imports = with flake.nixosModules.systemProfiles; [ - ./zfs.nix + ./zfs.nix ./dsl.nix initrd-all-crypto-modules default-locale openssh rebuild-machines build-server initrd-ssh @@ -26,7 +26,7 @@ kernelModules = [ "kvm-intel" ]; kernelParams = [ - "ip=192.168.2.168::192.168.2.1:255.255.255.0::eno1:static" + "ip=10.141.0.1:::255.255.255.0::eno1:static" ]; tmpOnTmpfs = true; @@ -72,10 +72,9 @@ useDHCP = false; useNetworkd = true; - defaultGateway = { address = "192.168.2.1"; }; interfaces."eno1" = { ipv4.addresses = [ - { address = "192.168.2.168"; prefixLength = 24; } + { address = "10.141.0.1"; prefixLength = 24; } ]; }; @@ -93,9 +92,34 @@ ]; }; }; - systemd.network.networks."40-eno1".networkConfig = { - Domains = lib.mkForce "~."; - DNS = [ "192.168.2.1" ]; + + services.dhcpd4 = { + enable = true; + interfaces = [ "eno1" ]; + }; + services.corerad = { + enable = true; + settings = { + interfaces = [ + { name = config.networking.pppInterface; + monitor = true; + } + { name = "eno1"; + advertise = true; + prefix = [{ prefix = "::/64"; }]; + route = [{ prefix = "::/0"; }]; + } + ]; + }; + }; + boot.kernel.sysctl = { + "net.ipv6.conf.all.forwarding" = true; + "net.ipv6.conf.default.forwarding" = true; + "net.ipv4.conf.all.forwarding" = true; + "net.ipv4.conf.default.forwarding" = true; + }; + systemd.network.networks = { + "eno2".networkConfig.LinkLocalAddressing = "no"; }; services.timesyncd.enable = false; diff --git a/hosts/vidhar/dsl.nix b/hosts/vidhar/dsl.nix new file mode 100644 index 00000000..bdce55a6 --- /dev/null +++ b/hosts/vidhar/dsl.nix @@ -0,0 +1,64 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + pppInterface = config.networking.pppInterface; +in { + options = { + networking.pppInterface = mkOption { + type = types.str; + default = "dsl"; + }; + }; + + config = { + networking.vlans = { + telekom = { + id = 7; + interface = "eno2"; + }; + }; + + services.pppd = { + enable = true; + peers.telekom.config = '' + nodefaultroute + ifname ${pppInterface} + lcp-echo-failure 1 + lcp-echo-interval 1 + maxfail 0 + mtu 1492 + mru 1492 + plugin rp-pppoe.so + name telekom + user 002576900250551137425220#0001@t-online.de + telekom + debug + ''; + }; + systemd.services."pppd-telekom".serviceConfig = lib.mkForce { + ExecStart = "${lib.getBin pkgs.ppp}/sbin/pppd call telekom nodetach nolog"; + Restart = "always"; + RestartSec = 5; + + RuntimeDirectory = "pppd"; + RuntimeDirectoryPreserve = true; + }; + sops.secrets."pap-secrets" = { + format = "binary"; + sopsFile = ./pap-secrets; + path = "/etc/ppp/pap-secrets"; + }; + + environment.etc = { + "ppp/ip-up" = { + text = '' + #!${pkgs.runtimeShell} + ${pkgs.iproute}/bin/ip route add default via "$5" dev "${pppInterface}" metric 512 + ''; + mode = "0555"; + }; + }; + }; +} diff --git a/hosts/vidhar/pap-secrets b/hosts/vidhar/pap-secrets new file mode 100644 index 00000000..6053a120 --- /dev/null +++ b/hosts/vidhar/pap-secrets @@ -0,0 +1,26 @@ +{ + "data": "ENC[AES256_GCM,data:tkLtHxmceijHwqQabwhQhDhQu5Tp49y0nPWcnbmIa8I70L9NkmwRz399+nl0t6hejFDj25CkYX2hv2KUuXHzWROXt3c3Eit5vtxVkoNjkH5q3vX553VOsxMYgzBBWFCOTfGk+EfwFZ2biQxf2TdOuGrI/2BFrTojpPn5H0BXQY2apaNohmAqclU//tkNTF++q7k9pKuw3hdet77szbss0yY9768nrHhorHZ4b2OaZJm84F8GfgeGkDfVI1vwv/XffFOgCkne,iv:Oxg5aBYFowPriiC6HckVOvcd5MBz43XhRXQzgKKvVCY=,tag:v9NrPKS0hgDkSB5HsTkVUQ==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": null, + "lastmodified": "2021-11-15T07:46:02Z", + "mac": "ENC[AES256_GCM,data:5H6r4seYU0+v/HGpb4foZ+HxULx6UR9cQqAHpfH1DUv8QzXlkdYZsa55nB8/p5WTZpbPi+E8fzsXcDO35BWyKSKALolaqdfBO1g7WsDVnnbOrkDcrQx7DUUi92rEYj6+uUnQrSJjKTKCcDyj5D0/qbeFx+J1euV18vWCp1aXiUM=,iv:XNv3ioiz9jHHp+ai0h3RZsKyCQnI+O3z5R4X+KdjuhE=,tag:XXayGuLyy1vSV+tahxipxQ==,type:str]", + "pgp": [ + { + "created_at": "2021-11-15T07:45:08Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DbYDvGI0HDr0SAQdADLXtluBBuSsm9CIPG1mEJnOJ0IQmCpwQPcU+Bl/zOE8w\nseSG0fcoBnRX7ngWMoJZ7a0G1ARjBql63SJN7OJ8E7OLcMBeaRkjl/F9jRM6gfIJ\n0l4BCu/V/objPnHxlQ9ETKheAjr7aEH+Wuttut1U+a8Ad5kl5/hKtkK5gv+q0WTi\nRBCe8OIKFbkzd8OvvzZlQBBEa4G/2Az2lVYFrxHq0a7XyJOxmnUJWurbsPUK6EMk\n=ksU8\n-----END PGP MESSAGE-----\n", + "fp": "A1C7C95E6CAF0A965CB47277BCF50A89C1B1F362" + }, + { + "created_at": "2021-11-15T07:45:08Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAf37n8FlEvDjECfajRNxIh+sLj+VZOSYfzt+GovJN1C4w\nQRkd//w4h6CqMcVz3LzNZIn2Pa8lhBLFV2tBfFqZDa80HcBWCtBgDivq8l7onmJm\n0l4BiAv4DzVVjBOZqhBnzla6SmRqAZDwE1WO7gN+R3/7S/0DXUxopjvdFaheLVj9\n/tKup9Dn2n3mr7gCvgvuPIaoJqdJSG5v8rgp1IrFSIlVtLv+ThgCsGCKZ/P9ef56\n=aqGg\n-----END PGP MESSAGE-----\n", + "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.7.1" + } +} \ No newline at end of file -- cgit v1.2.3