{ config, lib, pkgs, ... }: with lib; let inherit (config.networking) pppInterface; in { options = { networking.pppInterface = mkOption { type = types.str; default = "ppp"; }; }; config = { networking.vlans = { telekom = { id = 7; interface = "eno2"; }; }; services.pppd = { enable = true; package = pkgs.ppp.overrideAttrs (oldAttrs: { patches = (oldAttrs.patches or []) ++ [ ./no-double-timeout.patch ]; }); peers.telekom.config = '' nodefaultroute ifname ${pppInterface} lcp-echo-adaptive lcp-echo-failure 10 lcp-echo-interval 1 maxfail 0 mtu 1492 mru 1492 plugin pppoe.so pppoe-padi-timeout 1 pppoe-padi-attempts 10 user congstar password congstar nic-telekom debug +ipv6 ''; }; systemd.services."pppd-telekom" = { stopIfChanged = true; serviceConfig = { Type = lib.mkForce "notify"; ExecStart = lib.mkForce "${getBin config.services.pppd.package}/sbin/pppd call telekom up_sdnotify nolog"; PIDFile = "/run/pppd/${pppInterface}.pid"; }; restartTriggers = with config; [ environment.etc."ppp/ip-pre-up".source environment.etc."ppp/ip-up".source environment.etc."ppp/ip-down".source ]; }; environment.etc = { "ppp/ip-pre-up".source = pkgs.resholve.writeScript "ip-pre-up" { interpreter = pkgs.runtimeShell; inputs = [ pkgs.iproute2 pkgs.ethtool ]; execer = [ "cannot:${lib.getExe' pkgs.iproute2 "ip"}" "cannot:${lib.getExe' pkgs.iproute2 "tc"}" ]; } '' ethtool -K telekom tso off gso off gro off ip link del "ifb4$1" || true ip link add name "ifb4$1" type ifb ip link set "ifb4$1" up tc qdisc del dev "ifb4$1" root || true tc qdisc del dev "$1" ingress || true tc qdisc del dev "$1" root || true tc qdisc add dev "$1" handle ffff: ingress tc filter add dev "$1" parent ffff: basic action ctinfo dscp 0x0000003f 0x00000040 action mirred egress redirect dev "ifb4$1" tc qdisc replace dev "ifb4$1" root cake memlimit 128Mb overhead 35 mpu 74 regional diffserv4 bandwidth ${toString (builtins.floor (177968 * 0.95))}kbit tc qdisc replace dev "$1" root cake memlimit 128Mb overhead 35 mpu 74 regional nat diffserv4 wash bandwidth ${toString (builtins.floor (41216 * 0.95))}kbit ''; "ppp/ip-up".source = pkgs.resholve.writeScript "ip-up" { interpreter = pkgs.runtimeShell; inputs = [ pkgs.iproute2 ]; execer = [ "cannot:${lib.getExe' pkgs.iproute2 "ip"}" ]; } '' ip addr add "$4" peer "$5"/32 dev "$1" ip route add default dev "$1" metric 512 ''; "ppp/ip-down".source = pkgs.resholve.writeScript "ip-down" { interpreter = pkgs.runtimeShell; inputs = [ pkgs.iproute2 ]; execer = [ "cannot:${lib.getExe' pkgs.iproute2 "ip"}" ]; } '' ip link del "ifb4$1" ''; }; systemd.package = pkgs.systemd.overrideAttrs (oldAttrs: { patches = (oldAttrs.patches or []) ++ [ (pkgs.fetchpatch { url = "https://github.com/sysedwinistrator/systemd/commit/b9691a43551739ddacdb8d53a4312964c3ddfa08.patch"; hash = "sha256-TLfOTFodLzCVywnF4Xp4BR2Pja0Qq4ItE/yaKkzI414="; }) ]; }); systemd.network.networks = { "40-${pppInterface}" = { matchConfig.Name = pppInterface; dns = [ "::1" "127.0.0.1" ]; domains = [ "~." ]; networkConfig = { DHCP = true; DNSSEC = true; }; dhcpV6Config = { PrefixDelegationHint = "::/64"; WithoutRA = "solicit"; }; }; }; boot.kernelModules = [ "ifb" ]; boot.kernel.sysctl = { "net.ipv6.conf.all.forwarding" = true; "net.ipv6.conf.default.forwarding" = true; "net.ipv4.conf.all.forwarding" = true; "net.ipv4.conf.default.forwarding" = true; "net.core.rmem_max" = 4194304; "net.core.wmem_max" = 4194304; }; systemd.services."pppd-telekom" = { bindsTo = [ "sys-subsystem-net-devices-telekom.device" ]; after = [ "sys-subsystem-net-devices-telekom.device" ]; }; systemd.services.unbound = { serviceConfig = { Restart = lib.mkForce "always"; }; }; }; }