{ config, lib, pkgs, ... }: with lib; let inherit (config.networking) pppInterface; in { options = { networking.pppInterface = mkOption { type = types.str; default = "ppp"; }; }; config = { networking.vlans = { pppoe = { id = 7; interface = "eno2"; }; }; services.pppd = { enable = true; package = pkgs.ppp.overrideAttrs (oldAttrs: { patches = (oldAttrs.patches or []) ++ [ ./no-double-timeout.patch ]; }); peers = { o2.config = '' user DSL0004874856014@s93.bbi-o2.de ''; }; }; systemd.services."pppd-o2" = { stopIfChanged = true; restartTriggers = with config; [ environment.etc."ppp/pap-secrets".source environment.etc."ppp/options".source environment.etc."ppp/ip-pre-up".source environment.etc."ppp/ip-up".source environment.etc."ppp/ip-down".source ]; serviceConfig.LoadCredential = [ "password:${config.sops.secrets."o2-password".path}" ]; bindsTo = [ "sys-subsystem-net-devices-pppoe.device" ]; after = [ "sys-subsystem-net-devices-pppoe.device" ]; }; sops.secrets."o2-password" = { format = "binary"; sopsFile = ./o2-password; }; environment.etc = { "ppp/options".text = '' nodefaultroute ifname ${pppInterface} lcp-echo-adaptive lcp-echo-failure 10 lcp-echo-interval 1 maxfail 0 mtu 1492 mru 1492 plugin pppoe.so pppoe-padi-timeout 1 pppoe-padi-attempts 10 nic-pppoe debug +ipv6 ''; "ppp/pap-secrets".text = '' congstar * congstar * DSL0004874856014@s93.bbi-o2.de * @/run/credentials/pppd-o2.service/password * ''; "ppp/ip-pre-up".source = pkgs.resholve.writeScript "ip-pre-up" { interpreter = pkgs.runtimeShell; inputs = [ pkgs.iproute2 pkgs.ethtool ]; execer = [ "cannot:${lib.getExe' pkgs.iproute2 "ip"}" "cannot:${lib.getExe' pkgs.iproute2 "tc"}" ]; } '' ethtool -K pppoe tso off gso off gro off ip link del "ifb4$1" || true ip link add name "ifb4$1" type ifb ip link set "ifb4$1" up tc qdisc del dev "ifb4$1" root || true tc qdisc del dev "$1" ingress || true tc qdisc del dev "$1" root || true tc qdisc add dev "$1" handle ffff: ingress tc filter add dev "$1" parent ffff: basic action ctinfo dscp 0x0000003f 0x00000040 action mirred egress redirect dev "ifb4$1" tc qdisc replace dev "ifb4$1" root cake memlimit 128Mb overhead 35 mpu 74 regional diffserv4 bandwidth ${toString (builtins.floor (177968 * 0.95))}kbit tc qdisc replace dev "$1" root cake memlimit 128Mb overhead 35 mpu 74 regional nat diffserv4 wash bandwidth ${toString (builtins.floor (41216 * 0.95))}kbit ''; "ppp/ip-up".source = pkgs.resholve.writeScript "ip-up" { interpreter = pkgs.runtimeShell; inputs = [ pkgs.iproute2 ]; execer = [ "cannot:${lib.getExe' pkgs.iproute2 "ip"}" ]; } '' ip addr add "$4" peer "$5"/32 dev "$1" ip route add default dev "$1" metric 512 ''; "ppp/ip-down".source = pkgs.resholve.writeScript "ip-down" { interpreter = pkgs.runtimeShell; inputs = [ pkgs.iproute2 ]; execer = [ "cannot:${lib.getExe' pkgs.iproute2 "ip"}" ]; } '' ip link del "ifb4$1" ''; }; systemd.package = pkgs.systemd.overrideAttrs (oldAttrs: { patches = (oldAttrs.patches or []) ++ [ (pkgs.fetchpatch { url = "https://github.com/sysedwinistrator/systemd/commit/b9691a43551739ddacdb8d53a4312964c3ddfa08.patch"; hash = "sha256-TLfOTFodLzCVywnF4Xp4BR2Pja0Qq4ItE/yaKkzI414="; }) ]; }); systemd.network.networks = { "40-${pppInterface}" = { matchConfig.Name = pppInterface; dns = [ "::1" "127.0.0.1" ]; domains = [ "~." ]; networkConfig = { DHCP = true; DNSSEC = true; }; dhcpV6Config = { PrefixDelegationHint = "::/64"; WithoutRA = "solicit"; }; }; }; boot.kernelModules = [ "ifb" ]; boot.kernel.sysctl = { "net.ipv6.conf.all.forwarding" = true; "net.ipv6.conf.default.forwarding" = true; "net.ipv4.conf.all.forwarding" = true; "net.ipv4.conf.default.forwarding" = true; "net.core.rmem_max" = 4194304; "net.core.wmem_max" = 4194304; }; }; }