forked from zentralwerk/network
nixos-module/container/upstream/pppoe: init
This commit is contained in:
parent
b87b73d358
commit
bd795b270a
|
@ -5,5 +5,10 @@
|
||||||
lib.gpgKey = null;
|
lib.gpgKey = null;
|
||||||
# test key
|
# test key
|
||||||
lib.dyndnsKey = "Dr1QHSfNtAwgbdoNBtCgl5NxsSXlaw9+qo7juiVTv58=";
|
lib.dyndnsKey = "Dr1QHSfNtAwgbdoNBtCgl5NxsSXlaw9+qo7juiVTv58=";
|
||||||
|
# test credentials
|
||||||
|
lib.pppoe.upstream4 = {
|
||||||
|
user = "test@example.com";
|
||||||
|
password = "secret";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -105,7 +105,14 @@ in
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
upstream3.interfaces.up3.upstream.provider = "starlink";
|
upstream3.interfaces.up3.upstream.provider = "starlink";
|
||||||
upstream4.interfaces.up4.upstream.provider = "dsi";
|
upstream4.interfaces.up4-pppoe = {
|
||||||
|
type = "pppoe";
|
||||||
|
upstream = {
|
||||||
|
provider = "dsi";
|
||||||
|
link = "up4";
|
||||||
|
upBandwidth = 95000;
|
||||||
|
};
|
||||||
|
};
|
||||||
upstream1.ospf.upstreamInstance = 3;
|
upstream1.ospf.upstreamInstance = 3;
|
||||||
upstream2.ospf.upstreamInstance = 4;
|
upstream2.ospf.upstreamInstance = 4;
|
||||||
anon1.ospf.upstreamInstance = 5;
|
anon1.ospf.upstreamInstance = 5;
|
||||||
|
|
|
@ -106,6 +106,11 @@ let
|
||||||
provider = mkOption {
|
provider = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
};
|
};
|
||||||
|
link = mkOption {
|
||||||
|
type = with types; nullOr str;
|
||||||
|
default = null;
|
||||||
|
description = "Underlying interface name for eg. PPPoE";
|
||||||
|
};
|
||||||
upBandwidth = mkOption {
|
upBandwidth = mkOption {
|
||||||
type = with types; nullOr int;
|
type = with types; nullOr int;
|
||||||
default = null;
|
default = null;
|
||||||
|
@ -124,7 +129,7 @@ let
|
||||||
description = "Static MAC address";
|
description = "Static MAC address";
|
||||||
};
|
};
|
||||||
type = mkOption {
|
type = mkOption {
|
||||||
type = types.enum [ "phys" "veth" ];
|
type = types.enum [ "phys" "veth" "pppoe" ];
|
||||||
description = ''
|
description = ''
|
||||||
veth: Virtual ethernet to be attached to a bridge.
|
veth: Virtual ethernet to be attached to a bridge.
|
||||||
|
|
||||||
|
|
|
@ -116,14 +116,14 @@ in
|
||||||
# Enable OSPF only on networks with a secret. Others
|
# Enable OSPF only on networks with a secret. Others
|
||||||
# are treated as a stubnet whose routes to
|
# are treated as a stubnet whose routes to
|
||||||
# advertise.
|
# advertise.
|
||||||
if config.site.net.${net}.ospf.secret != null
|
if config.site.net ? net && config.site.net.${net}.ospf.secret != null
|
||||||
then ''
|
then ''
|
||||||
interface "${net}" {
|
interface "${net}" {
|
||||||
authentication cryptographic;
|
authentication cryptographic;
|
||||||
password "${config.site.net.${net}.ospf.secret}";
|
password "${config.site.net.${net}.ospf.secret}";
|
||||||
};
|
};
|
||||||
''
|
''
|
||||||
else if config.site.net.${net}.subnet4 != null
|
else if config.site.net ? net && config.site.net.${net}.subnet4 != null
|
||||||
then ''
|
then ''
|
||||||
# Advertise route of network ${net}
|
# Advertise route of network ${net}
|
||||||
stubnet ${config.site.net.${net}.subnet4} {};
|
stubnet ${config.site.net.${net}.subnet4} {};
|
||||||
|
|
|
@ -38,8 +38,14 @@ in
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
[CAKE]
|
[CAKE]
|
||||||
Parent = root
|
Parent = root
|
||||||
# DOCSIS overhead
|
${lib.optionalString (upstream.provider == "vodafone") ''
|
||||||
OverheadBytes = 18
|
# DOCSIS overhead
|
||||||
|
OverheadBytes = 18
|
||||||
|
''}
|
||||||
|
${lib.optionalString (upstream.provider == "dsi") ''
|
||||||
|
# PPPoE overhead
|
||||||
|
OverheadBytes = 18
|
||||||
|
''}
|
||||||
${lib.optionalString (upstream.upBandwidth != null) ''
|
${lib.optionalString (upstream.upBandwidth != null) ''
|
||||||
Bandwidth = ${toString upstream.upBandwidth}K
|
Bandwidth = ${toString upstream.upBandwidth}K
|
||||||
''}
|
''}
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ hostName, inputs, lib, ... }:
|
{ hostName, inputs, config, lib, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
hostConf = config.site.hosts.${hostName};
|
hostConf = config.site.hosts.${hostName};
|
||||||
|
@ -7,18 +7,12 @@ let
|
||||||
lib.filterAttrs (_: { type, ... }: type == "pppoe")
|
lib.filterAttrs (_: { type, ... }: type == "pppoe")
|
||||||
hostConf.interfaces;
|
hostConf.interfaces;
|
||||||
|
|
||||||
firstUpstreamInterface =
|
|
||||||
if builtins.length (builtins.attrNames upstreamInterfaces) > 0
|
|
||||||
then builtins.head (
|
|
||||||
builtins.attrNames upstreamInterfaces
|
|
||||||
)
|
|
||||||
else null;
|
|
||||||
|
|
||||||
inherit (inputs.zentralwerk-network-key.lib.pppoe.${hostName}) user password;
|
inherit (inputs.zentralwerk-network-key.lib.pppoe.${hostName}) user password;
|
||||||
|
|
||||||
in lib.mkIf (pppoeInterfaces != {}) {
|
in lib.mkIf (pppoeInterfaces != {}) {
|
||||||
boot.postBootCommands = ''
|
boot.postBootCommands = ''
|
||||||
if [ ! -c /dev/ppp ]; then
|
if [ ! -c /dev/ppp ]; then
|
||||||
mknod -m 666 /dev/ppp c 108 0
|
mknod -m 600 /dev/ppp c 108 0
|
||||||
fi
|
fi
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
@ -61,7 +55,37 @@ in lib.mkIf (pppoeInterfaces != {}) {
|
||||||
# Increase debugging level
|
# Increase debugging level
|
||||||
debug
|
debug
|
||||||
'';
|
'';
|
||||||
};
|
}) pppoeInterfaces;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
systemd.network.networks =
|
||||||
|
builtins.foldl' (networks: ifName: let
|
||||||
|
iface = pppoeInterfaces.${ifName};
|
||||||
|
in networks // {
|
||||||
|
"${ifName}" = {
|
||||||
|
matchConfig.Name = "${ifName}";
|
||||||
|
networkConfig = {
|
||||||
|
DHCP = lib.mkOverride 900 "ipv6";
|
||||||
|
# accept config set by pppd
|
||||||
|
KeepConfiguration = "yes";
|
||||||
|
};
|
||||||
|
dhcpV6Config = {
|
||||||
|
RapidCommit = true;
|
||||||
|
ForceDHCPv6PDOtherInformation = true;
|
||||||
|
PrefixDelegationHint = "::/56";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
"${iface.upstream.link}".networkConfig = {
|
||||||
|
ConfigureWithoutCarrier = true;
|
||||||
|
LinkLocalAddressing = "no";
|
||||||
|
};
|
||||||
|
}) {} (builtins.attrNames pppoeInterfaces);
|
||||||
|
|
||||||
|
# TODO: needed?
|
||||||
|
networking.nat.extraCommands = ''
|
||||||
|
iptables -A FORWARD \
|
||||||
|
-p tcp --tcp-flags SYN,RST SYN \
|
||||||
|
-j TCPMSS --clamp-mss-to-pmtu
|
||||||
|
'';
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -36,6 +36,7 @@ in {
|
||||||
] ++
|
] ++
|
||||||
optionals (builtins.match "upstream.*" hostName != null) [
|
optionals (builtins.match "upstream.*" hostName != null) [
|
||||||
./container/upstream.nix
|
./container/upstream.nix
|
||||||
|
./container/upstream/pppoe.nix
|
||||||
] ++
|
] ++
|
||||||
optionals (hostName == "mgmt-gw") [
|
optionals (hostName == "mgmt-gw") [
|
||||||
./container/mgmt-gw.nix
|
./container/mgmt-gw.nix
|
||||||
|
|
|
@ -180,6 +180,9 @@ in
|
||||||
# tuntap
|
# tuntap
|
||||||
lxc.cgroup.devices.allow = c 10:200 rw
|
lxc.cgroup.devices.allow = c 10:200 rw
|
||||||
lxc.cgroup2.devices.allow = c 10:200 rw
|
lxc.cgroup2.devices.allow = c 10:200 rw
|
||||||
|
# ppp
|
||||||
|
lxc.cgroup.devices.allow = c 108:0 rwm
|
||||||
|
lxc.cgroup2.devices.allow = c 108:0 rwm
|
||||||
|
|
||||||
${netConfig ctName containers.${ctName}.physicalInterfaces}
|
${netConfig ctName containers.${ctName}.physicalInterfaces}
|
||||||
'';
|
'';
|
||||||
|
|
Loading…
Reference in New Issue