forked from zentralwerk/network
92 lines
2.2 KiB
Nix
92 lines
2.2 KiB
Nix
{ hostName, inputs, config, lib, ... }:
|
|
|
|
let
|
|
hostConf = config.site.hosts.${hostName};
|
|
|
|
pppoeInterfaces =
|
|
lib.filterAttrs (_: { type, ... }: type == "pppoe")
|
|
hostConf.interfaces;
|
|
|
|
inherit (inputs.zentralwerk-network-key.lib.pppoe.${hostName}) user password;
|
|
|
|
in lib.mkIf (pppoeInterfaces != {}) {
|
|
boot.postBootCommands = ''
|
|
if [ ! -c /dev/ppp ]; then
|
|
mknod -m 600 /dev/ppp c 108 0
|
|
fi
|
|
'';
|
|
|
|
environment.etc."ppp/pap-secrets".text = ''
|
|
"${user}" * "${password}"
|
|
'';
|
|
services.pppd = {
|
|
enable = true;
|
|
peers = builtins.mapAttrs (ifName: { upstream, ... }: {
|
|
enable = true;
|
|
autostart = true;
|
|
config = ''
|
|
plugin rp-pppoe.so
|
|
nic-${upstream.link}
|
|
ifname ${ifName}
|
|
# Login settings. (PAP)
|
|
name "${user}"
|
|
noauth
|
|
hide-password
|
|
# Connection settings.
|
|
persist
|
|
# Max connection attempts (0 = no limit)
|
|
maxfail 0
|
|
# Seconds between reconnection attempts
|
|
holdoff 1
|
|
|
|
# LCP settings.
|
|
lcp-echo-interval 5
|
|
lcp-echo-failure 6
|
|
|
|
# PPPoE compliant settings.
|
|
noaccomp
|
|
default-asyncmap
|
|
mtu 1492
|
|
# IP settings.
|
|
#noipdefault
|
|
defaultroute
|
|
+ipv6
|
|
defaultroute6
|
|
# Increase debugging level
|
|
debug
|
|
'';
|
|
}) pppoeInterfaces;
|
|
};
|
|
|
|
systemd.network.networks =
|
|
builtins.foldl' (networks: ifName: let
|
|
iface = pppoeInterfaces.${ifName};
|
|
in networks // {
|
|
"${ifName}" = {
|
|
matchConfig.Name = "${ifName}";
|
|
networkConfig = {
|
|
DHCP = lib.mkOverride 900 "ipv6";
|
|
# accept config set by pppd
|
|
KeepConfiguration = "yes";
|
|
};
|
|
dhcpV6Config = {
|
|
RapidCommit = true;
|
|
ForceDHCPv6PDOtherInformation = true;
|
|
PrefixDelegationHint = "::/56";
|
|
};
|
|
};
|
|
"${iface.upstream.link}".networkConfig = {
|
|
ConfigureWithoutCarrier = true;
|
|
LinkLocalAddressing = "no";
|
|
};
|
|
}) {} (builtins.attrNames pppoeInterfaces);
|
|
|
|
# TODO: needed?
|
|
networking.nat.extraCommands = ''
|
|
iptables -A FORWARD \
|
|
-p tcp --tcp-flags SYN,RST SYN \
|
|
-j TCPMSS --clamp-mss-to-pmtu
|
|
'';
|
|
|
|
}
|