options: add physicalInterfaces

2021-05-31 00:06:56 +02:00 · 2021-05-31 00:06:56 +02:00 · 24b36568ca
parent 280292b631
commit 24b36568ca
6 changed files with 84 additions and 12 deletions
--- a/nix/lib/config/options.nix
+++ b/nix/lib/config/options.nix
@ -186,6 +186,13 @@ let
        type = with types; attrsOf (submodule interfaceOpts);
        description = "Network interfaces";
      };
+      physicalInterfaces = mkOption {
+        default = lib.filterAttrs (_: { type, ... }:
+          builtins.elem type [ "phys" "veth" ]
+        ) config.site.hosts.${name}.interfaces;
+        type = with types; attrsOf (submodule interfaceOpts);
+        description = "Network interfaces that are not virtual (don't set!)";
+      };
      isRouter = mkOption {
        type = types.bool;
        # isRouter = Part of the core network?
--- a/nix/nixos-module/container/bird.nix
+++ b/nix/nixos-module/container/bird.nix
@ -161,7 +161,7 @@ in
                        password "${config.site.net.${net}.ospf.secret}";
                      };
                    ''
-                  ) hostConf.interfaces
+                  ) hostConf.physicalInterfaces
                )
            )}
          };
@ -195,7 +195,7 @@ in
                            password "${config.site.net.${net}.ospf.secret}";
                          };
                        ''
-                      ) hostConf.interfaces
+                      ) hostConf.physicalInterfaces
                    )
                )}
              };
@ -230,7 +230,7 @@ in
                      stubnet ${subnet6} {};
                    '') (builtins.attrValues config.site.net.${net}.subnets6)
                  )
-                ) hostConf.interfaces
+                ) hostConf.physicalInterfaces
              )
          )}
          ${builtins.concatStringsSep "\n" (
@ -263,7 +263,7 @@ in
                        password "${config.site.net.${net}.ospf.secret}";
                      };
                    ''
-                  ) hostConf.interfaces
+                  ) hostConf.physicalInterfaces
                )
            )}
          };
@ -294,7 +294,7 @@ in
                            password "${config.site.net.${net}.ospf.secret}";
                          };
                        ''
-                      ) hostConf.interfaces
+                      ) hostConf.physicalInterfaces
                    )
                )}
              };
--- a/nix/nixos-module/container/upstream/pppoe.nix
+++ b/nix/nixos-module/container/upstream/pppoe.nix
@ -0,0 +1,67 @@
+{ hostName, inputs, lib, ... }:
+
+let
+  hostConf = config.site.hosts.${hostName};
+
+  pppoeInterfaces =
+    lib.filterAttrs (_: { type, ... }: type == "pppoe")
+      hostConf.interfaces;
+
+  firstUpstreamInterface =
+    if builtins.length (builtins.attrNames upstreamInterfaces) > 0
+    then builtins.head (
+      builtins.attrNames upstreamInterfaces
+    )
+    else null;
+
+  inherit (inputs.zentralwerk-network-key.lib.pppoe.${hostName}) user password;
+in lib.mkIf (pppoeInterfaces != {}) {
+  boot.postBootCommands = ''
+    if [ ! -c /dev/ppp ]; then
+      mknod -m 666 /dev/ppp c 108 0
+    fi
+  '';
+
+  environment.etc."ppp/pap-secrets".text = ''
+    "${user}" * "${password}"
+  '';
+  services.pppd = {
+    enable = true;
+    peers = builtins.mapAttrs (ifName: { upstream, ... }: {
+      enable = true;
+      autostart = true;
+      config = ''
+        plugin rp-pppoe.so
+        nic-${upstream.link}
+        ifname ${ifName}
+        # Login settings. (PAP)
+        name "${user}"
+        noauth
+        hide-password
+        # Connection settings.
+        persist
+        # Max connection attempts (0 = no limit)
+        maxfail 0
+        # Seconds between reconnection attempts
+        holdoff 1
+ 
+        # LCP settings.
+        lcp-echo-interval 5
+        lcp-echo-failure 6
+        
+        # PPPoE compliant settings.
+        noaccomp
+        default-asyncmap
+        mtu 1492
+        # IP settings.
+        #noipdefault
+        defaultroute
+        +ipv6
+        defaultroute6
+        # Increase debugging level
+        debug
+      '';
+    };
+  };
+
+}
--- a/nix/nixos-module/network.nix
+++ b/nix/nixos-module/network.nix
@ -53,7 +53,7 @@ in
            optional (gw4 != null) config.site.net.${ifName}.hosts4.${gw4} ++
            optional (gw6 != null) (findGw6 ifName gw6);

-        }) config.site.hosts.${hostName}.interfaces;
+        }) config.site.hosts.${hostName}.physicalInterfaces;
  };

  # DNS settings
--- a/nix/nixos-module/server/lxc-containers.nix
+++ b/nix/nixos-module/server/lxc-containers.nix
@ -152,9 +152,7 @@ in
      "lxc/containers/${ctName}/config" = {
        enable = true;
        source =
-          let
-            inherit (containers.${ctName}) interfaces;
-          in builtins.toFile "${ctName}.conf" ''
+          builtins.toFile "${ctName}.conf" ''
            # For lxcfs and sane defaults
            lxc.include = /etc/lxc/common.conf

@ -181,7 +179,7 @@ in
            # tuntap
            lxc.cgroup.devices.allow = c 10:200 rw

-            ${netConfig ctName interfaces}
+            ${netConfig ctName containers.${ctName}.physicalInterfaces}
          '';
      };
    }) {
--- a/nix/nixos-module/server/network.nix
+++ b/nix/nixos-module/server/network.nix
@ -22,8 +22,8 @@ let
  # Every network (both veth+phys) required by all containers
  ctNets =
    lib.lists.unique (
-      builtins.concatMap ({ interfaces, ... }:
-        builtins.attrNames interfaces
+      builtins.concatMap ({ physicalInterfaces, ... }:
+        builtins.attrNames physicalInterfaces
      ) (builtins.attrValues containers)
    );