diff --git a/nix/lib/config/options.nix b/nix/lib/config/options.nix index 3e44c13..6a23843 100644 --- a/nix/lib/config/options.nix +++ b/nix/lib/config/options.nix @@ -186,6 +186,13 @@ let type = with types; attrsOf (submodule interfaceOpts); description = "Network interfaces"; }; + physicalInterfaces = mkOption { + default = lib.filterAttrs (_: { type, ... }: + builtins.elem type [ "phys" "veth" ] + ) config.site.hosts.${name}.interfaces; + type = with types; attrsOf (submodule interfaceOpts); + description = "Network interfaces that are not virtual (don't set!)"; + }; isRouter = mkOption { type = types.bool; # isRouter = Part of the core network? diff --git a/nix/nixos-module/container/bird.nix b/nix/nixos-module/container/bird.nix index 0ee9e83..4b0d654 100644 --- a/nix/nixos-module/container/bird.nix +++ b/nix/nixos-module/container/bird.nix @@ -161,7 +161,7 @@ in password "${config.site.net.${net}.ospf.secret}"; }; '' - ) hostConf.interfaces + ) hostConf.physicalInterfaces ) )} }; @@ -195,7 +195,7 @@ in password "${config.site.net.${net}.ospf.secret}"; }; '' - ) hostConf.interfaces + ) hostConf.physicalInterfaces ) )} }; @@ -230,7 +230,7 @@ in stubnet ${subnet6} {}; '') (builtins.attrValues config.site.net.${net}.subnets6) ) - ) hostConf.interfaces + ) hostConf.physicalInterfaces ) )} ${builtins.concatStringsSep "\n" ( @@ -263,7 +263,7 @@ in password "${config.site.net.${net}.ospf.secret}"; }; '' - ) hostConf.interfaces + ) hostConf.physicalInterfaces ) )} }; @@ -294,7 +294,7 @@ in password "${config.site.net.${net}.ospf.secret}"; }; '' - ) hostConf.interfaces + ) hostConf.physicalInterfaces ) )} }; diff --git a/nix/nixos-module/container/upstream/pppoe.nix b/nix/nixos-module/container/upstream/pppoe.nix new file mode 100644 index 000000000..a946d87 --- /dev/null +++ b/nix/nixos-module/container/upstream/pppoe.nix @@ -0,0 +1,67 @@ +{ hostName, inputs, lib, ... }: + +let + hostConf = config.site.hosts.${hostName}; + + pppoeInterfaces = + lib.filterAttrs (_: { type, ... }: type == "pppoe") + hostConf.interfaces; + + firstUpstreamInterface = + if builtins.length (builtins.attrNames upstreamInterfaces) > 0 + then builtins.head ( + builtins.attrNames upstreamInterfaces + ) + else null; + + inherit (inputs.zentralwerk-network-key.lib.pppoe.${hostName}) user password; +in lib.mkIf (pppoeInterfaces != {}) { + boot.postBootCommands = '' + if [ ! -c /dev/ppp ]; then + mknod -m 666 /dev/ppp c 108 0 + fi + ''; + + environment.etc."ppp/pap-secrets".text = '' + "${user}" * "${password}" + ''; + services.pppd = { + enable = true; + peers = builtins.mapAttrs (ifName: { upstream, ... }: { + enable = true; + autostart = true; + config = '' + plugin rp-pppoe.so + nic-${upstream.link} + ifname ${ifName} + # Login settings. (PAP) + name "${user}" + noauth + hide-password + # Connection settings. + persist + # Max connection attempts (0 = no limit) + maxfail 0 + # Seconds between reconnection attempts + holdoff 1 + + # LCP settings. + lcp-echo-interval 5 + lcp-echo-failure 6 + + # PPPoE compliant settings. + noaccomp + default-asyncmap + mtu 1492 + # IP settings. + #noipdefault + defaultroute + +ipv6 + defaultroute6 + # Increase debugging level + debug + ''; + }; + }; + +} diff --git a/nix/nixos-module/network.nix b/nix/nixos-module/network.nix index ed05cdb..943661f 100644 --- a/nix/nixos-module/network.nix +++ b/nix/nixos-module/network.nix @@ -53,7 +53,7 @@ in optional (gw4 != null) config.site.net.${ifName}.hosts4.${gw4} ++ optional (gw6 != null) (findGw6 ifName gw6); - }) config.site.hosts.${hostName}.interfaces; + }) config.site.hosts.${hostName}.physicalInterfaces; }; # DNS settings diff --git a/nix/nixos-module/server/lxc-containers.nix b/nix/nixos-module/server/lxc-containers.nix index a9bd5a0..8ec67cd 100644 --- a/nix/nixos-module/server/lxc-containers.nix +++ b/nix/nixos-module/server/lxc-containers.nix @@ -152,9 +152,7 @@ in "lxc/containers/${ctName}/config" = { enable = true; source = - let - inherit (containers.${ctName}) interfaces; - in builtins.toFile "${ctName}.conf" '' + builtins.toFile "${ctName}.conf" '' # For lxcfs and sane defaults lxc.include = /etc/lxc/common.conf @@ -181,7 +179,7 @@ in # tuntap lxc.cgroup.devices.allow = c 10:200 rw - ${netConfig ctName interfaces} + ${netConfig ctName containers.${ctName}.physicalInterfaces} ''; }; }) { diff --git a/nix/nixos-module/server/network.nix b/nix/nixos-module/server/network.nix index f91feef..767bb68 100644 --- a/nix/nixos-module/server/network.nix +++ b/nix/nixos-module/server/network.nix @@ -22,8 +22,8 @@ let # Every network (both veth+phys) required by all containers ctNets = lib.lists.unique ( - builtins.concatMap ({ interfaces, ... }: - builtins.attrNames interfaces + builtins.concatMap ({ physicalInterfaces, ... }: + builtins.attrNames physicalInterfaces ) (builtins.attrValues containers) );