options: add physicalInterfaces

nix/lib/config/options.nix

@@ -186,6 +186,13 @@ let
         type = with types; attrsOf (submodule interfaceOpts);
         description = "Network interfaces";
       };
+      physicalInterfaces = mkOption {
+        default = lib.filterAttrs (_: { type, ... }:
+          builtins.elem type [ "phys" "veth" ]
+        ) config.site.hosts.${name}.interfaces;
+        type = with types; attrsOf (submodule interfaceOpts);
+        description = "Network interfaces that are not virtual (don't set!)";
+      };
       isRouter = mkOption {
         type = types.bool;
         # isRouter = Part of the core network?

nix/nixos-module/container/bird.nix

@@ -161,7 +161,7 @@ in
                         password "${config.site.net.${net}.ospf.secret}";
                       };
                     ''
-                  ) hostConf.interfaces
+                  ) hostConf.physicalInterfaces
                 )
             )}
           };
@@ -195,7 +195,7 @@ in
                             password "${config.site.net.${net}.ospf.secret}";
                           };
                         ''
-                      ) hostConf.interfaces
+                      ) hostConf.physicalInterfaces
                     )
                 )}
               };
@@ -230,7 +230,7 @@ in
                       stubnet ${subnet6} {};
                     '') (builtins.attrValues config.site.net.${net}.subnets6)
                   )
-                ) hostConf.interfaces
+                ) hostConf.physicalInterfaces
               )
           )}
           ${builtins.concatStringsSep "\n" (
@@ -263,7 +263,7 @@ in
                         password "${config.site.net.${net}.ospf.secret}";
                       };
                     ''
-                  ) hostConf.interfaces
+                  ) hostConf.physicalInterfaces
                 )
             )}
           };
@@ -294,7 +294,7 @@ in
                             password "${config.site.net.${net}.ospf.secret}";
                           };
                         ''
-                      ) hostConf.interfaces
+                      ) hostConf.physicalInterfaces
                     )
                 )}
               };

nix/nixos-module/container/upstream/pppoe.nix

@@ -0,0 +1,67 @@
+{ hostName, inputs, lib, ... }:
+
+let
+  hostConf = config.site.hosts.${hostName};
+
+  pppoeInterfaces =
+    lib.filterAttrs (_: { type, ... }: type == "pppoe")
+      hostConf.interfaces;
+
+  firstUpstreamInterface =
+    if builtins.length (builtins.attrNames upstreamInterfaces) > 0
+    then builtins.head (
+      builtins.attrNames upstreamInterfaces
+    )
+    else null;
+
+  inherit (inputs.zentralwerk-network-key.lib.pppoe.${hostName}) user password;
+in lib.mkIf (pppoeInterfaces != {}) {
+  boot.postBootCommands = ''
+    if [ ! -c /dev/ppp ]; then
+      mknod -m 666 /dev/ppp c 108 0
+    fi
+  '';
+
+  environment.etc."ppp/pap-secrets".text = ''
+    "${user}" * "${password}"
+  '';
+  services.pppd = {
+    enable = true;
+    peers = builtins.mapAttrs (ifName: { upstream, ... }: {
+      enable = true;
+      autostart = true;
+      config = ''
+        plugin rp-pppoe.so
+        nic-${upstream.link}
+        ifname ${ifName}
+        # Login settings. (PAP)
+        name "${user}"
+        noauth
+        hide-password
+        # Connection settings.
+        persist
+        # Max connection attempts (0 = no limit)
+        maxfail 0
+        # Seconds between reconnection attempts
+        holdoff 1
+ 
+        # LCP settings.
+        lcp-echo-interval 5
+        lcp-echo-failure 6
+        
+        # PPPoE compliant settings.
+        noaccomp
+        default-asyncmap
+        mtu 1492
+        # IP settings.
+        #noipdefault
+        defaultroute
+        +ipv6
+        defaultroute6
+        # Increase debugging level
+        debug
+      '';
+    };
+  };
+
+}

nix/nixos-module/network.nix

@@ -53,7 +53,7 @@ in
             optional (gw4 != null) config.site.net.${ifName}.hosts4.${gw4} ++
             optional (gw6 != null) (findGw6 ifName gw6);
 
-        }) config.site.hosts.${hostName}.interfaces;
+        }) config.site.hosts.${hostName}.physicalInterfaces;
   };
 
   # DNS settings

nix/nixos-module/server/lxc-containers.nix

@@ -152,9 +152,7 @@ in
       "lxc/containers/${ctName}/config" = {
         enable = true;
         source =
-          let
+          builtins.toFile "${ctName}.conf" ''
-            inherit (containers.${ctName}) interfaces;
-          in builtins.toFile "${ctName}.conf" ''
             # For lxcfs and sane defaults
             lxc.include = /etc/lxc/common.conf
 
@@ -181,7 +179,7 @@ in
             # tuntap
             lxc.cgroup.devices.allow = c 10:200 rw
 
-            ${netConfig ctName interfaces}
+            ${netConfig ctName containers.${ctName}.physicalInterfaces}
           '';
       };
     }) {

nix/nixos-module/server/network.nix

@@ -22,8 +22,8 @@ let
   # Every network (both veth+phys) required by all containers
   ctNets =
     lib.lists.unique (
-      builtins.concatMap ({ interfaces, ... }:
+      builtins.concatMap ({ physicalInterfaces, ... }:
-        builtins.attrNames interfaces
+        builtins.attrNames physicalInterfaces
       ) (builtins.attrValues containers)
     );