commit 4f27ad8d12a95eb23aa268322e664711cfe6fd00
parent e0a689f88c0dcc4da4562e102eed237b327cdb22
Author: Leah (ctucx) <git@ctu.cx>
Date: Sun, 6 Oct 2024 19:05:10 +0200
parent e0a689f88c0dcc4da4562e102eed237b327cdb22
Author: Leah (ctucx) <git@ctu.cx>
Date: Sun, 6 Oct 2024 19:05:10 +0200
machines/briefkasten/router: add pppd for dsl-pppoe
6 files changed, 87 insertions(+), 0 deletions(-)
diff --git a/machines/briefkasten/router/default.nix b/machines/briefkasten/router/default.nix @@ -4,6 +4,7 @@ imports = [ ./systemd-networkd.nix + ./ppp.nix ./nftables.nix ./dnsmasq.nix ];
diff --git a/machines/briefkasten/router/ppp.nix b/machines/briefkasten/router/ppp.nix @@ -0,0 +1,58 @@ +{ config, utils, pkgs, ... }: + +{ + + age.secrets.pppd-env.file = ./. + "/../../../secrets/${config.networking.hostName}/pppd-env.age"; + + + services.pppd = { + enable = true; + peers.dtagdsl = { + config = '' + plugin pppoe.so dtagdsl + user "''${DTAG_PPP_USER}" + password "''${DTAG_PPP_PASS}" + hide-password + ifname ppp-dtagdsl + persist + + maxfail 0 + holdoff 5 + + noipdefault + + lcp-echo-interval 20 + lcp-echo-failure 3 + + mtu 1492 + defaultroute + replacedefaultroute + +ipv6 + ''; + }; + }; + + environment.etc."ppp/peers/dtagdsl".enable = false; + + systemd.services."pppd-dtagdsl".serviceConfig = let + preStart = '' + mkdir -p /etc/ppp/peers + + # Created files only readable by root + umask u=rw,g=,o= + + # Copy config and substitute env-vars + rm -f /etc/ppp/peers/dtagdsl + ${pkgs.envsubst}/bin/envsubst -i "${config.environment.etc."ppp/peers/dtagdsl".source}" > /etc/ppp/peers/dtagdsl + ''; + + preStartFile = utils.systemdUtils.lib.makeJobScript "pppd-dtagdsl-pre-start" preStart; + in { + EnvironmentFile = config.age.secrets.pppd-env.path; + ExecStartPre = [ + # "+" marks script to be executed without priviledge restrictions + "+${preStartFile}" + ]; + }; + +}+ \ No newline at end of file
diff --git a/machines/briefkasten/router/ruleset.nft b/machines/briefkasten/router/ruleset.nft @@ -83,5 +83,6 @@ table ip nat { type nat hook postrouting priority 0 policy accept oifname iphone masquerade + oifname ppp-dtagdsl masquerade } } \ No newline at end of file
diff --git a/machines/briefkasten/router/systemd-networkd.nix b/machines/briefkasten/router/systemd-networkd.nix @@ -14,6 +14,11 @@ wait-online.enable = false; links = { + "5-dtagdsl" = { + matchConfig.PermanentMACAddress = "d0:37:45:06:de:de"; + linkConfig.Name = "dtagdsl"; + }; + "10-iphone" = { matchConfig.PermanentMACAddress = "aa:ab:b5:18:95:d9"; linkConfig.Name = "iphone"; @@ -64,6 +69,13 @@ networks = { + "10-dtagdsl" = { + matchConfig = { + Name = "dtagdsl"; + }; + DHCP = "no"; + }; + "10-iphone" = { matchConfig = { Name = "iphone";
diff --git a/secrets/briefkasten/pppd-env.age b/secrets/briefkasten/pppd-env.age @@ -0,0 +1,13 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTR0wvSjIyd2Q4dmVha2hn +cUplb2lkK0FRT3BDKzhQLzduaXBYOXNlRm5JClhrOGljMStqSWI4TjNTT21HTVRq +YzAyQXRPNXZQVHQ3NFZkaTVYL1I3Z0kKLT4gc3NoLWVkMjU1MTkgNGhLQ013IE9H +bkRWWGJEK0lPY2hESlNHdzAxU3F6MFNTakcwNXl0aloxM2NhcVdxakkKc2MwbzBJ +a1ZyZks5UTZPS3VReThmYy9uWDNGOXNueUdlVFg2akJHbVYrRQotPiBfJUNRXF9F +Ny1ncmVhc2UgXENGWyA2TVhqJ15jWSB8eEMyWXFTUyB5fkZtaFQwCkRtaGNnRXI3 +WWl2QmlleEpGTUlyejI2dElqd3ZWNGdnV3U1RXR1UklzREREcnl4NXdaNjFRZEZO +VmxzdUNlengKazc3MitBQWRibXNDUlhkampLWHk1NlJkak8rTQotLS0gUFN3NzJL +Qm55MjZtZmwyRXV5SEYzSmRjQUhrWE1rcHV5V2xQRXdJelF3UQoN5WBS6NhizD4A +nQdKhECqIZymuYGwHRgR9ZpjnK3lYOVYa2VlYay8qw/3UPdI+wcZe5gw00pzD1Es +wRVg1j2v113IDealtgX00Be1N0LRL+cj1rh/FqNpuwaeBQsuNOVm +-----END AGE ENCRYPTED FILE-----
diff --git a/secrets/secrets.nix b/secrets/secrets.nix @@ -47,6 +47,7 @@ in { "briefkasten/wireguard-privkey.age".publicKeys = [ leah briefkasten ]; "briefkasten/gotosocial-env.age".publicKeys = [ leah briefkasten ]; "briefkasten/restic-server-htpasswd.age".publicKeys = [ leah briefkasten ]; + "briefkasten/pppd-env.age".publicKeys = [ leah briefkasten ]; "briefkasten/restic/gotosocial.age".publicKeys = [ leah briefkasten ]; "briefkasten/restic/influxdb.age".publicKeys = [ leah briefkasten ];