ppp.nix - nixfiles

1 
2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 
29 
30 
31 
32 
33 
34 
35 
36 
37 
38 
39 
40 
41 
42 
43 
44 
45 
46 
47 
48 
49 
50 
51 
52 
53 
54 
55 
56 
57 
58 
59 
60 
61 
62 
{ secrets, config, utils, pkgs, ... }:

{

  age.secrets.pppdEnv.file = secrets."${config.networking.hostName}".pppdEnv;

  services.pppd = {
    enable = true;
    peers.dtagdsl.config = ''
      plugin pppoe.so dtagdsl
      user "''${DTAG_PPP_USER}"
      password "''${DTAG_PPP_PASS}"
      hide-password
      ifname ppp-dtagdsl
      persist

      maxfail 0
      holdoff 5

      noipdefault

      lcp-echo-interval 20
      lcp-echo-failure 3

      mtu 1492
      defaultroute
      replacedefaultroute
      +ipv6
    '';
  };

  environment.etc."ppp/peers/dtagdsl".enable  = false;
  environment.etc."ip-up.d/1systemd-networkd" = {
    mode = "755";
    text = ''
      #!{pkgs.bash}/bin/bash
      networkctl reconfigure "$PPP_IFACE";
    '';
  };

  systemd.services."pppd-dtagdsl".serviceConfig = let
    preStart = ''
      mkdir -p /etc/ppp/peers

      # Created files only readable by root
      umask u=rw,g=,o=

      # Copy config and substitute env-vars
      rm -f /etc/ppp/peers/dtagdsl
      ${pkgs.envsubst}/bin/envsubst -i "${config.environment.etc."ppp/peers/dtagdsl".source}" > /etc/ppp/peers/dtagdsl
    '';

    preStartFile = utils.systemdUtils.lib.makeJobScript { name = "pppd-dtagdsl-pre-start"; text = preStart; enableStrictShellChecks = true; };
  in {
    EnvironmentFile = config.age.secrets.pppdEnv.path;
    ExecStartPre = [
      # "+" marks script to be executed without priviledge restrictions
      "+${preStartFile}"
    ];
  };

}