1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58 { config, utils, pkgs, ... }:
{
age.secrets.pppd-env.file = ./. + "/../../../secrets/${config.networking.hostName}/pppd-env.age";
services.pppd = {
enable = true;
peers.dtagdsl = {
config = ''
plugin pppoe.so dtagdsl
user "''${DTAG_PPP_USER}"
password "''${DTAG_PPP_PASS}"
hide-password
ifname ppp-dtagdsl
persist
maxfail 0
holdoff 5
noipdefault
lcp-echo-interval 20
lcp-echo-failure 3
mtu 1492
defaultroute
replacedefaultroute
+ipv6
'';
};
};
environment.etc."ppp/peers/dtagdsl".enable = false;
systemd.services."pppd-dtagdsl".serviceConfig = let
preStart = ''
mkdir -p /etc/ppp/peers
# Created files only readable by root
umask u=rw,g=,o=
# Copy config and substitute env-vars
rm -f /etc/ppp/peers/dtagdsl
${pkgs.envsubst}/bin/envsubst -i "${config.environment.etc."ppp/peers/dtagdsl".source}" > /etc/ppp/peers/dtagdsl
'';
preStartFile = utils.systemdUtils.lib.makeJobScript { name = "pppd-dtagdsl-pre-start"; text = preStart; enableStrictShellChecks = true; };
in {
EnvironmentFile = config.age.secrets.pppd-env.path;
ExecStartPre = [
# "+" marks script to be executed without priviledge restrictions
"+${preStartFile}"
];
};
}