diff --git a/hosts/carbon/configuration.nix b/hosts/carbon/configuration.nix index 051f1d3..b80e961 100644 --- a/hosts/carbon/configuration.nix +++ b/hosts/carbon/configuration.nix @@ -39,7 +39,7 @@ networking.nat = { enableIPv6 = true; enable = true; - externalInterface = "ppp-dtagdsl"; + externalInterface = "ppp-ncfttb"; internalIPv6s = [ "fd00:152:152::/48" "fd00:3214:9453:4920::/64"]; internalIPs = [ "10.152.0.0/16" "192.168.32.0/24" ]; }; diff --git a/hosts/carbon/net-dsl.nix b/hosts/carbon/net-dsl.nix index b67ae33..dcd26a5 100644 --- a/hosts/carbon/net-dsl.nix +++ b/hosts/carbon/net-dsl.nix @@ -3,17 +3,17 @@ { ## DSL-Uplink - networking.vlans."enp1s0.7" = { - id = 7; + networking.vlans."enp1s0.10" = { + id = 10; interface = "enp1s0"; }; - networking.vlans."enp3s0.7" = { - id = 7; + networking.vlans."enp3s0.10" = { + id = 10; interface = "enp3s0"; }; networking.bridges."net-dsl".interfaces = [ - "enp1s0.7" - "enp3s0.7" + "enp1s0.10" + "enp3s0.10" ]; } diff --git a/hosts/carbon/net-gastnetz.nix b/hosts/carbon/net-gastnetz.nix index 2ce3c9a..1ddab6c 100644 --- a/hosts/carbon/net-gastnetz.nix +++ b/hosts/carbon/net-gastnetz.nix @@ -61,7 +61,7 @@ # net-gastnetz can only access internet clerie.firewall.extraForwardFilterCommands = '' - ip46tables -A forward-filter -i net-gastnetz -o ppp-dtagdsl -j ACCEPT + ip46tables -A forward-filter -i net-gastnetz -o ppp-ncfttb -j ACCEPT ip46tables -A forward-filter -i net-gastnetz -j DROP ip46tables -A forward-filter -o net-gastnetz -j DROP ''; diff --git a/hosts/carbon/ppp.nix b/hosts/carbon/ppp.nix index 200b161..14ede68 100644 --- a/hosts/carbon/ppp.nix +++ b/hosts/carbon/ppp.nix @@ -4,11 +4,11 @@ services.pppd = { enable = true; - peers.dtagdsl = { + peers.ncfttb = { config = '' plugin pppoe.so net-dsl - user "''${PPPD_DTAGDSL_USERNAME}" - ifname ppp-dtagdsl + user "''${PPPD_NETCOLOGNE_USERNAME}" + ifname ppp-ncfttb persist maxfail 0 holdoff 5 @@ -24,9 +24,9 @@ }; }; - environment.etc."ppp/peers/dtagdsl".enable = false; + environment.etc."ppp/peers/ncfttb".enable = false; - systemd.services."pppd-dtagdsl".serviceConfig = let + systemd.services."pppd-ncfttb".serviceConfig = let preStart = '' mkdir -p /etc/ppp/peers @@ -34,22 +34,22 @@ umask u=rw,g=,o= # Copy config and substitute username - rm -f /etc/ppp/peers/dtagdsl - ${pkgs.envsubst}/bin/envsubst -i "${config.environment.etc."ppp/peers/dtagdsl".source}" > /etc/ppp/peers/dtagdsl + rm -f /etc/ppp/peers/ncfttb + ${pkgs.envsubst}/bin/envsubst -i "${config.environment.etc."ppp/peers/ncfttb".source}" > /etc/ppp/peers/ncfttb # Copy login secrets rm -f /etc/ppp/pap-secrets - cat ${config.sops.secrets.pppd-dtagdsl-secrets.path} > /etc/ppp/pap-secrets + cat ${config.sops.secrets.pppd-ncfttb-secrets.path} > /etc/ppp/pap-secrets rm -f /etc/ppp/chap-secrets - cat ${config.sops.secrets.pppd-dtagdsl-secrets.path} > /etc/ppp/chap-secrets + cat ${config.sops.secrets.pppd-ncfttb-secrets.path} > /etc/ppp/chap-secrets ''; preStartFile = pkgs.writeShellApplication { - name = "pppd-dtagdsl-pre-start"; + name = "pppd-ncfttb-pre-start"; text = preStart; }; in { - EnvironmentFile = config.sops.secrets.pppd-dtagdsl-username.path; + EnvironmentFile = config.sops.secrets.pppd-ncfttb-username.path; ExecStartPre = [ # "+" marks script to be executed without priviledge restrictions "+${lib.getExe preStartFile}" diff --git a/hosts/carbon/secrets.json b/hosts/carbon/secrets.json index f3c77f3..77c2b6f 100644 --- a/hosts/carbon/secrets.json +++ b/hosts/carbon/secrets.json @@ -1,21 +1,17 @@ { "wg-monitoring": "ENC[AES256_GCM,data:+k5MgBrj/psMCE1T2jDtCCJI9Q7L+wJ3j83inNkeGp3LSUjoAPtBp4YoyL4=,iv:C19g/Lqi+cWAyiJBMNDtgLc3SDNI9bMBrBPWn+26mVY=,tag:9zIoawuGeGCMbOX1HKR/sQ==,type:str]", - "pppd-dtagdsl-username": "ENC[AES256_GCM,data:JC7EyyMoN0p5YwnS9W5I0G5Omhk5usw28UiJrCfifGr+2FUgMrtFYAHQdrtWAELvYNBQDPgrHMmQjGQLhpqqK0hH,iv:/q+Fm63GVBApGInyS8i39V/lo6iv+I2omVh47deq+o8=,tag:LkR+1zTDNWuYkhH2iWT7SA==,type:str]", - "pppd-dtagdsl-secrets": "ENC[AES256_GCM,data:c5pOb8It1py/9NXNTgLvt9zmsBVbSLHJt4iXWiNA+Osvomw3r7pgoO/JJh9ujomPMnOlDwN7g+pJ,iv:W36gA8E1mWchN6+8hdMdt2epv/RdS91T5ANB/JTcHCE=,tag:7eZ3fZkjERCVJCXYrABnlQ==,type:str]", + "pppd-ncfttb-username": "ENC[AES256_GCM,data:vyOCNm23xsD3Kj+R7zqnBjH4jEIfYpx/YUUGPcVzqMs9pnFEembahtFTl2sNzOFXLfYCYg==,iv:gMfi/6jldkXCnfdvhu5X1VKj58sVsPR8IX8iEECPfgk=,tag:PJGyIASP6RPAdVULEnn+Gg==,type:str]", + "pppd-ncfttb-secrets": "ENC[AES256_GCM,data:IEAguET78vdzRo47UvxbDdz+kKgYWVxYakPPu5rNAZ4BCui7DUG3qm2X9bBdHSMA,iv:Q8D58HXkCoVbqwFoYk+dizXNcEP1J63uMaDSNEzfg2g=,tag:R/xG3owmbVDOLM79sfBQjA==,type:str]", "wg-clerie": "ENC[AES256_GCM,data:OEZg8ZoLAdVhKkvB0ai13ID3gPnVUU/xkOjZ4KiJ9MnRbcFu5HBd7Nw6iNwh,iv:edPuaehya2ZvYKkiBqNUbXVDAxAT6yNgETnWtd6it94=,tag:cX12szdQfAcC6cij6zk6Dw==,type:str]", "sops": { - "kms": null, - "gcp_kms": null, - "azure_kv": null, - "hc_vault": null, "age": [ { "recipient": "age16mln27e2p58gu6dpxfclttmuzfnq39mv62kthjpps33g3nl3scfq449857", "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3Rkd5WFE3aE5EQzY5ZXV4\nbXVGYmxTdVg1ekRpVjlRUnozY2tMTGloL21RCktjZW95OU9ZZ2owTCtMR1NxaXJn\na2VYS2ttb3VhSjNXOG84UUJtYU04QjAKLS0tIGd3aHM0RldFYnVFdDRVS0Vhc3BF\nckJhYmN6a1FJUC9ibks1cGlRaU1zbFkKE4ClunQ3XGAILwluC6iYFs+rlR02PdhK\njOmPbOlS0aNG0hoC7Z6aetgpj689AkJgl68QVcyvm+ecHH7TOT7l1A==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2024-08-13T14:06:43Z", - "mac": "ENC[AES256_GCM,data:yGKY0fi3KQWGHBeyNtQ8EJ6561dKRZ5aAjO9zq3odDtX75i2RSjORIlNjBsVvegBzeo8AkwwnzxNPt2sHl6MKDZfEsysWAi8Wolh4UvHk087AnR/uKvtG6t4uUaNIWej2DEzxUtTQ8QP1afsdqGCf0vZVruNcJ4u2xiQbN2vJPc=,iv:CDXJ5/P+h0Enq/0EL1su1Mw55FVYLy4XPSoUCkRkt+U=,tag:AvRfEDYMBunyIQIVCPbXag==,type:str]", + "lastmodified": "2025-10-24T19:16:49Z", + "mac": "ENC[AES256_GCM,data:ADhCQ7JxrEq+5ssevuuQVf3uyHcrcNVSzdT8bkFfDFVEE1hKv8q9QsGxhIaKtv4N2gt079fy0YA+WFKH6H8zWb5ONepH4H/mAek2SYgAtmVsxwdWY13zswsJUPi2CfbaCWOqppb9IiDb8+RCbzY2u/8Qqwk8gx/0uw2hr3IJrhM=,iv:c1/TS+W4pQgh2oPT77LX+dUL929YppRYdZCmMl2yN+M=,tag:fTk1sxdeT9xFjDMhqiHZAg==,type:str]", "pgp": [ { "created_at": "2024-05-10T13:05:56Z", @@ -24,6 +20,6 @@ } ], "unencrypted_suffix": "_unencrypted", - "version": "3.8.1" + "version": "3.10.2" } -} \ No newline at end of file +}