Merge branch 'aaa' into updated-inputs

2024-03-01 22:44:58 +01:00 · 2024-03-01 22:44:58 +01:00 · 4f34198671
parent 60fcff8529 50d54f66a2
commit 4f34198671
4 changed files with 111 additions and 10 deletions
--- a/flake.lock
+++ b/flake.lock
@ -204,11 +204,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1708091350,
-        "narHash": "sha256-o28BJYi68qqvHipT7V2jkWxDiMS1LF9nxUsou+eFUPQ=",
+        "lastModified": 1709147990,
+        "narHash": "sha256-vpXMWoaCtMYJ7lisJedCRhQG9BSsInEyZnnG5GfY9tQ=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "106d3fec43bcea19cb2e061ca02531d54b542ce3",
+        "rev": "33a97b5814d36ddd65ad678ad07ce43b1a67f159",
        "type": "github"
      },
      "original": {
@ -236,11 +236,11 @@
    },
    "nixpkgs-krypton": {
      "locked": {
-        "lastModified": 1708118438,
-        "narHash": "sha256-kk9/0nuVgA220FcqH/D2xaN6uGyHp/zoxPNUmPCMmEE=",
+        "lastModified": 1709237383,
+        "narHash": "sha256-cy6ArO4k5qTx+l5o+0mL9f5fa86tYUX3ozE1S+Txlds=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "5863c27340ba4de8f83e7e3c023b9599c3cb3c80",
+        "rev": "1536926ef5621b09bba54035ae2bb6d806d72ac8",
        "type": "github"
      },
      "original": {
@ -252,11 +252,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1708807242,
-        "narHash": "sha256-sRTRkhMD4delO/hPxxi+XwLqPn8BuUq6nnj4JqLwOu0=",
+        "lastModified": 1709237383,
+        "narHash": "sha256-cy6ArO4k5qTx+l5o+0mL9f5fa86tYUX3ozE1S+Txlds=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "73de017ef2d18a04ac4bfd0c02650007ccb31c2a",
+        "rev": "1536926ef5621b09bba54035ae2bb6d806d72ac8",
        "type": "github"
      },
      "original": {
--- a/hosts/astatine/configuration.nix
+++ b/hosts/astatine/configuration.nix
@ -5,6 +5,8 @@
    [
      ./hardware-configuration.nix

+      ./ppp.nix
+      ./programs.nix
      ./users.nix
    ];

@ -26,7 +28,7 @@

  networking.hostName = "astatine";

-  networking.firewall.enable = false;
+  #networking.firewall.enable = false;

  services.wg-clerie = {
    enable = true;
--- a/hosts/astatine/ppp.nix
+++ b/hosts/astatine/ppp.nix
@ -0,0 +1,90 @@
+{ pkgs, ... }:
+
+{
+  # Make space for VLAN header in containing ethernet segment
+  networking.interfaces."enp1s0".mtu = 1518;
+
+  ## DSL-Uplink
+  networking.vlans."enp1s0.7" = {
+    id = 7;
+    interface = "enp1s0";
+  };
+
+  services.pppd = {
+    enable = true;
+    peers.lns-test = {
+      config = ''
+        plugin pppoe.so enp1s0.7
+        user "criese#regiotest@bsa-vdsl"
+        ifname ppp-lns-test
+        persist
+        maxfail 0
+        holdoff 5
+        noipdefault
+        lcp-echo-interval 20
+        lcp-echo-failure 3
+        hide-password
+        nodefaultroute
+        +ipv6
+        debug
+      '';
+    };
+  };
+
+  /*
+  networking.interfaces.lo.useDHCP = true;
+  networking.interfaces.ppp-lns-test.useDHCP = true;
+
+  networking.dhcpcd = {
+    enable = true;
+    extraConfig = ''
+      interface ppp-lns-test
+        ipv6rs
+        ia_pd 0 lo/0
+    '';
+  };*/
+
+  environment.etc."ppp/ip-up" = {
+    text = ''
+      #! ${pkgs.runtimeShell} -e
+
+      ${pkgs.iproute2}/bin/ip route flush table 20001 || true
+      ${pkgs.iproute2}/bin/ip route add default dev ppp-lns-test table 20001
+    '';
+    mode = "555";
+  };
+  environment.etc."ppp/ip-down" = {
+    text = ''
+      #! ${pkgs.runtimeShell} -e
+
+      ${pkgs.iproute2}/bin/ip route flush table 20001 || true
+    '';
+    mode = "555";
+  };
+  environment.etc."ppp/ipv6-up" = {
+    text = ''
+      #! ${pkgs.runtimeShell} -e
+
+      ${pkgs.iproute2}/bin/ip -6 route flush table 20001 || true
+      ${pkgs.iproute2}/bin/ip -6 route add default dev ppp-lns-test table 20001
+    '';
+    mode = "555";
+  };
+  environment.etc."ppp/ipv6-down" = {
+    text = ''
+      #! ${pkgs.runtimeShell} -e
+
+      ${pkgs.iproute2}/bin/ip -6 route flush table 20001 || true
+    '';
+    mode = "555";
+  };
+
+  petabyte.policyrouting = {
+    enable = true;
+    rules4 = [
+      { rule = "from 212.218.16.237/32 lookup 20001"; prio = 19000; }
+      { rule = "from 212.218.16.237/32  unreachable"; prio = 19001; }
+    ];
+  };
+
+}
--- a/hosts/astatine/programs.nix
+++ b/hosts/astatine/programs.nix
@ -0,0 +1,9 @@
+{ pkgs, ... }:
+
+{
+
+  environment.systemPackages = with pkgs; [
+    tcpdump # for remote wireshark
+  ];
+
+}