From 70a663b6335d085c3788072e81fea758f9acfade Mon Sep 17 00:00:00 2001 From: clerie Date: Tue, 30 Jan 2024 11:21:29 +0100 Subject: [PATCH 1/5] hosts/astatine: ppp test --- hosts/astatine/configuration.nix | 3 +- hosts/astatine/ppp.nix | 96 ++++++++++++++++++++++++++++++++ 2 files changed, 98 insertions(+), 1 deletion(-) create mode 100644 hosts/astatine/ppp.nix diff --git a/hosts/astatine/configuration.nix b/hosts/astatine/configuration.nix index 742b73f..a269063 100644 --- a/hosts/astatine/configuration.nix +++ b/hosts/astatine/configuration.nix @@ -5,6 +5,7 @@ [ ./hardware-configuration.nix + ./ppp.nix ./users.nix ]; @@ -26,7 +27,7 @@ networking.hostName = "astatine"; - networking.firewall.enable = false; + #networking.firewall.enable = false; services.wg-clerie = { enable = true; diff --git a/hosts/astatine/ppp.nix b/hosts/astatine/ppp.nix new file mode 100644 index 0000000..f936b4d --- /dev/null +++ b/hosts/astatine/ppp.nix @@ -0,0 +1,96 @@ +{ pkgs, ... }: + +{ + # Make space for VLAN header in containing ethernet segment + networking.interfaces."enp1s0".mtu = 1518; + + ## DSL-Uplink + networking.vlans."enp1s0.7" = { + id = 7; + interface = "enp1s0"; + }; + + services.pppd = { + enable = true; + peers.lns-test = { + config = '' + plugin pppoe.so enp1s0.7 + user "criese#regiotest@bsa-vdsl" + ifname ppp-lns-test + persist + maxfail 0 + holdoff 5 + noipdefault + lcp-echo-interval 20 + lcp-echo-failure 3 + mtu 1492 + hide-password + nodefaultroute + +ipv6 + debug + ''; + }; + }; + + /* + networking.interfaces.lo.useDHCP = true; + networking.interfaces.ppp-lns-test.useDHCP = true; + + networking.dhcpcd = { + enable = true; + extraConfig = '' + interface ppp-lns-test + ipv6rs + ia_pd 0 lo/0 + ''; + };*/ + + /* + environment.etc."ppp/ip-up" = { + text = '' + #! ${pkgs.runtimeShell} -e + + ${pkgs.iproute2}/bin/ip route flush table 20001 || true + ${pkgs.iproute2}/bin/ip route add default dev ppp-lns-test table 20001 + ''; + mode = "555"; + }; + environment.etc."ppp/ip-down" = { + text = '' + #! ${pkgs.runtimeShell} -e + + ${pkgs.iproute2}/bin/ip route flush table 20001 || true + ''; + mode = "555"; + }; + environment.etc."ppp/ipv6-up" = { + text = '' + #! ${pkgs.runtimeShell} -e + + ${pkgs.iproute2}/bin/ip -6 route flush table 20001 || true + ${pkgs.iproute2}/bin/ip -6 route add default dev ppp-lns-test table 20001 + ''; + mode = "555"; + }; + environment.etc."ppp/ipv6-down" = { + text = '' + #! ${pkgs.runtimeShell} -e + + ${pkgs.iproute2}/bin/ip -6 route flush table 20001 || true + ''; + mode = "555"; + }; + + petabyte.policyrouting = { + enable = true; + rules = [ + { rule = "oif ppp-lns-test lookup 20001"; prio = 19000; } + { rule = "oif ppp-lns-test unreachable"; prio = 19001; } + #{ rule = "lookup main"; prio = 21000; } + #{ rule = "lookup 20001"; prio = 21001; } + #{ rule = "unreachable"; prio = 22000; } + ]; + }; + */ + +} From 991b4d6bd15e2ab93b1b1f2a900c40f585cb7ad9 Mon Sep 17 00:00:00 2001 From: clerie Date: Tue, 30 Jan 2024 11:40:28 +0100 Subject: [PATCH 2/5] hosts/astatine: enable remote wireshark capture --- hosts/astatine/configuration.nix | 1 + hosts/astatine/programs.nix | 9 +++++++++ 2 files changed, 10 insertions(+) create mode 100644 hosts/astatine/programs.nix diff --git a/hosts/astatine/configuration.nix b/hosts/astatine/configuration.nix index a269063..f4e3906 100644 --- a/hosts/astatine/configuration.nix +++ b/hosts/astatine/configuration.nix @@ -6,6 +6,7 @@ ./hardware-configuration.nix ./ppp.nix + ./programs.nix ./users.nix ]; diff --git a/hosts/astatine/programs.nix b/hosts/astatine/programs.nix new file mode 100644 index 0000000..f1e97de --- /dev/null +++ b/hosts/astatine/programs.nix @@ -0,0 +1,9 @@ +{ pkgs, ... }: + +{ + + environment.systemPackages = with pkgs; [ + tcpdump # for remote wireshark + ]; + +} From a5c2009bfdc657297c365f03ee97766b5312a185 Mon Sep 17 00:00:00 2001 From: clerie Date: Tue, 30 Jan 2024 14:28:22 +0100 Subject: [PATCH 3/5] hosts/astatine: remove mtu option so client uses mru sent by provider --- hosts/astatine/ppp.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/hosts/astatine/ppp.nix b/hosts/astatine/ppp.nix index f936b4d..e6f5c65 100644 --- a/hosts/astatine/ppp.nix +++ b/hosts/astatine/ppp.nix @@ -23,7 +23,6 @@ noipdefault lcp-echo-interval 20 lcp-echo-failure 3 - mtu 1492 hide-password nodefaultroute +ipv6 From ffdc95da84bb40315cc20fa2460f94534df3b010 Mon Sep 17 00:00:00 2001 From: clerie Date: Fri, 1 Mar 2024 22:01:33 +0100 Subject: [PATCH 4/5] hosts/astatine: Isolate ppp interface --- hosts/astatine/ppp.nix | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/hosts/astatine/ppp.nix b/hosts/astatine/ppp.nix index e6f5c65..84d7b07 100644 --- a/hosts/astatine/ppp.nix +++ b/hosts/astatine/ppp.nix @@ -44,7 +44,6 @@ ''; };*/ - /* environment.etc."ppp/ip-up" = { text = '' #! ${pkgs.runtimeShell} -e @@ -82,14 +81,10 @@ petabyte.policyrouting = { enable = true; - rules = [ - { rule = "oif ppp-lns-test lookup 20001"; prio = 19000; } - { rule = "oif ppp-lns-test unreachable"; prio = 19001; } - #{ rule = "lookup main"; prio = 21000; } - #{ rule = "lookup 20001"; prio = 21001; } - #{ rule = "unreachable"; prio = 22000; } + rules4 = [ + { rule = "from 212.218.16.237/32 lookup 20001"; prio = 19000; } + { rule = "from 212.218.16.237/32 unreachable"; prio = 19001; } ]; }; - */ } From 50d54f66a217437bde70f838c2ba204faf52c863 Mon Sep 17 00:00:00 2001 From: clerie Date: Fri, 1 Mar 2024 22:44:36 +0100 Subject: [PATCH 5/5] aaa --- flake.lock | 109 ++++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 82 insertions(+), 27 deletions(-) diff --git a/flake.lock b/flake.lock index ccc4e02..7812d95 100644 --- a/flake.lock +++ b/flake.lock @@ -3,16 +3,18 @@ "agenix": { "inputs": { "darwin": "darwin", + "home-manager": "home-manager", "nixpkgs": [ "nixpkgs" - ] + ], + "systems": "systems" }, "locked": { - "lastModified": 1682101079, - "narHash": "sha256-MdAhtjrLKnk2uiqun1FWABbKpLH090oeqCSiWemtuck=", + "lastModified": 1707830867, + "narHash": "sha256-PAdwm5QqdlwIqGrfzzvzZubM+FXtilekQ/FA0cI49/o=", "owner": "ryantm", "repo": "agenix", - "rev": "2994d002dcff5353ca1ac48ec584c7f6589fe447", + "rev": "8cb01a0e717311680e0cbca06a76cbceba6f3ed6", "type": "github" }, "original": { @@ -41,6 +43,22 @@ "url": "https://git.clerie.de/clerie/chaosevents.git" } }, + "communities": { + "flake": false, + "locked": { + "lastModified": 1706695952, + "narHash": "sha256-FlbOBX/+/LLmoqMJLvu59XuHYmiohIhDc1VjkZu4Wzo=", + "owner": "NLNOG", + "repo": "lg.ring.nlnog.net", + "rev": "20f9a9f3da8b1bc9d7046e88c62df4b41b4efb99", + "type": "github" + }, + "original": { + "owner": "NLNOG", + "repo": "lg.ring.nlnog.net", + "type": "github" + } + }, "darwin": { "inputs": { "nixpkgs": [ @@ -49,11 +67,11 @@ ] }, "locked": { - "lastModified": 1673295039, - "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=", + "lastModified": 1700795494, + "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "87b9d090ad39b25b2400029c64825fc2a8868943", + "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", "type": "github" }, "original": { @@ -65,17 +83,18 @@ }, "fernglas": { "inputs": { + "communities": "communities", "flake-utils": "flake-utils", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1700408128, - "narHash": "sha256-PLb/q8kIq0wOinkgADHNY6uOB3b3lXQEbLu6ToIFPsU=", + "lastModified": 1707317562, + "narHash": "sha256-0wj5AS8RLVr+S/QWWxCsMvmVjmXUWGfR9kPaZimJEss=", "owner": "wobcom", "repo": "fernglas", - "rev": "407325681e3ad344f6fd05334984a40074aa6347", + "rev": "25020466957dbe0e193f7857d827020f5c1aa996", "type": "github" }, "original": { @@ -90,11 +109,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1687119570, - "narHash": "sha256-tZ6hctUdlZzsdg4WA4Fv7C5bNGnotYp0QT+s3rvlIKw=", + "lastModified": 1703526534, + "narHash": "sha256-enuuJ++jVKXMAUuEeetq02oy2guoJfSMYMvy9U0KGD8=", "ref": "refs/heads/main", - "rev": "cc43776e6dd7eb94962e9f23b8e8282d34597a75", - "revCount": 39, + "rev": "3197e4f8d3646a9f7b20a2a38f1abc0a19aa69d2", + "revCount": 55, "type": "git", "url": "https://git.clerie.de/clerie/fieldpoc.git" }, @@ -105,14 +124,14 @@ }, "flake-utils": { "inputs": { - "systems": "systems" + "systems": "systems_2" }, "locked": { - "lastModified": 1694529238, - "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", + "lastModified": 1705309234, + "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", "owner": "numtide", "repo": "flake-utils", - "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", + "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", "type": "github" }, "original": { @@ -121,6 +140,27 @@ "type": "github" } }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1703113217, + "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, "mitel-ommclient2": { "inputs": { "nixpkgs": [ @@ -164,11 +204,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1686838567, - "narHash": "sha256-aqKCUD126dRlVSKV6vWuDCitfjFrZlkwNuvj5LtjRRU=", + "lastModified": 1709147990, + "narHash": "sha256-vpXMWoaCtMYJ7lisJedCRhQG9BSsInEyZnnG5GfY9tQ=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "429f232fe1dc398c5afea19a51aad6931ee0fb89", + "rev": "33a97b5814d36ddd65ad678ad07ce43b1a67f159", "type": "github" }, "original": { @@ -196,11 +236,11 @@ }, "nixpkgs-krypton": { "locked": { - "lastModified": 1707546158, - "narHash": "sha256-nYYJTpzfPMDxI8mzhQsYjIUX+grorqjKEU9Np6Xwy/0=", + "lastModified": 1709237383, + "narHash": "sha256-cy6ArO4k5qTx+l5o+0mL9f5fa86tYUX3ozE1S+Txlds=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d934204a0f8d9198e1e4515dd6fec76a139c87f0", + "rev": "1536926ef5621b09bba54035ae2bb6d806d72ac8", "type": "github" }, "original": { @@ -212,11 +252,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1708118438, - "narHash": "sha256-kk9/0nuVgA220FcqH/D2xaN6uGyHp/zoxPNUmPCMmEE=", + "lastModified": 1709237383, + "narHash": "sha256-cy6ArO4k5qTx+l5o+0mL9f5fa86tYUX3ozE1S+Txlds=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5863c27340ba4de8f83e7e3c023b9599c3cb3c80", + "rev": "1536926ef5621b09bba54035ae2bb6d806d72ac8", "type": "github" }, "original": { @@ -273,6 +313,21 @@ "repo": "default", "type": "github" } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root",