{ config, pkgs, utils, ... }: { services.pppd = { enable = true; peers.dtagdsl = { config = '' plugin pppoe.so net-dsl user "''${PPPD_DTAGDSL_USERNAME}" ifname ppp-dtagdsl persist maxfail 0 holdoff 5 noipdefault lcp-echo-interval 20 lcp-echo-failure 3 mtu 1492 hide-password defaultroute +ipv6 debug ''; }; }; environment.etc."ppp/peers/dtagdsl".enable = false; systemd.services."pppd-dtagdsl".serviceConfig = let preStart = '' mkdir -p /etc/ppp/peers # Created files only readable by root umask u=rw,g=,o= # Copy config and substitute username rm -f /etc/ppp/peers/dtagdsl ${pkgs.envsubst}/bin/envsubst -i "${config.environment.etc."ppp/peers/dtagdsl".source}" > /etc/ppp/peers/dtagdsl # Copy login secrets rm -f /etc/ppp/pap-secrets cat ${config.sops.secrets.pppd-dtagdsl-secrets.path} > /etc/ppp/pap-secrets rm -f /etc/ppp/chap-secrets cat ${config.sops.secrets.pppd-dtagdsl-secrets.path} > /etc/ppp/chap-secrets ''; preStartFile = utils.systemdUtils.lib.makeJobScript "pppd-dtagdsl-pre-start" preStart; in { EnvironmentFile = config.sops.secrets.pppd-dtagdsl-username.path; ExecStartPre = [ # "+" marks script to be executed without priviledge restrictions "+${preStartFile}" ]; }; clerie.firewall.extraForwardMangleCommands = '' ip46tables -t mangle -A forward-mangle -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1416 ''; networking.interfaces.net-heimnetz.useDHCP = true; networking.dhcpcd = { enable = false; allowInterfaces = [ "net-heimnetz" "ppp-dtagdsl" ]; wait = "ipv6"; extraConfig = '' ipv6only noipv6rs interface ppp-dtagdsl ipv6rs ia_pd 1/::/56 net-heimnetz/201/64 ''; }; environment.etc."ppp/ipv6-up" = { text = '' #!${pkgs.runtimeShell} set -euo pipefail ${pkgs.dhcpcd}/bin/dhcpcd --renew $1 ''; }; }