add structured config for common pppoe options

2024-07-16 20:47:53 +01:00 · 2024-07-16 20:47:53 +01:00 · 7195cb10ce
parent 135a445672
commit 7195cb10ce
4 changed files with 61 additions and 27 deletions
--- a/examples/l2tp.nix
+++ b/examples/l2tp.nix
@ -62,12 +62,9 @@ in rec {
    let
      pppoe = svc.pppoe.build {
        interface = config.hardware.networkInterfaces.wan;
-
-        ppp-options = [
-          "debug" "+ipv6" "noauth"
-          "name" rsecrets.l2tp.name
-          "password" rsecrets.l2tp.password
-        ];
+        debug = true;
+        username = rsecrets.l2tp.name;
+        password = rsecrets.l2tp.password;
      };

      l2tp =
--- a/modules/ppp/default.nix
+++ b/modules/ppp/default.nix
@ -12,6 +12,8 @@
 let
  inherit (lib) mkOption types;
  inherit (pkgs) liminix;
+  mkStringOption =
+    description: mkOption { type = types.str; inherit description; };
 in {
  options = {
    system.service.pppoe = mkOption {
@ -27,9 +29,34 @@ in {
        type = liminix.lib.types.service;
        description = "ethernet interface to run PPPoE over";
      };
+      username = mkStringOption "username";
+      password = mkStringOption "password";
+      lcpEcho = {
+        adaptive = mkOption {
+          description = "send LCP echo-request frames only if no traffic was received from the peer since the last echo-request was sent";
+          type = types.bool;
+          default = true;
+        };
+        interval = mkOption {
+          type = types.nullOr types.int;
+          default = 3;
+          description = "send an LCP echo-request frame to the peer every n seconds";
+        };
+        failure =  mkOption {
+          type = types.nullOr types.int;
+          default = 3;
+          description = "terminate connection if n LCP echo-requests are sent without receiving a valid LCP echo-reply";
+        };
+      };
+      debug = mkOption {
+        description = "log the contents of all control packets sent or received";
+        default = false;
+        type = types.bool;
+      };
      ppp-options = mkOption {
        type = types.listOf types.str;
        description = "options supplied on ppp command line";
+        default = [];
      };
    };
    system.service.l2tp = config.system.callService ./l2tp.nix {
--- a/modules/ppp/pppoe.nix
+++ b/modules/ppp/pppoe.nix
@ -6,11 +6,16 @@
 , writeAshScript
 , serviceFns
 } :
-{ interface, ppp-options }:
+{ interface,
+  ppp-options,
+  lcpEcho,
+  username,
+  password,
+  debug
+}:
 let
  inherit (liminix.services) longrun;
-  lcp-echo-interval = 4;
-  lcp-echo-failure = 3;
+  inherit (lib) optional optionals;
  name = "${interface.name}.pppoe";
  ip-up = writeAshScript "ip-up" {} ''
    . ${serviceFns} 
@ -33,25 +38,35 @@ let
    )
    echo >/proc/self/fd/10
  '';
-  ppp-options' = ppp-options ++ [
-    "ip-up-script" ip-up
-    "ipv6-up-script" ip6-up
-    "ipparam" name
-    "nodetach"
-    "usepeerdns"
-    "lcp-echo-interval" (builtins.toString lcp-echo-interval)
-    "lcp-echo-failure" (builtins.toString lcp-echo-failure)
-    "logfd" "2"
-  ];
+  ppp-options' = ["+ipv6" "noauth"]
+    ++ optional debug "debug"
+    ++ optionals (username != null) ["name" username]
+    ++ optionals (password != null) ["password" password]
+    ++ optional lcpEcho.adaptive "lcp-echo-adaptive"
+    ++ optionals (lcpEcho.interval != null)
+      ["lcp-echo-interval" (builtins.toString lcpEcho.interval)]
+    ++ optionals (lcpEcho.failure != null)
+      ["lcp-echo-failure" (builtins.toString lcpEcho.failure)]
+    ++ ppp-options
+    ++ ["ip-up-script" ip-up
+        "ipv6-up-script" ip6-up
+        "ipparam" name
+        "nodetach"
+        "usepeerdns"
+        "logfd" "2"
+       ];
+  timeoutOpt = if lcpEcho.interval != null then "-T ${builtins.toString (4 * lcpEcho.interval)}" else "";
 in
 longrun {
  inherit name;
  run = ''
    . ${serviceFns}
    echo Starting pppoe, pppd pid is $$
-    exec ${ppp}/bin/pppd pty "${pppoe}/bin/pppoe -T ${builtins.toString (4 * lcp-echo-interval)}  -I $(output ${interface} ifname)" ${lib.concatStringsSep " " ppp-options'}
+    exec ${ppp}/bin/pppd pty "${pppoe}/bin/pppoe ${timeoutOpt}  -I $(output ${interface} ifname)" ${lib.concatStringsSep " " ppp-options'}
  '';
  notification-fd = 10;
-  timeout-up = (10 + lcp-echo-failure * lcp-echo-interval) * 1000;
+  timeout-up = if lcpEcho.failure != null
+               then (10 + lcpEcho.failure * lcpEcho.interval) * 1000
+               else 60 * 1000;
  dependencies = [ interface ];
 }
--- a/modules/profiles/gateway.nix
+++ b/modules/profiles/gateway.nix
@ -87,12 +87,7 @@ in {
    };

    services.wan = svc.pppoe.build {
-      inherit (cfg.wan) interface;
-      ppp-options = [
-        "debug" "+ipv6" "noauth"
-        "name" cfg.wan.username
-        "password" cfg.wan.password
-      ];
+      inherit (cfg.wan) interface username password;
    };

    services.packet_forwarding = svc.network.forward.build { };