dan/liminix
1
0
Fork 5
Code

add structured config for common pppoe options

Browse Source
This commit is contained in:
Daniel Barlow 2024-07-16 20:47:53 +01:00
parent 135a445672
commit 7195cb10ce
4 changed files with 61 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
examples/l2tp.nix
View File

@ -62,12 +62,9 @@ in rec {
let let
pppoe = svc.pppoe.build { pppoe = svc.pppoe.build {
interface = config.hardware.networkInterfaces.wan; interface = config.hardware.networkInterfaces.wan;
debug = true;
ppp-options = [ username = rsecrets.l2tp.name;
"debug" "+ipv6" "noauth" password = rsecrets.l2tp.password;
"name" rsecrets.l2tp.name
"password" rsecrets.l2tp.password
];
}; };
l2tp = l2tp =

27
modules/ppp/default.nix
View File

@ -12,6 +12,8 @@
let let
inherit (lib) mkOption types; inherit (lib) mkOption types;
inherit (pkgs) liminix; inherit (pkgs) liminix;
mkStringOption =
description: mkOption { type = types.str; inherit description; };
in { in {
options = { options = {
system.service.pppoe = mkOption { system.service.pppoe = mkOption {
@ -27,9 +29,34 @@ in {
type = liminix.lib.types.service; type = liminix.lib.types.service;
description = "ethernet interface to run PPPoE over"; description = "ethernet interface to run PPPoE over";
}; };
username = mkStringOption "username";
password = mkStringOption "password";
lcpEcho = {
adaptive = mkOption {
description = "send LCP echo-request frames only if no traffic was received from the peer since the last echo-request was sent";
type = types.bool;
default = true;
};
interval = mkOption {
type = types.nullOr types.int;
default = 3;
description = "send an LCP echo-request frame to the peer every n seconds";
};
failure = mkOption {
type = types.nullOr types.int;
default = 3;
description = "terminate connection if n LCP echo-requests are sent without receiving a valid LCP echo-reply";
};
};
debug = mkOption {
description = "log the contents of all control packets sent or received";
default = false;
type = types.bool;
};
ppp-options = mkOption { ppp-options = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
description = "options supplied on ppp command line"; description = "options supplied on ppp command line";
default = [];
}; };
}; };
system.service.l2tp = config.system.callService ./l2tp.nix { system.service.l2tp = config.system.callService ./l2tp.nix {

45
modules/ppp/pppoe.nix
View File

@ -6,11 +6,16 @@
, writeAshScript , writeAshScript
, serviceFns , serviceFns
} : } :
{ interface, ppp-options }: { interface,
ppp-options,
lcpEcho,
username,
password,
debug
}:
let let
inherit (liminix.services) longrun; inherit (liminix.services) longrun;
lcp-echo-interval = 4; inherit (lib) optional optionals;
lcp-echo-failure = 3;
name = "${interface.name}.pppoe"; name = "${interface.name}.pppoe";
ip-up = writeAshScript "ip-up" {} '' ip-up = writeAshScript "ip-up" {} ''
. ${serviceFns} . ${serviceFns}
@ -33,25 +38,35 @@ let
) )
echo >/proc/self/fd/10 echo >/proc/self/fd/10
''; '';
ppp-options' = ppp-options ++ [ ppp-options' = ["+ipv6" "noauth"]
"ip-up-script" ip-up ++ optional debug "debug"
"ipv6-up-script" ip6-up ++ optionals (username != null) ["name" username]
"ipparam" name ++ optionals (password != null) ["password" password]
"nodetach" ++ optional lcpEcho.adaptive "lcp-echo-adaptive"
"usepeerdns" ++ optionals (lcpEcho.interval != null)
"lcp-echo-interval" (builtins.toString lcp-echo-interval) ["lcp-echo-interval" (builtins.toString lcpEcho.interval)]
"lcp-echo-failure" (builtins.toString lcp-echo-failure) ++ optionals (lcpEcho.failure != null)
"logfd" "2" ["lcp-echo-failure" (builtins.toString lcpEcho.failure)]
]; ++ ppp-options
++ ["ip-up-script" ip-up
"ipv6-up-script" ip6-up
"ipparam" name
"nodetach"
"usepeerdns"
"logfd" "2"
];
timeoutOpt = if lcpEcho.interval != null then "-T ${builtins.toString (4 * lcpEcho.interval)}" else "";
in in
longrun { longrun {
inherit name; inherit name;
run = '' run = ''
. ${serviceFns} . ${serviceFns}
echo Starting pppoe, pppd pid is $$ echo Starting pppoe, pppd pid is $$
exec ${ppp}/bin/pppd pty "${pppoe}/bin/pppoe -T ${builtins.toString (4 * lcp-echo-interval)} -I $(output ${interface} ifname)" ${lib.concatStringsSep " " ppp-options'} exec ${ppp}/bin/pppd pty "${pppoe}/bin/pppoe ${timeoutOpt} -I $(output ${interface} ifname)" ${lib.concatStringsSep " " ppp-options'}
''; '';
notification-fd = 10; notification-fd = 10;
timeout-up = (10 + lcp-echo-failure * lcp-echo-interval) * 1000; timeout-up = if lcpEcho.failure != null
then (10 + lcpEcho.failure * lcpEcho.interval) * 1000
else 60 * 1000;
dependencies = [ interface ]; dependencies = [ interface ];
} }

7
modules/profiles/gateway.nix
View File

@ -87,12 +87,7 @@ in {
}; };
services.wan = svc.pppoe.build { services.wan = svc.pppoe.build {
inherit (cfg.wan) interface; inherit (cfg.wan) interface username password;
ppp-options = [
"debug" "+ipv6" "noauth"
"name" cfg.wan.username
"password" cfg.wan.password
];
}; };
services.packet_forwarding = svc.network.forward.build { }; services.packet_forwarding = svc.network.forward.build { };