chore(os/kay): refactor sops

1 files changed, 74 insertions, 0 deletions

diff --git a/os/kay/modules/network/ppp/default.nix b/os/kay/modules/network/ppp/default.nix
new file mode 100644
index 0000000..43059b6
--- /dev/null
+++ b/os/kay/modules/network/ppp/default.nix
@@ -0,0 +1,74 @@
+{ config, pkgs, ... }:
+
+let
+  inetVlan = 1003;
+  wanInterface = "enp3s0";
+  nameServer = [
+    "1.0.0.1"
+    "1.1.1.1"
+  ];
+in
+{
+  sops.secrets = {
+    "ppp/chap-secrets".sopsFile = ./secrets.yaml;
+    "ppp/pap-secrets".sopsFile = ./secrets.yaml;
+    "ppp/username".sopsFile = ./secrets.yaml;
+  };
+
+  networking = {
+    tempAddresses = "disabled";
+    vlans.wan = {
+      id = inetVlan;
+      interface = wanInterface;
+    };
+  };
+
+  services = {
+    dnsmasq = {
+      enable = true;
+      settings = {
+        server = nameServer;
+        bind-interfaces = true;
+      };
+    };
+
+    pppd = {
+      enable = true;
+
+      config = ''
+        plugin pppoe.so
+        debug
+
+        nic-wan
+        defaultroute
+        ipv6 ::1337,
+        noauth
+
+        persist
+        lcp-echo-adaptive
+        lcp-echo-interval 1
+        lcp-echo-failure 5
+      '';
+
+      script."01-ipv6-ra" = {
+        type = "ip-up";
+        runtimeInputs = [ pkgs.procps ];
+
+        text = ''
+          sysctl net.ipv6.conf.ppp0.accept_ra=2
+        '';
+      };
+
+      peers.keralavision = {
+        enable = true;
+        autostart = true;
+        configFile = config.sops.secrets."ppp/username".path;
+      };
+
+      secret = {
+        chap = config.sops.secrets."ppp/chap-secrets".path;
+        pap = config.sops.secrets."ppp/pap-secrets".path;
+      };
+    };
+  };
+}