summaryrefslogtreecommitdiff
path: root/os/kay/modules/network/ppp
diff options
context:
space:
mode:
Diffstat (limited to 'os/kay/modules/network/ppp')
-rw-r--r--os/kay/modules/network/ppp/default.nix74
-rw-r--r--os/kay/modules/network/ppp/secrets.yaml28
2 files changed, 102 insertions, 0 deletions
diff --git a/os/kay/modules/network/ppp/default.nix b/os/kay/modules/network/ppp/default.nix
new file mode 100644
index 0000000..43059b6
--- /dev/null
+++ b/os/kay/modules/network/ppp/default.nix
@@ -0,0 +1,74 @@
+{ config, pkgs, ... }:
+
+let
+ inetVlan = 1003;
+ wanInterface = "enp3s0";
+ nameServer = [
+ "1.0.0.1"
+ "1.1.1.1"
+ ];
+in
+{
+ sops.secrets = {
+ "ppp/chap-secrets".sopsFile = ./secrets.yaml;
+ "ppp/pap-secrets".sopsFile = ./secrets.yaml;
+ "ppp/username".sopsFile = ./secrets.yaml;
+ };
+
+ networking = {
+ tempAddresses = "disabled";
+ vlans.wan = {
+ id = inetVlan;
+ interface = wanInterface;
+ };
+ };
+
+ services = {
+ dnsmasq = {
+ enable = true;
+ settings = {
+ server = nameServer;
+ bind-interfaces = true;
+ };
+ };
+
+ pppd = {
+ enable = true;
+
+ config = ''
+ plugin pppoe.so
+ debug
+
+ nic-wan
+ defaultroute
+ ipv6 ::1337,
+ noauth
+
+ persist
+ lcp-echo-adaptive
+ lcp-echo-interval 1
+ lcp-echo-failure 5
+ '';
+
+ script."01-ipv6-ra" = {
+ type = "ip-up";
+ runtimeInputs = [ pkgs.procps ];
+
+ text = ''
+ sysctl net.ipv6.conf.ppp0.accept_ra=2
+ '';
+ };
+
+ peers.keralavision = {
+ enable = true;
+ autostart = true;
+ configFile = config.sops.secrets."ppp/username".path;
+ };
+
+ secret = {
+ chap = config.sops.secrets."ppp/chap-secrets".path;
+ pap = config.sops.secrets."ppp/pap-secrets".path;
+ };
+ };
+ };
+}
diff --git a/os/kay/modules/network/ppp/secrets.yaml b/os/kay/modules/network/ppp/secrets.yaml
new file mode 100644
index 0000000..3df903a
--- /dev/null
+++ b/os/kay/modules/network/ppp/secrets.yaml
@@ -0,0 +1,28 @@
+ppp:
+ chap-secrets: ENC[AES256_GCM,data:WAQwrIt66iL7rOPR0WQgRxTYHHjrMNXUqf/DoiE=,iv:ZOs3OQ0Lu9zr/6slG/q07jZ94VRx8XaomNFP1isHo9o=,tag:I1dzfINQvU2fiVku8IDK9A==,type:str]
+ pap-secrets: ENC[AES256_GCM,data:QWMpPeJSUd3KJa6c//3Zu3nlsnE4l0FBhEqFggw=,iv:uTziGG8dSaklA3uRn+JqfONde6oL/3q5wXS2TP2e264=,tag:R5+q4k2XAEW+8nYPMLVObg==,type:str]
+ username: ENC[AES256_GCM,data:PBZlPw8SgUfm0apbVf6GVNkn,iv:ivYn9irS7hwdvN8f3kDDGs8gGx+kWtW1YHheKgQMF2w=,tag:VPokCflGM4pDL/+VBfbTsA==,type:str]
+sops:
+ age:
+ - recipient: age1q5sfy74d53n6jxlgsc2zrsz4wcl9d830nxuagc3wfmdkrrp55ckq9ev6nv
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIcUt4blkrZzZHMjFjT1o2
+ TDRUZ09DckRNQzhhNmgvZi9tRVQ0WUdIZXhjCmpXQ0craFRkQU5neFdnZTVmbHcx
+ STFSYk51cDVyZ3I2UmFwT1pHQnJKc2sKLS0tIFNhKzNKRzJ4OVBUVm00ZjJ5NHZi
+ RDNTZDVLM05heXh3cXdMZFF4TVhCeFEK0YogisCvzPS1KgQFGjziGFLpiqBtfIAx
+ 90qk4c/8Wmqnt2bW5GBCEl5iUHW7S7etCIZHTZp7WY6Y/y4KEQcFQA==
+ -----END AGE ENCRYPTED FILE-----
+ - recipient: age15989j5lkkf2kn5wa2p6qc8wlxjjksc63k5ync8rz8t4e87394pzqm7h4rm
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWTkt0SjA1YXd6OGx0N2Ix
+ RmZzVHNOZUZ1V0taeGk4TDFrNi96bi9CTUhzClpDcGVQTFJqZWgzUWxLTmJXd0pT
+ UGhlUTlpS1QxRmFmbTIxYzlLbGxpTWMKLS0tIHIxTHduRXNJdHpkdm1xYWZlbjZ3
+ bWdUcDlLVVljcTVoVEpaTWFIeDlUZGsKMFwWXXb0CsVdb2neSbZlPuKH4p+esW8u
+ fNzL8nrZmqqcRzncXFB0PHU4iNKhwzouHEC+6Ny4V7v5bbOSyb2jAg==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2025-12-27T03:17:57Z"
+ mac: ENC[AES256_GCM,data:43K/T2qFlgHh9008KAiRoYDB9K0B+PqDQfy9pRconml37FuSQhFHowpsjGXEh/md78i6xr4B1wQal+G2BLlWNF5BEKFpZ59Bkpe3OUa/I8yTDUIHPjvoSLAMVdsRxpn3qgFUeLhEpYEycB0sYwQY3XS9Vu3cOx1T+5I9jn6K6d4=,iv:OGvhVzYUtncE1LaSDOFVLhDuD+uOKA1bgYUavgqgLf8=,tag:P9gKH394XXWggXgVBCcspg==,type:str]
+ unencrypted_suffix: _unencrypted
+ version: 3.11.0