4 files changed, 97 insertions, 44 deletions
diff --git a/os/kay/modules/iperf3.nix b/os/kay/modules/iperf3.nix
index 901a93d..2c8afef 100644
--- a/os/kay/modules/iperf3.nix
+++ b/os/kay/modules/iperf3.nix
@@ -4,7 +4,7 @@
   services.iperf3 = {
     enable = true;
 
-    bind = "10.0.0.1";
+    bind = "192.168.43.1";
     openFirewall = true;
   };
 }
diff --git a/os/kay/modules/network.nix b/os/kay/modules/network.nix
index 339f15b..04b270d 100644
--- a/os/kay/modules/network.nix
+++ b/os/kay/modules/network.nix
@@ -1,10 +1,9 @@
 { config, ... }:
 
 let
-  inetVlan = 722;
-  voipVlan = 1849;
+  inetVlan = 1003;
   wanInterface = "enp3s0";
-  nameServer = "1.0.0.1";
+  nameServer = [ "2606:4700:4700::1111" "2606:4700:4700::1001" "1.1.1.1" "1.0.0.1" ];
 in
 {
   imports = [
@@ -18,37 +17,19 @@ in
     "ppp/username" = {};
   };
 
-  networking = let
-    voipVlanIface = "voip";
-  in {
-    vlans = {
-      wan = {
-        id = inetVlan;
-        interface = wanInterface;
-      };
-      ${voipVlanIface} = {
-        id = voipVlan;
-        interface = wanInterface;
-      };
+  networking = {
+    tempAddresses = "disabled";
+    vlans.wan = {
+      id = inetVlan;
+      interface = wanInterface;
     };
-
-    interfaces = {
-      ${voipVlanIface}.useDHCP = true;
-      ${wanInterface}.macAddress = "c4:54:44:d5:17:68";
-    };
-
-    dhcpcd.extraConfig = ''
-      interface ${voipVlanIface}
-      ipv4only
-      nogateway
-    '';
   };
 
   services = {
     dnsmasq = {
       enable = true;
       settings = {
-        server = [ nameServer ];
+        server = nameServer;
         bind-interfaces = true;
       };
     };
@@ -71,7 +52,7 @@ in
         lcp-echo-failure 5
       '';
 
-      peers.bsnl = {
+      peers.keralavision = {
         enable = true;
         autostart = true;
         configFile = config.sops.secrets."ppp/username".path;
diff --git a/os/kay/modules/router.nix b/os/kay/modules/router.nix
index 0d01465..7cd3763 100644
--- a/os/kay/modules/router.nix
+++ b/os/kay/modules/router.nix
@@ -1,12 +1,20 @@
-{ ... }: let
+{ lib, pkgs, ... }: let
   wanInterface = "ppp0";
+  wanMTU = 1492;
+
+  gponInterface = "enp3s0";
+  gponHost = "192.168.38.1";
+  gponPrefix = 24;
 
   lanInterface = "enp8s0f3u1";
-  subnet = "10.0.0.0";
+  subnet = "192.168.43.0";
   prefix = 24;
-  host = "10.0.0.1";
-  leaseRangeStart = "10.0.0.100";
-  leaseRangeEnd = "10.0.0.254";
+  host = "192.168.43.1";
+  leaseRangeStart = "192.168.43.100";
+  leaseRangeEnd = "192.168.43.254";
+
+  wapMac = "40:86:cb:d7:40:49";
+  wapIp = "192.168.43.2";
 in {
   imports = [
     ./wireguard.nix
@@ -19,11 +27,20 @@ in {
       externalInterface = wanInterface;
       internalInterfaces = [ lanInterface ];
     };
-    interfaces."${lanInterface}" = {
-      ipv4.addresses = [{ 
-        address = host;
-        prefixLength  = prefix;
+    interfaces = {
+      ${lanInterface}.ipv4.addresses = [{
+          address = host;
+          prefixLength  = prefix;
+      }];
+      ${gponInterface}.ipv4.addresses = [{
+          address = gponHost;
+          prefixLength  = gponPrefix;
       }];
+      # TODO: fix it upstream
+      # https://github.com/NixOS/nixpkgs/blob/e8c38b73aeb218e27163376a2d617e61a2ad9b59/nixos/modules/services/networking/dhcpcd.nix#L13
+      # without this dhcpcd will not run, and if we set it to wanInterface,
+      # when pppd(ppp0 iface) exit it'll take out wan vlan iface as well
+      ${wanInterface}.useDHCP = true;
     };
     firewall = {
       allowedUDPPorts = [ 53 67 ];
@@ -39,9 +56,64 @@ in {
       '';
     };
   };
-
   services.dnsmasq.settings = {
     dhcp-range = [ "${leaseRangeStart},${leaseRangeEnd}" ];
+    dhcp-host = "${wapMac},${wapIp}";
     interface = [ lanInterface ];
   };
+
+  boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 2;
+  networking.dhcpcd = {
+    allowInterfaces = [ wanInterface ];
+    IPv6rs = false;
+    wait = "ipv6";
+    extraConfig = ''
+      ipv6only
+      interface ${wanInterface}
+        ipv6rs
+        ia_pd 1 ${lanInterface}/0
+    '';
+  };
+
+  # we start the services using pppd script
+  systemd.services = {
+    dhcpcd = {
+      before = lib.mkForce [];
+      wants = lib.mkForce [];
+      wantedBy = lib.mkForce [];
+    };
+    radvd = {
+      after = lib.mkForce [];
+      requires = lib.mkForce[];
+      wantedBy = lib.mkForce [];
+    };
+  };
+  services = {
+    pppd.script."ipv6" = {
+      runtimeInputs = [ pkgs.systemd pkgs.gnugrep pkgs.iproute2 ];
+      text = ''
+        systemctl restart dhcpcd.service
+        systemctl restart radvd.service
+      '';
+    };
+    radvd = {
+      enable = lib.mkForce true;
+      config = ''
+        interface ${lanInterface} {
+          AdvSendAdvert on;
+          AdvDefaultPreference high;
+          AdvLinkMTU ${toString wanMTU};
+
+          MinRtrAdvInterval 3;
+          MaxRtrAdvInterval 6;
+          AdvDefaultLifetime 60;
+
+          prefix ::/64 {
+            AdvPreferredLifetime 30;
+            AdvValidLifetime 60;
+          };
+        };
+      '';
+    };
+  };
 }
diff --git a/os/kay/secrets.yaml b/os/kay/secrets.yaml
index 47be11b..dae9fe0 100644
--- a/os/kay/secrets.yaml
+++ b/os/kay/secrets.yaml
@@ -1,7 +1,7 @@
 ppp:
-    chap-secrets: ENC[AES256_GCM,data:oTwucN94iWIzrCCAQySpkG+uEBERmEjXfoPm6piook8bS/q3kCd/DQ==,iv:IC1Ii+rnTvFa0F2bi0fnEAEO7XWV7Wues9T+28bhDnc=,tag:239vrwVzeTIVCIw8U30jtg==,type:str]
-    pap-secrets: ENC[AES256_GCM,data:S72mx8AP8MDWrYZ3TIOnwoKcVWiUzms1ZpckghHjjFcWhW5orOjPOA==,iv:4kNHSZ3+FMA9ROLEgrU38IWd+MBt+vf8CV3WGHkRCCc=,tag:rBtSZH8i7fE7fJhRRda7eA==,type:str]
-    username: ENC[AES256_GCM,data:GzRdyvnRKSS8iH+RuFU9g6zxXhxl0DeWWkAyF3sefZc0QQ==,iv:yTRruKpMda4N2J3Z8MEesrFxqV4g1usbYoxTeKlWf4M=,tag:8h9cpYn2Zy/32+2HJ76dFw==,type:str]
+    chap-secrets: ENC[AES256_GCM,data:XCOWJZr+4jzkCpx8ynr/86H7pkxQ0flnjjlMhyY=,iv:bVIMPO4KIPuJcsIT5L8mZ2aOgRGS8NBz8pxsr3RRQ7k=,tag:9mHPwlOAaxm5m039T6vP5w==,type:str]
+    pap-secrets: ENC[AES256_GCM,data:aeaRboKJwcuy60nlY+iW6zKp3Rm9V8WMTnzxFnk=,iv:ph5TLDeMMz+gvn+QWHCl5jvRWcLOKPM+oEpjfHPWJ4w=,tag:ukYsCONCblQvd5hRSgKUGg==,type:str]
+    username: ENC[AES256_GCM,data:+L9MTQDplyGuMoSMGsSwugEj,iv:Q+2UpahPeYGPix37YsaqORQeVrAm02b7lRk9h0b+vsE=,tag:cePjMJii1YDyL0Jnu5Mp3Q==,type:str]
 hurricane:
     username: ENC[AES256_GCM,data:pe3igN9AIbc1,iv:stBkppjkDC9nvV/fHaEtfs6KskoiqqEKxCp/KC+Xxeo=,tag:pH5CJXOOp/is7dQmt6wlog==,type:str]
     update_key: ENC[AES256_GCM,data:wwd+QWTgKEqstY5d2eWBnWJYq2EisTTaa/Ow4WwBNkyh5FYP+7PEyg==,iv:b93JvsfWppqlJtZxGAa3xbXgLEFs0A5Seq5pNjTnRW4=,tag:+W1t1M+Mm4LopVbcI1x+eg==,type:str]
@@ -40,8 +40,8 @@ sops:
             OXgwSml4bkc1dnloNUFsRGFFcXFHc2cK26l2eiKbZUkogmAXoha6HTUs3YFKixYz
             bTkpKKyOAIIin3YM975wwvkCuWNG4tbnHBHQFh5JGK2OEyLDXuV7Pg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-02-25T04:23:28Z"
-    mac: ENC[AES256_GCM,data:SUFBHKTM2tQHX1Xtta3spl/GaaNrIAcNrLFzKzqb2ki3FhXnLLYu0wD+IBxuj1nxICn9TDprHFdcDenfFPV1mYWtmXLmWMeDcIGKXedYex2nakdlIYngGiLkEseuehft46YtoEqLJVksBFoLKmywRi+/ZGux/heSIyD14Toxb3Q=,iv:dqYGObF1SV3VBxSZtrggRdD1ROqvlp7tn8xLdNuDxx4=,tag:N/4L6NgIqYKQ8IbpFGru2g==,type:str]
+    lastmodified: "2024-11-22T16:14:24Z"
+    mac: ENC[AES256_GCM,data:KPA/xxdhEO7yY9AQZmC9oslMP04RTj8RsJPNAei8UPfMCoZIp9Hyzsa7qsej+ivl/GBFT0r/4PWrxbwMTSoS4N5SiSF0MxF7eRy9UZg8EynRp1R/duImpWgUcK3wtxsDw+XtgQv5NWFrfJQvKUrRGlKACfk3Ci+tiHBVYX0AbZQ=,iv:Djje4ORwIHMvdNJd9MGRs2rVwIZ1pd94OLG/IrO59Ik=,tag:V3Em/dWJs1gyo9Z7lCK3GQ==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1