Skip to content

Instantly share code, notes, and snippets.

@c0deaddict

c0deaddict/kpn-router.nix

Created July 5, 2021 07:55
Show Gist options
  • Save c0deaddict/64cc4ee262e428e8d8ff4fe507ab1f9b to your computer and use it in GitHub Desktop.
Save c0deaddict/64cc4ee262e428e8d8ff4fe507ab1f9b to your computer and use it in GitHub Desktop.
Download ZIP
Raw
kpn-router.nix
{ config, pkgs, lib, ... }:
let
interfaces = {
wan = "enp1s0";
lan = "enp2s0";
};
in {
boot.kernel.sysctl = {
"net.ipv4.conf.all.forwarding" = true;
"net.ipv6.conf.all.forwarding" = true;
"net.ipv6.conf.all.accept_ra" = 0;
"net.ipv6.conf.default.accept_ra" = 0;
};
networking = {
hostName = "router";
domain = "home.lan";
enableIPv6 = true;
vlans = {
# KPN VLAN's on WAN interface.
internet = {
interface = interfaces.wan;
id = 6;
};
iptv = {
interface = interfaces.wan;
id = 4;
};
telephony = {
interface = interfaces.wan;
id = 7;
};
};
interfaces = {
${interfaces.wan} = { useDHCP = false; };
internet = { useDHCP = false; };
iptv = { useDHCP = false; };
telephony = { useDHCP = false; };
${interfaces.lan} = {
ipv4.addresses = [{
address = "10.13.37.1";
prefixLength = 24;
}];
};
};
useDHCP = true;
dhcpcd.persistent = true;
dhcpcd.allowInterfaces = [ "ppp0" ];
# https://wiki.archlinux.org/title/IPv6#Prefix_delegation_(DHCPv6-PD)
# KPN doesn't respond with RA's, the default route is set by ppp.
dhcpcd.enable = true;
dhcpcd.extraConfig = ''
clientid
option rapid_commit
option interface_mtu
require dhcp_server_identifier
noipv6rs
ipv6only
waitip 6
interface ppp0
iaid 1
ia_pd 1 ${interfaces.lan}/0
'';
};
# Make sure ppp0 exists before starting dhcpcd.
systemd.services.dhcpcd = {
bindsTo = [ "sys-devices-virtual-net-ppp0.device" ];
after = [ "sys-devices-virtual-net-ppp0.device" ];
};
environment.etc."ppp/chap-secrets" = {
text = ''"kpn" * "kpn" *'';
mode = "0640";
};
services.pppd = {
enable = true;
peers.kpn = {
config = ''
plugin rp-pppoe.so internet
name "kpn"
noauth
hide-password
debug
+ipv6
ipv6cp-accept-local
noipdefault
defaultroute
defaultroute6
persist
maxfail 0
holdoff 5
mtu 1500
mru 1500
'';
};
};
# Configure MTU's on wan, internet VLAN and ppp0.
systemd.services.pppd-kpn = {
requires = [ "internet-netdev.service" ];
serviceConfig = let ip = "${pkgs.iproute}/bin/ip";
in {
ExecStartPre = "+${
pkgs.writeShellScript "ppp-configure-mtu" ''
set -e
${ip} link set dev ${interfaces.wan} mtu 1512
${ip} link set dev internet mtu 1508
${ip} link set dev ppp0 mtu 1500 || true
''
}";
};
};
services.corerad = {
enable = true;
settings = {
interfaces = [{
name = interfaces.lan;
advertise = true;
prefix = [{ prefix = "::/64"; }];
rdnss = [{ servers = [ "2001:db8:85a3::1" ]; }];
dnssl = [{ domain_names = [ "home.lan" ]; }];
}];
debug = {
address = "10.13.37.1:9430";
prometheus = true;
};
};
};
services.dnsmasq = {
enable = true;
servers = [ "1.1.1.1" ];
extraConfig = ''
interface=${interfaces.lan}
bind-interfaces
listen-address=127.0.0.1,10.13.37.1
domain=home.lan
dhcp-authoritative
dhcp-option-force=option:domain-search,home.lan,dhcp
dhcp-range=${interfaces.lan},10.13.37.100,10.13.37.200,24h
dhcp-option=${interfaces.lan},option:router,10.13.37.1
dhcp-option=${interfaces.lan},option:dns-server,10.13.37.1
'';
};
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment