pppoe telekom

bundles/network/items.py

@@ -3,6 +3,9 @@ for network_name, network_conf in node.metadata.get('network').items():
         svc_systemd[f'qdisc-{network_name}.service'] = {
             'enabled': True,
             'running': None,
+            'needs': {
+                f'file:/usr/local/lib/systemd/system/qdisc-{network_name}.service',
+            },
         }
         actions[f'qdisc-{network_name}.service_restart_workaround'] = {
             'command': 'true',

bundles/nftables/files/nftables.conf

@@ -2,6 +2,23 @@
 
 flush ruleset
 
+% if nat:
+table ip nat {
+
+  # NAT
+
+  chain postrouting {
+    type nat hook postrouting priority 100
+    policy accept
+
+    # rules
+% for rule in sorted(nat):
+    ${rule}
+% endfor
+    }
+}
+% endif
+
 table inet filter {
 
   # INPUT

bundles/nftables/items.py

@@ -6,6 +6,7 @@ files = {
             'input': node.metadata.get('nftables/input'),
             'forward': node.metadata.get('nftables/forward'),
             'output': node.metadata.get('nftables/output'),
+            'nat': node.metadata.get('nftables/nat'),
         },
         'triggers': [
             'svc_systemd:nftables.service:reload',

bundles/pppoe/REAMDE.md

@@ -0,0 +1,36 @@
+# Firtzbox
+
+Internet > Zugangsdaten
+
+Internetanbieter
+- weitere Internetanbieter
+- anderer Internetanbieter
+- Name: "My PPPOE" (nicht leer lassen)
+
+Anschluss
+(x) Anschluss an einen DSL-Anschluss
+
+Zugangsdaten
+(x) Nein
+
+Verbindungseinstellungen
+
+[x] VLAN für den Internetanschluss verwenden
+VLAN-ID: 7
+PBit: 0
+
+DSL-ATM-Einstellungen
+VPI: 1
+VCI: 32
+
+Kapselung
+(x) Routed Bridge Encapsulation
+[x] IP-Adresse automatisch über DHCP beziehen
+DHCP-Hostname: fritz.box
+
+PPPoE-Passthrough
+[x] Angeschlossene Netzwerkgeräte dürfen zusätzlich ihre eigene Internetverbindung aufbauen (nicht empfohlen)
+
+[ ] Internetzugang nach dem "Übernehmen" prüfen
+
+-> Danach muss bei "Internetanbieter" statt "weitere Internetanbieter" der gewählte Name stehen, also zB  "My PPPOE"

bundles/pppoe/files/chap-secrets

@@ -0,0 +1,3 @@
+# Secrets for authentication using CHAP
+# client        server  secret                  IP addresses
+"${user}"  *    "${secret}"   *

bundles/pppoe/files/isp

@@ -0,0 +1,10 @@
+linkname ppp0
+noauth
+defaultroute
+replacedefaultroute
+persist
+maxfail 0
+lcp-echo-interval 20
+lcp-echo-failure 3
+plugin rp-pppoe.so enp2s0
+user "${user}"

bundles/pppoe/items.py

@@ -0,0 +1,36 @@
+files = {
+    '/etc/modules-load.d/pppoe.conf': {
+        'content': 'pppoe\npppox\nppp_generic',
+        'mode': '0644',
+    },
+    '/etc/ppp/peers/isp': {
+        'content_type': 'mako',
+        'mode': '0644',
+        'context': {
+            'user': node.metadata.get('pppoe/user'),
+        },
+        'needs': {
+            'pkg_apt:pppoe',
+        },
+    },
+    '/etc/ppp/chap-secrets': {
+        'content_type': 'mako',
+        'mode': '0600',
+        'context': {
+            'user': node.metadata.get('pppoe/user'),
+            'secret': node.metadata.get('pppoe/secret'),
+        },
+        'needs': {
+            'pkg_apt:pppoe',
+        },
+    },
+}
+
+svc_systemd = {
+    'pppoe-isp.service': {
+        'needs': {
+            'file:/etc/ppp/peers/isp',
+            'file:/etc/ppp/chap-secrets',
+        },
+    },
+}

bundles/pppoe/metadata.py

@@ -0,0 +1,29 @@
+defaults = {
+    'apt': {
+        'packages': {
+            'pppoe': {},
+        },
+    },
+    'nftables': {
+        'nat': {
+            'oifname ppp0 masquerade',
+        },
+    },
+    'systemd': {
+        'units': {
+            'pppoe-isp.service': {
+                'Unit': {
+                    'Description': 'PPPoE Internet Connection',
+                    'After': 'network.target',
+                },
+                'Service': {
+                    'Type': 'forking',
+                    'ExecStart': '/usr/sbin/pppd call isp',
+                    'Restart': 'on-failure',
+                    'RestartSec': 5,
+                },
+            },
+        },
+    },
+
+}

nodes/home.router.py

@@ -11,6 +11,7 @@
     'bundles': [
         'kea-dhcpd',
         'wireguard',
+        'pppoe',
     ],
     'metadata': {
         'id': '1d6a43e5-858c-42f9-9c40-ab63d61c787c',
@@ -28,12 +29,9 @@
                 'dhcp_server': True,
             },
             'external': {
-                'type': 'vlan',
-                'vlan_interface': 'internal',
-                'id': 3,
-                'ipv4': '10.0.99.126/24',
-                'gateway4': '10.0.99.1',
-                'qdisc': 'cake bandwidth 40Mbit diffserv4',
+                'interface': 'enp2s0',
+                'ipv4': '10.0.98.2/24',
+                #'qdisc': 'cake bandwidth 35Mbit diffserv4',
             },
             'proxmox': {
                 'type': 'vlan',
@@ -61,6 +59,10 @@
             'master_node': 'htz.mails',
             'hostname': 'home.resolver.name',
         },
+        'pppoe': {
+            'user': '!decrypt:encrypt$gAAAAABocUfodLqCBKPPN7H9S64yJ7kRddtaWI0nQU2oklPMEjBhMsir4NL2yjkcHXAN-Ozqn6FCokyE1AL8ek3c5CqAvd83jkxZytp-oclrKqUD9uhUCy4=',
+            'secret': '!decrypt:encrypt$gAAAAABocUhmDqFZsyHYBIP2qdMFIS1eWT_bPdyv98cHzIgeKFAxDfcCrVJwDxVPFDDMa_7UT76HDJLvtdYQ8mFl2RL0yR8k2A=='
+        },
         'sysctl': {
             'net': {
                 'ipv4': {