pppoe telekom

2025-07-11 20:44:05 +02:00 · 2025-07-11 20:44:05 +02:00 · e4e3c57f20
commit e4e3c57f20
parent 5274639ca3
9 changed files with 143 additions and 6 deletions
--- a/bundles/network/items.py
+++ b/bundles/network/items.py
@ -3,6 +3,9 @@ for network_name, network_conf in node.metadata.get('network').items():
        svc_systemd[f'qdisc-{network_name}.service'] = {
            'enabled': True,
            'running': None,
+            'needs': {
+                f'file:/usr/local/lib/systemd/system/qdisc-{network_name}.service',
+            },
        }
        actions[f'qdisc-{network_name}.service_restart_workaround'] = {
            'command': 'true',
--- a/bundles/nftables/files/nftables.conf
+++ b/bundles/nftables/files/nftables.conf
@ -2,6 +2,23 @@

 flush ruleset

+% if nat:
+table ip nat {
+
+  # NAT
+
+  chain postrouting {
+    type nat hook postrouting priority 100
+    policy accept
+
+    # rules
+% for rule in sorted(nat):
+    ${rule}
+% endfor
+    }
+}
+% endif
+
 table inet filter {

  # INPUT
--- a/bundles/nftables/items.py
+++ b/bundles/nftables/items.py
@ -6,6 +6,7 @@ files = {
            'input': node.metadata.get('nftables/input'),
            'forward': node.metadata.get('nftables/forward'),
            'output': node.metadata.get('nftables/output'),
+            'nat': node.metadata.get('nftables/nat'),
        },
        'triggers': [
            'svc_systemd:nftables.service:reload',
--- a/bundles/pppoe/REAMDE.md
+++ b/bundles/pppoe/REAMDE.md
@ -0,0 +1,36 @@
+# Firtzbox
+
+Internet > Zugangsdaten
+
+Internetanbieter
+- weitere Internetanbieter
+- anderer Internetanbieter
+- Name: "My PPPOE" (nicht leer lassen)
+
+Anschluss
+(x) Anschluss an einen DSL-Anschluss
+
+Zugangsdaten
+(x) Nein
+
+Verbindungseinstellungen
+
+[x] VLAN für den Internetanschluss verwenden
+VLAN-ID: 7
+PBit: 0
+
+DSL-ATM-Einstellungen
+VPI: 1
+VCI: 32
+
+Kapselung
+(x) Routed Bridge Encapsulation
+[x] IP-Adresse automatisch über DHCP beziehen
+DHCP-Hostname: fritz.box
+
+PPPoE-Passthrough
+[x] Angeschlossene Netzwerkgeräte dürfen zusätzlich ihre eigene Internetverbindung aufbauen (nicht empfohlen)
+
+[ ] Internetzugang nach dem "Übernehmen" prüfen
+
+-> Danach muss bei "Internetanbieter" statt "weitere Internetanbieter" der gewählte Name stehen, also zB  "My PPPOE"
--- a/bundles/pppoe/files/chap-secrets
+++ b/bundles/pppoe/files/chap-secrets
@ -0,0 +1,3 @@
+# Secrets for authentication using CHAP
+# client        server  secret                  IP addresses
+"${user}"  *    "${secret}"   *
--- a/bundles/pppoe/files/isp
+++ b/bundles/pppoe/files/isp
@ -0,0 +1,10 @@
+linkname ppp0
+noauth
+defaultroute
+replacedefaultroute
+persist
+maxfail 0
+lcp-echo-interval 20
+lcp-echo-failure 3
+plugin rp-pppoe.so enp2s0
+user "${user}"
--- a/bundles/pppoe/items.py
+++ b/bundles/pppoe/items.py
@ -0,0 +1,36 @@
+files = {
+    '/etc/modules-load.d/pppoe.conf': {
+        'content': 'pppoe\npppox\nppp_generic',
+        'mode': '0644',
+    },
+    '/etc/ppp/peers/isp': {
+        'content_type': 'mako',
+        'mode': '0644',
+        'context': {
+            'user': node.metadata.get('pppoe/user'),
+        },
+        'needs': {
+            'pkg_apt:pppoe',
+        },
+    },
+    '/etc/ppp/chap-secrets': {
+        'content_type': 'mako',
+        'mode': '0600',
+        'context': {
+            'user': node.metadata.get('pppoe/user'),
+            'secret': node.metadata.get('pppoe/secret'),
+        },
+        'needs': {
+            'pkg_apt:pppoe',
+        },
+    },
+}
+
+svc_systemd = {
+    'pppoe-isp.service': {
+        'needs': {
+            'file:/etc/ppp/peers/isp',
+            'file:/etc/ppp/chap-secrets',
+        },
+    },
+}
--- a/bundles/pppoe/metadata.py
+++ b/bundles/pppoe/metadata.py
@ -0,0 +1,29 @@
+defaults = {
+    'apt': {
+        'packages': {
+            'pppoe': {},
+        },
+    },
+    'nftables': {
+        'nat': {
+            'oifname ppp0 masquerade',
+        },
+    },
+    'systemd': {
+        'units': {
+            'pppoe-isp.service': {
+                'Unit': {
+                    'Description': 'PPPoE Internet Connection',
+                    'After': 'network.target',
+                },
+                'Service': {
+                    'Type': 'forking',
+                    'ExecStart': '/usr/sbin/pppd call isp',
+                    'Restart': 'on-failure',
+                    'RestartSec': 5,
+                },
+            },
+        },
+    },
+
+}
--- a/nodes/home.router.py
+++ b/nodes/home.router.py
@ -11,6 +11,7 @@
    'bundles': [
        'kea-dhcpd',
        'wireguard',
+        'pppoe',
    ],
    'metadata': {
        'id': '1d6a43e5-858c-42f9-9c40-ab63d61c787c',
@ -28,12 +29,9 @@
                'dhcp_server': True,
            },
            'external': {
-                'type': 'vlan',
-                'vlan_interface': 'internal',
-                'id': 3,
-                'ipv4': '10.0.99.126/24',
-                'gateway4': '10.0.99.1',
-                'qdisc': 'cake bandwidth 40Mbit diffserv4',
+                'interface': 'enp2s0',
+                'ipv4': '10.0.98.2/24',
+                #'qdisc': 'cake bandwidth 35Mbit diffserv4',
            },
            'proxmox': {
                'type': 'vlan',
@ -61,6 +59,10 @@
            'master_node': 'htz.mails',
            'hostname': 'home.resolver.name',
        },
+        'pppoe': {
+            'user': '!decrypt:encrypt$gAAAAABocUfodLqCBKPPN7H9S64yJ7kRddtaWI0nQU2oklPMEjBhMsir4NL2yjkcHXAN-Ozqn6FCokyE1AL8ek3c5CqAvd83jkxZytp-oclrKqUD9uhUCy4=',
+            'secret': '!decrypt:encrypt$gAAAAABocUhmDqFZsyHYBIP2qdMFIS1eWT_bPdyv98cHzIgeKFAxDfcCrVJwDxVPFDDMa_7UT76HDJLvtdYQ8mFl2RL0yR8k2A=='
+        },
        'sysctl': {
            'net': {
                'ipv4': {