]> Git — Sourcephile - julm/julm-nix.git/blob - hosts/aubergine/networking/lte.nix
aubergine: nftables: fix DHCP renewal
[julm/julm-nix.git] / hosts / aubergine / networking / lte.nix
1 { pkgs, lib, config, ... }:
2 with (import ./names-and-numbers.nix);
3 let
4 inherit (config.users) users;
5 modemmanager = pkgs.modemmanager-1-18;
6 #modemmanager = pkgs.modemmanager-1-20-4;
7 in
8 {
9 networking.nftables.ruleset = ''
10 table inet filter {
11 chain input {
12 iifname ${lteIface} jump input-net
13 iifname ${lteIface} log level warn prefix "input-net: " counter drop
14 }
15 chain output-net {
16 ip daddr 10.151.0.1 tcp dport 8080 counter accept \
17 comment "mmsd: Prixtel/SFR"
18 }
19 chain output {
20 oifname ${lteIface} jump output-net
21 oifname ${lteIface} log level warn prefix "output-net: " counter drop
22 }
23 chain forward-to-net {
24 }
25 chain forward-from-net {
26 }
27 chain forward-to-net { }
28 chain forward-from-net { }
29 chain forward {
30 iifname { ${wifiIface}, ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } oifname ${lteIface} goto forward-to-net
31 iifname ${lteIface} oifname { ${wifiIface}, ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } goto forward-from-net
32 }
33 }
34 table inet nat {
35 chain postrouting {
36 iifname { ${wifiIface}, ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } oifname ${lteIface} masquerade
37 }
38 }
39 '';
40 services.mmsd.enable = true;
41 services.mmsd.extraArgs = [ "--debug" ];
42 systemd.services.ModemManager.serviceConfig.ExecStart =
43 lib.mkForce [
44 ""
45 # See https://gitlab.freedesktop.org/mobile-broadband/ModemManager/-/issues/780
46 "${modemmanager}/bin/ModemManager --debug"
47 ];
48 systemd.services.NetworkManager.wants = [ "ModemManager.service" ];
49 services.dbus.packages = [ pkgs.dconf ];
50 programs.dconf.enable = true;
51 environment.etc."NetworkManager/system-connections/Prixtel.nmconnection" = {
52 mode = "600";
53 text = ''
54 [connection]
55 id=Prixtel
56 uuid=b223f550-dff1-4ba3-9755-cd4557faaa5a
57 type=gsm
58 autoconnect=true
59 autoconnect-priority=999
60 autoconnect-retries=0
61
62 [gsm]
63 apn=sl2sfr
64 number=*99#
65 #home-only=true
66
67 [ppp]
68
69 [ipv4]
70 method=auto
71 dhcp-send-hostname=false
72
73 [ipv6]
74 method=auto
75 addr-gen-mode=stable-privacy
76 ip6-privacy=2
77 dhcp-send-hostname=false
78
79 [proxy]
80 '';
81 };
82 systemd.services.watch-lte = {
83 after = [ "ModemManager.service" "NetworkManager.service" "NetworkManager-wait-online.service" ];
84 requires = [ "ModemManager.service" "NetworkManager.service" "NetworkManager-wait-online.service" ];
85 wantedBy = [ "network-online.target" ];
86 #startAt = "*:0/5"; # every 5 min
87 path = with pkgs; [ inetutils jq modemmanager networkmanager ];
88 unitConfig = { StartLimitIntervalSec = 0; };
89 serviceConfig = {
90 Type = "simple";
91 IPAddressAllow = [ "9.9.9.9" ];
92 RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ];
93 ExecStart = pkgs.writeShellScript "watch-lte" ''
94 set -eux
95 lastPONG=$(date +%s)
96 while sleep 5; do
97 if ping 9.9.9.9 --count 10 --linger 20 --interval 1 --quiet --numeric
98 then lastPONG=$(date +%s)
99 fi
100 if test $(( $(date +%s) - lastPONG )) -gt 300
101 then
102 modem=$(mmcli -L -J | jq -r '.["modem-list"][0]') || true
103 mmcli -m "$modem" --command "AT+CFUN=1,1" || true
104 sleep 10
105 systemctl restart ModemManager
106 sleep 10
107 nmcli connection up Prixtel
108 sleep 300
109 fi
110 done
111 '';
112 Restart = "on-failure";
113 RestartSec = "10s";
114 };
115 };
116 environment.systemPackages = [
117 pkgs.modem-manager-gui
118 pkgs.libmbim
119 pkgs.chatty
120 pkgs.gnome-contacts
121 pkgs.picocom
122 pkgs.tio
123 pkgs.calls
124 pkgs.d-spy
125 # https://gitlab.com/mobian1/callaudiod/-/issues/26
126 # https://gitlab.com/mobian1/callaudiod/-/issues/27
127 pkgs.callaudiod
128 ];
129 }