nebula: sourcephile.fr: fix cert path

[julm/julm-nix.git] / hosts / aubergine / networking / lte.nix
diff --git a/hosts/aubergine/networking/lte.nix b/hosts/aubergine/networking/lte.nix

index 237cba7208628012893dcdff087f5f764196e0f7..550b895fbf933376c8f89fb933fdf45ea5dda491 100644 (file)
--- a/hosts/aubergine/networking/lte.nix
+++ b/hosts/aubergine/networking/lte.nix
@@ -4,86 +4,111 @@ let
    inherit (config.users) users;
  in
  {
-imports = [
-  ../../../nixos/modules/mmsd.nix
-];
-networking.nftables.ruleset = ''
-  table inet filter {
-    chain input {
-      iifname ${lteIface} jump input-net
-      iifname ${lteIface} log level warn prefix "input-net: " counter drop
+  networking.nftables.ruleset = ''
+    table inet filter {
+      chain input {
+        iifname ${lteIface} jump input-net
+        iifname ${lteIface} log level warn prefix "input-net: " counter drop
+      }
+      chain output-net {
+        ip daddr 10.151.0.1 tcp dport 8080 counter accept \
+          comment "mmsd: Prixtel/SFR"
+      }
+      chain output {
+        oifname ${lteIface} jump output-net
+        oifname ${lteIface} log level warn prefix "output-net: " counter drop
+      }
+      chain forward-to-net {
+      }
+      chain forward-from-net {
+      }
+      chain forward-to-net { }
+      chain forward-from-net { }
+      chain forward {
+        iifname { ${wifiIface}, ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } oifname ${lteIface} goto forward-to-net
+        iifname ${lteIface} oifname { ${wifiIface}, ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } goto forward-from-net
+      }
      }
-    chain output-net {
-      ip daddr 10.151.0.1 tcp dport 8080 counter accept \
-        comment "mmsd-tng: Prixtel/SFR"
+    table inet nat {
+      chain postrouting {
+        iifname { ${wifiIface}, ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } oifname ${lteIface} masquerade
+      }
      }
-    chain output {
-      oifname ${lteIface} jump output-net
-      oifname ${lteIface} log level warn prefix "output-net: " counter drop
-    }
-    chain forward-to-net {
-    }
-    chain forward-from-net {
-    }
-    chain forward-to-net { }
-    chain forward-from-net { }
-    chain forward {
-      iifname { ${wifiIface}, ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } oifname ${lteIface} goto forward-to-net
-      iifname ${lteIface} oifname { ${wifiIface}, ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } goto forward-from-net
-    }
-  }
-  table inet nat {
-    chain postrouting {
-      iifname { ${wifiIface}, ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } oifname ${lteIface} masquerade
-    }
-  }
-'';
-services.mmsd.enable = true;
-services.mmsd.extraArgs = ["--debug"];
-systemd.services.NetworkManager.wants = [ "ModemManager.service" ];
-services.dbus.packages = [ pkgs.dconf ];
-programs.dconf.enable = true;
-environment.etc."NetworkManager/system-connections/Prixtel.nmconnection" = {
-  mode = "600";
-  text = ''
-    [connection]
-    id=Prixtel
-    uuid=b223f550-dff1-4ba3-9755-cd4557faaa5a
-    type=gsm
-    autoconnect=true
-    permissions=user:${users.julm.name}:;
+  '';
+  services.mmsd.enable = true;
+  services.mmsd.extraArgs = [ "--debug" ];
+  systemd.services.ModemManager.serviceConfig.ExecStart =
+    lib.mkForce [
+      ""
+      "${pkgs.modemmanager-1-18}/bin/ModemManager --debug"
+      #"${pkgs.modemmanager-1-20-4}/bin/ModemManager --debug"
+    ];
+  systemd.services.NetworkManager.wants = [ "ModemManager.service" ];
+  services.dbus.packages = [ pkgs.dconf ];
+  programs.dconf.enable = true;
+  environment.etc."NetworkManager/system-connections/Prixtel.nmconnection" = {
+    mode = "600";
+    text = ''
+      [connection]
+      id=Prixtel
+      uuid=b223f550-dff1-4ba3-9755-cd4557faaa5a
+      type=gsm
+      autoconnect=true
+      autoconnect-retries=0
  
-    [gsm]
-    apn=sl2sfr
-    number=*99#
-    #home-only=true
+      [gsm]
+      apn=sl2sfr
+      number=*99#
+      #home-only=true
  
-    [ppp]
+      [ppp]
  
-    [ipv4]
-    method=auto
-    dhcp-send-hostname=false
+      [ipv4]
+      method=auto
+      dhcp-send-hostname=false
  
-    [ipv6]
-    method=auto
-    addr-gen-mode=stable-privacy
-    ip6-privacy=2
-    dhcp-send-hostname=false
+      [ipv6]
+      method=auto
+      addr-gen-mode=stable-privacy
+      ip6-privacy=2
+      dhcp-send-hostname=false
  
-    [proxy]
-  '';
-};
-environment.systemPackages = [
-  pkgs.modem-manager-gui
-  pkgs.libmbim
-  pkgs.chatty
-  pkgs.gnome.gnome-contacts
-  pkgs.mmsd-tng
-  pkgs.picocom
-  pkgs.calls
-  pkgs.dfeet
-  # https://gitlab.com/mobian1/callaudiod/-/issues/26
-  # https://gitlab.com/mobian1/callaudiod/-/issues/27
-  pkgs.callaudiod
-];
+      [proxy]
+    '';
+  };
+  systemd.services.watch-lte = {
+    after = [ "NetworkManager-wait-online.service" ];
+    requires = [ "NetworkManager-wait-online.service" ];
+    wantedBy = [ "network-online.target" ];
+    #startAt = "*:0/5"; # every 5 min
+    path = with pkgs; [ inetutils networkmanager ];
+    unitConfig = { StartLimitIntervalSec = 0; };
+    serviceConfig = {
+      Type = "simple";
+      IPAddressAllow = [ "9.9.9.9" ];
+      RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ];
+      ExecStart = pkgs.writeShellScript "watch-lte" ''
+        set -ux
+        while sleep 300; do
+          ping -c 1 9.9.9.9 ||
+          nmcli connection up Prixtel
+        done
+      '';
+      Restart = "on-failure";
+      RestartSec = "30s";
+    };
+  };
+  environment.systemPackages = [
+    pkgs.modem-manager-gui
+    pkgs.libmbim
+    pkgs.chatty
+    pkgs.gnome.gnome-contacts
+    pkgs.picocom
+    pkgs.tio
+    pkgs.calls
+    pkgs.dfeet
+    # https://gitlab.com/mobian1/callaudiod/-/issues/26
+    # https://gitlab.com/mobian1/callaudiod/-/issues/27
+    pkgs.callaudiod
+  ];
  }