Add state to configure PPPoE connections.

Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>

pppoe/init.sls

@@ -0,0 +1,36 @@
+#
+# PPPoE (Vectoring-Glasfaser-Technologie!) (Salt Managed)
+#
+
+pppoe:
+  pkg.installed
+
+/etc/ppp/ip-up.local:
+  file.managed:
+    - source: salt://pppoe/ip-up.local
+    - mode: 755
+
+/etc/ppp/ip-down.local:
+  file.managed:
+    - source: salt://pppoe/noop.local
+    - mode: 755
+
+/etc/ppp/ipv6-up.local:
+  file.managed:
+    - source: salt://pppoe/noop.local
+    - mode: 755
+
+/etc/ppp/ipv6-down.local:
+  file.managed:
+    - source: salt://pppoe/noop.local
+    - mode: 755
+
+/etc/ppp/peers/tkom:
+  file.managed:
+    - source: salt://pppoe/tkom_peer.tmpl
+    - template: jinja
+
+/etc/ppp/pap-secrets:
+  file.managed:
+    - source: salt://pppoe/pap-secrets
+    - template: jinja

pppoe/ip-up.local

@@ -0,0 +1,25 @@
+#!/bin/sh
+#
+# FFHO ip-up replacement script (Salt managed)
+#
+# Using a ip-up.local script intentionally PREVENTS ALL OTHER ip-up.d/ scripts
+# from being called. We don't want that stuff.
+#
+#
+# This script is run by the pppd after the link is established.
+#
+# This script is called with the following arguments:
+#    Arg  Name                          Example
+#    $1   Interface name                ppp0
+#    $2   The tty                       ttyS1
+#    $3   The link speed                38400
+#    $4   Local IP number               12.34.56.78
+#    $5   Peer  IP number               12.34.56.99
+#    $6   Optional ``ipparam'' value    foo
+
+# The environment is cleared before executing this script
+# so the path must be reset
+PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin
+export PATH
+
+ip link set ${1}" master vrf_external

pppoe/noop.local

@@ -0,0 +1,8 @@
+#!/bin/sh
+#
+# FFHO ip*.local replacement script (Salt managed)
+#
+# Using this NO-OP script intentionally PREVENTS ALL OTHER ip-$flavour.d/ scripts
+# from being called. We don't want that stuff.
+
+exit 0

pppoe/pap-secrets

@@ -0,0 +1,44 @@
+#
+# /etc/ppp/pap-secrets (Salt managed)
+#
+# This is a pap-secrets file to be used with the AUTO_PPP function of
+# mgetty. mgetty-0.99 is preconfigured to startup pppd with the login option
+# which will cause pppd to consult /etc/passwd (and /etc/shadow in turn)
+# after a user has passed this file. Don't be disturbed therefore by the fact
+# that this file defines logins with any password for users. /etc/passwd
+# (again, /etc/shadow, too) will catch passwd mismatches.
+#
+# This file should block ALL users that should not be able to do AUTO_PPP.
+# AUTO_PPP bypasses the usual login program so it's necessary to list all
+# system userids with regular passwords here.
+#
+# ATTENTION: The definitions here can allow users to login without a
+# password if you don't use the login option of pppd! The mgetty Debian
+# package already provides this option; make sure you don't change that.
+
+# INBOUND connections
+
+# Every regular user can use PPP and has to use passwords from /etc/passwd
+*	hostname	""	*
+
+# UserIDs that cannot use PPP at all. Check your /etc/passwd and add any
+# other accounts that should not be able to use pppd!
+guest	hostname	"*"	-
+master	hostname	"*"	-
+root	hostname	"*"	-
+support	hostname	"*"	-
+stats	hostname	"*"	-
+
+# OUTBOUND connections
+
+# Here you should add your userid password to connect to your providers via
+# PAP. The * means that the password is to be used for ANY host you connect
+# to. Thus you do not have to worry about the foreign machine name. Just
+# replace password with your password.
+# If you have different providers with different passwords then you better
+# remove the following line.
+
+#	*	password
+{%- set user = salt['pillar.get']('nodes:' ~ grains['id'] ~ ':pppoe:user', 'WRONG USER') %}
+{%- set pass = salt['pillar.get']('nodes:' ~ grains['id'] ~ ':pppoe:pass', 'NO PASS') %}
+"{{ user }}"	*	"{{ pass }}"

pppoe/tkom_peer.tmpl

@@ -0,0 +1,75 @@
+# Configuration file for PPP, using PPP over Ethernet 
+# to connect to a DSL provider.
+#
+# See the manual page pppd(8) for information on all the options.
+
+##
+# Section 1
+#
+# Stuff to configure...
+
+# MUST CHANGE: Uncomment the following line, replacing the user@provider.net
+# by the DSL user name given to your by your DSL provider.
+# (There should be a matching entry in /etc/ppp/pap-secrets with the password.)
+{%- set user = salt['pillar.get']('nodes:' ~ grains['id'] ~ ':pppoe:user', 'WRONG USER') %}
+user "{{ user }}"
+
+# Use the pppoe program to send the ppp packets over the Ethernet link
+# This line should work fine if this computer is the only one accessing
+# the Internet through this DSL connection. This is the right line to use
+# for most people.
+pty "/usr/sbin/pppoe -I vlan4006 -T 80 -m 1452"
+
+# An even more conservative version of the previous line, if things
+# don't work using -m 1452... 
+#pty "/usr/sbin/pppoe -I eth0 -T 80 -m 1412"
+
+# If the computer connected to the Internet using pppoe is not being used
+# by other computers as a gateway to the Internet, you can try the following
+# line instead, for a small gain in speed:
+#pty "/usr/sbin/pppoe -I eth0 -T 80"
+
+
+# The following two options should work fine for most DSL users.
+
+# Assumes that your IP address is allocated dynamically
+# by your DSL provider...
+noipdefault
+# Try to get the name server addresses from the ISP.
+#usepeerdns
+# Use this connection as the default route.
+# Comment out if you already have the correct default route installed.
+#defaultroute
+
+##
+# Section 2
+#
+# Uncomment if your DSL provider charges by minute connected
+# and you want to use demand-dialing. 
+#
+# Disconnect after 300 seconds (5 minutes) of idle time.
+
+#demand
+#idle 300
+
+##
+# Section 3
+#
+# You shouldn't need to change these options...
+
+hide-password
+lcp-echo-interval 20
+lcp-echo-failure 3
+# Override any connect script that may have been set in /etc/ppp/options.
+connect /bin/true
+noauth
+persist
+mtu 1492
+
+# RFC 2516, paragraph 7 mandates that the following options MUST NOT be
+# requested and MUST be rejected if requested by the peer:
+# Address-and-Control-Field-Compression (ACFC)
+noaccomp
+# Asynchronous-Control-Character-Map (ACCM)
+default-asyncmap
+