diff options
| author | Mx Kookie <kookie@spacekookie.de> | 2020-10-31 19:35:09 +0100 |
|---|---|---|
| committer | Mx Kookie <kookie@spacekookie.de> | 2020-10-31 19:35:09 +0100 |
| commit | c4625b175f8200f643fd6e11010932ea44c78433 (patch) | |
| tree | bce3f89888c8ac3991fa5569a878a9eab6801ccc /infra/libkookie/nixpkgs/nixos/modules/services/networking/bird.nix | |
| parent | 49f735974dd103039ddc4cb576bb76555164a9e7 (diff) | |
| parent | d661aa56a8843e991261510c1bb28fdc2f6975ae (diff) | |
Add 'infra/libkookie/' from commit 'd661aa56a8843e991261510c1bb28fdc2f6975ae'
git-subtree-dir: infra/libkookie
git-subtree-mainline: 49f735974dd103039ddc4cb576bb76555164a9e7
git-subtree-split: d661aa56a8843e991261510c1bb28fdc2f6975ae
Diffstat (limited to 'infra/libkookie/nixpkgs/nixos/modules/services/networking/bird.nix')
| -rw-r--r-- | infra/libkookie/nixpkgs/nixos/modules/services/networking/bird.nix | 78 |
1 files changed, 78 insertions, 0 deletions
diff --git a/infra/libkookie/nixpkgs/nixos/modules/services/networking/bird.nix b/infra/libkookie/nixpkgs/nixos/modules/services/networking/bird.nix new file mode 100644 index 000000000000..4ae35875c0f0 --- /dev/null +++ b/infra/libkookie/nixpkgs/nixos/modules/services/networking/bird.nix @@ -0,0 +1,78 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkEnableOption mkIf mkOption types; + + generic = variant: + let + cfg = config.services.${variant}; + pkg = pkgs.${variant}; + birdBin = if variant == "bird6" then "bird6" else "bird"; + birdc = if variant == "bird6" then "birdc6" else "birdc"; + descr = + { bird = "1.9.x with IPv4 suport"; + bird6 = "1.9.x with IPv6 suport"; + bird2 = "2.x"; + }.${variant}; + in { + ###### interface + options = { + services.${variant} = { + enable = mkEnableOption "BIRD Internet Routing Daemon (${descr})"; + config = mkOption { + type = types.lines; + description = '' + BIRD Internet Routing Daemon configuration file. + <link xlink:href='http://bird.network.cz/'/> + ''; + }; + }; + }; + + ###### implementation + config = mkIf cfg.enable { + environment.systemPackages = [ pkg ]; + + environment.etc."bird/${variant}.conf".source = pkgs.writeTextFile { + name = "${variant}.conf"; + text = cfg.config; + checkPhase = '' + ${pkg}/bin/${birdBin} -d -p -c $out + ''; + }; + + systemd.services.${variant} = { + description = "BIRD Internet Routing Daemon (${descr})"; + wantedBy = [ "multi-user.target" ]; + reloadIfChanged = true; + restartTriggers = [ config.environment.etc."bird/${variant}.conf".source ]; + serviceConfig = { + Type = "forking"; + Restart = "on-failure"; + ExecStart = "${pkg}/bin/${birdBin} -c /etc/bird/${variant}.conf -u ${variant} -g ${variant}"; + ExecReload = "${pkg}/bin/${birdc} configure"; + ExecStop = "${pkg}/bin/${birdc} down"; + CapabilityBoundingSet = [ "CAP_CHOWN" "CAP_FOWNER" "CAP_DAC_OVERRIDE" "CAP_SETUID" "CAP_SETGID" + # see bird/sysdep/linux/syspriv.h + "CAP_NET_BIND_SERVICE" "CAP_NET_BROADCAST" "CAP_NET_ADMIN" "CAP_NET_RAW" ]; + ProtectSystem = "full"; + ProtectHome = "yes"; + SystemCallFilter="~@cpu-emulation @debug @keyring @module @mount @obsolete @raw-io"; + MemoryDenyWriteExecute = "yes"; + }; + }; + users = { + users.${variant} = { + description = "BIRD Internet Routing Daemon user"; + group = variant; + }; + groups.${variant} = {}; + }; + }; + }; + +in + +{ + imports = map generic [ "bird" "bird6" "bird2" ]; +} |