nixos/scion: init scion-ip-gateway module · pyrox.dev/nixpkgs@6c527bf

pyrox.dev / nixpkgs

fork atom

lol

fork atom

nixos/scion: init scion-ip-gateway module

authored by

Robert James Hernandez and committed by

Valentin Gagarin 2 years ago 6c527bf0 828ce9b1

+94

3 changed files

expand all

nixos

modules

module-list.nix

services

networking

scion

scion-ip-gateway.nix

scion.nix

nixos/modules/module-list.nix

··· 1192 1192 ./services/networking/scion/scion-daemon.nix 1193 1193 ./services/networking/scion/scion-dispatcher.nix 1194 1194 ./services/networking/scion/scion-router.nix 1195 + ./services/networking/scion/scion-ip-gateway.nix 1195 1196 ./services/networking/seafile.nix 1196 1197 ./services/networking/searx.nix 1197 1198 ./services/networking/shadowsocks.nix

+92

nixos/modules/services/networking/scion/scion-ip-gateway.nix

··· 1 + { 2 + config, 3 + lib, 4 + pkgs, 5 + ... 6 + }: 7 + 8 + with lib; 9 + 10 + let 11 + globalCfg = config.services.scion; 12 + cfg = config.services.scion.scion-ip-gateway; 13 + toml = pkgs.formats.toml { }; 14 + json = pkgs.formats.json { }; 15 + connectionDir = if globalCfg.stateless then "/run" else "/var/lib"; 16 + defaultConfig = { 17 + tunnel = { }; 18 + gateway = { 19 + traffic_policy_file = "${trafficConfigFile}"; 20 + }; 21 + }; 22 + defaultTrafficConfig = { 23 + ASes = { }; 24 + ConfigVersion = 9001; 25 + }; 26 + configFile = toml.generate "scion-ip-gateway.toml" (recursiveUpdate defaultConfig cfg.config); 27 + trafficConfigFile = json.generate "scion-ip-gateway-traffic.json" ( 28 + recursiveUpdate defaultTrafficConfig cfg.trafficConfig 29 + ); 30 + in 31 + { 32 + options.services.scion.scion-ip-gateway = { 33 + enable = mkEnableOption "the scion-ip-gateway service"; 34 + config = mkOption { 35 + default = { }; 36 + type = toml.type; 37 + example = literalExpression '' 38 + { 39 + tunnel = { 40 + src_ipv4 = "172.16.100.1"; 41 + }; 42 + } 43 + ''; 44 + description = '' 45 + scion-ip-gateway daemon configuration 46 + ''; 47 + }; 48 + trafficConfig = mkOption { 49 + default = { }; 50 + type = json.type; 51 + example = literalExpression '' 52 + { 53 + ASes = { 54 + "2-ffaa:0:b" = { 55 + Nets = [ 56 + "172.16.1.0/24" 57 + ]; 58 + }; 59 + }; 60 + ConfigVersion = 9001; 61 + } 62 + ''; 63 + description = '' 64 + scion-ip-gateway traffic configuration 65 + ''; 66 + }; 67 + }; 68 + config = mkIf cfg.enable { 69 + systemd.services.scion-ip-gateway = { 70 + description = "SCION IP Gateway Service"; 71 + after = [ 72 + "network-online.target" 73 + "scion-dispatcher.service" 74 + ]; 75 + wants = [ 76 + "network-online.target" 77 + "scion-dispatcher.service" 78 + ]; 79 + wantedBy = [ "multi-user.target" ]; 80 + serviceConfig = { 81 + Type = "simple"; 82 + Group = if (config.services.scion.scion-dispatcher.enable == true) then "scion" else null; 83 + ExecStart = "${globalCfg.package}/bin/scion-ip-gateway --config ${configFile}"; 84 + DynamicUser = true; 85 + AmbientCapabilities = [ "CAP_NET_ADMIN" ]; 86 + Restart = "on-failure"; 87 + KillMode = "control-group"; 88 + RemainAfterExit = false; 89 + }; 90 + }; 91 + }; 92 + }

nixos/modules/services/networking/scion/scion.nix

··· 42 42 scion-daemon.enable = true; 43 43 scion-router.enable = true; 44 44 scion-control.enable = true; 45 + scion-ip-gateway.enable = true; 45 46 }; 46 47 assertions = [ 47 48 { assertion = cfg.bypassBootstrapWarning == true;