Merge pull request #129980 from mweinelt/nixos/kea

+7

nixos/doc/manual/from_md/release-notes/rl-2111.section.xml

··· 49 49 </listitem> 50 50 <listitem> 51 51 <para> 52 + <link xlink:href="https://www.isc.org/kea/">Kea</link>, ISCs 53 + 2nd generation DHCP and DDNS server suite. Available at 54 + <link xlink:href="options.html#opt-services.kea">services.kea</link>. 55 + </para> 56 + </listitem> 57 + <listitem> 58 + <para> 52 59 <link xlink:href="https://sr.ht">sourcehut</link>, a 53 60 collection of tools useful for software development. Available 54 61 as

+2

nixos/doc/manual/release-notes/rl-2111.section.md

··· 15 15 16 16 - [geoipupdate](https://github.com/maxmind/geoipupdate), a GeoIP database updater from MaxMind. Available as [services.geoipupdate](options.html#opt-services.geoipupdate.enable). 17 17 18 + - [Kea](https://www.isc.org/kea/), ISCs 2nd generation DHCP and DDNS server suite. Available at [services.kea](options.html#opt-services.kea). 19 + 18 20 - [sourcehut](https://sr.ht), a collection of tools useful for software development. Available as [services.sourcehut](options.html#opt-services.sourcehut.enable). 19 21 20 22 - [ucarp](https://download.pureftpd.org/pub/ucarp/README), an userspace implementation of the Common Address Redundancy Protocol (CARP). Available as [networking.ucarp](options.html#opt-networking.ucarp.enable).

+1

nixos/modules/module-list.nix

··· 727 727 ./services/networking/iwd.nix 728 728 ./services/networking/jicofo.nix 729 729 ./services/networking/jitsi-videobridge.nix 730 + ./services/networking/kea.nix 730 731 ./services/networking/keepalived/default.nix 731 732 ./services/networking/keybase.nix 732 733 ./services/networking/kippo.nix

+1 -1

nixos/modules/services/monitoring/prometheus/exporters.nix

··· 180 180 serviceConfig.PrivateTmp = mkDefault true; 181 181 serviceConfig.WorkingDirectory = mkDefault /tmp; 182 182 serviceConfig.DynamicUser = mkDefault enableDynamicUser; 183 - serviceConfig.User = conf.user; 183 + serviceConfig.User = mkDefault conf.user; 184 184 serviceConfig.Group = conf.group; 185 185 } serviceOpts ]); 186 186 };

+1

nixos/modules/services/monitoring/prometheus/exporters/kea.nix

··· 26 26 }; 27 27 serviceOpts = { 28 28 serviceConfig = { 29 + User = "kea"; 29 30 ExecStart = '' 30 31 ${pkgs.prometheus-kea-exporter}/bin/kea-exporter \ 31 32 --address ${cfg.listenAddress} \

+361

nixos/modules/services/networking/kea.nix

··· 1 + { config 2 + , lib 3 + , pkgs 4 + , ... 5 + }: 6 + 7 + with lib; 8 + 9 + let 10 + cfg = config.services.kea; 11 + 12 + format = pkgs.formats.json {}; 13 + 14 + ctrlAgentConfig = format.generate "kea-ctrl-agent.conf" { 15 + Control-agent = cfg.ctrl-agent.settings; 16 + }; 17 + dhcp4Config = format.generate "kea-dhcp4.conf" { 18 + Dhcp4 = cfg.dhcp4.settings; 19 + }; 20 + dhcp6Config = format.generate "kea-dhcp6.conf" { 21 + Dhcp6 = cfg.dhcp6.settings; 22 + }; 23 + dhcpDdnsConfig = format.generate "kea-dhcp-ddns.conf" { 24 + DhcpDdns = cfg.dhcp-ddns.settings; 25 + }; 26 + 27 + package = pkgs.kea; 28 + in 29 + { 30 + options.services.kea = with types; { 31 + ctrl-agent = mkOption { 32 + description = '' 33 + Kea Control Agent configuration 34 + ''; 35 + default = {}; 36 + type = submodule { 37 + options = { 38 + enable = mkEnableOption "Kea Control Agent"; 39 + 40 + extraArgs = mkOption { 41 + type = listOf str; 42 + default = []; 43 + description = '' 44 + List of additonal arguments to pass to the daemon. 45 + ''; 46 + }; 47 + 48 + settings = mkOption { 49 + type = format.type; 50 + default = null; 51 + description = '' 52 + Kea Control Agent configuration as an attribute set, see <link xlink:href="https://kea.readthedocs.io/en/kea-${package.version}/arm/agent.html"/>. 53 + ''; 54 + }; 55 + }; 56 + }; 57 + }; 58 + 59 + dhcp4 = mkOption { 60 + description = '' 61 + DHCP4 Server configuration 62 + ''; 63 + default = {}; 64 + type = submodule { 65 + options = { 66 + enable = mkEnableOption "Kea DHCP4 server"; 67 + 68 + extraArgs = mkOption { 69 + type = listOf str; 70 + default = []; 71 + description = '' 72 + List of additonal arguments to pass to the daemon. 73 + ''; 74 + }; 75 + 76 + settings = mkOption { 77 + type = format.type; 78 + default = null; 79 + example = { 80 + valid-lifetime = 4000; 81 + renew-timer = 1000; 82 + rebind-timer = 2000; 83 + interfaces-config = { 84 + interfaces = [ 85 + "eth0" 86 + ]; 87 + }; 88 + lease-database = { 89 + type = "memfile"; 90 + persist = true; 91 + name = "/var/lib/kea/dhcp4.leases"; 92 + }; 93 + subnet4 = [ { 94 + subnet = "192.0.2.0/24"; 95 + pools = [ { 96 + pool = "192.0.2.100 - 192.0.2.240"; 97 + } ]; 98 + } ]; 99 + }; 100 + description = '' 101 + Kea DHCP4 configuration as an attribute set, see <link xlink:href="https://kea.readthedocs.io/en/kea-${package.version}/arm/dhcp4-srv.html"/>. 102 + ''; 103 + }; 104 + }; 105 + }; 106 + }; 107 + 108 + dhcp6 = mkOption { 109 + description = '' 110 + DHCP6 Server configuration 111 + ''; 112 + default = {}; 113 + type = submodule { 114 + options = { 115 + enable = mkEnableOption "Kea DHCP6 server"; 116 + 117 + extraArgs = mkOption { 118 + type = listOf str; 119 + default = []; 120 + description = '' 121 + List of additonal arguments to pass to the daemon. 122 + ''; 123 + }; 124 + 125 + settings = mkOption { 126 + type = format.type; 127 + default = null; 128 + example = { 129 + valid-lifetime = 4000; 130 + renew-timer = 1000; 131 + rebind-timer = 2000; 132 + preferred-lifetime = 3000; 133 + interfaces-config = { 134 + interfaces = [ 135 + "eth0" 136 + ]; 137 + }; 138 + lease-database = { 139 + type = "memfile"; 140 + persist = true; 141 + name = "/var/lib/kea/dhcp6.leases"; 142 + }; 143 + subnet6 = [ { 144 + subnet = "2001:db8:1::/64"; 145 + pools = [ { 146 + pool = "2001:db8:1::1-2001:db8:1::ffff"; 147 + } ]; 148 + } ]; 149 + }; 150 + description = '' 151 + Kea DHCP6 configuration as an attribute set, see <link xlink:href="https://kea.readthedocs.io/en/kea-${package.version}/arm/dhcp6-srv.html"/>. 152 + ''; 153 + }; 154 + }; 155 + }; 156 + }; 157 + 158 + dhcp-ddns = mkOption { 159 + description = '' 160 + Kea DHCP-DDNS configuration 161 + ''; 162 + default = {}; 163 + type = submodule { 164 + options = { 165 + enable = mkEnableOption "Kea DDNS server"; 166 + 167 + extraArgs = mkOption { 168 + type = listOf str; 169 + default = []; 170 + description = '' 171 + List of additonal arguments to pass to the daemon. 172 + ''; 173 + }; 174 + 175 + settings = mkOption { 176 + type = format.type; 177 + default = null; 178 + example = { 179 + ip-address = "127.0.0.1"; 180 + port = 53001; 181 + dns-server-timeout = 100; 182 + ncr-protocol = "UDP"; 183 + ncr-format = "JSON"; 184 + tsig-keys = [ ]; 185 + forward-ddns = { 186 + ddns-domains = [ ]; 187 + }; 188 + reverse-ddns = { 189 + ddns-domains = [ ]; 190 + }; 191 + }; 192 + description = '' 193 + Kea DHCP-DDNS configuration as an attribute set, see <link xlink:href="https://kea.readthedocs.io/en/kea-${package.version}/arm/ddns.html"/>. 194 + ''; 195 + }; 196 + }; 197 + }; 198 + }; 199 + }; 200 + 201 + config = let 202 + commonServiceConfig = { 203 + ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; 204 + DynamicUser = true; 205 + User = "kea"; 206 + ConfigurationDirectory = "kea"; 207 + RuntimeDirectory = "kea"; 208 + StateDirectory = "kea"; 209 + UMask = "0077"; 210 + }; 211 + in mkIf (cfg.ctrl-agent.enable || cfg.dhcp4.enable || cfg.dhcp6.enable || cfg.dhcp-ddns.enable) (mkMerge [ 212 + { 213 + environment.systemPackages = [ package ]; 214 + } 215 + 216 + (mkIf cfg.ctrl-agent.enable { 217 + 218 + environment.etc."kea/ctrl-agent.conf".source = ctrlAgentConfig; 219 + 220 + systemd.services.kea-ctrl-agent = { 221 + description = "Kea Control Agent"; 222 + documentation = [ 223 + "man:kea-ctrl-agent(8)" 224 + "https://kea.readthedocs.io/en/kea-${package.version}/arm/agent.html" 225 + ]; 226 + 227 + after = [ 228 + "network-online.target" 229 + "time-sync.target" 230 + ]; 231 + wantedBy = [ 232 + "kea-dhcp4-server.service" 233 + "kea-dhcp6-server.service" 234 + "kea-dhcp-ddns-server.service" 235 + ]; 236 + 237 + environment = { 238 + KEA_PIDFILE_DIR = "/run/kea"; 239 + }; 240 + 241 + serviceConfig = { 242 + ExecStart = "${package}/bin/kea-ctrl-agent -c /etc/kea/ctrl-agent.conf ${lib.escapeShellArgs cfg.dhcp4.extraArgs}"; 243 + KillMode = "process"; 244 + Restart = "on-failure"; 245 + } // commonServiceConfig; 246 + }; 247 + }) 248 + 249 + (mkIf cfg.dhcp4.enable { 250 + 251 + environment.etc."kea/dhcp4-server.conf".source = dhcp4Config; 252 + 253 + systemd.services.kea-dhcp4-server = { 254 + description = "Kea DHCP4 Server"; 255 + documentation = [ 256 + "man:kea-dhcp4(8)" 257 + "https://kea.readthedocs.io/en/kea-${package.version}/arm/dhcp4-srv.html" 258 + ]; 259 + 260 + after = [ 261 + "network-online.target" 262 + "time-sync.target" 263 + ]; 264 + wantedBy = [ 265 + "multi-user.target" 266 + ]; 267 + 268 + environment = { 269 + KEA_PIDFILE_DIR = "/run/kea"; 270 + }; 271 + 272 + serviceConfig = { 273 + ExecStart = "${package}/bin/kea-dhcp4 -c /etc/kea/dhcp4-server.conf ${lib.escapeShellArgs cfg.dhcp4.extraArgs}"; 274 + # Kea does not request capabilities by itself 275 + AmbientCapabilities = [ 276 + "CAP_NET_BIND_SERVICE" 277 + "CAP_NET_RAW" 278 + ]; 279 + CapabilityBoundingSet = [ 280 + "CAP_NET_BIND_SERVICE" 281 + "CAP_NET_RAW" 282 + ]; 283 + } // commonServiceConfig; 284 + }; 285 + }) 286 + 287 + (mkIf cfg.dhcp6.enable { 288 + 289 + environment.etc."kea/dhcp6-server.conf".source = dhcp6Config; 290 + 291 + systemd.services.kea-dhcp6-server = { 292 + description = "Kea DHCP6 Server"; 293 + documentation = [ 294 + "man:kea-dhcp6(8)" 295 + "https://kea.readthedocs.io/en/kea-${package.version}/arm/dhcp6-srv.html" 296 + ]; 297 + 298 + after = [ 299 + "network-online.target" 300 + "time-sync.target" 301 + ]; 302 + wantedBy = [ 303 + "multi-user.target" 304 + ]; 305 + 306 + environment = { 307 + KEA_PIDFILE_DIR = "/run/kea"; 308 + }; 309 + 310 + serviceConfig = { 311 + ExecStart = "${package}/bin/kea-dhcp6 -c /etc/kea/dhcp6-server.conf ${lib.escapeShellArgs cfg.dhcp6.extraArgs}"; 312 + # Kea does not request capabilities by itself 313 + AmbientCapabilities = [ 314 + "CAP_NET_BIND_SERVICE" 315 + ]; 316 + CapabilityBoundingSet = [ 317 + "CAP_NET_BIND_SERVICE" 318 + ]; 319 + } // commonServiceConfig; 320 + }; 321 + }) 322 + 323 + (mkIf cfg.dhcp-ddns.enable { 324 + 325 + environment.etc."kea/dhcp-ddns.conf".source = dhcpDdnsConfig; 326 + 327 + systemd.services.kea-dhcp-ddns-server = { 328 + description = "Kea DHCP-DDNS Server"; 329 + documentation = [ 330 + "man:kea-dhcp-ddns(8)" 331 + "https://kea.readthedocs.io/en/kea-${package.version}/arm/ddns.html" 332 + ]; 333 + 334 + after = [ 335 + "network-online.target" 336 + "time-sync.target" 337 + ]; 338 + wantedBy = [ 339 + "multi-user.target" 340 + ]; 341 + 342 + environment = { 343 + KEA_PIDFILE_DIR = "/run/kea"; 344 + }; 345 + 346 + serviceConfig = { 347 + ExecStart = "${package}/bin/kea-dhcp-ddns -c /etc/kea/dhcp-ddns.conf ${lib.escapeShellArgs cfg.dhcp-ddns.extraArgs}"; 348 + AmbientCapabilites = [ 349 + "CAP_NET_BIND_SERVICE" 350 + ]; 351 + CapabilityBoundingSet = [ 352 + "CAP_NET_BIND_SERVICE" 353 + ]; 354 + } // commonServiceConfig; 355 + }; 356 + }) 357 + 358 + ]); 359 + 360 + meta.maintainers = with maintainers; [ hexa ]; 361 + }

+1

nixos/tests/all-tests.nix

··· 203 203 k3s = handleTest ./k3s.nix {}; 204 204 kafka = handleTest ./kafka.nix {}; 205 205 kbd-setfont-decompress = handleTest ./kbd-setfont-decompress.nix {}; 206 + kea = handleTest ./kea.nix {}; 206 207 keepalived = handleTest ./keepalived.nix {}; 207 208 keepassxc = handleTest ./keepassxc.nix {}; 208 209 kerberos = handleTest ./kerberos/default.nix {};

+73

nixos/tests/kea.nix

··· 1 + import ./make-test-python.nix ({ pkgs, lib, ...}: { 2 + meta.maintainers = with lib.maintainers; [ hexa ]; 3 + 4 + nodes = { 5 + router = { config, pkgs, ... }: { 6 + virtualisation.vlans = [ 1 ]; 7 + 8 + networking = { 9 + useNetworkd = true; 10 + useDHCP = false; 11 + firewall.allowedUDPPorts = [ 67 ]; 12 + }; 13 + 14 + systemd.network = { 15 + networks = { 16 + "01-eth1" = { 17 + name = "eth1"; 18 + networkConfig = { 19 + Address = "10.0.0.1/30"; 20 + }; 21 + }; 22 + }; 23 + }; 24 + 25 + services.kea.dhcp4 = { 26 + enable = true; 27 + settings = { 28 + valid-lifetime = 3600; 29 + renew-timer = 900; 30 + rebind-timer = 1800; 31 + 32 + lease-database = { 33 + type = "memfile"; 34 + persist = true; 35 + name = "/var/lib/kea/dhcp4.leases"; 36 + }; 37 + 38 + interfaces-config = { 39 + dhcp-socket-type = "raw"; 40 + interfaces = [ 41 + "eth1" 42 + ]; 43 + }; 44 + 45 + subnet4 = [ { 46 + subnet = "10.0.0.0/30"; 47 + pools = [ { 48 + pool = "10.0.0.2 - 10.0.0.2"; 49 + } ]; 50 + } ]; 51 + }; 52 + }; 53 + }; 54 + 55 + client = { config, pkgs, ... }: { 56 + virtualisation.vlans = [ 1 ]; 57 + systemd.services.systemd-networkd.environment.SYSTEMD_LOG_LEVEL = "debug"; 58 + networking = { 59 + useNetworkd = true; 60 + useDHCP = false; 61 + firewall.enable = false; 62 + interfaces.eth1.useDHCP = true; 63 + }; 64 + }; 65 + }; 66 + testScript = { ... }: '' 67 + start_all() 68 + router.wait_for_unit("kea-dhcp4-server.service") 69 + client.wait_for_unit("systemd-networkd-wait-online.service") 70 + client.wait_until_succeeds("ping -c 5 10.0.0.1") 71 + router.wait_until_succeeds("ping -c 5 10.0.0.2") 72 + ''; 73 + })

+17 -30

nixos/tests/prometheus-exporters.nix

··· 326 326 ''; 327 327 }; 328 328 329 - kea = { 329 + kea = let 330 + controlSocketPath = "/run/kea/dhcp6.sock"; 331 + in 332 + { 330 333 exporterConfig = { 331 334 enable = true; 332 335 controlSocketPaths = [ 333 - "/run/kea/kea-dhcp6.sock" 336 + controlSocketPath 334 337 ]; 335 338 }; 336 339 metricProvider = { 337 - users.users.kea = { 338 - isSystemUser = true; 339 - }; 340 - users.groups.kea = {}; 341 - 342 - systemd.services.prometheus-kea-exporter.after = [ "kea-dhcp6.service" ]; 340 + systemd.services.prometheus-kea-exporter.after = [ "kea-dhcp6-server.service" ]; 343 341 344 - systemd.services.kea-dhcp6 = let 345 - configFile = pkgs.writeText "kea-dhcp6.conf" (builtins.toJSON { 346 - Dhcp6 = { 347 - "control-socket" = { 348 - "socket-type" = "unix"; 349 - "socket-name" = "/run/kea/kea-dhcp6.sock"; 342 + services.kea = { 343 + enable = true; 344 + dhcp6 = { 345 + enable = true; 346 + settings = { 347 + control-socket = { 348 + socket-type = "unix"; 349 + socket-name = controlSocketPath; 350 350 }; 351 351 }; 352 - }); 353 - in 354 - { 355 - after = [ "network.target" ]; 356 - wantedBy = [ "multi-user.target" ]; 357 - 358 - serviceConfig = { 359 - DynamicUser = false; 360 - User = "kea"; 361 - Group = "kea"; 362 - ExecStart = "${pkgs.kea}/bin/kea-dhcp6 -c ${configFile}"; 363 - StateDirectory = "kea"; 364 - RuntimeDirectory = "kea"; 365 - UMask = "0007"; 366 352 }; 367 353 }; 368 354 }; 355 + 369 356 exporterTest = '' 370 - wait_for_unit("kea-dhcp6.service") 371 - wait_for_file("/run/kea/kea-dhcp6.sock") 357 + wait_for_unit("kea-dhcp6-server.service") 358 + wait_for_file("${controlSocketPath}") 372 359 wait_for_unit("prometheus-kea-exporter.service") 373 360 wait_for_open_port(9547) 374 361 succeed(

+9 -3

pkgs/tools/networking/kea/default.nix

··· 8 8 , libmysqlclient 9 9 , log4cplus 10 10 , postgresql 11 - , python3 }: 11 + , python3 12 + , nixosTests 13 + }: 12 14 13 15 stdenv.mkDerivation rec { 14 16 pname = "kea"; ··· 48 50 49 51 enableParallelBuilding = true; 50 52 53 + passthru.tests = { 54 + inherit (nixosTests) kea; 55 + }; 56 + 51 57 meta = with lib; { 52 58 homepage = "https://kea.isc.org/"; 53 59 description = "High-performance, extensible DHCP server by ISC"; 54 60 longDescription = '' 55 - KEA is a new open source DHCPv4/DHCPv6 server being developed by 61 + Kea is a new open source DHCPv4/DHCPv6 server being developed by 56 62 Internet Systems Consortium. The objective of this project is to 57 63 provide a very high-performance, extensible DHCP server engine for 58 64 use by enterprises and service providers, either as is or with ··· 60 66 ''; 61 67 license = licenses.mpl20; 62 68 platforms = platforms.unix; 63 - maintainers = with maintainers; [ fpletz ]; 69 + maintainers = with maintainers; [ fpletz hexa ]; 64 70 }; 65 71 }