nixos/modules/services/networking/corerad.nix at 23.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / networking / corerad.nix
at 23.11-pre 2.5 kB view raw
 1{ config, lib, pkgs, ... }:
 2
 3with lib;
 4
 5let
 6  cfg = config.services.corerad;
 7  settingsFormat = pkgs.formats.toml {};
 8
 9in {
10  meta.maintainers = with maintainers; [ mdlayher ];
11
12  options.services.corerad = {
13    enable = mkEnableOption (lib.mdDoc "CoreRAD IPv6 NDP RA daemon");
14
15    settings = mkOption {
16      type = settingsFormat.type;
17      example = literalExpression ''
18        {
19          interfaces = [
20            # eth0 is an upstream interface monitoring for IPv6 router advertisements.
21            {
22              name = "eth0";
23              monitor = true;
24            }
25            # eth1 is a downstream interface advertising IPv6 prefixes for SLAAC.
26            {
27              name = "eth1";
28              advertise = true;
29              prefix = [{ prefix = "::/64"; }];
30            }
31          ];
32          # Optionally enable Prometheus metrics.
33          debug = {
34            address = "localhost:9430";
35            prometheus = true;
36          };
37        }
38      '';
39      description = lib.mdDoc ''
40        Configuration for CoreRAD, see <https://github.com/mdlayher/corerad/blob/main/internal/config/reference.toml>
41        for supported values. Ignored if configFile is set.
42      '';
43    };
44
45    configFile = mkOption {
46      type = types.path;
47      example = literalExpression ''"''${pkgs.corerad}/etc/corerad/corerad.toml"'';
48      description = lib.mdDoc "Path to CoreRAD TOML configuration file.";
49    };
50
51    package = mkOption {
52      default = pkgs.corerad;
53      defaultText = literalExpression "pkgs.corerad";
54      type = types.package;
55      description = lib.mdDoc "CoreRAD package to use.";
56    };
57  };
58
59  config = mkIf cfg.enable {
60    # Prefer the config file over settings if both are set.
61    services.corerad.configFile = mkDefault (settingsFormat.generate "corerad.toml" cfg.settings);
62
63    systemd.services.corerad = {
64      description = "CoreRAD IPv6 NDP RA daemon";
65      after = [ "network.target" ];
66      wantedBy = [ "multi-user.target" ];
67      serviceConfig = {
68        LimitNPROC = 512;
69        LimitNOFILE = 1048576;
70        CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_RAW";
71        AmbientCapabilities = "CAP_NET_ADMIN CAP_NET_RAW";
72        NoNewPrivileges = true;
73        DynamicUser = true;
74        Type = "notify";
75        NotifyAccess = "main";
76        ExecStart = "${getBin cfg.package}/bin/corerad -c=${cfg.configFile}";
77        Restart = "on-failure";
78        RestartKillSignal = "SIGHUP";
79      };
80    };
81  };
82}