pyrox.dev
1{ config, lib, pkgs, ... }:
2
3with lib;
4
5let
6 cfg = config.services.corerad;
7 settingsFormat = pkgs.formats.toml {};
8
9in {
10 meta.maintainers = with maintainers; [ mdlayher ];
11
12 options.services.corerad = {
13 enable = mkEnableOption "CoreRAD IPv6 NDP RA daemon";
14
15 settings = mkOption {
16 type = settingsFormat.type;
17 example = literalExpression ''
18 {
19 interfaces = [
20 # eth0 is an upstream interface monitoring for IPv6 router advertisements.
21 {
22 name = "eth0";
23 monitor = true;
24 }
25 # eth1 is a downstream interface advertising IPv6 prefixes for SLAAC.
26 {
27 name = "eth1";
28 advertise = true;
29 prefix = [{ prefix = "::/64"; }];
30 }
31 ];
32 # Optionally enable Prometheus metrics.
33 debug = {
34 address = "localhost:9430";
35 prometheus = true;
36 };
37 }
38 '';
39 description = ''
40 Configuration for CoreRAD, see <https://github.com/mdlayher/corerad/blob/main/internal/config/reference.toml>
41 for supported values. Ignored if configFile is set.
42 '';
43 };
44
45 configFile = mkOption {
46 type = types.path;
47 example = literalExpression ''"''${pkgs.corerad}/etc/corerad/corerad.toml"'';
48 description = "Path to CoreRAD TOML configuration file.";
49 };
50
51 package = mkPackageOption pkgs "corerad" { };
52 };
53
54 config = mkIf cfg.enable {
55 # Prefer the config file over settings if both are set.
56 services.corerad.configFile = mkDefault (settingsFormat.generate "corerad.toml" cfg.settings);
57
58 systemd.services.corerad = {
59 description = "CoreRAD IPv6 NDP RA daemon";
60 after = [ "network.target" ];
61 wantedBy = [ "multi-user.target" ];
62 serviceConfig = {
63 LimitNPROC = 512;
64 LimitNOFILE = 1048576;
65 CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_RAW";
66 AmbientCapabilities = "CAP_NET_ADMIN CAP_NET_RAW";
67 NoNewPrivileges = true;
68 DynamicUser = true;
69 Type = "notify";
70 NotifyAccess = "main";
71 ExecStart = "${getBin cfg.package}/bin/corerad -c=${cfg.configFile}";
72 Restart = "on-failure";
73 RestartKillSignal = "SIGHUP";
74 };
75 };
76 };
77}