pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / virtualisation / openvswitch.nix
at 24.11-pre 4.1 kB view raw
1# Systemd services for openvswitch 2 3{ config, lib, pkgs, ... }: 4 5with lib; 6 7let 8 cfg = config.virtualisation.vswitch; 9 10in { 11 12 options.virtualisation.vswitch = { 13 enable = mkOption { 14 type = types.bool; 15 default = false; 16 description = '' 17 Whether to enable Open vSwitch. A configuration daemon (ovs-server) 18 will be started. 19 ''; 20 }; 21 22 resetOnStart = mkOption { 23 type = types.bool; 24 default = false; 25 description = '' 26 Whether to reset the Open vSwitch configuration database to a default 27 configuration on every start of the systemd `ovsdb.service`. 28 ''; 29 }; 30 31 package = mkPackageOption pkgs "openvswitch" { }; 32 }; 33 34 config = mkIf cfg.enable (let 35 36 # Where the communication sockets live 37 runDir = "/run/openvswitch"; 38 39 # The path to the an initialized version of the database 40 db = pkgs.stdenv.mkDerivation { 41 name = "vswitch.db"; 42 dontUnpack = true; 43 buildPhase = "true"; 44 buildInputs = with pkgs; [ 45 cfg.package 46 ]; 47 installPhase = "mkdir -p $out"; 48 }; 49 50 in { 51 environment.systemPackages = [ cfg.package ]; 52 boot.kernelModules = [ "tun" "openvswitch" ]; 53 54 boot.extraModulePackages = [ cfg.package ]; 55 56 systemd.services.ovsdb = { 57 description = "Open_vSwitch Database Server"; 58 wantedBy = [ "multi-user.target" ]; 59 after = [ "systemd-udev-settle.service" ]; 60 path = [ cfg.package ]; 61 restartTriggers = [ db cfg.package ]; 62 # Create the config database 63 preStart = 64 '' 65 mkdir -p ${runDir} 66 mkdir -p /var/db/openvswitch 67 chmod +w /var/db/openvswitch 68 ${optionalString cfg.resetOnStart "rm -f /var/db/openvswitch/conf.db"} 69 if [[ ! -e /var/db/openvswitch/conf.db ]]; then 70 ${cfg.package}/bin/ovsdb-tool create \ 71 "/var/db/openvswitch/conf.db" \ 72 "${cfg.package}/share/openvswitch/vswitch.ovsschema" 73 fi 74 chmod -R +w /var/db/openvswitch 75 if ${cfg.package}/bin/ovsdb-tool needs-conversion /var/db/openvswitch/conf.db | grep -q "yes" 76 then 77 echo "Performing database upgrade" 78 ${cfg.package}/bin/ovsdb-tool convert /var/db/openvswitch/conf.db 79 else 80 echo "Database already up to date" 81 fi 82 ''; 83 serviceConfig = { 84 ExecStart = 85 '' 86 ${cfg.package}/bin/ovsdb-server \ 87 --remote=punix:${runDir}/db.sock \ 88 --private-key=db:Open_vSwitch,SSL,private_key \ 89 --certificate=db:Open_vSwitch,SSL,certificate \ 90 --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert \ 91 --unixctl=ovsdb.ctl.sock \ 92 --pidfile=/run/openvswitch/ovsdb.pid \ 93 --detach \ 94 /var/db/openvswitch/conf.db 95 ''; 96 Restart = "always"; 97 RestartSec = 3; 98 PIDFile = "/run/openvswitch/ovsdb.pid"; 99 # Use service type 'forking' to correctly determine when ovsdb-server is ready. 100 Type = "forking"; 101 }; 102 postStart = '' 103 ${cfg.package}/bin/ovs-vsctl --timeout 3 --retry --no-wait init 104 ''; 105 }; 106 107 systemd.services.ovs-vswitchd = { 108 description = "Open_vSwitch Daemon"; 109 wantedBy = [ "multi-user.target" ]; 110 bindsTo = [ "ovsdb.service" ]; 111 after = [ "ovsdb.service" ]; 112 path = [ cfg.package ]; 113 serviceConfig = { 114 ExecStart = '' 115 ${cfg.package}/bin/ovs-vswitchd \ 116 --pidfile=/run/openvswitch/ovs-vswitchd.pid \ 117 --detach 118 ''; 119 PIDFile = "/run/openvswitch/ovs-vswitchd.pid"; 120 # Use service type 'forking' to correctly determine when vswitchd is ready. 121 Type = "forking"; 122 Restart = "always"; 123 RestartSec = 3; 124 }; 125 }; 126 127 }); 128 129 imports = [ 130 (mkRemovedOptionModule [ "virtualisation" "vswitch" "ipsec" ] '' 131 OpenVSwitch IPSec functionality has been removed, because it depended on racoon, 132 which was removed from nixpkgs, because it was abanoded upstream. 133 '') 134 ]; 135 136 meta.maintainers = with maintainers; [ netixx ]; 137 138}