nixos/modules/services/networking/corerad.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / networking / corerad.nix
at 25.11-pre 2.3 kB view raw
 1{
 2  config,
 3  lib,
 4  pkgs,
 5  ...
 6}:
 7let
 8  cfg = config.services.corerad;
 9  settingsFormat = pkgs.formats.toml { };
10
11in
12{
13  meta.maintainers = with lib.maintainers; [ mdlayher ];
14
15  options.services.corerad = {
16    enable = lib.mkEnableOption "CoreRAD IPv6 NDP RA daemon";
17
18    settings = lib.mkOption {
19      type = settingsFormat.type;
20      example = lib.literalExpression ''
21        {
22          interfaces = [
23            # eth0 is an upstream interface monitoring for IPv6 router advertisements.
24            {
25              name = "eth0";
26              monitor = true;
27            }
28            # eth1 is a downstream interface advertising IPv6 prefixes for SLAAC.
29            {
30              name = "eth1";
31              advertise = true;
32              prefix = [{ prefix = "::/64"; }];
33            }
34          ];
35          # Optionally enable Prometheus metrics.
36          debug = {
37            address = "localhost:9430";
38            prometheus = true;
39          };
40        }
41      '';
42      description = ''
43        Configuration for CoreRAD, see <https://github.com/mdlayher/corerad/blob/main/internal/config/reference.toml>
44        for supported values. Ignored if configFile is set.
45      '';
46    };
47
48    configFile = lib.mkOption {
49      type = lib.types.path;
50      example = lib.literalExpression ''"''${pkgs.corerad}/etc/corerad/corerad.toml"'';
51      description = "Path to CoreRAD TOML configuration file.";
52    };
53
54    package = lib.mkPackageOption pkgs "corerad" { };
55  };
56
57  config = lib.mkIf cfg.enable {
58    # Prefer the config file over settings if both are set.
59    services.corerad.configFile = lib.mkDefault (settingsFormat.generate "corerad.toml" cfg.settings);
60
61    systemd.services.corerad = {
62      description = "CoreRAD IPv6 NDP RA daemon";
63      after = [ "network.target" ];
64      wantedBy = [ "multi-user.target" ];
65      serviceConfig = {
66        LimitNPROC = 512;
67        LimitNOFILE = 1048576;
68        CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_RAW";
69        AmbientCapabilities = "CAP_NET_ADMIN CAP_NET_RAW";
70        NoNewPrivileges = true;
71        DynamicUser = true;
72        Type = "notify";
73        NotifyAccess = "main";
74        ExecStart = "${lib.getBin cfg.package}/bin/corerad -c=${cfg.configFile}";
75        Restart = "on-failure";
76        RestartKillSignal = "SIGHUP";
77      };
78    };
79  };
80}