nixos/modules/services/networking/scion/scion-ip-gateway.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / networking / scion / scion-ip-gateway.nix
at 25.11-pre 2.3 kB view raw
 1{
 2  config,
 3  lib,
 4  pkgs,
 5  ...
 6}:
 7
 8with lib;
 9
10let
11  globalCfg = config.services.scion;
12  cfg = config.services.scion.scion-ip-gateway;
13  toml = pkgs.formats.toml { };
14  json = pkgs.formats.json { };
15  connectionDir = if globalCfg.stateless then "/run" else "/var/lib";
16  defaultConfig = {
17    tunnel = { };
18    gateway = {
19      traffic_policy_file = "${trafficConfigFile}";
20    };
21  };
22  defaultTrafficConfig = {
23    ASes = { };
24    ConfigVersion = 9001;
25  };
26  configFile = toml.generate "scion-ip-gateway.toml" (recursiveUpdate defaultConfig cfg.config);
27  trafficConfigFile = json.generate "scion-ip-gateway-traffic.json" (
28    recursiveUpdate defaultTrafficConfig cfg.trafficConfig
29  );
30in
31{
32  options.services.scion.scion-ip-gateway = {
33    enable = mkEnableOption "the scion-ip-gateway service";
34    config = mkOption {
35      default = { };
36      type = toml.type;
37      example = literalExpression ''
38        {
39          tunnel = {
40            src_ipv4 = "172.16.100.1";
41          };
42        }
43      '';
44      description = ''
45        scion-ip-gateway daemon configuration
46      '';
47    };
48    trafficConfig = mkOption {
49      default = { };
50      type = json.type;
51      example = literalExpression ''
52        {
53          ASes = {
54            "2-ffaa:0:b" = {
55              Nets = [
56                  "172.16.1.0/24"
57              ];
58            };
59          };
60          ConfigVersion = 9001;
61        }
62      '';
63      description = ''
64        scion-ip-gateway traffic configuration
65      '';
66    };
67  };
68  config = mkIf cfg.enable {
69    systemd.services.scion-ip-gateway = {
70      description = "SCION IP Gateway Service";
71      after = [
72        "network-online.target"
73        "scion-dispatcher.service"
74      ];
75      wants = [
76        "network-online.target"
77        "scion-dispatcher.service"
78      ];
79      wantedBy = [ "multi-user.target" ];
80      serviceConfig = {
81        Type = "simple";
82        Group = if (config.services.scion.scion-dispatcher.enable == true) then "scion" else null;
83        ExecStart = "${globalCfg.package}/bin/scion-ip-gateway --config ${configFile}";
84        DynamicUser = true;
85        AmbientCapabilities = [ "CAP_NET_ADMIN" ];
86        Restart = "on-failure";
87        KillMode = "control-group";
88        RemainAfterExit = false;
89      };
90    };
91  };
92}