2015-05-16 22:22:35 +01:00
|
|
|
{ config, lib, pkgs, ... }:
|
|
|
|
|
|
|
|
let
|
2016-12-09 09:48:54 +00:00
|
|
|
inherit (lib) mkEnableOption mkIf mkOption types;
|
|
|
|
|
|
|
|
generic = variant:
|
|
|
|
let
|
|
|
|
cfg = config.services.${variant};
|
|
|
|
pkg = pkgs.${variant};
|
2018-02-11 22:28:00 +00:00
|
|
|
birdBin = if variant == "bird6" then "bird6" else "bird";
|
2016-12-09 09:48:54 +00:00
|
|
|
birdc = if variant == "bird6" then "birdc6" else "birdc";
|
2018-02-11 22:28:00 +00:00
|
|
|
descr =
|
|
|
|
{ bird = "1.9.x with IPv4 suport";
|
|
|
|
bird6 = "1.9.x with IPv6 suport";
|
|
|
|
bird2 = "2.x";
|
|
|
|
}.${variant};
|
2016-12-09 09:48:54 +00:00
|
|
|
in {
|
|
|
|
###### interface
|
|
|
|
options = {
|
|
|
|
services.${variant} = {
|
2018-02-11 22:28:00 +00:00
|
|
|
enable = mkEnableOption "BIRD Internet Routing Daemon (${descr})";
|
2016-12-09 09:48:54 +00:00
|
|
|
config = mkOption {
|
|
|
|
type = types.lines;
|
|
|
|
description = ''
|
|
|
|
BIRD Internet Routing Daemon configuration file.
|
|
|
|
<link xlink:href='http://bird.network.cz/'/>
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
2015-05-16 22:22:35 +01:00
|
|
|
};
|
|
|
|
|
2016-12-09 09:48:54 +00:00
|
|
|
###### implementation
|
|
|
|
config = mkIf cfg.enable {
|
2016-12-28 05:35:31 +00:00
|
|
|
environment.systemPackages = [ pkg ];
|
2019-05-31 00:19:35 +01:00
|
|
|
|
|
|
|
environment.etc."bird/${variant}.conf".source = pkgs.writeTextFile {
|
|
|
|
name = "${variant}.conf";
|
|
|
|
text = cfg.config;
|
|
|
|
checkPhase = ''
|
|
|
|
${pkg}/bin/${birdBin} -d -p -c $out
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2016-12-09 09:48:54 +00:00
|
|
|
systemd.services.${variant} = {
|
2018-02-11 22:28:00 +00:00
|
|
|
description = "BIRD Internet Routing Daemon (${descr})";
|
2016-12-09 09:48:54 +00:00
|
|
|
wantedBy = [ "multi-user.target" ];
|
2018-09-02 05:51:32 +01:00
|
|
|
reloadIfChanged = true;
|
2019-05-31 00:19:35 +01:00
|
|
|
restartTriggers = [ config.environment.etc."bird/${variant}.conf".source ];
|
2016-12-09 09:48:54 +00:00
|
|
|
serviceConfig = {
|
|
|
|
Type = "forking";
|
|
|
|
Restart = "on-failure";
|
2019-05-31 00:19:35 +01:00
|
|
|
ExecStart = "${pkg}/bin/${birdBin} -c /etc/bird/${variant}.conf -u ${variant} -g ${variant}";
|
2016-12-09 09:48:54 +00:00
|
|
|
ExecReload = "${pkg}/bin/${birdc} configure";
|
|
|
|
ExecStop = "${pkg}/bin/${birdc} down";
|
|
|
|
CapabilityBoundingSet = [ "CAP_CHOWN" "CAP_FOWNER" "CAP_DAC_OVERRIDE" "CAP_SETUID" "CAP_SETGID"
|
|
|
|
# see bird/sysdep/linux/syspriv.h
|
|
|
|
"CAP_NET_BIND_SERVICE" "CAP_NET_BROADCAST" "CAP_NET_ADMIN" "CAP_NET_RAW" ];
|
|
|
|
ProtectSystem = "full";
|
|
|
|
ProtectHome = "yes";
|
|
|
|
SystemCallFilter="~@cpu-emulation @debug @keyring @module @mount @obsolete @raw-io";
|
|
|
|
MemoryDenyWriteExecute = "yes";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
users = {
|
2018-06-30 00:58:35 +01:00
|
|
|
users.${variant} = {
|
2016-12-09 09:48:54 +00:00
|
|
|
description = "BIRD Internet Routing Daemon user";
|
2018-02-11 22:28:00 +00:00
|
|
|
group = variant;
|
2016-12-09 09:48:54 +00:00
|
|
|
};
|
2018-06-30 00:58:35 +01:00
|
|
|
groups.${variant} = {};
|
2016-12-09 09:48:54 +00:00
|
|
|
};
|
2015-05-16 22:22:35 +01:00
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2018-02-11 22:28:00 +00:00
|
|
|
in
|
|
|
|
|
|
|
|
{
|
|
|
|
imports = map generic [ "bird" "bird6" "bird2" ];
|
2015-05-16 22:22:35 +01:00
|
|
|
}
|