diff options
author | Alyssa Ross <hi@alyssa.is> | 2022-05-31 09:59:33 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2022-05-31 09:59:57 +0000 |
commit | 9ff36293d1e428cd7bf03e8d4b03611b6d361c28 (patch) | |
tree | 1ab51a42b868c55b83f6ccdb80371b9888739dd9 /nixos/modules/services/networking/bird.nix | |
parent | 1c4fcd0d4b0541e674ee56ace1053e23e562cc80 (diff) | |
parent | ddc3c396a51918043bb0faa6f676abd9562be62c (diff) | |
download | nixpkgs-archive.tar nixpkgs-archive.tar.gz nixpkgs-archive.tar.bz2 nixpkgs-archive.tar.lz nixpkgs-archive.tar.xz nixpkgs-archive.tar.zst nixpkgs-archive.zip |
Last good Nixpkgs for Weston+nouveau? archive
I came this commit hash to terwiz[m] on IRC, who is trying to figure out what the last version of Spectrum that worked on their NUC with Nvidia graphics is.
Diffstat (limited to 'nixos/modules/services/networking/bird.nix')
-rw-r--r-- | nixos/modules/services/networking/bird.nix | 103 |
1 files changed, 103 insertions, 0 deletions
diff --git a/nixos/modules/services/networking/bird.nix b/nixos/modules/services/networking/bird.nix new file mode 100644 index 00000000000..3049c4f2bce --- /dev/null +++ b/nixos/modules/services/networking/bird.nix @@ -0,0 +1,103 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkEnableOption mkIf mkOption optionalString types; + + cfg = config.services.bird2; + caps = [ "CAP_NET_ADMIN" "CAP_NET_BIND_SERVICE" "CAP_NET_RAW" ]; +in +{ + ###### interface + options = { + services.bird2 = { + enable = mkEnableOption "BIRD Internet Routing Daemon"; + config = mkOption { + type = types.lines; + description = '' + BIRD Internet Routing Daemon configuration file. + <link xlink:href='http://bird.network.cz/'/> + ''; + }; + checkConfig = mkOption { + type = types.bool; + default = true; + description = '' + Whether the config should be checked at build time. + When the config can't be checked during build time, for example when it includes + other files, either disable this option or use <code>preCheckConfig</code> to create + the included files before checking. + ''; + }; + preCheckConfig = mkOption { + type = types.lines; + default = ""; + example = '' + echo "cost 100;" > include.conf + ''; + description = '' + Commands to execute before the config file check. The file to be checked will be + available as <code>bird2.conf</code> in the current directory. + + Files created with this option will not be available at service runtime, only during + build time checking. + ''; + }; + }; + }; + + + imports = [ + (lib.mkRemovedOptionModule [ "services" "bird" ] "Use services.bird2 instead") + (lib.mkRemovedOptionModule [ "services" "bird6" ] "Use services.bird2 instead") + ]; + + ###### implementation + config = mkIf cfg.enable { + environment.systemPackages = [ pkgs.bird ]; + + environment.etc."bird/bird2.conf".source = pkgs.writeTextFile { + name = "bird2"; + text = cfg.config; + checkPhase = optionalString cfg.checkConfig '' + ln -s $out bird2.conf + ${cfg.preCheckConfig} + ${pkgs.bird}/bin/bird -d -p -c bird2.conf + ''; + }; + + systemd.services.bird2 = { + description = "BIRD Internet Routing Daemon"; + wantedBy = [ "multi-user.target" ]; + reloadIfChanged = true; + restartTriggers = [ config.environment.etc."bird/bird2.conf".source ]; + serviceConfig = { + Type = "forking"; + Restart = "on-failure"; + User = "bird2"; + Group = "bird2"; + ExecStart = "${pkgs.bird}/bin/bird -c /etc/bird/bird2.conf"; + ExecReload = "${pkgs.bird}/bin/birdc configure"; + ExecStop = "${pkgs.bird}/bin/birdc down"; + RuntimeDirectory = "bird"; + CapabilityBoundingSet = caps; + AmbientCapabilities = caps; + ProtectSystem = "full"; + ProtectHome = "yes"; + ProtectKernelTunables = true; + ProtectControlGroups = true; + PrivateTmp = true; + PrivateDevices = true; + SystemCallFilter = "~@cpu-emulation @debug @keyring @module @mount @obsolete @raw-io"; + MemoryDenyWriteExecute = "yes"; + }; + }; + users = { + users.bird2 = { + description = "BIRD Internet Routing Daemon user"; + group = "bird2"; + isSystemUser = true; + }; + groups.bird2 = { }; + }; + }; +} |