2015-05-16 22:22:35 +01:00
|
|
|
{ config, lib, pkgs, ... }:
|
|
|
|
|
|
|
|
let
|
2021-03-18 13:17:43 +00:00
|
|
|
inherit (lib) mkEnableOption mkIf mkOption optionalString types;
|
2016-12-09 09:48:54 +00:00
|
|
|
|
2022-02-21 08:21:12 +00:00
|
|
|
cfg = config.services.bird2;
|
|
|
|
in
|
|
|
|
{
|
|
|
|
###### interface
|
|
|
|
options = {
|
|
|
|
services.bird2 = {
|
|
|
|
enable = mkEnableOption "BIRD Internet Routing Daemon";
|
|
|
|
config = mkOption {
|
|
|
|
type = types.lines;
|
|
|
|
description = ''
|
|
|
|
BIRD Internet Routing Daemon configuration file.
|
|
|
|
<link xlink:href='http://bird.network.cz/'/>
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
checkConfig = mkOption {
|
|
|
|
type = types.bool;
|
|
|
|
default = true;
|
|
|
|
description = ''
|
|
|
|
Whether the config should be checked at build time.
|
|
|
|
When the config can't be checked during build time, for example when it includes
|
|
|
|
other files, either disable this option or use <code>preCheckConfig</code> to create
|
|
|
|
the included files before checking.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
preCheckConfig = mkOption {
|
|
|
|
type = types.lines;
|
|
|
|
default = "";
|
|
|
|
example = ''
|
|
|
|
echo "cost 100;" > include.conf
|
|
|
|
'';
|
|
|
|
description = ''
|
|
|
|
Commands to execute before the config file check. The file to be checked will be
|
|
|
|
available as <code>bird2.conf</code> in the current directory.
|
2022-01-25 13:58:26 +00:00
|
|
|
|
2022-02-21 08:21:12 +00:00
|
|
|
Files created with this option will not be available at service runtime, only during
|
|
|
|
build time checking.
|
|
|
|
'';
|
2015-05-16 22:22:35 +01:00
|
|
|
};
|
2022-02-21 08:21:12 +00:00
|
|
|
};
|
|
|
|
};
|
2015-05-16 22:22:35 +01:00
|
|
|
|
2019-05-31 00:19:35 +01:00
|
|
|
|
2022-02-21 08:21:12 +00:00
|
|
|
imports = [
|
|
|
|
(lib.mkRemovedOptionModule [ "services" "bird" ] "Use services.bird2 instead")
|
|
|
|
(lib.mkRemovedOptionModule [ "services" "bird6" ] "Use services.bird2 instead")
|
|
|
|
];
|
2019-05-31 00:19:35 +01:00
|
|
|
|
2022-02-21 08:21:12 +00:00
|
|
|
###### implementation
|
|
|
|
config = mkIf cfg.enable {
|
|
|
|
environment.systemPackages = [ pkgs.bird ];
|
2015-05-16 22:22:35 +01:00
|
|
|
|
2022-02-21 08:21:12 +00:00
|
|
|
environment.etc."bird/bird2.conf".source = pkgs.writeTextFile {
|
|
|
|
name = "bird2";
|
|
|
|
text = cfg.config;
|
|
|
|
checkPhase = optionalString cfg.checkConfig ''
|
|
|
|
ln -s $out bird2.conf
|
|
|
|
${cfg.preCheckConfig}
|
|
|
|
${pkgs.bird}/bin/bird -d -p -c bird2.conf
|
|
|
|
'';
|
|
|
|
};
|
2018-02-11 22:28:00 +00:00
|
|
|
|
2022-02-21 08:21:12 +00:00
|
|
|
systemd.services.bird2 = {
|
|
|
|
description = "BIRD Internet Routing Daemon";
|
|
|
|
wantedBy = [ "multi-user.target" ];
|
|
|
|
reloadIfChanged = true;
|
|
|
|
restartTriggers = [ config.environment.etc."bird/bird2.conf".source ];
|
|
|
|
serviceConfig = {
|
|
|
|
Type = "forking";
|
|
|
|
Restart = "on-failure";
|
|
|
|
ExecStart = "${pkgs.bird}/bin/bird -c /etc/bird/bird2.conf -u bird2 -g bird2";
|
|
|
|
ExecReload = "/bin/sh -c '${pkgs.bird}/bin/bird -c /etc/bird/bird2.conf -p && ${pkgs.bird}/bin/birdc configure'";
|
|
|
|
ExecStop = "${pkgs.bird}/bin/birdc down";
|
|
|
|
CapabilityBoundingSet = [
|
|
|
|
"CAP_CHOWN"
|
|
|
|
"CAP_FOWNER"
|
|
|
|
"CAP_DAC_OVERRIDE"
|
|
|
|
"CAP_SETUID"
|
|
|
|
"CAP_SETGID"
|
|
|
|
# see bird/sysdep/linux/syspriv.h
|
|
|
|
"CAP_NET_BIND_SERVICE"
|
|
|
|
"CAP_NET_BROADCAST"
|
|
|
|
"CAP_NET_ADMIN"
|
|
|
|
"CAP_NET_RAW"
|
|
|
|
];
|
|
|
|
ProtectSystem = "full";
|
|
|
|
ProtectHome = "yes";
|
|
|
|
SystemCallFilter = "~@cpu-emulation @debug @keyring @module @mount @obsolete @raw-io";
|
|
|
|
MemoryDenyWriteExecute = "yes";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
users = {
|
|
|
|
users.bird2 = {
|
|
|
|
description = "BIRD Internet Routing Daemon user";
|
|
|
|
group = "bird2";
|
|
|
|
isSystemUser = true;
|
|
|
|
};
|
|
|
|
groups.bird2 = { };
|
|
|
|
};
|
|
|
|
};
|
2015-05-16 22:22:35 +01:00
|
|
|
}
|