64 lines
1.8 KiB
Nix
64 lines
1.8 KiB
Nix
# Portions of this file are sourced from
|
|
# https://github.com/NickCao/flakes/blob/3b03efb676ea602575c916b2b8bc9d9cd13b0d85/modules/gravity/default.nix
|
|
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
mylib,
|
|
...
|
|
}:
|
|
with lib;
|
|
let
|
|
inherit (mylib.network) cidr;
|
|
cfg = config.services.enthalpy;
|
|
internalPrefix = filter (p: cidr.child p cfg.prefix) cfg.exit.prefix;
|
|
externalPrefix = subtractLists internalPrefix cfg.exit.prefix;
|
|
in
|
|
{
|
|
options.services.enthalpy.exit = {
|
|
enable = mkEnableOption "netns route leaking";
|
|
prefix = mkOption {
|
|
type = types.listOf types.str;
|
|
default = [ ];
|
|
description = ''
|
|
Prefixes to be announced from the default netns to the enthalpy network.
|
|
'';
|
|
};
|
|
};
|
|
|
|
config = mkIf (cfg.enable && cfg.exit.enable) {
|
|
services.enthalpy.bird.config = ''
|
|
protocol static {
|
|
ipv6 sadr;
|
|
${
|
|
concatMapStringsSep "\n" (p: ''
|
|
route ${p} from ${cfg.network} via fe80::ff:fe00:1 dev "enthalpy";
|
|
'') externalPrefix
|
|
}
|
|
}
|
|
'';
|
|
|
|
systemd.services.enthalpy-exit =
|
|
let
|
|
routes = map (p: "${p} via fe80::ff:fe00:1 dev enthalpy") internalPrefix;
|
|
in
|
|
mkIf (routes != [ ]) {
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
RemainAfterExit = true;
|
|
ExecStart = builtins.map (route: "${pkgs.iproute2}/bin/ip -n ${cfg.netns} -6 r a ${route}") routes;
|
|
ExecStop = builtins.map (route: "${pkgs.iproute2}/bin/ip -n ${cfg.netns} -6 r d ${route}") routes;
|
|
};
|
|
partOf = [ "enthalpy.service" ];
|
|
after = [
|
|
"enthalpy.service"
|
|
"network-online.target"
|
|
];
|
|
requires = [ "enthalpy.service" ];
|
|
requiredBy = [ "enthalpy.service" ];
|
|
wants = [ "network-online.target" ];
|
|
wantedBy = [ "multi-user.target" ];
|
|
};
|
|
};
|
|
}
|