gador/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
16102dce2fbad670bd47dd75c860a8daa5fe47ad
nixpkgs/nixos/modules/services/networking/bird.nix
pennae 16102dce2f nixos/*: replace <code> in option docs with <literal> 
markdown can't represent the difference without another extension and
both the html manual and the manpage render them the same, so keeping the
distinction is not very useful on its own. with the distinction removed
we can automatically convert many options that use <code> tags to markdown.

the manpage remains unchanged, html manual does not render
differently (but class names on code tags do change from "code" to "literal").
2022-08-03 21:03:23 +02:00

103 lines
3.1 KiB
Nix
Raw Blame History

{ config, lib, pkgs, ... }:
let
inherit (lib) mkEnableOption mkIf mkOption optionalString types;
cfg = config.services.bird2;
caps = [ "CAP_NET_ADMIN" "CAP_NET_BIND_SERVICE" "CAP_NET_RAW" ];
in
{
###### interface
options = {
services.bird2 = {
enable = mkEnableOption "BIRD Internet Routing Daemon";
config = mkOption {
type = types.lines;
description = ''
BIRD Internet Routing Daemon configuration file.
<link xlink:href='http://bird.network.cz/'/>
'';
};
checkConfig = mkOption {
type = types.bool;
default = true;
description = ''
Whether the config should be checked at build time.
When the config can't be checked during build time, for example when it includes
other files, either disable this option or use <literal>preCheckConfig</literal> to create
the included files before checking.
'';
};
preCheckConfig = mkOption {
type = types.lines;
default = "";
example = ''
echo "cost 100;" > include.conf
'';
description = ''
Commands to execute before the config file check. The file to be checked will be
available as <literal>bird2.conf</literal> in the current directory.
Files created with this option will not be available at service runtime, only during
build time checking.
'';
};
};
};
imports = [
(lib.mkRemovedOptionModule [ "services" "bird" ] "Use services.bird2 instead")
(lib.mkRemovedOptionModule [ "services" "bird6" ] "Use services.bird2 instead")
];
###### implementation
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.bird ];
environment.etc."bird/bird2.conf".source = pkgs.writeTextFile {
name = "bird2";
text = cfg.config;
checkPhase = optionalString cfg.checkConfig ''
ln -s $out bird2.conf
${cfg.preCheckConfig}
${pkgs.bird}/bin/bird -d -p -c bird2.conf
'';
};
systemd.services.bird2 = {
description = "BIRD Internet Routing Daemon";
wantedBy = [ "multi-user.target" ];
reloadTriggers = [ config.environment.etc."bird/bird2.conf".source ];
serviceConfig = {
Type = "forking";
Restart = "on-failure";
User = "bird2";
Group = "bird2";
ExecStart = "${pkgs.bird}/bin/bird -c /etc/bird/bird2.conf";
ExecReload = "${pkgs.bird}/bin/birdc configure";
ExecStop = "${pkgs.bird}/bin/birdc down";
RuntimeDirectory = "bird";
CapabilityBoundingSet = caps;
AmbientCapabilities = caps;
ProtectSystem = "full";
ProtectHome = "yes";
ProtectKernelTunables = true;
ProtectControlGroups = true;
PrivateTmp = true;
PrivateDevices = true;
SystemCallFilter = "~@cpu-emulation @debug @keyring @module @mount @obsolete @raw-io";
MemoryDenyWriteExecute = "yes";
};
};
users = {
users.bird2 = {
description = "BIRD Internet Routing Daemon user";
group = "bird2";
isSystemUser = true;
};
groups.bird2 = { };
};
};
}
Reference in New Issue View Git Blame Copy Permalink