modules/roagen: init

2024-04-13 00:53:30 +02:00 · 2024-04-13 00:53:30 +02:00 · 412149e223
commit 412149e223
parent 27dd107768
3 changed files with 72 additions and 0 deletions
--- a/modules/bird2.nix
+++ b/modules/bird2.nix
@ -49,6 +49,16 @@ in
            expire 7200;
          }
        ''}
+        ${lib.optionalString config.services.dn42-roagen.enable ''
+          protocol static {
+            roa4 { table dnroa4; };
+            include "${config.services.dn42-roagen.outputDir}/dn42-roa4.conf";
+          }
+          protocol static {
+            roa6 { table dnroa6; };
+            include "${config.services.dn42-roagen.outputDir}/dn42-roa6.conf";
+          }
+        ''}

        include "${../resources/community_filter.conf}";
        include "${../resources/filters.conf}";
--- a/modules/default.nix
+++ b/modules/default.nix
@ -7,6 +7,7 @@ in
    ./firewall.nix
    ./bird2.nix
    ./stayrtr.nix
+    ./roagen.nix
  ];

  options.networking.dn42 = {
--- a/modules/roagen.nix
+++ b/modules/roagen.nix
@ -0,0 +1,61 @@
+{ config, lib, pkgs, ... }:
+
+let
+  cfg = config.services.dn42-roagen;
+
+in
+{
+  options.services.dn42-roagen = with lib; {
+    enable = mkEnableOption "dn42-roagen";
+
+    outputDir = mkOption {
+      type = types.path;
+      default = "/var/lib/dn42-roa";
+      description = ''
+        This directory will be created with files:
+        - dn42-roa4.conf
+        - dn42-roa6.conf
+      '';
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    systemd.timers.dn42-roagen = {
+      wantedBy = [ "timers.target" ];
+      timerConfig.OnCalendar = "hourly";
+    };
+
+    systemd.services.dn42-roagen = {
+      after = [ "systemd-tmpfiles-setup.service" ];
+      before = [ "bird2.service" ];
+      wantedBy = [ "bird2.service" ];
+      script = ''
+        set -e
+
+        cd /tmp
+        if [ -e registry ]; then
+          git clone --depth=1 https://git.dn42.dev/dn42/registry.git
+          cd registry
+        else
+          cd registry
+          git pull --depth=1
+        fi
+
+        mkdir -p '${cfg.outputDir}'
+        ${lib.getExe pkgs.dn42-roagen} /tmp/registry '${cfg.outputDir}'
+
+        /run/current-system/sw/bin/systemctl reload bird2
+      '';
+      serviceConfig = {
+        PrivateTmp = true;
+        Type = "oneshot";
+        User = "bird2";
+        Group = "bird2";
+      };
+    };
+
+    systemd.tmpfiles.rules = [
+      "d ${cfg.outputDir} 755 bird2 bird2 -"
+    ];
+  };
+}