modules/roagen: init
This commit is contained in:
parent
27dd107768
commit
412149e223
|
@ -49,6 +49,16 @@ in
|
|||
expire 7200;
|
||||
}
|
||||
''}
|
||||
${lib.optionalString config.services.dn42-roagen.enable ''
|
||||
protocol static {
|
||||
roa4 { table dnroa4; };
|
||||
include "${config.services.dn42-roagen.outputDir}/dn42-roa4.conf";
|
||||
}
|
||||
protocol static {
|
||||
roa6 { table dnroa6; };
|
||||
include "${config.services.dn42-roagen.outputDir}/dn42-roa6.conf";
|
||||
}
|
||||
''}
|
||||
|
||||
include "${../resources/community_filter.conf}";
|
||||
include "${../resources/filters.conf}";
|
||||
|
|
|
@ -7,6 +7,7 @@ in
|
|||
./firewall.nix
|
||||
./bird2.nix
|
||||
./stayrtr.nix
|
||||
./roagen.nix
|
||||
];
|
||||
|
||||
options.networking.dn42 = {
|
||||
|
|
61
modules/roagen.nix
Normal file
61
modules/roagen.nix
Normal file
|
@ -0,0 +1,61 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
cfg = config.services.dn42-roagen;
|
||||
|
||||
in
|
||||
{
|
||||
options.services.dn42-roagen = with lib; {
|
||||
enable = mkEnableOption "dn42-roagen";
|
||||
|
||||
outputDir = mkOption {
|
||||
type = types.path;
|
||||
default = "/var/lib/dn42-roa";
|
||||
description = ''
|
||||
This directory will be created with files:
|
||||
- dn42-roa4.conf
|
||||
- dn42-roa6.conf
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
systemd.timers.dn42-roagen = {
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig.OnCalendar = "hourly";
|
||||
};
|
||||
|
||||
systemd.services.dn42-roagen = {
|
||||
after = [ "systemd-tmpfiles-setup.service" ];
|
||||
before = [ "bird2.service" ];
|
||||
wantedBy = [ "bird2.service" ];
|
||||
script = ''
|
||||
set -e
|
||||
|
||||
cd /tmp
|
||||
if [ -e registry ]; then
|
||||
git clone --depth=1 https://git.dn42.dev/dn42/registry.git
|
||||
cd registry
|
||||
else
|
||||
cd registry
|
||||
git pull --depth=1
|
||||
fi
|
||||
|
||||
mkdir -p '${cfg.outputDir}'
|
||||
${lib.getExe pkgs.dn42-roagen} /tmp/registry '${cfg.outputDir}'
|
||||
|
||||
/run/current-system/sw/bin/systemctl reload bird2
|
||||
'';
|
||||
serviceConfig = {
|
||||
PrivateTmp = true;
|
||||
Type = "oneshot";
|
||||
User = "bird2";
|
||||
Group = "bird2";
|
||||
};
|
||||
};
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d ${cfg.outputDir} 755 bird2 bird2 -"
|
||||
];
|
||||
};
|
||||
}
|
Reference in New Issue
Block a user