mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-26 00:43:20 +00:00
nixos/corerad: init
This commit is contained in:
parent
046730ebdb
commit
5089214a3d
@ -578,6 +578,7 @@
|
||||
./services/networking/connman.nix
|
||||
./services/networking/consul.nix
|
||||
./services/networking/coredns.nix
|
||||
./services/networking/corerad.nix
|
||||
./services/networking/coturn.nix
|
||||
./services/networking/dante.nix
|
||||
./services/networking/ddclient.nix
|
||||
|
46
nixos/modules/services/networking/corerad.nix
Normal file
46
nixos/modules/services/networking/corerad.nix
Normal file
@ -0,0 +1,46 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.corerad;
|
||||
in {
|
||||
meta = {
|
||||
maintainers = with maintainers; [ mdlayher ];
|
||||
};
|
||||
|
||||
options.services.corerad = {
|
||||
enable = mkEnableOption "CoreRAD IPv6 NDP RA daemon";
|
||||
|
||||
configFile = mkOption {
|
||||
type = types.path;
|
||||
example = literalExample "\"\${pkgs.corerad}/etc/corerad/corerad.toml\"";
|
||||
description = "Path to CoreRAD TOML configuration file.";
|
||||
};
|
||||
|
||||
package = mkOption {
|
||||
default = pkgs.corerad;
|
||||
defaultText = literalExample "pkgs.corerad";
|
||||
type = types.package;
|
||||
description = "CoreRAD package to use.";
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
systemd.services.corerad = {
|
||||
description = "CoreRAD IPv6 NDP RA daemon";
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
LimitNPROC = 512;
|
||||
LimitNOFILE = 1048576;
|
||||
CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_RAW";
|
||||
AmbientCapabilities = "CAP_NET_ADMIN CAP_NET_RAW";
|
||||
NoNewPrivileges = true;
|
||||
DynamicUser = true;
|
||||
ExecStart = "${getBin cfg.package}/bin/corerad -c=${cfg.configFile}";
|
||||
Restart = "on-failure";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
@ -61,6 +61,7 @@ in
|
||||
containers-portforward = handleTest ./containers-portforward.nix {};
|
||||
containers-restart_networking = handleTest ./containers-restart_networking.nix {};
|
||||
containers-tmpfs = handleTest ./containers-tmpfs.nix {};
|
||||
corerad = handleTest ./corerad.nix {};
|
||||
couchdb = handleTest ./couchdb.nix {};
|
||||
deluge = handleTest ./deluge.nix {};
|
||||
dhparams = handleTest ./dhparams.nix {};
|
||||
|
71
nixos/tests/corerad.nix
Normal file
71
nixos/tests/corerad.nix
Normal file
@ -0,0 +1,71 @@
|
||||
import ./make-test-python.nix (
|
||||
{
|
||||
nodes = {
|
||||
router = {config, pkgs, ...}: {
|
||||
config = {
|
||||
# This machines simulates a router with IPv6 forwarding and a static IPv6 address.
|
||||
boot.kernel.sysctl = {
|
||||
"net.ipv6.conf.all.forwarding" = true;
|
||||
};
|
||||
networking.interfaces.eth1 = {
|
||||
ipv6.addresses = [ { address = "fd00:dead:beef:dead::1"; prefixLength = 64; } ];
|
||||
};
|
||||
services.corerad = {
|
||||
enable = true;
|
||||
# Serve router advertisements to the client machine with prefix information matching
|
||||
# any IPv6 /64 prefixes configured on this interface.
|
||||
configFile = pkgs.writeText "corerad.toml" ''
|
||||
[[interfaces]]
|
||||
name = "eth1"
|
||||
send_advertisements = true
|
||||
[[interfaces.plugins]]
|
||||
name = "prefix"
|
||||
prefix = "::/64"
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
client = {config, pkgs, ...}: {
|
||||
# Use IPv6 SLAAC from router advertisements, and install rdisc6 so we can
|
||||
# trigger one immediately.
|
||||
config = {
|
||||
boot.kernel.sysctl = {
|
||||
"net.ipv6.conf.all.autoconf" = true;
|
||||
};
|
||||
environment.systemPackages = with pkgs; [
|
||||
ndisc6
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
start_all()
|
||||
|
||||
with subtest("Wait for CoreRAD and network ready"):
|
||||
# Ensure networking is online and CoreRAD is ready.
|
||||
router.wait_for_unit("network-online.target")
|
||||
client.wait_for_unit("network-online.target")
|
||||
router.wait_for_unit("corerad.service")
|
||||
|
||||
# Ensure the client can reach the router.
|
||||
client.wait_until_succeeds("ping -c 1 fd00:dead:beef:dead::1")
|
||||
|
||||
with subtest("Verify SLAAC on client"):
|
||||
# Trigger a router solicitation and verify a SLAAC address is assigned from
|
||||
# the prefix configured on the router.
|
||||
client.wait_until_succeeds("rdisc6 -1 -r 10 eth1")
|
||||
client.wait_until_succeeds(
|
||||
"ip -6 addr show dev eth1 | grep -q 'fd00:dead:beef:dead:'"
|
||||
)
|
||||
|
||||
addrs = client.succeed("ip -6 addr show dev eth1")
|
||||
|
||||
assert (
|
||||
"fd00:dead:beef:dead:" in addrs
|
||||
), "SLAAC prefix was not found in client addresses after router advertisement"
|
||||
assert (
|
||||
"/64 scope global temporary" in addrs
|
||||
), "SLAAC temporary address was not configured on client after router advertisement"
|
||||
'';
|
||||
})
|
Loading…
Reference in New Issue
Block a user