Loading nixos/modules/module-list.nix +1 −0 Original line number Diff line number Diff line Loading @@ -1192,6 +1192,7 @@ ./services/networking/scion/scion-daemon.nix ./services/networking/scion/scion-dispatcher.nix ./services/networking/scion/scion-router.nix ./services/networking/scion/scion-ip-gateway.nix ./services/networking/seafile.nix ./services/networking/searx.nix ./services/networking/shadowsocks.nix Loading nixos/modules/services/networking/scion/scion-ip-gateway.nix 0 → 100644 +92 −0 Original line number Diff line number Diff line { config, lib, pkgs, ... }: with lib; let globalCfg = config.services.scion; cfg = config.services.scion.scion-ip-gateway; toml = pkgs.formats.toml { }; json = pkgs.formats.json { }; connectionDir = if globalCfg.stateless then "/run" else "/var/lib"; defaultConfig = { tunnel = { }; gateway = { traffic_policy_file = "${trafficConfigFile}"; }; }; defaultTrafficConfig = { ASes = { }; ConfigVersion = 9001; }; configFile = toml.generate "scion-ip-gateway.toml" (recursiveUpdate defaultConfig cfg.config); trafficConfigFile = json.generate "scion-ip-gateway-traffic.json" ( recursiveUpdate defaultTrafficConfig cfg.trafficConfig ); in { options.services.scion.scion-ip-gateway = { enable = mkEnableOption "the scion-ip-gateway service"; config = mkOption { default = { }; type = toml.type; example = literalExpression '' { tunnel = { src_ipv4 = "172.16.100.1"; }; } ''; description = '' scion-ip-gateway daemon configuration ''; }; trafficConfig = mkOption { default = { }; type = json.type; example = literalExpression '' { ASes = { "2-ffaa:0:b" = { Nets = [ "172.16.1.0/24" ]; }; }; ConfigVersion = 9001; } ''; description = '' scion-ip-gateway traffic configuration ''; }; }; config = mkIf cfg.enable { systemd.services.scion-ip-gateway = { description = "SCION IP Gateway Service"; after = [ "network-online.target" "scion-dispatcher.service" ]; wants = [ "network-online.target" "scion-dispatcher.service" ]; wantedBy = [ "multi-user.target" ]; serviceConfig = { Type = "simple"; Group = if (config.services.scion.scion-dispatcher.enable == true) then "scion" else null; ExecStart = "${globalCfg.package}/bin/scion-ip-gateway --config ${configFile}"; DynamicUser = true; AmbientCapabilities = [ "CAP_NET_ADMIN" ]; Restart = "on-failure"; KillMode = "control-group"; RemainAfterExit = false; }; }; }; } nixos/modules/services/networking/scion/scion.nix +1 −0 Original line number Diff line number Diff line Loading @@ -42,6 +42,7 @@ in scion-daemon.enable = true; scion-router.enable = true; scion-control.enable = true; scion-ip-gateway.enable = true; }; assertions = [ { assertion = cfg.bypassBootstrapWarning == true; Loading Loading
nixos/modules/module-list.nix +1 −0 Original line number Diff line number Diff line Loading @@ -1192,6 +1192,7 @@ ./services/networking/scion/scion-daemon.nix ./services/networking/scion/scion-dispatcher.nix ./services/networking/scion/scion-router.nix ./services/networking/scion/scion-ip-gateway.nix ./services/networking/seafile.nix ./services/networking/searx.nix ./services/networking/shadowsocks.nix Loading
nixos/modules/services/networking/scion/scion-ip-gateway.nix 0 → 100644 +92 −0 Original line number Diff line number Diff line { config, lib, pkgs, ... }: with lib; let globalCfg = config.services.scion; cfg = config.services.scion.scion-ip-gateway; toml = pkgs.formats.toml { }; json = pkgs.formats.json { }; connectionDir = if globalCfg.stateless then "/run" else "/var/lib"; defaultConfig = { tunnel = { }; gateway = { traffic_policy_file = "${trafficConfigFile}"; }; }; defaultTrafficConfig = { ASes = { }; ConfigVersion = 9001; }; configFile = toml.generate "scion-ip-gateway.toml" (recursiveUpdate defaultConfig cfg.config); trafficConfigFile = json.generate "scion-ip-gateway-traffic.json" ( recursiveUpdate defaultTrafficConfig cfg.trafficConfig ); in { options.services.scion.scion-ip-gateway = { enable = mkEnableOption "the scion-ip-gateway service"; config = mkOption { default = { }; type = toml.type; example = literalExpression '' { tunnel = { src_ipv4 = "172.16.100.1"; }; } ''; description = '' scion-ip-gateway daemon configuration ''; }; trafficConfig = mkOption { default = { }; type = json.type; example = literalExpression '' { ASes = { "2-ffaa:0:b" = { Nets = [ "172.16.1.0/24" ]; }; }; ConfigVersion = 9001; } ''; description = '' scion-ip-gateway traffic configuration ''; }; }; config = mkIf cfg.enable { systemd.services.scion-ip-gateway = { description = "SCION IP Gateway Service"; after = [ "network-online.target" "scion-dispatcher.service" ]; wants = [ "network-online.target" "scion-dispatcher.service" ]; wantedBy = [ "multi-user.target" ]; serviceConfig = { Type = "simple"; Group = if (config.services.scion.scion-dispatcher.enable == true) then "scion" else null; ExecStart = "${globalCfg.package}/bin/scion-ip-gateway --config ${configFile}"; DynamicUser = true; AmbientCapabilities = [ "CAP_NET_ADMIN" ]; Restart = "on-failure"; KillMode = "control-group"; RemainAfterExit = false; }; }; }; }
nixos/modules/services/networking/scion/scion.nix +1 −0 Original line number Diff line number Diff line Loading @@ -42,6 +42,7 @@ in scion-daemon.enable = true; scion-router.enable = true; scion-control.enable = true; scion-ip-gateway.enable = true; }; assertions = [ { assertion = cfg.bypassBootstrapWarning == true; Loading
