tayga: 0.9.2 -> 0.9.5 (#432528)

    data-dir ${cfg.dataDir}

    ${concatStringsSep "\n" (mapAttrsToList (ipv4: ipv6: "map " + ipv4 + " " + ipv6) cfg.mappings)}

    ${optionalString ((builtins.length cfg.log) > 0) ''

      log ${concatStringsSep " " cfg.log}

    ''}

    wkpf-strict ${if cfg.wkpfStrict then "yes" else "no"}

  '';

  addrOpts =

          }

        '';

      };

      log = mkOption {

        type = types.listOf types.str;

        default = [ ];

        description = "Packet errors to log (drop, reject, icmp, self)";

        example = literalExpression ''

          [ "drop" "reject" "icmp" "self" ]

        '';

      };

      wkpfStrict = mkOption {

        type = types.bool;

        default = true;

        description = "Enable restrictions on the use of the well-known prefix (64:ff9b::/96) - prevents translation of non-global IPv4 ranges when using the well-known prefix. Must be enabled for RFC 6052 compatibility.";

      };

    };

  };

      };

    };

    environment.etc."tayga.conf".source = configFile;

    systemd.services.tayga = {

      description = "Stateless NAT64 implementation";

      wantedBy = [ "multi-user.target" ];

      after = [ "network.target" ];

      reloadTriggers = [ configFile ];

      serviceConfig = {

        ExecStart = "${cfg.package}/bin/tayga -d --nodetach --config ${configFile}";

        ExecStart = "${cfg.package}/bin/tayga -d --nodetach --config /etc/tayga.conf";

        ExecReload = "${pkgs.coreutils}/bin/kill -SIGHUP $MAINPID";

        Restart = "always";

  };

  nodes = {

    # The server is configured with static IPv4 addresses. RFC 6052 Section 3.1

    # disallows the mapping of non-global IPv4 addresses like RFC 1918 into the

    # Well-Known Prefix 64:ff9b::/96. TAYGA also does not allow the mapping of

    # documentation space (RFC 5737). To circumvent this, 100.64.0.2/24 from

    # RFC 6589 (Carrier Grade NAT) is used here.

    # The server is configured with static IPv4 addresses. We have to disable the

    # well-known prefix restrictions (as required by RFC 6052 Section 3.1) because

    # we're using private space (TAYGA also considers documentation space non-global,

    # unfortunately).

    # To reach the IPv4 address pool of the NAT64 gateway, there is a static

    # route configured. In normal cases, where the router would also source NAT

    # the pool addresses to one IPv4 addresses, this would not be needed.

        };

      };

      programs.mtr.enable = true;

      environment.systemPackages = [ pkgs.tcpdump ];

    };

    # The router is configured with static IPv4 addresses towards the server

      ];

      networking = {

        hostName = "router-systemd";

        useDHCP = false;

        useNetworkd = true;

        firewall.enable = false;

        mappings = {

          "192.0.2.42" = "2001:db8::2";

        };

        log = [

          "drop"

          "reject"

          "icmp"

          "self"

        ];

        wkpfStrict = false;

      };

      environment.systemPackages = [ pkgs.tcpdump ];

    };

    router_nixos = {

      ];

      networking = {

        hostName = "router-nixos";

        useDHCP = false;

        firewall.enable = false;

        interfaces.eth1 = lib.mkForce {

        mappings = {

          "192.0.2.42" = "2001:db8::2";

        };

        log = [

          "drop"

          "reject"

          "icmp"

          "self"

        ];

        wkpfStrict = false;

      };

      environment.systemPackages = [ pkgs.tcpdump ];

    };

    # The client is configured with static IPv6 addresses. It has also a static

        };

      };

      programs.mtr.enable = true;

      environment.systemPackages = [ pkgs.tcpdump ];

    };

  };

{

  lib,

  stdenv,

  fetchurl,

  fetchFromGitHub,

  nixosTests,

}:

stdenv.mkDerivation (finalAttrs: {

  version = "0.9.2";

  version = "0.9.5";

  pname = "tayga";

  src = fetchurl {

    url = "http://www.litech.org/tayga/tayga-${finalAttrs.version}.tar.bz2";

    hash = "sha256-Kx95J6nS3P+Qla/zwnGSSwUsz9L6ypWIsndDGkTwAJw=";

  src = fetchFromGitHub {

    owner = "apalrd";

    repo = "tayga";

    tag = finalAttrs.version;

    hash = "sha256-xOm4fetFq2UGuhOojrT8WOcX78c6MLTMVbDv+O62x2E=";

  };

  env.NIX_CFLAGS_COMPILE = toString [

    "-Wno-address-of-packed-member"

    "-Wno-implicit-function-declaration"

  ];

  preBuild = ''

    echo "#define TAYGA_VERSION \"${finalAttrs.version}\"" > version.h

  '';

  installPhase = ''

    install -Dm755 tayga $out/bin/tayga

    install -D tayga.conf.5 $out/share/man/man5/tayga.conf.5

    install -D tayga.8 $out/share/man/man8/tayga.8

    cp -R docs $out/share/

    cp tayga.conf.example $out/share/docs/

  '';

  passthru.tests.tayga = nixosTests.tayga;

      It is intended to provide production-quality NAT64 service

      for networks where dedicated NAT64 hardware would be overkill.

    '';

    homepage = "http://www.litech.org/tayga";

    homepage = "https://github.com/apalrd/tayga";

    license = licenses.gpl2Plus;

    maintainers = with maintainers; [ _0x4A6F ];

    platforms = platforms.linux;