Loading nixos/modules/services/networking/tayga.nix +24 −2 Original line number Diff line number Diff line Loading @@ -16,6 +16,8 @@ let prefix ${strAddr cfg.ipv6.pool} dynamic-pool ${strAddr cfg.ipv4.pool} data-dir ${cfg.dataDir} ${concatStringsSep "\n" (mapAttrsToList (ipv4: ipv6: "map " + ipv4 + " " + ipv6) cfg.mappings)} ''; addrOpts = v: Loading Loading @@ -103,18 +105,38 @@ in dataDir = mkOption { type = types.path; default = "/var/lib/tayga"; description = "Directory for persistent data"; description = "Directory for persistent data."; }; tunDevice = mkOption { type = types.str; default = "nat64"; description = "Name of the nat64 tun device"; description = "Name of the nat64 tun device."; }; mappings = mkOption { type = types.attrsOf types.str; default = {}; description = "Static IPv4 -> IPv6 host mappings."; example = literalExpression '' { "192.168.5.42" = "2001:db8:1:4444::1"; "192.168.5.43" = "2001:db8:1:4444::2"; "192.168.255.2" = "2001:db8:1:569::143"; } ''; }; }; }; config = mkIf cfg.enable { assertions = [ { assertion = allUnique (attrValues cfg.mappings); message = "Neither the IPv4 nor the IPv6 addresses must be entered twice in the mappings."; } ]; networking.interfaces."${cfg.tunDevice}" = { virtual = true; virtualType = "tun"; Loading nixos/tests/tayga.nix +16 −3 Original line number Diff line number Diff line Loading @@ -59,6 +59,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: ]; }; }; programs.mtr.enable = true; }; # The router is configured with static IPv4 addresses towards the server Loading Loading @@ -120,6 +121,9 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: prefixLength = 96; }; }; mappings = { "192.0.2.42" = "2001:db8::2"; }; }; }; Loading Loading @@ -171,6 +175,9 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: prefixLength = 96; }; }; mappings = { "192.0.2.42" = "2001:db8::2"; }; }; }; Loading Loading @@ -199,7 +206,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: ]; }; }; environment.systemPackages = [ pkgs.mtr ]; programs.mtr.enable = true; }; }; Loading @@ -225,10 +232,16 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: with subtest("Wait for tayga"): router.wait_for_unit("tayga.service") with subtest("Test ICMP"): with subtest("Test ICMP server -> client"): server.wait_until_succeeds("ping -c 3 192.0.2.42 >&2") with subtest("Test ICMP and show a traceroute server -> client"): server.wait_until_succeeds("mtr --show-ips --report-wide 192.0.2.42 >&2") with subtest("Test ICMP client -> server"): client.wait_until_succeeds("ping -c 3 64:ff9b::100.64.0.2 >&2") with subtest("Test ICMP and show a traceroute"): with subtest("Test ICMP and show a traceroute client -> server"): client.wait_until_succeeds("mtr --show-ips --report-wide 64:ff9b::100.64.0.2 >&2") router.log(router.execute("systemd-analyze security tayga.service")[1]) Loading Loading
nixos/modules/services/networking/tayga.nix +24 −2 Original line number Diff line number Diff line Loading @@ -16,6 +16,8 @@ let prefix ${strAddr cfg.ipv6.pool} dynamic-pool ${strAddr cfg.ipv4.pool} data-dir ${cfg.dataDir} ${concatStringsSep "\n" (mapAttrsToList (ipv4: ipv6: "map " + ipv4 + " " + ipv6) cfg.mappings)} ''; addrOpts = v: Loading Loading @@ -103,18 +105,38 @@ in dataDir = mkOption { type = types.path; default = "/var/lib/tayga"; description = "Directory for persistent data"; description = "Directory for persistent data."; }; tunDevice = mkOption { type = types.str; default = "nat64"; description = "Name of the nat64 tun device"; description = "Name of the nat64 tun device."; }; mappings = mkOption { type = types.attrsOf types.str; default = {}; description = "Static IPv4 -> IPv6 host mappings."; example = literalExpression '' { "192.168.5.42" = "2001:db8:1:4444::1"; "192.168.5.43" = "2001:db8:1:4444::2"; "192.168.255.2" = "2001:db8:1:569::143"; } ''; }; }; }; config = mkIf cfg.enable { assertions = [ { assertion = allUnique (attrValues cfg.mappings); message = "Neither the IPv4 nor the IPv6 addresses must be entered twice in the mappings."; } ]; networking.interfaces."${cfg.tunDevice}" = { virtual = true; virtualType = "tun"; Loading
nixos/tests/tayga.nix +16 −3 Original line number Diff line number Diff line Loading @@ -59,6 +59,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: ]; }; }; programs.mtr.enable = true; }; # The router is configured with static IPv4 addresses towards the server Loading Loading @@ -120,6 +121,9 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: prefixLength = 96; }; }; mappings = { "192.0.2.42" = "2001:db8::2"; }; }; }; Loading Loading @@ -171,6 +175,9 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: prefixLength = 96; }; }; mappings = { "192.0.2.42" = "2001:db8::2"; }; }; }; Loading Loading @@ -199,7 +206,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: ]; }; }; environment.systemPackages = [ pkgs.mtr ]; programs.mtr.enable = true; }; }; Loading @@ -225,10 +232,16 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: with subtest("Wait for tayga"): router.wait_for_unit("tayga.service") with subtest("Test ICMP"): with subtest("Test ICMP server -> client"): server.wait_until_succeeds("ping -c 3 192.0.2.42 >&2") with subtest("Test ICMP and show a traceroute server -> client"): server.wait_until_succeeds("mtr --show-ips --report-wide 192.0.2.42 >&2") with subtest("Test ICMP client -> server"): client.wait_until_succeeds("ping -c 3 64:ff9b::100.64.0.2 >&2") with subtest("Test ICMP and show a traceroute"): with subtest("Test ICMP and show a traceroute client -> server"): client.wait_until_succeeds("mtr --show-ips --report-wide 64:ff9b::100.64.0.2 >&2") router.log(router.execute("systemd-analyze security tayga.service")[1]) Loading
