lbailly/liminix
1
0
Fork 0
forked from DGNum/liminix
Code Pull requests 2 Activity Actions

add service to enable packet forwarding

Browse source 
might be worth looking into adding RA config to this
This commit is contained in:
Daniel Barlow 2023-09-01 17:34:47 +01:00
parent ef666c34cd
commit 7ad848cb77
5 changed files with 40 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
examples/extneder.nix
View file

@ -43,7 +43,9 @@ in rec {
IP6_NF_IPTABLES = "y"; # do we still need these IP6_NF_IPTABLES = "y"; # do we still need these
IP_NF_IPTABLES = "y"; # if using nftables directly IP_NF_IPTABLES = "y"; # if using nftables directly
# these are copied from rotuer and need review # these are copied from rotuer and need review.
# we're not running a firewall, so why do we need
# nftables config?
IP_NF_NAT = "y"; IP_NF_NAT = "y";
IP_NF_TARGET_MASQUERADE = "y"; IP_NF_TARGET_MASQUERADE = "y";
NETFILTER = "y"; NETFILTER = "y";

17
examples/rotuer.nix
View file

@ -156,22 +156,7 @@ in rec {
ruleset = import ./rotuer-firewall.nix; ruleset = import ./rotuer-firewall.nix;
}; };
services.packet_forwarding = services.packet_forwarding = svc.network.forward.build { };
let
ip4 = "/proc/sys/net/ipv4/conf/all/forwarding";
ip6 = "/proc/sys/net/ipv6/conf/all/forwarding";
in oneshot {
name = "let-the-ip-flow";
up = ''
echo 1 > ${ip4}
echo 1 > ${ip6}
'';
down = ''
echo 0 > ${ip4};
echo 0 > ${ip6};
'';
dependencies = [ services.firewall ];
};
services.dhcp6 = services.dhcp6 =
let let

14
modules/network/default.nix
View file

@ -24,6 +24,9 @@ in {
route = mkOption { route = mkOption {
type = liminix.lib.types.serviceDefn; type = liminix.lib.types.serviceDefn;
}; };
forward = mkOption {
type = liminix.lib.types.serviceDefn;
};
dhcp = { dhcp = {
client = mkOption { client = mkOption {
# this needs to move to its own service as it has # this needs to move to its own service as it has
@ -108,6 +111,17 @@ in {
}; };
}; };
forward = liminix.callService ./forward.nix {
enableIPv4 = mkOption {
type = types.bool;
default = true;
};
enableIPv6 = mkOption {
type = types.bool;
default = true;
};
};
dhcp.client = liminix.callService ./dhcpc.nix { dhcp.client = liminix.callService ./dhcpc.nix {
interface = mkOption { interface = mkOption {
type = liminix.lib.types.service; type = liminix.lib.types.service;

21
modules/network/forward.nix Normal file
View file

@ -0,0 +1,21 @@
{
liminix
, ifwait
, serviceFns
, lib
}:
{ enableIPv4, enableIPv6 }:
let
inherit (liminix.services) oneshot;
ip4 = "/proc/sys/net/ipv4/conf/all/forwarding";
ip6 = "/proc/sys/net/ipv6/conf/all/forwarding";
opt = lib.optionalString;
sysctls = b :
""
+ opt enableIPv4 "echo ${b} > ${ip4}\n"
+ opt enableIPv6 "echo ${b} > ${ip6}\n";
in oneshot {
name = "forwarding${opt enableIPv4 "4"}${opt enableIPv6 "6"}";
up = sysctls "1";
down = sysctls "0";
}

11
vanilla-configuration.nix
View file

@ -22,16 +22,7 @@ in rec {
dependencies = [ services.dhcpv4 ]; dependencies = [ services.dhcpv4 ];
}; };
services.packet_forwarding = services.packet_forwarding = svc.network.forward.build { };
let
iface = services.dhcpv4;
filename = "/proc/sys/net/ipv4/conf/$(output ${iface} ifname)/forwarding";
in oneshot {
name = "let-the-ip-flow";
up = "echo 1 > ${filename}";
down = "echo 0 > ${filename}";
dependencies = [iface];
};
services.ntp = config.system.service.ntp.build { services.ntp = config.system.service.ntp.build {
pools = { "pool.ntp.org" = ["iburst"] ; }; pools = { "pool.ntp.org" = ["iburst"] ; };