6ce016487e933e685d5b54f1ab8828f3c7ed4bc1
howto/nixos.md
| ... | ... | @@ -170,6 +170,71 @@ As seen, the IP configuration is applied via ip-commands in the postSetup. This |
| 170 | 170 | |
| 171 | 171 | Like ferm, Bird2 is configured by ```services.bird2.config``` containing a string. In there the example bird2 config from [wiki.dn42](https://wiki.dn42/howto/Bird2) can be imported. Roa tables can be generated or downloaded from host providing them. |
| 172 | 172 | |
| 173 | -### services |
|
| 173 | + |
|
| 174 | +#### ROA Updating script |
|
| 175 | + |
|
| 176 | +Sample example to update ROA's : |
|
| 177 | +```nix |
|
| 178 | +{ pkgs, lib, ... }: |
|
| 179 | +let |
|
| 180 | + script = pkgs.writeShellScriptBin "update-roa" '' |
|
| 181 | + mkdir -p /etc/bird/ |
|
| 182 | + ${pkgs.curl}/bin/curl -sfSLR {-o,-z}/etc/bird/roa_dn42_v6.conf https://dn42.burble.com/roa/dn42_roa_bird2_6.conf |
|
| 183 | + ${pkgs.curl}/bin/curl -sfSLR {-o,-z}/etc/bird/roa_dn42.conf https://dn42.burble.com/roa/dn42_roa_bird2_4.conf |
|
| 184 | + ${pkgs.bird2}/bin/birdc c |
|
| 185 | + ${pkgs.bird2}/bin/birdc reload in all |
|
| 186 | + ''; |
|
| 187 | +in |
|
| 188 | +{ |
|
| 189 | + systemd.timers.dn42-roa = { |
|
| 190 | + description = "Trigger a ROA table update"; |
|
| 191 | + |
|
| 192 | + timerConfig = { |
|
| 193 | + OnBootSec = "5m"; |
|
| 194 | + OnUnitInactiveSec = "1h"; |
|
| 195 | + Unit = "dn42-roa.service"; |
|
| 196 | + }; |
|
| 197 | + |
|
| 198 | + wantedBy = [ "timers.target" ]; |
|
| 199 | + before = [ "bird.service" ]; |
|
| 200 | + }; |
|
| 201 | + |
|
| 202 | + systemd.services = { |
|
| 203 | + dn42-roa = { |
|
| 204 | + after = [ "network.target" ]; |
|
| 205 | + description = "DN42 ROA Updated"; |
|
| 206 | + unitConfig = { |
|
| 207 | + Type = "one-shot"; |
|
| 208 | + }; |
|
| 209 | + serviceConfig = { |
|
| 210 | + ExecStart = "${script}/bin/update-roa"; |
|
| 211 | + }; |
|
| 212 | + }; |
|
| 213 | + }; |
|
| 214 | +} |
|
| 215 | +``` |
|
| 216 | + |
|
| 217 | +### Bird Looking Glass |
|
| 218 | + |
|
| 219 | +There is now (thanks to [Tchekda](https://github.com/NixOS/nixpkgs/pull/153481)) a direct way to setup a looking glass for bird on Nixos. [Documentation](https://github.com/NixOS/nixpkgs/blob/3aab5ebd436023ca8343a84804d51cd227dd01dd/nixos/modules/services/networking/bird-lg.nix) and sample : |
|
| 220 | +```nix |
|
| 221 | +bird-lg = { |
|
| 222 | + proxy = { |
|
| 223 | + enable = true; |
|
| 224 | + allowedIPs = [ "172.20.XX.XX" "172.20.XX.YY" ]; |
|
| 225 | + }; |
|
| 226 | + frontend = { |
|
| 227 | + enable = true; |
|
| 228 | + netSpecificMode = "dn42"; |
|
| 229 | + servers = [ "node1" "node2" ]; |
|
| 230 | + domain = "domain.dn42"; |
|
| 231 | + }; |
|
| 232 | +}; |
|
| 233 | + |
|
| 234 | +### Services |
|
| 174 | 235 | |
| 175 | 236 | I also run services like a nameserver for .litschi.dn42 zones and a nginx webserver within this container. Since Host path for ```/var/www/dn42``` and ```/var/dns/dn42``` are booth binded into the container, zone config and e.g. website and be edited directly from Host without need the rebuild the hole container. |
| 237 | + |
|
| 238 | +### Sample configuration |
|
| 239 | + |
|
| 240 | +You can find a sample Wireguard + Bird configuration made by Tchekda ready for dn42 on [this](https://github.com/Tchekda/nixos-configuration/tree/master/llitt/dn42) repository |
|
| ... | ... | \ No newline at end of file |