nixos/tayga: add mappings option

2024-04-26 21:51:02 +02:00 · 2024-04-26 21:51:02 +02:00 · e83b8cfd43
commit e83b8cfd43
parent dfd38d2388
2 changed files with 40 additions and 5 deletions
--- a/nixos/modules/services/networking/tayga.nix
+++ b/nixos/modules/services/networking/tayga.nix
@ -16,6 +16,8 @@ let
    prefix ${strAddr cfg.ipv6.pool}
    dynamic-pool ${strAddr cfg.ipv4.pool}
    data-dir ${cfg.dataDir}
+
+    ${concatStringsSep "\n" (mapAttrsToList (ipv4: ipv6: "map " + ipv4 + " " + ipv6) cfg.mappings)}
  '';

  addrOpts = v:
@ -103,18 +105,38 @@ in
      dataDir = mkOption {
        type = types.path;
        default = "/var/lib/tayga";
-        description = "Directory for persistent data";
+        description = "Directory for persistent data.";
      };

      tunDevice = mkOption {
        type = types.str;
        default = "nat64";
-        description = "Name of the nat64 tun device";
+        description = "Name of the nat64 tun device.";
+      };
+
+      mappings = mkOption {
+        type = types.attrsOf types.str;
+        default = {};
+        description = "Static IPv4 -> IPv6 host mappings.";
+        example = literalExpression ''
+          {
+            "192.168.5.42" = "2001:db8:1:4444::1";
+            "192.168.5.43" = "2001:db8:1:4444::2";
+            "192.168.255.2" = "2001:db8:1:569::143";
+          }
+        '';
      };
    };
  };

  config = mkIf cfg.enable {
+    assertions = [
+      {
+        assertion = allUnique (attrValues cfg.mappings);
+        message = "Neither the IPv4 nor the IPv6 addresses must be entered twice in the mappings.";
+      }
+    ];
+
    networking.interfaces."${cfg.tunDevice}" = {
      virtual = true;
      virtualType = "tun";
--- a/nixos/tests/tayga.nix
+++ b/nixos/tests/tayga.nix
@ -59,6 +59,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }:
          ];
        };
      };
+      programs.mtr.enable = true;
    };

    # The router is configured with static IPv4 addresses towards the server
@ -120,6 +121,9 @@ import ./make-test-python.nix ({ pkgs, lib, ... }:
            prefixLength = 96;
          };
        };
+        mappings = {
+          "192.0.2.42" = "2001:db8::2";
+        };
      };
    };

@ -171,6 +175,9 @@ import ./make-test-python.nix ({ pkgs, lib, ... }:
            prefixLength = 96;
          };
        };
+        mappings = {
+          "192.0.2.42" = "2001:db8::2";
+        };
      };
    };

@ -199,7 +206,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }:
          ];
        };
      };
-      environment.systemPackages = [ pkgs.mtr ];
+      programs.mtr.enable = true;
    };
  };

@ -225,10 +232,16 @@ import ./make-test-python.nix ({ pkgs, lib, ... }:
      with subtest("Wait for tayga"):
        router.wait_for_unit("tayga.service")

-      with subtest("Test ICMP"):
+      with subtest("Test ICMP server -> client"):
+        server.wait_until_succeeds("ping -c 3 192.0.2.42 >&2")
+
+      with subtest("Test ICMP and show a traceroute server -> client"):
+        server.wait_until_succeeds("mtr --show-ips --report-wide 192.0.2.42 >&2")
+
+      with subtest("Test ICMP client -> server"):
        client.wait_until_succeeds("ping -c 3 64:ff9b::100.64.0.2 >&2")

-      with subtest("Test ICMP and show a traceroute"):
+      with subtest("Test ICMP and show a traceroute client -> server"):
        client.wait_until_succeeds("mtr --show-ips --report-wide 64:ff9b::100.64.0.2 >&2")

      router.log(router.execute("systemd-analyze security tayga.service")[1])