Changes in 6ce0164: Updarted by Tchekda

howto/nixos.md

@@ -170,6 +170,71 @@ As seen, the IP configuration is applied via ip-commands in the postSetup. This 

 Like ferm, Bird2 is configured by ```services.bird2.config``` containing a string. In there the example bird2 config from [wiki.dn42](https://wiki.dn42/howto/Bird2) can be imported. Roa tables can be generated or downloaded from host providing them. 

-### services

+

+#### ROA Updating script

+

+Sample example to update ROA's : 

+```nix

+{ pkgs, lib, ... }:

+let

+ script = pkgs.writeShellScriptBin "update-roa" ''

+ mkdir -p /etc/bird/

+ ${pkgs.curl}/bin/curl -sfSLR {-o,-z}/etc/bird/roa_dn42_v6.conf https://dn42.burble.com/roa/dn42_roa_bird2_6.conf

+ ${pkgs.curl}/bin/curl -sfSLR {-o,-z}/etc/bird/roa_dn42.conf https://dn42.burble.com/roa/dn42_roa_bird2_4.conf

+ ${pkgs.bird2}/bin/birdc c 

+ ${pkgs.bird2}/bin/birdc reload in all

+ '';

+in

+{

+ systemd.timers.dn42-roa = {

+ description = "Trigger a ROA table update";

+

+ timerConfig = {

+ OnBootSec = "5m";

+ OnUnitInactiveSec = "1h";

+ Unit = "dn42-roa.service";

+ };

+

+ wantedBy = [ "timers.target" ];

+ before = [ "bird.service" ];

+ };

+

+ systemd.services = {

+ dn42-roa = {

+ after = [ "network.target" ];

+ description = "DN42 ROA Updated";

+ unitConfig = {

+ Type = "one-shot";

+ };

+ serviceConfig = {

+ ExecStart = "${script}/bin/update-roa";

+ };

+ };

+ };

+}

+```

+

+### Bird Looking Glass

+

+There is now (thanks to [Tchekda](https://github.com/NixOS/nixpkgs/pull/153481)) a direct way to setup a looking glass for bird on Nixos. [Documentation](https://github.com/NixOS/nixpkgs/blob/3aab5ebd436023ca8343a84804d51cd227dd01dd/nixos/modules/services/networking/bird-lg.nix) and sample : 

+```nix

+bird-lg = {

+ proxy = {

+ enable = true;

+ allowedIPs = [ "172.20.XX.XX" "172.20.XX.YY" ];

+ };

+ frontend = {

+ enable = true;

+ netSpecificMode = "dn42";

+ servers = [ "node1" "node2" ];

+ domain = "domain.dn42";

+ };

+};

+

+### Services

 I also run services like a nameserver for .litschi.dn42 zones and a nginx webserver within this container. Since Host path for ```/var/www/dn42``` and ```/var/dns/dn42``` are booth binded into the container, zone config and e.g. website and be edited directly from Host without need the rebuild the hole container. 

+

+### Sample configuration

+

+You can find a sample Wireguard + Bird configuration made by Tchekda ready for dn42 on [this](https://github.com/Tchekda/nixos-configuration/tree/master/llitt/dn42) repository

\ No newline at end of file

...	...	@@ -170,6 +170,71 @@ As seen, the IP configuration is applied via ip-commands in the postSetup. This
170	170
171	171	Like ferm, Bird2 is configured by ```services.bird2.config``` containing a string. In there the example bird2 config from [wiki.dn42](https://wiki.dn42/howto/Bird2) can be imported. Roa tables can be generated or downloaded from host providing them.
172	172
173		-### services
	173	+
	174	+#### ROA Updating script
	175	+
	176	+Sample example to update ROA's :
	177	+```nix
	178	+{ pkgs, lib, ... }:
	179	+let
	180	+ script = pkgs.writeShellScriptBin "update-roa" ''
	181	+ mkdir -p /etc/bird/
	182	+ ${pkgs.curl}/bin/curl -sfSLR {-o,-z}/etc/bird/roa_dn42_v6.conf https://dn42.burble.com/roa/dn42_roa_bird2_6.conf
	183	+ ${pkgs.curl}/bin/curl -sfSLR {-o,-z}/etc/bird/roa_dn42.conf https://dn42.burble.com/roa/dn42_roa_bird2_4.conf
	184	+ ${pkgs.bird2}/bin/birdc c
	185	+ ${pkgs.bird2}/bin/birdc reload in all
	186	+ '';
	187	+in
	188	+{
	189	+ systemd.timers.dn42-roa = {
	190	+ description = "Trigger a ROA table update";
	191	+
	192	+ timerConfig = {
	193	+ OnBootSec = "5m";
	194	+ OnUnitInactiveSec = "1h";
	195	+ Unit = "dn42-roa.service";
	196	+ };
	197	+
	198	+ wantedBy = [ "timers.target" ];
	199	+ before = [ "bird.service" ];
	200	+ };
	201	+
	202	+ systemd.services = {
	203	+ dn42-roa = {
	204	+ after = [ "network.target" ];
	205	+ description = "DN42 ROA Updated";
	206	+ unitConfig = {
	207	+ Type = "one-shot";
	208	+ };
	209	+ serviceConfig = {
	210	+ ExecStart = "${script}/bin/update-roa";
	211	+ };
	212	+ };
	213	+ };
	214	+}
	215	+```
	216	+
	217	+### Bird Looking Glass
	218	+
	219	+There is now (thanks to [Tchekda](https://github.com/NixOS/nixpkgs/pull/153481)) a direct way to setup a looking glass for bird on Nixos. [Documentation](https://github.com/NixOS/nixpkgs/blob/3aab5ebd436023ca8343a84804d51cd227dd01dd/nixos/modules/services/networking/bird-lg.nix) and sample :
	220	+```nix
	221	+bird-lg = {
	222	+ proxy = {
	223	+ enable = true;
	224	+ allowedIPs = [ "172.20.XX.XX" "172.20.XX.YY" ];
	225	+ };
	226	+ frontend = {
	227	+ enable = true;
	228	+ netSpecificMode = "dn42";
	229	+ servers = [ "node1" "node2" ];
	230	+ domain = "domain.dn42";
	231	+ };
	232	+};
	233	+
	234	+### Services
174	235
175	236	I also run services like a nameserver for .litschi.dn42 zones and a nginx webserver within this container. Since Host path for ```/var/www/dn42``` and ```/var/dns/dn42``` are booth binded into the container, zone config and e.g. website and be edited directly from Host without need the rebuild the hole container.
	237	+
	238	+### Sample configuration
	239	+
	240	+You can find a sample Wireguard + Bird configuration made by Tchekda ready for dn42 on [this](https://github.com/Tchekda/nixos-configuration/tree/master/llitt/dn42) repository
...	...	\ No newline at end of file