diff --git a/nixos/doc/manual/release-notes/rl-2505.section.md b/nixos/doc/manual/release-notes/rl-2505.section.md index 4d204f92a792ba..386fba6f5362d3 100644 --- a/nixos/doc/manual/release-notes/rl-2505.section.md +++ b/nixos/doc/manual/release-notes/rl-2505.section.md @@ -14,6 +14,8 @@ - [Kimai](https://www.kimai.org/), a web-based multi-user time-tracking application. Available as [services.kimai](option.html#opt-services.kimai). +- [amazon-ec2-net-utils](https://github.com/amazonlinux/amazon-ec2-net-utils), a set of utilities for managing elastic network interfaces on Amazon EC2. Available as [services.amazon-ec2-net-utils](#opt-services.amazon-ec2-net-utils.enable). + ## Backward Incompatibilities {#sec-release-25.05-incompatibilities} diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 5b85b0c5fad72c..006922e6d4ea4e 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -984,6 +984,7 @@ ./services/networking/acme-dns.nix ./services/networking/adguardhome.nix ./services/networking/alice-lg.nix + ./services/networking/amazon-ec2-net-utils.nix ./services/networking/amuled.nix ./services/networking/aria2.nix ./services/networking/asterisk.nix diff --git a/nixos/modules/services/networking/amazon-ec2-net-utils.nix b/nixos/modules/services/networking/amazon-ec2-net-utils.nix new file mode 100644 index 00000000000000..571a874c52bf0b --- /dev/null +++ b/nixos/modules/services/networking/amazon-ec2-net-utils.nix @@ -0,0 +1,84 @@ +{ + lib, + pkgs, + config, + ... +}: +let + cfg = config.services.amazon-ec2-net-utils; +in +{ + options.services.amazon-ec2-net-utils = { + enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + Whether to enable amazon-ec2-net-utils. + + This service needs systemd-networkd so `systemd.network.enable` must also be `true`. + ''; + example = true; + }; + package = lib.mkPackageOption pkgs "amazon-ec2-net-utils" { }; + }; + + config = + lib.mkIf + ( + cfg.enable + # amazon-ec2-net-utils needs systemd-networkd. + && config.systemd.network.enable + ) + { + # See https://github.com/amazonlinux/amazon-ec2-net-utils/tree/v2.5.1/systemd/system. + systemd = { + services = { + "refresh-policy-routes@" = { + description = "Refresh policy routes for %I"; + serviceConfig = { + Type = "oneshot"; + PrivateTmp = "yes"; + AmbientCapabilities = "CAP_NET_ADMIN"; + NoNewPrivileges = "yes"; + User = "root"; + ExecStart = "${cfg.package}/bin/setup-policy-routes %i refresh"; + SuccessExitStatus = "SIGTERM"; + KillMode = "process"; + }; + }; + + "policy-routes@" = { + description = "Set up policy routes for %I"; + startLimitIntervalSec = 10; + startLimitBurst = 5; + wants = [ "refresh-policy-routes@%i.timer" ]; + # TODO: Need [Install] for Also = "refresh-policy-routes@%i.timer". systemd.services. has no installConfig attribute. + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = "yes"; + PrivateTmp = "yes"; + AmbientCapabilities = "CAP_NET_ADMIN"; + NoNewPrivileges = "yes"; + User = "root"; + ExecStart = "${cfg.package}/bin/setup-policy-routes %i start"; + Restart = "on-failure"; + RestartSec = 1; + KillMode = "process"; + }; + }; + }; + + timers = { + "refresh-policy-routes@" = { + OnActiveSec = 30; + OnUnitInactiveSec = 60; + RandomizedDelaySec = 5; + }; + }; + }; + + services.udev.packages = [ cfg.package ]; + }; + + meta.maintainers = pkgs.amazon-ec2-net-utils.meta.maintainers; +} diff --git a/pkgs/by-name/am/amazon-ec2-net-utils/package.nix b/pkgs/by-name/am/amazon-ec2-net-utils/package.nix new file mode 100644 index 00000000000000..d6f53268ebc6bb --- /dev/null +++ b/pkgs/by-name/am/amazon-ec2-net-utils/package.nix @@ -0,0 +1,105 @@ +{ + lib, + bash, + coreutils, + curl, + fetchFromGitHub, + gnugrep, + gnused, + installShellFiles, + iproute2, + makeWrapper, + nix-update-script, + stdenv, + systemd, +}: + +stdenv.mkDerivation rec { + pname = "amazon-ec2-net-utils"; + version = "2.5.1"; + + src = fetchFromGitHub { + owner = "amazonlinux"; + repo = "amazon-ec2-net-utils"; + rev = "refs/tags/v${version}"; + hash = "sha256-Nmrhu3j3JZA7GeJsLwOfdFKfyPYl1vFiH5Zr372eAXk="; + }; + + strictDeps = true; + + nativeBuildInputs = [ + installShellFiles + makeWrapper + ]; + + buildInputs = [ + bash + ]; + + outputs = [ + "out" + "man" + ]; + + # See https://github.com/amazonlinux/amazon-ec2-net-utils/blob/v2.5.1/GNUmakefile#L26-L37. + installPhase = '' + mkdir $out + + for file in bin/*.sh; do + install -D -m 755 "$file" $out/bin/$(basename --suffix ".sh" "$file") + substituteInPlace $out/bin/$(basename --suffix ".sh" "$file") \ + --replace-fail AMAZON_EC2_NET_UTILS_LIBDIR $out/share/amazon-ec2-net-utils + done + + substituteInPlace $out/bin/setup-policy-routes \ + --replace-fail /lib/systemd ${systemd}/lib/systemd + + wrapProgram $out/bin/setup-policy-routes \ + --prefix PATH : ${ + lib.makeBinPath [ + coreutils + # bin/setup-policy-roots.sh sources lib/lib.sh which needs these. + # + # lib/lib.sh isn't executable so we can't use it with wrapProgram. + curl + gnugrep + gnused + iproute2 + systemd + ] + } + + for file in lib/*.sh; do + install -D -m 644 -t $out/share/amazon-ec2-net-utils "$file" + done + + substituteInPlace $out/share/amazon-ec2-net-utils/lib.sh \ + --replace-fail /usr/lib/systemd $out/lib/systemd + + for file in udev/*.rules; do + install -D -m 644 -t $out/lib/udev/rules.d "$file" + done + + substituteInPlace $out/lib/udev/rules.d/99-vpc-policy-routes.rules \ + --replace-fail /usr/bin/systemctl ${systemd}/bin/systemctl + + for file in systemd/network/*.network; do + install -D -m 644 -t $out/lib/systemd/network "$file" + done + + installManPage doc/*.8 + ''; + + passthru = { + updateScript = nix-update-script { }; + }; + + meta = { + description = "Contains a set of utilities for managing elastic network interfaces on Amazon EC2"; + homepage = "https://github.com/amazonlinux/amazon-ec2-net-utils"; + license = lib.licenses.asl20; + platforms = lib.platforms.linux; + # TODO: Find maintainer(s). + maintainers = with lib.maintainers; [ ]; + }; +}