diff --git a/nixos/doc/manual/release-notes/rl-2411.section.md b/nixos/doc/manual/release-notes/rl-2411.section.md index 49e981355581ef..93b91314986d72 100644 --- a/nixos/doc/manual/release-notes/rl-2411.section.md +++ b/nixos/doc/manual/release-notes/rl-2411.section.md @@ -155,6 +155,8 @@ - [Apache Tika](https://github.com/apache/tika), a toolkit that detects and extracts metadata and text from over a thousand different file types. Available as [services.tika](option.html#opt-services.tika.enable). +- [amazon-ec2-net-utils](https://github.com/amazonlinux/amazon-ec2-net-utils), a set of utilities for managing elastic network interfaces on Amazon EC2. Available as [services.amazon-ec2-net-utils](#opt-services.amazon-ec2-net-utils.enable). + - [Misskey](https://misskey-hub.net/en/), an interplanetary microblogging platform. Available as [services.misskey](options.html#opt-services.misskey.enable). - [Improved File Manager (IFM)](https://github.com/misterunknown/ifm), a single-file web-based file manager. Available as [services.ifm](options.html#opt-services.ifm.enable). diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 0537dbf3ad1c57..dc5fd605110785 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -980,6 +980,7 @@ ./services/networking/acme-dns.nix ./services/networking/adguardhome.nix ./services/networking/alice-lg.nix + ./services/networking/amazon-ec2-net-utils.nix ./services/networking/amuled.nix ./services/networking/aria2.nix ./services/networking/asterisk.nix diff --git a/nixos/modules/services/networking/amazon-ec2-net-utils.nix b/nixos/modules/services/networking/amazon-ec2-net-utils.nix new file mode 100644 index 00000000000000..ef6e566344e2e6 --- /dev/null +++ b/nixos/modules/services/networking/amazon-ec2-net-utils.nix @@ -0,0 +1,80 @@ +{ + lib, + pkgs, + config, + ... +}: +let + cfg = config.services.amazon-ec2-net-utils; +in +{ + options.services.amazon-ec2-net-utils = { + enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + Whether to enable amazon-ec2-net-utils. + + This service relies on systemd-networkd so `systemd.network.enable` must also be `true`. + ''; + example = true; + }; + package = lib.mkPackageOption pkgs "amazon-ec2-net-utils" { }; + }; + + config = + lib.mkIf cfg.enable + # amazon-ec2-net-utils needs systemd-networkd. + && config.systemd.network.enable { + # See https://github.com/amazonlinux/amazon-ec2-net-utils/tree/v2.5.1/systemd/system. + systemd = { + services = { + "refresh-policy-routes@" = { + description = "Refresh policy routes for %I"; + serviceConfig = { + Type = "oneshot"; + PrivateTmp = "yes"; + AmbientCapabilities = "CAP_NET_ADMIN"; + NoNewPrivileges = "yes"; + User = "root"; + ExecStart = "${cfg.package}/bin/setup-policy-routes %i refresh"; + SuccessExitStatus = "SIGTERM"; + KillMode = "process"; + }; + }; + + "policy-routes@" = { + description = "Set up policy routes for %I"; + startLimitIntervalSec = 10; + startLimitBurst = 5; + wants = [ "refresh-policy-routes@%i.timer" ]; + # TODO: Need [Install] for Also = "refresh-policy-routes@%i.timer". systemd.services. has no installConfig attribute. + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = "yes"; + PrivateTmp = "yes"; + AmbientCapabilities = "CAP_NET_ADMIN"; + NoNewPrivileges = "yes"; + User = "root"; + ExecStart = "${cfg.package}/bin/setup-policy-routes %i start"; + Restart = "on-failure"; + RestartSec = 1; + KillMode = "process"; + }; + }; + }; + + timers = { + "refresh-policy-routes@" = { + OnActiveSec = 30; + OnUnitInactiveSec = 60; + RandomizedDelaySec = 5; + }; + }; + }; + + services.udev.packages = [ cfg.package ]; + }; + + meta.maintainers = pkgs.amazon-ec2-net-utils.meta.maintainers; +} diff --git a/pkgs/by-name/am/amazon-ec2-net-utils/package.nix b/pkgs/by-name/am/amazon-ec2-net-utils/package.nix new file mode 100644 index 00000000000000..76ede4c8a11c32 --- /dev/null +++ b/pkgs/by-name/am/amazon-ec2-net-utils/package.nix @@ -0,0 +1,94 @@ +{ + lib, + bash, + coreutils, + curl, + fetchFromGitHub, + gnugrep, + gnused, + installShellFiles, + iproute2, + makeWrapper, + stdenv, + systemd, +}: + +stdenv.mkDerivation rec { + pname = "amazon-ec2-net-utils"; + version = "2.5.1"; + + src = fetchFromGitHub { + owner = "amazonlinux"; + repo = "amazon-ec2-net-utils"; + rev = "refs/tags/v${version}"; + hash = "sha256-Nmrhu3j3JZA7GeJsLwOfdFKfyPYl1vFiH5Zr372eAXk="; + }; + + nativeBuildInputs = [ + installShellFiles + makeWrapper + ]; + + outputs = [ + "out" + "man" + ]; + + # See https://github.com/amazonlinux/amazon-ec2-net-utils/blob/v2.5.1/GNUmakefile#L26-L37. + installPhase = '' + mkdir $out + + for file in bin/*.sh; do + install -D -m 755 "$file" $out/bin/$(basename --suffix ".sh" "$file") + substituteInPlace $out/bin/$(basename --suffix ".sh" "$file") \ + --replace-fail AMAZON_EC2_NET_UTILS_LIBDIR $out/share/amazon-ec2-net-utils + done + + substituteInPlace $out/bin/setup-policy-routes \ + --replace-fail /lib/systemd ${systemd}/lib/systemd + + wrapProgram $out/bin/setup-policy-routes \ + --prefix PATH : ${ + lib.makeBinPath [ + coreutils + # bin/setup-policy-roots.sh sources lib/lib.sh which needs these. + # + # lib/lib.sh isn't executable so we can't use it with wrapProgram. + curl + gnugrep + gnused + iproute2 + systemd + ] + } + + for file in lib/*.sh; do + install -D -m 644 -t $out/share/amazon-ec2-net-utils "$file" + done + + substituteInPlace $out/share/amazon-ec2-net-utils/lib.sh \ + --replace-fail /usr/lib/systemd $out/lib/systemd + + for file in udev/*.rules; do + install -D -m 644 -t $out/lib/udev/rules.d "$file" + done + + substituteInPlace $out/lib/udev/rules.d/99-vpc-policy-routes.rules \ + --replace-fail /usr/bin/systemctl ${systemd}/bin/systemctl + + for file in systemd/network/*.network; do + install -D -m 644 -t $out/lib/systemd/network "$file" + done + + installManPage doc/*.8 + ''; + + meta = { + description = "Contains a set of utilities for managing elastic network interfaces on Amazon EC2"; + homepage = "https://github.com/amazonlinux/amazon-ec2-net-utils"; + license = lib.licenses.asl20; + platforms = lib.platforms.linux; + # TODO: Find maintainer(s). + maintainers = with lib.maintainers; [ ]; + }; +}