...

2 files changed, 69 insertions, 81 deletions

diff --git a/hosts/vidhar/network/pppoe.nix b/hosts/vidhar/network/pppoe.nix
index d17be349..7cdf3cb6 100644
--- a/hosts/vidhar/network/pppoe.nix
+++ b/hosts/vidhar/network/pppoe.nix
@@ -4,48 +4,6 @@ with lib;
 
 let
   pppInterface = config.networking.pppInterface;
-
-  corerad-deprecated = pkgs.writers.writeBashBin "corerad-deprecated" ''
-    exec -- ${lib.getExe' config.systemd.package "systemd-run"} \
-      --unit=corerad-deprecated@$(${lib.getExe' config.systemd.package "systemd-escape"} $1) \
-      --property=AmbientCapabilities="CAP_NET_ADMIN CAP_NET_RAW" \
-      --property=CapabilityBoundingSet="CAP_NET_ADMIN CAP_NET_RAW" \
-      --property=DynamicUser=yes \
-      --property=LimitNOFILE=1048576 \
-      --property=LimitNPROC=512 \
-      --property=NotifyAccess=main \
-      --property=Type=notify \
-      --property=RuntimeMaxSec=4h \
-      ${pkgs.writers.writeBash "corerad-deprecated" ''
-        exec -- ${lib.getExe pkgs.corerad} -c=<(${pkgs.writers.writePython3 "corerad-config" {
-            libraries = with pkgs.python3Packages; [ toml ];
-            flakeIgnore = [ "E124" "E121" ];
-          } ''
-            import toml
-            import sys
-            import re
-
-            match = re.fullmatch(r'(?P<interface>[^/]+)/(?P<prefix>.+)', sys.argv[1])
-
-            toml.dump({
-              "interfaces": [
-                {
-                  "name": match.group("interface"),
-                  "advertise": True,
-                  "prefix": [
-                    {
-                      "prefix": match.group("prefix"),
-                      "preferred_lifetime": "1s",
-                      "valid_lifetime": "14400s",
-                      "deprecated": True,
-                    },
-                  ],
-                },
-              ],
-            }, sys.stdout)
-          ''} $@)
-      ''} $@
-  '';
 in {
   options = {
     networking.pppInterface = mkOption {
@@ -148,33 +106,6 @@ in {
       };
     };
 
-    services.corerad = {
-      enable = true;
-      settings = {
-        interfaces = [
-          { name = pppInterface;
-            monitor = true;
-            verbose = true;
-          }
-          { name = "lan";
-            advertise = true;
-            verbose = true;
-            prefix = [{ prefix = "::/64"; }];
-            route = [{ prefix = "::/0"; }];
-            rdnss = [{ servers = ["::"]; }];
-            dnssl = [{ domain_names = ["yggdrasil"]; }];
-            # other_config = true;
-          }
-        ];
-
-        debug = {
-          address = "localhost:9430";
-          prometheus = true;
-        };
-      };
-    };
-    environment.systemPackages = [ corerad-deprecated ];
-
     services.ndppd = {
       enable = true;
       proxies = {
@@ -273,14 +204,78 @@ in {
         RestartSec = "5";
       };
     };
-    systemd.services.corerad = {
-      wantedBy = [ "dhcpcd.service" ];
+    systemd.services.radvd = {
+      wantedBy = [ "dhcpcd.service" "multi-user.target" ];
       bindsTo = [ "dhcpcd.service" ];
-      after = [ "dhcpcd.service" ];
+      after = [ "dhcpcd.service" "network.target" ];
 
       serviceConfig = {
-        Restart = lib.mkForce "always";
+        Restart = "always";
         RestartSec = "5";
+        DynamicUser = true;
+        AmbientCapabilities = ["CAP_NET_ADMIN" "CAP_NET_RAW"];
+        CapabilityBoundingSet = ["CAP_NET_ADMIN" "CAP_NET_RAW"];
+        RuntimeDirectory = "radvd";
+        PIDFile = "$RUNTIME_DIRECTORY/radvd.pid";
+        ExecStart = pkgs.writers.writePython3 "radvd-genconfig" {
+          libraries = with pkgs.python3Packages; [ jinja2 ];
+          doCheck = false;
+        } ''
+          import os
+          from tempfile import NamedTemporaryFile
+          import subprocess
+          import json
+          import jinja2
+          from pathlib import Path
+          from ipaddress import IPv6Network
+
+
+          def network_address(value, prefixlen):
+              return IPv6Network(value + "/" + str(prefixlen), strict=False).network_address
+
+
+          with subprocess.Popen(["${lib.getExe' pkgs.iproute2 "ip"}", "-j", "addr", "show", "dev", "lan"], stdout=subprocess.PIPE) as proc:
+              addresses = json.load(proc.stdout)
+
+          global_addresses = [ addr for addr in addresses[0]["addr_info"] if addr["family"] == "inet6" and addr["scope"] == "global" ]
+
+          if not global_addresses:
+            sys.exit(1)
+
+          with NamedTemporaryFile(mode='w', dir=os.environ["RUNTIME_DIRECTORY"], prefix="radvd.", suffix=".conf", delete=False) as fh:
+              config_file = fh.name
+              env = jinja2.Environment(
+                  loader = jinja2.FileSystemLoader("${pkgs.writeTextDir "radvd.conf.jinja2" ''
+                    interface lan {
+                      IgnoreIfMissing off;
+                      AdvSendAdvert on;
+                      MaxRtrAdvInterval 240;
+                      {% for addr in addrs %}
+                      prefix {{addr["local"] | network_address(addr["prefixlen"])}}/{{addr["prefixlen"]}} {
+                        AdvValidLifetime 86400;
+                        AdvPreferredLifetime 300;
+                        DeprecatePrefix on;
+                      };
+                      route {{addr["local"] | network_address(56)}}/56 {
+                        AdvRouteLifetime 300;
+                        RemoveRoute on;
+                      };
+                      RDNSS {{addr["local"]}} {
+                        AdvRDNSSLifetime 300;
+                      };
+                      {%- endfor %}
+                      DNSSL yggdrasil {};
+                    };
+                  ''}"),
+                  autoescape = False,
+              )
+              env.filters["network_address"] = network_address
+              env.get_template("radvd.conf.jinja2").stream({
+                "addrs": global_addresses,
+              }).dump(fh)
+
+          os.execv("${lib.getExe pkgs.radvd}", ["radvd", "-n", "-p", str(Path(os.environ["RUNTIME_DIRECTORY"]) / "radvd.pid"), "-d", "1", "-C", config_file])
+        '';
       };
     };
 
diff --git a/hosts/vidhar/prometheus/default.nix b/hosts/vidhar/prometheus/default.nix
index 125fd568..69992115 100644
--- a/hosts/vidhar/prometheus/default.nix
+++ b/hosts/vidhar/prometheus/default.nix
@@ -64,7 +64,7 @@ in {
         systemd = {
           enable = true;
           extraFlags = [
-            "--systemd.collector.unit-include=(dhcpcd|pppd-telekom|corerad|ndppd)\.service"
+            "--systemd.collector.unit-include=(dhcpcd|pppd-telekom|radvd|ndppd)\.service"
             "--systemd.collector.enable-restart-count"
             "--systemd.collector.enable-ip-accounting"
           ];
@@ -170,13 +170,6 @@ in {
           relabel_configs = relabelHosts;
           scrape_interval = "1s";
         }
-        { job_name = "corerad";
-          static_configs = [
-            { targets = ["localhost:9430"]; }
-          ];
-          relabel_configs = relabelHosts;
-          scrape_interval = "1s";
-        }
         { job_name = "nftables";
           static_configs = [
             { targets = ["localhost:9901"]; }