@ -36,19 +36,10 @@ import ./make-test-python.nix ({pkgs, ...}: {
} ;
# Since we want to program the routes that we delegate to the "customer"
# into our routing table we must have a way to gain the required privs.
# This security wrapper will do in our test setup.
#
# DO NOT COPY THIS TO PRODUCTION AS IS. Think about it at least twice.
# Everyone on the "isp" machine will be able to add routes to the kernel.
security . wrappers . add-dhcpd-lease = {
owner = " r o o t " ;
group = " r o o t " ;
source = pkgs . writeShellScript " a d d - d h c p d - l e a s e " ''
exec $ { pkgs . iproute2 } /bin/ip -6 route replace " $ 1 " via " $ 2 "
'' ;
capabilities = " c a p _ n e t _ a d m i n + e p " ;
} ;
# into our routing table we must give dhcpd the required privs.
systemd . services . dhcpd6 . serviceConfig . AmbientCapabilities =
[ " C A P _ N E T _ A D M I N " ] ;
services = {
# Configure the DHCPv6 server
#
@ -80,7 +71,7 @@ import ./make-test-python.nix ({pkgs, ...}: {
set Prefix = pick-first-value ( binary-to-ascii ( 16 , 16 , " : " , suffix ( option dhcp6 . ia-pd , 16 ) ) , " n / a " ) ;
set PrefixLength = pick-first-value ( binary-to-ascii ( 10 , 8 , " : " , substring ( suffix ( option dhcp6 . ia-pd , 17 ) , 0 , 1 ) ) , " n / a " ) ;
log ( concat ( IP , " " , Prefix , " " , PrefixLength ) ) ;
execute ( " / r u n / w r a p p e r s / b i n / a d d - d h c p d - l e a s e " , concat ( Prefix , " / " , PrefixLength ) , IP ) ;
execute ( " ${ pkgs . iproute2 } / b i n / i p " , " - 6 " , " r o u t e " , " r e p l a c e " , concat ( Prefix , " / " , PrefixLength ) , " v i a " , IP ) ;
}
'' ;
} ;