nixos/routinator: init module

NixOS · Feb 8, 2025 · dbe7800 · dbe7800
1 parent a01189f
commit dbe7800
Show file tree

Hide file tree

Showing 2 changed files with 73 additions and 0 deletions.
diff --git a/nixos/doc/manual/release-notes/rl-2505.section.md b/nixos/doc/manual/release-notes/rl-2505.section.md
@@ -79,6 +79,8 @@
 
 - [networking.modemmanager](options.html#opt-networking.modemmanager) has been split out of [networking.networkmanager](options.html#opt-networking.networkmanager). NetworkManager still enables ModemManager by default, but options exist now to run NetworkManager without ModemManager.
 
+- [Routinator 3000](https://nlnetlabs.nl/projects/routing/routinator/), a full-featured RPKI Relying Party software package that runs as a service which periodically downloads and verifies RPKI data.
+
 - [doh-server](https://github.com/m13253/dns-over-https), a high performance DNS over HTTPS server. Available as [services.doh-server](options.html#opt-services.doh-server.enable).
 
 - [ncps](https://github.com/kalbasit/ncps), a Nix binary cache proxy service implemented in Go using [go-nix](https://github.com/nix-community/go-nix). Available as [services.ncps](options.html#opt-services.ncps.enable).

diff --git a/nixos/modules/services/networking/routinator.nix b/nixos/modules/services/networking/routinator.nix
@@ -0,0 +1,71 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+with lib;
+let
+  cfg = config.services.routinator;
+  settingsFormat = pkgs.formats.toml { };
+in
+{
+  options.services.routinator = {
+    enable = mkEnableOption "Routinator 3000 is free, open-source RPKI Relying Party software made by NLnet Labs.";
+
+    settings = mkOption {
+      inherit (settingsFormat) type;
+      example = literalExpression ''
+
+                {
+                  repository-dir = "/var/lib/routinator/rpki-cache";
+                  rtr-listen = [ "127.0.0.1:3323" ];
+                  http-listen = [ "127.0.0.1:8323" ];
+                }
+      '';
+      description = ''
+
+                Configuration for Routinator 3000, see <https://routinator.docs.nlnetlabs.nl/en/stable/manual-page.html#configuration-file> for options
+      '';
+      default = {
+        repository-dir = "/var/lib/routinator/rpki-cache";
+        rtr-listen = [ "127.0.0.1:3323" ];
+        http-listen = [ "127.0.0.1:8323" ];
+      };
+    };
+
+    configFile = mkOption {
+      default = settingsFormat.generate "routinator.conf" cfg.settings;
+      defaultText = "A Routinator configuration file automatically generated by values from services.routinator.settings.*";
+      type = types.path;
+      example = "/etc/routinator/routinator.conf";
+      description = "Path to Routinator TOML configuration file.";
+    };
+
+    package = mkPackageOption pkgs "routinator" { };
+  };
+
+  config = {
+    systemd.services.routinator = {
+      description = "Routinator 3000 is free, open-source RPKI Relying Party software made by NLnet Labs.";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
+      path = with pkgs; [ rsync ];
+      serviceConfig = {
+        ExecStart = "${lib.getExe cfg.package} --config ${cfg.configFile} server";
+        User = "routinator";
+        Group = "routinator";
+      };
+    };
+
+    users.users.routinator = {
+      createHome = true;
+      isSystemUser = true;
+      home = "/var/lib/routinator";
+      group = "routinator";
+    };
+    users.groups.routinator = { };
+  };
+
+  meta.maintainers = with maintainers; [ xgwq ];
+}