Deploy a SCION AS with the help of SCIONLab and NixOS.
To use the module simply checkout the repository and import it in your NixOS config.
imports = [ /path/to/scionlab-module ];Or, fetch it directly from GitHub:
imports = [
(builtins.fetchTarball {
url = "https://github.com/claudiiii/scionlab-module/archive/main.tar.gz";
# This hash needs to be updated
sha256 = lib.fakeSha256;
})
];You can also use the Cachix binary cache if building the packages is not possible.
First you need to register an AS on the SCIONLab website and download the configuration files.
Next extract the configuration to a folder on your system and make it readable by the scion user and group.
/etc/scion is a good place. You might need to enable the module first for the user and group to exist.
An example configuration might be:
services.scionlab = {
enable = true;
asConfigPath = "/path/to/as/config";
vpn = true;
vpnConfigFile = "/path/to/vpn/config.conf";
};To start using SCION you first need to start the VPN (if configured).
$ systemctl start openvpn-scionlabVPNAnd finally the SCIONLab services.
$ systemctl start scionlabNow everything should work. You can test that by showing the paths to a different AS.
$ scion showpaths 17-ffaa:0:1107It's also possible to build a VM from the test-vm.nix configuration.
First you need to fill in the TODOs at the top of the file with the paths to your AS config.
Then to build the VM run the following snipped in the root of the repository.
$ nix-build '<nixpkgs/nixos>' -A vm --arg configuration ./test-vm.nix --show-traceThe resulting VM can then be started.
$ ./result/bin/run-nixos-vm