From 1f28c8defc116a8c6ee7f30ac984931b064b0697 Mon Sep 17 00:00:00 2001
From: rnhmjoj <rnhmjoj@inventati.org>
Date: Sat, 1 Jul 2023 23:17:01 +0200
Subject: [PATCH] nixos/jool: validate the configuration

This checks the validity of both NAT64 and SIIT configurations
at build time. An error produces something like this:

    Validating Jool configuration... Error: Cannot parse '283.0.113.1' as an IPv4 address.
---
 nixos/modules/services/networking/jool.nix | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/nixos/modules/services/networking/jool.nix b/nixos/modules/services/networking/jool.nix
index 8fc08efcb674..3aafbe40967c 100644
--- a/nixos/modules/services/networking/jool.nix
+++ b/nixos/modules/services/networking/jool.nix
@@ -201,6 +201,17 @@ in
       } // hardening;
     };
 
+    system.checks = lib.singleton (pkgs.runCommand "jool-validated" {
+      nativeBuildInputs = [ pkgs.buildPackages.jool-cli ];
+      preferLocalBuild = true;
+    } ''
+      printf 'Validating Jool configuration... '
+      ${lib.optionalString cfg.siit.enable "jool_siit file check ${siitConf}"}
+      ${lib.optionalString cfg.nat64.enable "jool file check ${nat64Conf}"}
+      printf 'ok\n'
+      touch "$out"
+    '');
+
     networking.jool.nat64.config = mkDefaultAttrs defaultNat64;
     networking.jool.siit.config  = mkDefaultAttrs defaultSiit;