this is the dhcp6c service we want

examples/demo.nix

@@ -7,7 +7,7 @@
 
 { config, pkgs, lib, ... } :
 let
-  inherit (pkgs.liminix.services) oneshot longrun;
+  inherit (pkgs.liminix.services) bundle oneshot longrun;
   inherit (pkgs) serviceFns;
   # EDIT: you can pick your preferred RFC1918 address space
   # for NATted connections, if you don't like this one.
@@ -25,6 +25,7 @@ in rec {
 
   imports = [
     ../modules/bridge
+    ../modules/dhcp6c
     ../modules/dnsmasq
     ../modules/firewall
     ../modules/hostapd
@@ -95,11 +96,16 @@ in rec {
       resolvconf = services.resolvconf;
       inherit interface;
       ranges = [
-        "${ipv4LocalNet}.10,${ipv4LocalNet}.240"
+        "${ipv4LocalNet}.10,${ipv4LocalNet}.249"
-        # ra-stateless: sends router advertisements with the O and A
+        # EDIT: ... maybe. In this example we use "ra-stateless",
+        # meaning dnsmasq sends router advertisements with the O and A
         # bits set, and provides a stateless DHCP service. The client
         # will use a SLAAC address, and use DHCP for other
         # configuration information.
+        # If you didn't understand the preceding sentence then
+        # the default is _probably_ fine, but if you need
+        # a DHCP-only IPv6 network or some other different
+        # configuration, this is the place to change it.
         "::,constructor:$(output ${interface} ifname),ra-stateless"
       ];
       # EDIT: choose a domain name for the DNS names issued for your
@@ -158,34 +164,37 @@ in rec {
 
   services.packet_forwarding = svc.network.forward.build { };
 
-  services.dhcp6 =
+  # We expect the ISP uses DHCP6 to issue IPv6 addresses. There is a
-    let
+  # service to request address information in the form of a DHCP
-      name = "dhcp6c.wan";
+  # lease, and two dependent services that listen for updates to the
-    in longrun {
+  # DHCP address information and update the addresses of the WAN and
-      inherit name;
+  # LAN interfaces respectively.
-      notification-fd = 10;
-      run = ''
-        export SERVICE_STATE=/run/service-state/${name}
-        ${pkgs.odhcp6c}/bin/odhcp6c -s ${pkgs.odhcp-script} -e -v -p /run/${name}.pid -P 48 $(output ${services.wan} ifname)
-        )
-      '';
-      dependencies = [ services.wan ];
-    };
 
-  services.acquire-lan-prefix =
+  services.dhcp6c =
-    let script = pkgs.callPackage ./acquire-delegated-prefix.nix {  };
+    let client = svc.dhcp6c.client.build {
-    in longrun {
+          interface = services.wan;
-      name = "acquire-lan-prefix";
+        };
-      run = "${script} /run/service-state/dhcp6c.wan $(output ${services.int} ifname)";
+    in bundle {
-      dependencies = [ services.dhcp6 ];
+      name = "dhcp6c";
-    };
+      contents = [
-
+        (svc.dhcp6c.prefix.build {
-  services.acquire-wan-address =
+          # if your ISP provides you a real IPv6 prefix for your local
-    let script = pkgs.callPackage ./acquire-wan-address.nix {  };
+          # network (usually a /64 or /48 or something in between the
-    in longrun {
+          # two), this service subscribes to that "prefix delegation"
-      name = "acquire-wan-address";
+          # information, and uses it to assign an address to the LAN
-      run = "${script} /run/service-state/dhcp6c.wan $(output ${services.wan} ifname)";
+          # device. dnsmasq will notice this address and use it to
-      dependencies = [ services.dhcp6 ];
+          # form the addresses it hands out to devices on the lan
+          inherit client;
+          interface = services.int;
+        })
+        (svc.dhcp6c.address.build {
+          # if your ISP provides you a regular global IPv6 address,
+          # this service subscribes to that information and assigns
+          # the address to the WAN device.
+          inherit client;
+          interface = services.wan;
+        })
+      ];
     };
 
   defaultProfile.packages = with pkgs; [

examples/rotuer.nix

@@ -9,7 +9,7 @@
 { config, pkgs, lib, ... } :
 let
   secrets = import ./rotuer-secrets.nix;
-  inherit (pkgs.liminix.services) oneshot longrun;
+  inherit (pkgs.liminix.services) oneshot longrun bundle;
   inherit (pkgs) serviceFns;
   svc = config.system.service;
   wirelessConfig =  {
@@ -38,6 +38,7 @@ in rec {
     ../modules/network
     ../modules/ppp
     ../modules/dnsmasq
+    ../modules/dhcp6c
     ../modules/firewall
     ../modules/hostapd
     ../modules/bridge
@@ -154,39 +155,27 @@ in rec {
   };
 
   services.firewall = svc.firewall.build {
-    ruleset = import ./rotuer-firewall.nix;
+    ruleset = import ./demo-firewall.nix;
   };
 
   services.packet_forwarding = svc.network.forward.build { };
 
-  services.dhcp6 =
+  services.dhcp6c =
-    let
+    let client = svc.dhcp6c.client.build {
-      name = "dhcp6c.wan";
+          interface = services.wan;
-    in longrun {
+        };
-      inherit name;
+    in bundle {
-      notification-fd = 10;
+      name = "dhcp6c";
-      run = ''
+      contents = [
-        export SERVICE_STATE=/run/service-state/${name}
+        (svc.dhcp6c.prefix.build {
-        ${pkgs.odhcp6c}/bin/odhcp6c -s ${pkgs.odhcp-script} -e -v -p /run/${name}.pid -P 48 $(output ${services.wan} ifname)
+          inherit client;
-        )
+          interface = services.int;
-      '';
+        })
-      dependencies = [ services.wan ];
+        (svc.dhcp6c.address.build {
-    };
+          inherit client;
-
+          interface = services.wan;
-  services.acquire-lan-prefix =
+        })
-    let script = pkgs.callPackage ./acquire-delegated-prefix.nix {  };
+      ];
-    in longrun {
-      name = "acquire-lan-prefix";
-      run = "${script} /run/service-state/dhcp6c.wan $(output ${services.int} ifname)";
-      dependencies = [ services.dhcp6 ];
-    };
-
-  services.acquire-wan-address =
-    let script = pkgs.callPackage ./acquire-wan-address.nix {  };
-    in longrun {
-      name = "acquire-wan-address";
-      run = "${script} /run/service-state/dhcp6c.wan $(output ${services.wan} ifname)";
-      dependencies = [ services.dhcp6 ];
     };
 
   defaultProfile.packages = with pkgs; [

modules/dhcp6c/address.nix

@@ -0,0 +1,16 @@
+{
+  liminix
+, lib
+, callPackage
+}:
+{ client, interface } :
+let
+  inherit (liminix.services) longrun;
+  inherit (lib) mkOption types;
+  name = "dhcp6c.addr.${client.name}.${interface.name}";
+  script = callPackage ./acquire-wan-address.nix {  };
+in longrun {
+  inherit name;
+  run = "${script} /run/service-state/${client.name} $(output ${interface} ifname)";
+  dependencies = [ client interface ];
+}

modules/dhcp6c/client.nix

@@ -0,0 +1,21 @@
+{
+  liminix
+, lib
+, odhcp6c
+, odhcp-script
+}:
+{ interface } :
+let
+  inherit (liminix.services) longrun;
+  inherit (lib) mkOption types;
+  name = "dhcp6c.${interface.name}";
+in longrun {
+  inherit name;
+  notification-fd = 10;
+  run = ''
+    export SERVICE_STATE=/run/service-state/${name}
+    ${odhcp6c}/bin/odhcp6c -s ${odhcp-script} -e -v -p /run/${name}.pid -P0 $(output ${interface} ifname)
+    )
+  '';
+  dependencies = [ interface ];
+}

modules/dhcp6c/default.nix

@@ -0,0 +1,52 @@
+## DHCP6 client module
+## ===================
+##
+##  This is for use if you have an IPv6-capable upstream that provides
+##  address information and/or prefix delegation using DHCP6. It
+##  provides a service to request address information in the form of a
+##  DHCP lease, and two dependent services that listen for updates
+##  to the DHCP address information and can be used to update
+##  addresses of network interfaces that you want to assign those
+##  prefixes to
+
+{ lib, pkgs, config, ...}:
+let
+  inherit (lib) mkOption types;
+  inherit (pkgs.liminix.services) oneshot;
+  inherit (pkgs) liminix;
+in
+{
+  options = {
+    system.service.dhcp6c = {
+      client = mkOption { type = liminix.lib.types.serviceDefn; };
+      prefix = mkOption { type = liminix.lib.types.serviceDefn; };
+      address = mkOption { type = liminix.lib.types.serviceDefn; };
+    };
+  };
+  config.system.service.dhcp6c = {
+    client = liminix.callService ./client.nix {
+      interface = mkOption {
+        type = liminix.lib.types.interface;
+        description = "interface (usually WAN) to query for DHCP6";
+      };
+    };
+    address = liminix.callService ./address.nix {
+      client = mkOption {
+        type = types.anything; # liminix.lib.types.service;
+      };
+      interface = mkOption {
+        type = liminix.lib.types.interface;
+        description = "interface to assign the address to";
+      };
+    };
+    prefix = liminix.callService ./prefix.nix {
+      client = mkOption {
+        type = types.anything; # liminix.lib.types.service;
+      };
+      interface = mkOption {
+        type = liminix.lib.types.interface;
+        description = "interface to assign <prefix>::1 to";
+      };
+    };
+  };
+}

modules/dhcp6c/prefix.nix

@@ -0,0 +1,16 @@
+{
+  liminix
+, lib
+, callPackage
+}:
+{ client, interface } :
+let
+  inherit (liminix.services) longrun;
+  inherit (lib) mkOption types;
+  name = "dhcp6c.prefix.${client.name}.${interface.name}";
+  script = callPackage ./acquire-delegated-prefix.nix {  };
+in longrun {
+  inherit name;
+  run = "${script} /run/service-state/${client.name} $(output ${interface} ifname)";
+  dependencies = [ client interface ];
+}