From b45ba94a0ed9b0a04c5d569d4994f546c1849797 Mon Sep 17 00:00:00 2001
From: Luke Granger-Brown <git@lukegb.com>
Date: Sun, 10 Aug 2025 16:34:57 +0200
Subject: [PATCH] nixos/tayga: add log option

This allows configuring logging in tayga, and enables it for the NixOS
test.
---
 nixos/modules/services/networking/tayga.nix | 13 +++++++++++++
 nixos/tests/tayga.nix                       | 12 ++++++++++++
 2 files changed, 25 insertions(+)

diff --git a/nixos/modules/services/networking/tayga.nix b/nixos/modules/services/networking/tayga.nix
index bac0005781b2..047c9ba396be 100644
--- a/nixos/modules/services/networking/tayga.nix
+++ b/nixos/modules/services/networking/tayga.nix
@@ -23,6 +23,10 @@ let
     data-dir ${cfg.dataDir}
 
     ${concatStringsSep "\n" (mapAttrsToList (ipv4: ipv6: "map " + ipv4 + " " + ipv6) cfg.mappings)}
+
+    ${optionalString ((builtins.length cfg.log) > 0) ''
+      log ${concatStringsSep " " cfg.log}
+    ''}
   '';
 
   addrOpts =
@@ -132,6 +136,15 @@ in
           }
         '';
       };
+
+      log = mkOption {
+        type = types.listOf types.str;
+        default = [ ];
+        description = "Packet errors to log (drop, reject, icmp, self)";
+        example = literalExpression ''
+          [ "drop" "reject" "icmp" "self" ]
+        '';
+      };
     };
   };
 
diff --git a/nixos/tests/tayga.nix b/nixos/tests/tayga.nix
index 4a7d1e304f6a..5076a05c884b 100644
--- a/nixos/tests/tayga.nix
+++ b/nixos/tests/tayga.nix
@@ -139,6 +139,12 @@
         mappings = {
           "192.0.2.42" = "2001:db8::2";
         };
+        log = [
+          "drop"
+          "reject"
+          "icmp"
+          "self"
+        ];
       };
       environment.systemPackages = [ pkgs.tcpdump ];
     };
@@ -205,6 +211,12 @@
         mappings = {
           "192.0.2.42" = "2001:db8::2";
         };
+        log = [
+          "drop"
+          "reject"
+          "icmp"
+          "self"
+        ];
       };
       environment.systemPackages = [ pkgs.tcpdump ];
     };