pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / system / boot / networkd.nix
at 23.11-beta 99 kB view raw
1{ config, lib, pkgs, utils, ... }: 2 3with utils.systemdUtils.unitOptions; 4with utils.systemdUtils.lib; 5with utils.systemdUtils.network.units; 6with lib; 7 8let 9 10 check = { 11 12 global = { 13 sectionNetwork = checkUnitConfig "Network" [ 14 (assertOnlyFields [ 15 "SpeedMeter" 16 "SpeedMeterIntervalSec" 17 "ManageForeignRoutingPolicyRules" 18 "ManageForeignRoutes" 19 "RouteTable" 20 ]) 21 (assertValueOneOf "SpeedMeter" boolValues) 22 (assertInt "SpeedMeterIntervalSec") 23 (assertValueOneOf "ManageForeignRoutingPolicyRules" boolValues) 24 (assertValueOneOf "ManageForeignRoutes" boolValues) 25 ]; 26 27 sectionDHCPv4 = checkUnitConfig "DHCPv4" [ 28 (assertOnlyFields [ 29 "ClientIdentifier" 30 "DUIDType" 31 "DUIDRawData" 32 ]) 33 (assertValueOneOf "ClientIdentifier" ["mac" "duid" "duid-only"]) 34 ]; 35 36 sectionDHCPv6 = checkUnitConfig "DHCPv6" [ 37 (assertOnlyFields [ 38 "DUIDType" 39 "DUIDRawData" 40 ]) 41 ]; 42 }; 43 44 link = { 45 46 sectionLink = checkUnitConfig "Link" [ 47 (assertOnlyFields [ 48 "Description" 49 "Alias" 50 "MACAddressPolicy" 51 "MACAddress" 52 "NamePolicy" 53 "Name" 54 "AlternativeNamesPolicy" 55 "AlternativeName" 56 "MTUBytes" 57 "BitsPerSecond" 58 "Duplex" 59 "AutoNegotiation" 60 "WakeOnLan" 61 "Port" 62 "Advertise" 63 "ReceiveChecksumOffload" 64 "TransmitChecksumOffload" 65 "TCPSegmentationOffload" 66 "TCP6SegmentationOffload" 67 "GenericSegmentationOffload" 68 "GenericReceiveOffload" 69 "LargeReceiveOffload" 70 "RxChannels" 71 "TxChannels" 72 "OtherChannels" 73 "CombinedChannels" 74 "RxBufferSize" 75 "TxBufferSize" 76 "ReceiveQueues" 77 "TransmitQueues" 78 "TransmitQueueLength" 79 ]) 80 (assertValueOneOf "MACAddressPolicy" ["persistent" "random" "none"]) 81 (assertMacAddress "MACAddress") 82 (assertByteFormat "MTUBytes") 83 (assertByteFormat "BitsPerSecond") 84 (assertValueOneOf "Duplex" ["half" "full"]) 85 (assertValueOneOf "AutoNegotiation" boolValues) 86 (assertValuesSomeOfOr "WakeOnLan" ["phy" "unicast" "multicast" "broadcast" "arp" "magic" "secureon"] "off") 87 (assertValueOneOf "Port" ["tp" "aui" "bnc" "mii" "fibre"]) 88 (assertValueOneOf "ReceiveChecksumOffload" boolValues) 89 (assertValueOneOf "TransmitChecksumOffload" boolValues) 90 (assertValueOneOf "TCPSegmentationOffload" boolValues) 91 (assertValueOneOf "TCP6SegmentationOffload" boolValues) 92 (assertValueOneOf "GenericSegmentationOffload" boolValues) 93 (assertValueOneOf "GenericReceiveOffload" boolValues) 94 (assertValueOneOf "LargeReceiveOffload" boolValues) 95 (assertInt "RxChannels") 96 (assertRange "RxChannels" 1 4294967295) 97 (assertInt "TxChannels") 98 (assertRange "TxChannels" 1 4294967295) 99 (assertInt "OtherChannels") 100 (assertRange "OtherChannels" 1 4294967295) 101 (assertInt "CombinedChannels") 102 (assertRange "CombinedChannels" 1 4294967295) 103 (assertInt "RxBufferSize") 104 (assertInt "TxBufferSize") 105 (assertRange "ReceiveQueues" 1 4096) 106 (assertRange "TransmitQueues" 1 4096) 107 (assertRange "TransmitQueueLength" 1 4294967294) 108 ]; 109 }; 110 111 netdev = let 112 113 tunChecks = [ 114 (assertOnlyFields [ 115 "MultiQueue" 116 "PacketInfo" 117 "VNetHeader" 118 "User" 119 "Group" 120 ]) 121 (assertValueOneOf "MultiQueue" boolValues) 122 (assertValueOneOf "PacketInfo" boolValues) 123 (assertValueOneOf "VNetHeader" boolValues) 124 ]; 125 126 # See https://www.freedesktop.org/software/systemd/man/latest/systemd.netdev.html#%5BIPVTAP%5D%20Section%20Options 127 ipVlanVtapChecks = [ 128 (assertOnlyFields [ 129 "Mode" 130 "Flags" 131 ]) 132 (assertValueOneOf "Mode" ["L2" "L3" "L3S" ]) 133 (assertValueOneOf "Flags" ["private" "vepa" "bridge" ]) 134 ]; 135 in { 136 137 sectionNetdev = checkUnitConfig "Netdev" [ 138 (assertOnlyFields [ 139 "Description" 140 "Name" 141 "Kind" 142 "MTUBytes" 143 "MACAddress" 144 ]) 145 (assertHasField "Name") 146 (assertHasField "Kind") 147 (assertValueOneOf "Kind" [ 148 "bond" 149 "bridge" 150 "dummy" 151 "gre" 152 "gretap" 153 "erspan" 154 "ip6gre" 155 "ip6tnl" 156 "ip6gretap" 157 "ipip" 158 "ipvlan" 159 "ipvtap" 160 "macvlan" 161 "macvtap" 162 "sit" 163 "tap" 164 "tun" 165 "veth" 166 "vlan" 167 "vti" 168 "vti6" 169 "vxlan" 170 "geneve" 171 "l2tp" 172 "macsec" 173 "wlan" 174 "vrf" 175 "vcan" 176 "vxcan" 177 "wireguard" 178 "netdevsim" 179 "nlmon" 180 "fou" 181 "xfrm" 182 "ifb" 183 "batadv" 184 ]) 185 (assertByteFormat "MTUBytes") 186 (assertNetdevMacAddress "MACAddress") 187 ]; 188 189 sectionVLAN = checkUnitConfig "VLAN" [ 190 (assertOnlyFields [ 191 "Id" 192 "GVRP" 193 "MVRP" 194 "LooseBinding" 195 "ReorderHeader" 196 ]) 197 (assertInt "Id") 198 (assertRange "Id" 0 4094) 199 (assertValueOneOf "GVRP" boolValues) 200 (assertValueOneOf "MVRP" boolValues) 201 (assertValueOneOf "LooseBinding" boolValues) 202 (assertValueOneOf "ReorderHeader" boolValues) 203 ]; 204 205 sectionIPVLAN = checkUnitConfig "IPVLAN" ipVlanVtapChecks; 206 207 sectionIPVTAP = checkUnitConfig "IPVTAP" ipVlanVtapChecks; 208 209 sectionMACVLAN = checkUnitConfig "MACVLAN" [ 210 (assertOnlyFields [ 211 "Mode" 212 ]) 213 (assertValueOneOf "Mode" ["private" "vepa" "bridge" "passthru"]) 214 ]; 215 216 sectionVXLAN = checkUnitConfig "VXLAN" [ 217 (assertOnlyFields [ 218 "VNI" 219 "Remote" 220 "Local" 221 "Group" 222 "TOS" 223 "TTL" 224 "MacLearning" 225 "FDBAgeingSec" 226 "MaximumFDBEntries" 227 "ReduceARPProxy" 228 "L2MissNotification" 229 "L3MissNotification" 230 "RouteShortCircuit" 231 "UDPChecksum" 232 "UDP6ZeroChecksumTx" 233 "UDP6ZeroChecksumRx" 234 "RemoteChecksumTx" 235 "RemoteChecksumRx" 236 "GroupPolicyExtension" 237 "GenericProtocolExtension" 238 "DestinationPort" 239 "PortRange" 240 "FlowLabel" 241 "IPDoNotFragment" 242 "Independent" 243 ]) 244 (assertInt "VNI") 245 (assertRange "VNI" 1 16777215) 246 (assertValueOneOf "MacLearning" boolValues) 247 (assertInt "MaximumFDBEntries") 248 (assertValueOneOf "ReduceARPProxy" boolValues) 249 (assertValueOneOf "L2MissNotification" boolValues) 250 (assertValueOneOf "L3MissNotification" boolValues) 251 (assertValueOneOf "RouteShortCircuit" boolValues) 252 (assertValueOneOf "UDPChecksum" boolValues) 253 (assertValueOneOf "UDP6ZeroChecksumTx" boolValues) 254 (assertValueOneOf "UDP6ZeroChecksumRx" boolValues) 255 (assertValueOneOf "RemoteChecksumTx" boolValues) 256 (assertValueOneOf "RemoteChecksumRx" boolValues) 257 (assertValueOneOf "GroupPolicyExtension" boolValues) 258 (assertValueOneOf "GenericProtocolExtension" boolValues) 259 (assertInt "FlowLabel") 260 (assertRange "FlowLabel" 0 1048575) 261 (assertValueOneOf "IPDoNotFragment" (boolValues + ["inherit"])) 262 (assertValueOneOf "Independent" boolValues) 263 ]; 264 265 sectionTunnel = checkUnitConfig "Tunnel" [ 266 (assertOnlyFields [ 267 "Local" 268 "Remote" 269 "TOS" 270 "TTL" 271 "DiscoverPathMTU" 272 "IPv6FlowLabel" 273 "CopyDSCP" 274 "EncapsulationLimit" 275 "Key" 276 "InputKey" 277 "OutputKey" 278 "Mode" 279 "Independent" 280 "AssignToLoopback" 281 "AllowLocalRemote" 282 "FooOverUDP" 283 "FOUDestinationPort" 284 "FOUSourcePort" 285 "Encapsulation" 286 "IPv6RapidDeploymentPrefix" 287 "ISATAP" 288 "SerializeTunneledPackets" 289 "ERSPANIndex" 290 ]) 291 (assertInt "TTL") 292 (assertRange "TTL" 0 255) 293 (assertValueOneOf "DiscoverPathMTU" boolValues) 294 (assertValueOneOf "CopyDSCP" boolValues) 295 (assertValueOneOf "Mode" ["ip6ip6" "ipip6" "any"]) 296 (assertValueOneOf "Independent" boolValues) 297 (assertValueOneOf "AssignToLoopback" boolValues) 298 (assertValueOneOf "AllowLocalRemote" boolValues) 299 (assertValueOneOf "FooOverUDP" boolValues) 300 (assertPort "FOUDestinationPort") 301 (assertPort "FOUSourcePort") 302 (assertValueOneOf "Encapsulation" ["FooOverUDP" "GenericUDPEncapsulation"]) 303 (assertValueOneOf "ISATAP" boolValues) 304 (assertValueOneOf "SerializeTunneledPackets" boolValues) 305 (assertInt "ERSPANIndex") 306 (assertRange "ERSPANIndex" 1 1048575) 307 ]; 308 309 sectionFooOverUDP = checkUnitConfig "FooOverUDP" [ 310 (assertOnlyFields [ 311 "Port" 312 "Encapsulation" 313 "Protocol" 314 ]) 315 (assertPort "Port") 316 (assertValueOneOf "Encapsulation" ["FooOverUDP" "GenericUDPEncapsulation"]) 317 ]; 318 319 sectionPeer = checkUnitConfig "Peer" [ 320 (assertOnlyFields [ 321 "Name" 322 "MACAddress" 323 ]) 324 (assertMacAddress "MACAddress") 325 ]; 326 327 sectionTun = checkUnitConfig "Tun" tunChecks; 328 329 sectionTap = checkUnitConfig "Tap" tunChecks; 330 331 sectionL2TP = checkUnitConfig "L2TP" [ 332 (assertOnlyFields [ 333 "TunnelId" 334 "PeerTunnelId" 335 "Remote" 336 "Local" 337 "EncapsulationType" 338 "UDPSourcePort" 339 "UDPDestinationPort" 340 "UDPChecksum" 341 "UDP6ZeroChecksumTx" 342 "UDP6ZeroChecksumRx" 343 ]) 344 (assertInt "TunnelId") 345 (assertRange "TunnelId" 1 4294967295) 346 (assertInt "PeerTunnelId") 347 (assertRange "PeerTunnelId" 1 4294967295) 348 (assertValueOneOf "EncapsulationType" [ "ip" "udp" ]) 349 (assertPort "UDPSourcePort") 350 (assertPort "UDPDestinationPort") 351 (assertValueOneOf "UDPChecksum" boolValues) 352 (assertValueOneOf "UDP6ZeroChecksumTx" boolValues) 353 (assertValueOneOf "UDP6ZeroChecksumRx" boolValues) 354 ]; 355 356 sectionL2TPSession = checkUnitConfig "L2TPSession" [ 357 (assertOnlyFields [ 358 "Name" 359 "SessionId" 360 "PeerSessionId" 361 "Layer2SpecificHeader" 362 ]) 363 (assertHasField "Name") 364 (assertHasField "SessionId") 365 (assertInt "SessionId") 366 (assertRange "SessionId" 1 4294967295) 367 (assertHasField "PeerSessionId") 368 (assertInt "PeerSessionId") 369 (assertRange "PeerSessionId" 1 4294967295) 370 (assertValueOneOf "Layer2SpecificHeader" [ "none" "default" ]) 371 ]; 372 373 # NOTE The PrivateKey directive is missing on purpose here, please 374 # do not add it to this list. The nix store is world-readable let's 375 # refrain ourselves from providing a footgun. 376 sectionWireGuard = checkUnitConfig "WireGuard" [ 377 (assertOnlyFields [ 378 "PrivateKeyFile" 379 "ListenPort" 380 "FirewallMark" 381 "RouteTable" 382 "RouteMetric" 383 ]) 384 (assertInt "FirewallMark") 385 (assertRange "FirewallMark" 1 4294967295) 386 ]; 387 388 # NOTE The PresharedKey directive is missing on purpose here, please 389 # do not add it to this list. The nix store is world-readable,let's 390 # refrain ourselves from providing a footgun. 391 sectionWireGuardPeer = checkUnitConfig "WireGuardPeer" [ 392 (assertOnlyFields [ 393 "PublicKey" 394 "PresharedKeyFile" 395 "AllowedIPs" 396 "Endpoint" 397 "PersistentKeepalive" 398 "RouteTable" 399 "RouteMetric" 400 ]) 401 (assertInt "PersistentKeepalive") 402 (assertRange "PersistentKeepalive" 0 65535) 403 ]; 404 405 sectionBond = checkUnitConfig "Bond" [ 406 (assertOnlyFields [ 407 "Mode" 408 "TransmitHashPolicy" 409 "LACPTransmitRate" 410 "MIIMonitorSec" 411 "UpDelaySec" 412 "DownDelaySec" 413 "LearnPacketIntervalSec" 414 "AdSelect" 415 "AdActorSystemPriority" 416 "AdUserPortKey" 417 "AdActorSystem" 418 "FailOverMACPolicy" 419 "ARPValidate" 420 "ARPIntervalSec" 421 "ARPIPTargets" 422 "ARPAllTargets" 423 "PrimaryReselectPolicy" 424 "ResendIGMP" 425 "PacketsPerSlave" 426 "GratuitousARP" 427 "AllSlavesActive" 428 "DynamicTransmitLoadBalancing" 429 "MinLinks" 430 ]) 431 (assertValueOneOf "Mode" [ 432 "balance-rr" 433 "active-backup" 434 "balance-xor" 435 "broadcast" 436 "802.3ad" 437 "balance-tlb" 438 "balance-alb" 439 ]) 440 (assertValueOneOf "TransmitHashPolicy" [ 441 "layer2" 442 "layer3+4" 443 "layer2+3" 444 "encap2+3" 445 "encap3+4" 446 ]) 447 (assertValueOneOf "LACPTransmitRate" ["slow" "fast"]) 448 (assertValueOneOf "AdSelect" ["stable" "bandwidth" "count"]) 449 (assertInt "AdActorSystemPriority") 450 (assertRange "AdActorSystemPriority" 1 65535) 451 (assertInt "AdUserPortKey") 452 (assertRange "AdUserPortKey" 0 1023) 453 (assertValueOneOf "FailOverMACPolicy" ["none" "active" "follow"]) 454 (assertValueOneOf "ARPValidate" ["none" "active" "backup" "all"]) 455 (assertValueOneOf "ARPAllTargets" ["any" "all"]) 456 (assertValueOneOf "PrimaryReselectPolicy" ["always" "better" "failure"]) 457 (assertInt "ResendIGMP") 458 (assertRange "ResendIGMP" 0 255) 459 (assertInt "PacketsPerSlave") 460 (assertRange "PacketsPerSlave" 0 65535) 461 (assertInt "GratuitousARP") 462 (assertRange "GratuitousARP" 0 255) 463 (assertValueOneOf "AllSlavesActive" boolValues) 464 (assertValueOneOf "DynamicTransmitLoadBalancing" boolValues) 465 (assertInt "MinLinks") 466 (assertMinimum "MinLinks" 0) 467 ]; 468 469 sectionXfrm = checkUnitConfig "Xfrm" [ 470 (assertOnlyFields [ 471 "InterfaceId" 472 "Independent" 473 ]) 474 (assertInt "InterfaceId") 475 (assertRange "InterfaceId" 1 4294967295) 476 (assertValueOneOf "Independent" boolValues) 477 ]; 478 479 sectionVRF = checkUnitConfig "VRF" [ 480 (assertOnlyFields [ 481 "Table" 482 ]) 483 (assertInt "Table") 484 (assertMinimum "Table" 0) 485 ]; 486 487 sectionWLAN = checkUnitConfig "WLAN" [ 488 (assertOnlyFields [ 489 "PhysicalDevice" # systemd supports both strings ("phy0") and indexes (0) here. 490 "Type" 491 "WDS" 492 ]) 493 # See https://github.com/systemd/systemd/blob/main/src/basic/linux/nl80211.h#L3382 494 (assertValueOneOf "Type" [ 495 "ad-hoc" 496 "station" 497 "ap" 498 "ap-vlan" 499 "wds" 500 "monitor" 501 "mesh-point" 502 "p2p-client" 503 "p2p-go" 504 "p2p-device" 505 "ocb" 506 "nan" 507 ]) 508 (assertValueOneOf "WDS" boolValues) 509 ]; 510 511 sectionBatmanAdvanced = checkUnitConfig "BatmanAdvanced" [ 512 (assertOnlyFields [ 513 "GatewayMode" 514 "Aggregation" 515 "BridgeLoopAvoidance" 516 "DistributedArpTable" 517 "Fragmentation" 518 "HopPenalty" 519 "OriginatorIntervalSec" 520 "GatewayBandwithDown" 521 "GatewayBandwithUp" 522 "RoutingAlgorithm" 523 ]) 524 (assertValueOneOf "GatewayMode" ["off" "client" "server"]) 525 (assertValueOneOf "Aggregation" boolValues) 526 (assertValueOneOf "BridgeLoopAvoidance" boolValues) 527 (assertValueOneOf "DistributedArpTable" boolValues) 528 (assertValueOneOf "Fragmentation" boolValues) 529 (assertInt "HopPenalty") 530 (assertRange "HopPenalty" 0 255) 531 (assertValueOneOf "RoutingAlgorithm" ["batman-v" "batman-iv"]) 532 ]; 533 }; 534 535 network = { 536 537 sectionLink = checkUnitConfig "Link" [ 538 (assertOnlyFields [ 539 "MACAddress" 540 "MTUBytes" 541 "ARP" 542 "Multicast" 543 "AllMulticast" 544 "Unmanaged" 545 "Group" 546 "RequiredForOnline" 547 "RequiredFamilyForOnline" 548 "ActivationPolicy" 549 "Promiscuous" 550 ]) 551 (assertMacAddress "MACAddress") 552 (assertByteFormat "MTUBytes") 553 (assertValueOneOf "ARP" boolValues) 554 (assertValueOneOf "Multicast" boolValues) 555 (assertValueOneOf "AllMulticast" boolValues) 556 (assertValueOneOf "Promiscuous" boolValues) 557 (assertValueOneOf "Unmanaged" boolValues) 558 (assertInt "Group") 559 (assertRange "Group" 0 2147483647) 560 (assertValueOneOf "RequiredForOnline" (boolValues ++ ( 561 let 562 # https://freedesktop.org/software/systemd/man/networkctl.html#missing 563 operationalStates = [ 564 "missing" 565 "off" 566 "no-carrier" 567 "dormant" 568 "degraded-carrier" 569 "carrier" 570 "degraded" 571 "enslaved" 572 "routable" 573 ]; 574 operationalStateRanges = concatLists (imap0 (i: min: map (max: "${min}:${max}") (drop i operationalStates)) operationalStates); 575 in 576 operationalStates ++ operationalStateRanges 577 ))) 578 (assertValueOneOf "RequiredFamilyForOnline" [ 579 "ipv4" 580 "ipv6" 581 "both" 582 "any" 583 ]) 584 (assertValueOneOf "ActivationPolicy" ([ 585 "up" 586 "always-up" 587 "manual" 588 "always-down" 589 "down" 590 "bound" 591 ])) 592 ]; 593 594 sectionNetwork = checkUnitConfig "Network" [ 595 (assertOnlyFields [ 596 "Description" 597 "DHCP" 598 "DHCPServer" 599 "LinkLocalAddressing" 600 "IPv4LLRoute" 601 "DefaultRouteOnDevice" 602 "LLMNR" 603 "MulticastDNS" 604 "DNSOverTLS" 605 "DNSSEC" 606 "DNSSECNegativeTrustAnchors" 607 "LLDP" 608 "EmitLLDP" 609 "BindCarrier" 610 "Address" 611 "Gateway" 612 "DNS" 613 "Domains" 614 "DNSDefaultRoute" 615 "NTP" 616 "IPForward" 617 "IPMasquerade" 618 "IPv6PrivacyExtensions" 619 "IPv6AcceptRA" 620 "IPv6DuplicateAddressDetection" 621 "IPv6HopLimit" 622 "IPv4ProxyARP" 623 "IPv6ProxyNDP" 624 "IPv6ProxyNDPAddress" 625 "IPv6SendRA" 626 "DHCPPrefixDelegation" 627 "IPv6MTUBytes" 628 "Bridge" 629 "Bond" 630 "VRF" 631 "VLAN" 632 "IPVLAN" 633 "IPVTAP" 634 "MACVLAN" 635 "MACVTAP" 636 "VXLAN" 637 "Tunnel" 638 "MACsec" 639 "ActiveSlave" 640 "PrimarySlave" 641 "ConfigureWithoutCarrier" 642 "IgnoreCarrierLoss" 643 "Xfrm" 644 "KeepConfiguration" 645 "BatmanAdvanced" 646 ]) 647 # Note: For DHCP the values both, none, v4, v6 are deprecated 648 (assertValueOneOf "DHCP" ["yes" "no" "ipv4" "ipv6"]) 649 (assertValueOneOf "DHCPServer" boolValues) 650 (assertValueOneOf "LinkLocalAddressing" ["yes" "no" "ipv4" "ipv6" "fallback" "ipv4-fallback"]) 651 (assertValueOneOf "IPv4LLRoute" boolValues) 652 (assertValueOneOf "DefaultRouteOnDevice" boolValues) 653 (assertValueOneOf "LLMNR" (boolValues ++ ["resolve"])) 654 (assertValueOneOf "MulticastDNS" (boolValues ++ ["resolve"])) 655 (assertValueOneOf "DNSOverTLS" (boolValues ++ ["opportunistic"])) 656 (assertValueOneOf "DNSSEC" (boolValues ++ ["allow-downgrade"])) 657 (assertValueOneOf "LLDP" (boolValues ++ ["routers-only"])) 658 (assertValueOneOf "EmitLLDP" (boolValues ++ ["nearest-bridge" "non-tpmr-bridge" "customer-bridge"])) 659 (assertValueOneOf "DNSDefaultRoute" boolValues) 660 (assertValueOneOf "IPForward" (boolValues ++ ["ipv4" "ipv6"])) 661 (assertValueOneOf "IPMasquerade" (boolValues ++ ["ipv4" "ipv6" "both"])) 662 (assertValueOneOf "IPv6PrivacyExtensions" (boolValues ++ ["prefer-public" "kernel"])) 663 (assertValueOneOf "IPv6AcceptRA" boolValues) 664 (assertInt "IPv6DuplicateAddressDetection") 665 (assertMinimum "IPv6DuplicateAddressDetection" 0) 666 (assertInt "IPv6HopLimit") 667 (assertMinimum "IPv6HopLimit" 0) 668 (assertValueOneOf "IPv4ProxyARP" boolValues) 669 (assertValueOneOf "IPv6ProxyNDP" boolValues) 670 (assertValueOneOf "IPv6SendRA" boolValues) 671 (assertValueOneOf "DHCPPrefixDelegation" boolValues) 672 (assertByteFormat "IPv6MTUBytes") 673 (assertValueOneOf "ActiveSlave" boolValues) 674 (assertValueOneOf "PrimarySlave" boolValues) 675 (assertValueOneOf "ConfigureWithoutCarrier" boolValues) 676 (assertValueOneOf "KeepConfiguration" (boolValues ++ ["static" "dhcp-on-stop" "dhcp"])) 677 ]; 678 679 sectionAddress = checkUnitConfig "Address" [ 680 (assertOnlyFields [ 681 "Address" 682 "Peer" 683 "Broadcast" 684 "Label" 685 "PreferredLifetime" 686 "Scope" 687 "RouteMetric" 688 "HomeAddress" 689 "DuplicateAddressDetection" 690 "ManageTemporaryAddress" 691 "AddPrefixRoute" 692 "AutoJoin" 693 ]) 694 (assertHasField "Address") 695 (assertValueOneOf "PreferredLifetime" ["forever" "infinity" "0" 0]) 696 (assertInt "RouteMetric") 697 (assertValueOneOf "HomeAddress" boolValues) 698 (assertValueOneOf "DuplicateAddressDetection" ["ipv4" "ipv6" "both" "none"]) 699 (assertValueOneOf "ManageTemporaryAddress" boolValues) 700 (assertValueOneOf "AddPrefixRoute" boolValues) 701 (assertValueOneOf "AutoJoin" boolValues) 702 ]; 703 704 sectionRoutingPolicyRule = checkUnitConfig "RoutingPolicyRule" [ 705 (assertOnlyFields [ 706 "TypeOfService" 707 "From" 708 "To" 709 "FirewallMark" 710 "Table" 711 "Priority" 712 "IncomingInterface" 713 "OutgoingInterface" 714 "SourcePort" 715 "DestinationPort" 716 "IPProtocol" 717 "InvertRule" 718 "Family" 719 "User" 720 "SuppressPrefixLength" 721 "Type" 722 "SuppressInterfaceGroup" 723 ]) 724 (assertInt "TypeOfService") 725 (assertRange "TypeOfService" 0 255) 726 (assertInt "FirewallMark") 727 (assertRange "FirewallMark" 1 4294967295) 728 (assertInt "Priority") 729 (assertPort "SourcePort") 730 (assertPort "DestinationPort") 731 (assertValueOneOf "InvertRule" boolValues) 732 (assertValueOneOf "Family" ["ipv4" "ipv6" "both"]) 733 (assertInt "SuppressPrefixLength") 734 (assertRange "SuppressPrefixLength" 0 128) 735 (assertValueOneOf "Type" ["blackhole" "unreachable" "prohibit"]) 736 (assertRange "SuppressInterfaceGroup" 0 2147483647) 737 ]; 738 739 sectionRoute = checkUnitConfig "Route" [ 740 (assertOnlyFields [ 741 "Gateway" 742 "GatewayOnLink" 743 "Destination" 744 "Source" 745 "Metric" 746 "IPv6Preference" 747 "Scope" 748 "PreferredSource" 749 "Table" 750 "Protocol" 751 "Type" 752 "InitialCongestionWindow" 753 "InitialAdvertisedReceiveWindow" 754 "QuickAck" 755 "FastOpenNoCookie" 756 "TTLPropagate" 757 "MTUBytes" 758 "IPServiceType" 759 "MultiPathRoute" 760 ]) 761 (assertValueOneOf "GatewayOnLink" boolValues) 762 (assertInt "Metric") 763 (assertValueOneOf "IPv6Preference" ["low" "medium" "high"]) 764 (assertValueOneOf "Scope" ["global" "site" "link" "host" "nowhere"]) 765 (assertValueOneOf "Type" [ 766 "unicast" 767 "local" 768 "broadcast" 769 "anycast" 770 "multicast" 771 "blackhole" 772 "unreachable" 773 "prohibit" 774 "throw" 775 "nat" 776 "xresolve" 777 ]) 778 (assertValueOneOf "QuickAck" boolValues) 779 (assertValueOneOf "FastOpenNoCookie" boolValues) 780 (assertValueOneOf "TTLPropagate" boolValues) 781 (assertByteFormat "MTUBytes") 782 (assertValueOneOf "IPServiceType" ["CS6" "CS4"]) 783 ]; 784 785 sectionDHCPv4 = checkUnitConfig "DHCPv4" [ 786 (assertOnlyFields [ 787 "UseDNS" 788 "RoutesToDNS" 789 "UseNTP" 790 "UseSIP" 791 "UseMTU" 792 "Anonymize" 793 "SendHostname" 794 "UseHostname" 795 "Hostname" 796 "UseDomains" 797 "UseRoutes" 798 "UseTimezone" 799 "ClientIdentifier" 800 "VendorClassIdentifier" 801 "UserClass" 802 "MaxAttempts" 803 "DUIDType" 804 "DUIDRawData" 805 "IAID" 806 "RequestBroadcast" 807 "RouteMetric" 808 "RouteTable" 809 "RouteMTUBytes" 810 "ListenPort" 811 "SendRelease" 812 "SendDecline" 813 "BlackList" 814 "RequestOptions" 815 "SendOption" 816 "FallbackLeaseLifetimeSec" 817 "Label" 818 "Use6RD" 819 ]) 820 (assertValueOneOf "UseDNS" boolValues) 821 (assertValueOneOf "RoutesToDNS" boolValues) 822 (assertValueOneOf "UseNTP" boolValues) 823 (assertValueOneOf "UseSIP" boolValues) 824 (assertValueOneOf "UseMTU" boolValues) 825 (assertValueOneOf "Anonymize" boolValues) 826 (assertValueOneOf "SendHostname" boolValues) 827 (assertValueOneOf "UseHostname" boolValues) 828 (assertValueOneOf "UseDomains" (boolValues ++ ["route"])) 829 (assertValueOneOf "UseRoutes" boolValues) 830 (assertValueOneOf "UseTimezone" boolValues) 831 (assertValueOneOf "ClientIdentifier" ["mac" "duid" "duid-only"]) 832 (assertInt "IAID") 833 (assertValueOneOf "RequestBroadcast" boolValues) 834 (assertInt "RouteMetric") 835 (assertInt "RouteTable") 836 (assertRange "RouteTable" 0 4294967295) 837 (assertByteFormat "RouteMTUBytes") 838 (assertPort "ListenPort") 839 (assertValueOneOf "SendRelease" boolValues) 840 (assertValueOneOf "SendDecline" boolValues) 841 (assertValueOneOf "FallbackLeaseLifetimeSec" ["forever" "infinity"]) 842 (assertValueOneOf "Use6RD" boolValues) 843 ]; 844 845 sectionDHCPv6 = checkUnitConfig "DHCPv6" [ 846 (assertOnlyFields [ 847 "UseAddress" 848 "UseDNS" 849 "UseNTP" 850 "UseHostname" 851 "UseDomains" 852 "RouteMetric" 853 "RapidCommit" 854 "MUDURL" 855 "RequestOptions" 856 "SendVendorOption" 857 "PrefixDelegationHint" 858 "WithoutRA" 859 "SendOption" 860 "UserClass" 861 "VendorClass" 862 "DUIDType" 863 "DUIDRawData" 864 "IAID" 865 "UseDelegatedPrefix" 866 "SendRelease" 867 ]) 868 (assertValueOneOf "UseAddress" boolValues) 869 (assertValueOneOf "UseDNS" boolValues) 870 (assertValueOneOf "UseNTP" boolValues) 871 (assertValueOneOf "UseHostname" boolValues) 872 (assertValueOneOf "UseDomains" (boolValues ++ ["route"])) 873 (assertInt "RouteMetric") 874 (assertValueOneOf "RapidCommit" boolValues) 875 (assertValueOneOf "WithoutRA" ["no" "solicit" "information-request"]) 876 (assertRange "SendOption" 1 65536) 877 (assertInt "IAID") 878 (assertValueOneOf "UseDelegatedPrefix" boolValues) 879 (assertValueOneOf "SendRelease" boolValues) 880 ]; 881 882 sectionDHCPPrefixDelegation = checkUnitConfig "DHCPPrefixDelegation" [ 883 (assertOnlyFields [ 884 "UplinkInterface" 885 "SubnetId" 886 "Announce" 887 "Assign" 888 "Token" 889 "ManageTemporaryAddress" 890 "RouteMetric" 891 ]) 892 (assertValueOneOf "Announce" boolValues) 893 (assertValueOneOf "Assign" boolValues) 894 (assertValueOneOf "ManageTemporaryAddress" boolValues) 895 (assertRange "RouteMetric" 0 4294967295) 896 ]; 897 898 sectionIPv6AcceptRA = checkUnitConfig "IPv6AcceptRA" [ 899 (assertOnlyFields [ 900 "UseDNS" 901 "UseDomains" 902 "RouteTable" 903 "UseAutonomousPrefix" 904 "UseOnLinkPrefix" 905 "RouterDenyList" 906 "RouterAllowList" 907 "PrefixDenyList" 908 "PrefixAllowList" 909 "RouteDenyList" 910 "RouteAllowList" 911 "DHCPv6Client" 912 "RouteMetric" 913 "UseMTU" 914 "UseGateway" 915 "UseRoutePrefix" 916 "Token" 917 ]) 918 (assertValueOneOf "UseDNS" boolValues) 919 (assertValueOneOf "UseDomains" (boolValues ++ ["route"])) 920 (assertRange "RouteTable" 0 4294967295) 921 (assertValueOneOf "UseAutonomousPrefix" boolValues) 922 (assertValueOneOf "UseOnLinkPrefix" boolValues) 923 (assertValueOneOf "DHCPv6Client" (boolValues ++ ["always"])) 924 (assertValueOneOf "UseMTU" boolValues) 925 (assertValueOneOf "UseGateway" boolValues) 926 (assertValueOneOf "UseRoutePrefix" boolValues) 927 ]; 928 929 sectionDHCPServer = checkUnitConfig "DHCPServer" [ 930 (assertOnlyFields [ 931 "ServerAddress" 932 "PoolOffset" 933 "PoolSize" 934 "DefaultLeaseTimeSec" 935 "MaxLeaseTimeSec" 936 "UplinkInterface" 937 "EmitDNS" 938 "DNS" 939 "EmitNTP" 940 "NTP" 941 "EmitSIP" 942 "SIP" 943 "EmitPOP3" 944 "POP3" 945 "EmitSMTP" 946 "SMTP" 947 "EmitLPR" 948 "LPR" 949 "EmitRouter" 950 "Router" 951 "EmitTimezone" 952 "Timezone" 953 "SendOption" 954 "SendVendorOption" 955 "BindToInterface" 956 "RelayTarget" 957 "RelayAgentCircuitId" 958 "RelayAgentRemoteId" 959 "BootServerAddress" 960 "BootServerName" 961 "BootFilename" 962 ]) 963 (assertInt "PoolOffset") 964 (assertMinimum "PoolOffset" 0) 965 (assertInt "PoolSize") 966 (assertMinimum "PoolSize" 0) 967 (assertValueOneOf "EmitDNS" boolValues) 968 (assertValueOneOf "EmitNTP" boolValues) 969 (assertValueOneOf "EmitSIP" boolValues) 970 (assertValueOneOf "EmitPOP3" boolValues) 971 (assertValueOneOf "EmitSMTP" boolValues) 972 (assertValueOneOf "EmitLPR" boolValues) 973 (assertValueOneOf "EmitRouter" boolValues) 974 (assertValueOneOf "EmitTimezone" boolValues) 975 (assertValueOneOf "BindToInterface" boolValues) 976 ]; 977 978 sectionIPv6SendRA = checkUnitConfig "IPv6SendRA" [ 979 (assertOnlyFields [ 980 "Managed" 981 "OtherInformation" 982 "RouterLifetimeSec" 983 "RouterPreference" 984 "UplinkInterface" 985 "EmitDNS" 986 "DNS" 987 "EmitDomains" 988 "Domains" 989 "DNSLifetimeSec" 990 ]) 991 (assertValueOneOf "Managed" boolValues) 992 (assertValueOneOf "OtherInformation" boolValues) 993 (assertValueOneOf "RouterPreference" ["high" "medium" "low" "normal" "default"]) 994 (assertValueOneOf "EmitDNS" boolValues) 995 (assertValueOneOf "EmitDomains" boolValues) 996 ]; 997 998 sectionIPv6Prefix = checkUnitConfig "IPv6Prefix" [ 999 (assertOnlyFields [ 1000 "AddressAutoconfiguration" 1001 "OnLink" 1002 "Prefix" 1003 "PreferredLifetimeSec" 1004 "ValidLifetimeSec" 1005 "Assign" 1006 "Token" 1007 ]) 1008 (assertValueOneOf "AddressAutoconfiguration" boolValues) 1009 (assertValueOneOf "OnLink" boolValues) 1010 (assertValueOneOf "Assign" boolValues) 1011 ]; 1012 1013 sectionIPv6RoutePrefix = checkUnitConfig "IPv6RoutePrefix" [ 1014 (assertOnlyFields [ 1015 "Route" 1016 "LifetimeSec" 1017 ]) 1018 (assertHasField "Route") 1019 (assertInt "LifetimeSec") 1020 ]; 1021 1022 sectionDHCPServerStaticLease = checkUnitConfig "DHCPServerStaticLease" [ 1023 (assertOnlyFields [ 1024 "MACAddress" 1025 "Address" 1026 ]) 1027 (assertHasField "MACAddress") 1028 (assertHasField "Address") 1029 (assertMacAddress "MACAddress") 1030 ]; 1031 1032 sectionBridge = checkUnitConfig "Bridge" [ 1033 (assertOnlyFields [ 1034 "UnicastFlood" 1035 "MulticastFlood" 1036 "MulticastToUnicast" 1037 "NeighborSuppression" 1038 "Learning" 1039 "HairPin" 1040 "Isolated" 1041 "UseBPDU" 1042 "FastLeave" 1043 "AllowPortToBeRoot" 1044 "ProxyARP" 1045 "ProxyARPWiFi" 1046 "MulticastRouter" 1047 "Cost" 1048 "Priority" 1049 ]) 1050 (assertValueOneOf "UnicastFlood" boolValues) 1051 (assertValueOneOf "MulticastFlood" boolValues) 1052 (assertValueOneOf "MulticastToUnicast" boolValues) 1053 (assertValueOneOf "NeighborSuppression" boolValues) 1054 (assertValueOneOf "Learning" boolValues) 1055 (assertValueOneOf "HairPin" boolValues) 1056 (assertValueOneOf "Isolated" boolValues) 1057 (assertValueOneOf "UseBPDU" boolValues) 1058 (assertValueOneOf "FastLeave" boolValues) 1059 (assertValueOneOf "AllowPortToBeRoot" boolValues) 1060 (assertValueOneOf "ProxyARP" boolValues) 1061 (assertValueOneOf "ProxyARPWiFi" boolValues) 1062 (assertValueOneOf "MulticastRouter" [ "no" "query" "permanent" "temporary" ]) 1063 (assertInt "Cost") 1064 (assertRange "Cost" 1 65535) 1065 (assertInt "Priority") 1066 (assertRange "Priority" 0 63) 1067 ]; 1068 1069 sectionBridgeFDB = checkUnitConfig "BridgeFDB" [ 1070 (assertOnlyFields [ 1071 "MACAddress" 1072 "Destination" 1073 "VLANId" 1074 "VNI" 1075 "AssociatedWith" 1076 "OutgoingInterface" 1077 ]) 1078 (assertHasField "MACAddress") 1079 (assertInt "VLANId") 1080 (assertRange "VLANId" 0 4094) 1081 (assertInt "VNI") 1082 (assertRange "VNI" 1 16777215) 1083 (assertValueOneOf "AssociatedWith" [ "use" "self" "master" "router" ]) 1084 ]; 1085 1086 sectionBridgeMDB = checkUnitConfig "BridgeMDB" [ 1087 (assertOnlyFields [ 1088 "MulticastGroupAddress" 1089 "VLANId" 1090 ]) 1091 (assertHasField "MulticastGroupAddress") 1092 (assertInt "VLANId") 1093 (assertRange "VLANId" 0 4094) 1094 ]; 1095 1096 sectionLLDP = checkUnitConfig "LLDP" [ 1097 (assertOnlyFields [ 1098 "MUDURL" 1099 ]) 1100 ]; 1101 1102 sectionCAN = checkUnitConfig "CAN" [ 1103 (assertOnlyFields [ 1104 "BitRate" 1105 "SamplePoint" 1106 "TimeQuantaNSec" 1107 "PropagationSegment" 1108 "PhaseBufferSegment1" 1109 "PhaseBufferSegment2" 1110 "SyncJumpWidth" 1111 "DataBitRate" 1112 "DataSamplePoint" 1113 "DataTimeQuantaNSec" 1114 "DataPropagationSegment" 1115 "DataPhaseBufferSegment1" 1116 "DataPhaseBufferSegment2" 1117 "DataSyncJumpWidth" 1118 "FDMode" 1119 "FDNonISO" 1120 "RestartSec" 1121 "Termination" 1122 "TripleSampling" 1123 "BusErrorReporting" 1124 "ListenOnly" 1125 "Loopback" 1126 "OneShot" 1127 "PresumeAck" 1128 "ClassicDataLengthCode" 1129 ]) 1130 (assertInt "TimeQuantaNSec" ) 1131 (assertRange "TimeQuantaNSec" 0 4294967295 ) 1132 (assertInt "PropagationSegment" ) 1133 (assertRange "PropagationSegment" 0 4294967295 ) 1134 (assertInt "PhaseBufferSegment1" ) 1135 (assertRange "PhaseBufferSegment1" 0 4294967295 ) 1136 (assertInt "PhaseBufferSegment2" ) 1137 (assertRange "PhaseBufferSegment2" 0 4294967295 ) 1138 (assertInt "SyncJumpWidth" ) 1139 (assertRange "SyncJumpWidth" 0 4294967295 ) 1140 (assertInt "DataTimeQuantaNSec" ) 1141 (assertRange "DataTimeQuantaNSec" 0 4294967295 ) 1142 (assertInt "DataPropagationSegment" ) 1143 (assertRange "DataPropagationSegment" 0 4294967295 ) 1144 (assertInt "DataPhaseBufferSegment1" ) 1145 (assertRange "DataPhaseBufferSegment1" 0 4294967295 ) 1146 (assertInt "DataPhaseBufferSegment2" ) 1147 (assertRange "DataPhaseBufferSegment2" 0 4294967295 ) 1148 (assertInt "DataSyncJumpWidth" ) 1149 (assertRange "DataSyncJumpWidth" 0 4294967295 ) 1150 (assertValueOneOf "FDMode" boolValues) 1151 (assertValueOneOf "FDNonISO" boolValues) 1152 (assertValueOneOf "TripleSampling" boolValues) 1153 (assertValueOneOf "BusErrorReporting" boolValues) 1154 (assertValueOneOf "ListenOnly" boolValues) 1155 (assertValueOneOf "Loopback" boolValues) 1156 (assertValueOneOf "OneShot" boolValues) 1157 (assertValueOneOf "PresumeAck" boolValues) 1158 (assertValueOneOf "ClassicDataLengthCode" boolValues) 1159 ]; 1160 1161 sectionIPoIB = checkUnitConfig "IPoIB" [ 1162 (assertOnlyFields [ 1163 "Mode" 1164 "IgnoreUserspaceMulticastGroup" 1165 ]) 1166 (assertValueOneOf "Mode" [ "datagram" "connected" ]) 1167 (assertValueOneOf "IgnoreUserspaceMulticastGroup" boolValues) 1168 ]; 1169 1170 sectionQDisc = checkUnitConfig "QDisc" [ 1171 (assertOnlyFields [ 1172 "Parent" 1173 "Handle" 1174 ]) 1175 (assertValueOneOf "Parent" [ "clsact" "ingress" ]) 1176 ]; 1177 1178 sectionNetworkEmulator = checkUnitConfig "NetworkEmulator" [ 1179 (assertOnlyFields [ 1180 "Parent" 1181 "Handle" 1182 "DelaySec" 1183 "DelayJitterSec" 1184 "PacketLimit" 1185 "LossRate" 1186 "DuplicateRate" 1187 ]) 1188 (assertInt "PacketLimit") 1189 (assertRange "PacketLimit" 0 4294967294) 1190 ]; 1191 1192 sectionTokenBucketFilter = checkUnitConfig "TokenBucketFilter" [ 1193 (assertOnlyFields [ 1194 "Parent" 1195 "Handle" 1196 "LatencySec" 1197 "LimitBytes" 1198 "BurstBytes" 1199 "Rate" 1200 "MPUBytes" 1201 "PeakRate" 1202 "MTUBytes" 1203 ]) 1204 ]; 1205 1206 sectionPIE = checkUnitConfig "PIE" [ 1207 (assertOnlyFields [ 1208 "Parent" 1209 "Handle" 1210 "PacketLimit" 1211 ]) 1212 (assertInt "PacketLimit") 1213 (assertRange "PacketLimit" 1 4294967294) 1214 ]; 1215 1216 sectionFlowQueuePIE = checkUnitConfig "FlowQueuePIE" [ 1217 (assertOnlyFields [ 1218 "Parent" 1219 "Handle" 1220 "PacketLimit" 1221 ]) 1222 (assertInt "PacketLimit") 1223 (assertRange "PacketLimit" 1 4294967294) 1224 ]; 1225 1226 sectionStochasticFairBlue = checkUnitConfig "StochasticFairBlue" [ 1227 (assertOnlyFields [ 1228 "Parent" 1229 "Handle" 1230 "PacketLimit" 1231 ]) 1232 (assertInt "PacketLimit") 1233 (assertRange "PacketLimit" 1 4294967294) 1234 ]; 1235 1236 sectionStochasticFairnessQueueing = checkUnitConfig "StochasticFairnessQueueing" [ 1237 (assertOnlyFields [ 1238 "Parent" 1239 "Handle" 1240 "PerturbPeriodSec" 1241 ]) 1242 (assertInt "PerturbPeriodSec") 1243 ]; 1244 1245 sectionBFIFO = checkUnitConfig "BFIFO" [ 1246 (assertOnlyFields [ 1247 "Parent" 1248 "Handle" 1249 "LimitBytes" 1250 ]) 1251 ]; 1252 1253 sectionPFIFO = checkUnitConfig "PFIFO" [ 1254 (assertOnlyFields [ 1255 "Parent" 1256 "Handle" 1257 "PacketLimit" 1258 ]) 1259 (assertInt "PacketLimit") 1260 (assertRange "PacketLimit" 0 4294967294) 1261 ]; 1262 1263 sectionPFIFOHeadDrop = checkUnitConfig "PFIFOHeadDrop" [ 1264 (assertOnlyFields [ 1265 "Parent" 1266 "Handle" 1267 "PacketLimit" 1268 ]) 1269 (assertInt "PacketLimit") 1270 (assertRange "PacketLimit" 0 4294967294) 1271 ]; 1272 1273 sectionPFIFOFast = checkUnitConfig "PFIFOFast" [ 1274 (assertOnlyFields [ 1275 "Parent" 1276 "Handle" 1277 ]) 1278 ]; 1279 1280 sectionCAKE = checkUnitConfig "CAKE" [ 1281 (assertOnlyFields [ 1282 "Parent" 1283 "Handle" 1284 "Bandwidth" 1285 "AutoRateIngress" 1286 "OverheadBytes" 1287 "MPUBytes" 1288 "CompensationMode" 1289 "UseRawPacketSize" 1290 "FlowIsolationMode" 1291 "NAT" 1292 "PriorityQueueingPreset" 1293 "FirewallMark" 1294 "Wash" 1295 "SplitGSO" 1296 "AckFilter" 1297 ]) 1298 (assertValueOneOf "AutoRateIngress" boolValues) 1299 (assertInt "OverheadBytes") 1300 (assertRange "OverheadBytes" (-64) 256) 1301 (assertInt "MPUBytes") 1302 (assertRange "MPUBytes" 1 256) 1303 (assertValueOneOf "CompensationMode" [ "none" "atm" "ptm" ]) 1304 (assertValueOneOf "UseRawPacketSize" boolValues) 1305 (assertValueOneOf "FlowIsolationMode" 1306 [ 1307 "none" 1308 "src-host" 1309 "dst-host" 1310 "hosts" 1311 "flows" 1312 "dual-src-host" 1313 "dual-dst-host" 1314 "triple" 1315 ]) 1316 (assertValueOneOf "NAT" boolValues) 1317 (assertValueOneOf "PriorityQueueingPreset" 1318 [ 1319 "besteffort" 1320 "precedence" 1321 "diffserv8" 1322 "diffserv4" 1323 "diffserv3" 1324 ]) 1325 (assertInt "FirewallMark") 1326 (assertRange "FirewallMark" 1 4294967295) 1327 (assertValueOneOf "Wash" boolValues) 1328 (assertValueOneOf "SplitGSO" boolValues) 1329 (assertValueOneOf "AckFilter" (boolValues ++ ["aggressive"])) 1330 ]; 1331 1332 sectionControlledDelay = checkUnitConfig "ControlledDelay" [ 1333 (assertOnlyFields [ 1334 "Parent" 1335 "Handle" 1336 "PacketLimit" 1337 "TargetSec" 1338 "IntervalSec" 1339 "ECN" 1340 "CEThresholdSec" 1341 ]) 1342 (assertValueOneOf "ECN" boolValues) 1343 ]; 1344 1345 sectionDeficitRoundRobinScheduler = checkUnitConfig "DeficitRoundRobinScheduler" [ 1346 (assertOnlyFields [ 1347 "Parent" 1348 "Handle" 1349 ]) 1350 ]; 1351 1352 sectionDeficitRoundRobinSchedulerClass = checkUnitConfig "DeficitRoundRobinSchedulerClass" [ 1353 (assertOnlyFields [ 1354 "Parent" 1355 "Handle" 1356 "QuantumBytes" 1357 ]) 1358 ]; 1359 1360 sectionEnhancedTransmissionSelection = checkUnitConfig "EnhancedTransmissionSelection" [ 1361 (assertOnlyFields [ 1362 "Parent" 1363 "Handle" 1364 "Bands" 1365 "StrictBands" 1366 "QuantumBytes" 1367 "PriorityMap" 1368 ]) 1369 (assertInt "Bands") 1370 (assertRange "Bands" 1 16) 1371 (assertInt "StrictBands") 1372 (assertRange "StrictBands" 1 16) 1373 ]; 1374 1375 sectionGenericRandomEarlyDetection = checkUnitConfig "GenericRandomEarlyDetection" [ 1376 (assertOnlyFields [ 1377 "Parent" 1378 "Handle" 1379 "VirtualQueues" 1380 "DefaultVirtualQueue" 1381 "GenericRIO" 1382 ]) 1383 (assertInt "VirtualQueues") 1384 (assertRange "VirtualQueues" 1 16) 1385 (assertInt "DefaultVirtualQueue") 1386 (assertRange "DefaultVirtualQueue" 1 16) 1387 (assertValueOneOf "GenericRIO" boolValues) 1388 ]; 1389 1390 sectionFairQueueingControlledDelay = checkUnitConfig "FairQueueingControlledDelay" [ 1391 (assertOnlyFields [ 1392 "Parent" 1393 "Handle" 1394 "PacketLimit" 1395 "MemoryLimitBytes" 1396 "Flows" 1397 "TargetSec" 1398 "IntervalSec" 1399 "QuantumBytes" 1400 "ECN" 1401 "CEThresholdSec" 1402 ]) 1403 (assertInt "PacketLimit") 1404 (assertInt "Flows") 1405 (assertValueOneOf "ECN" boolValues) 1406 ]; 1407 1408 sectionFairQueueing = checkUnitConfig "FairQueueing" [ 1409 (assertOnlyFields [ 1410 "Parent" 1411 "Handle" 1412 "PacketLimit" 1413 "FlowLimit" 1414 "QuantumBytes" 1415 "InitualQuantumBytes" 1416 "MaximumRate" 1417 "Buckets" 1418 "OrphanMask" 1419 "Pacing" 1420 "CEThresholdSec" 1421 ]) 1422 (assertInt "PacketLimit") 1423 (assertInt "FlowLimit") 1424 (assertInt "OrphanMask") 1425 (assertValueOneOf "Pacing" boolValues) 1426 ]; 1427 1428 sectionTrivialLinkEqualizer = checkUnitConfig "TrivialLinkEqualizer" [ 1429 (assertOnlyFields [ 1430 "Parent" 1431 "Handle" 1432 "Id" 1433 ]) 1434 ]; 1435 1436 sectionHierarchyTokenBucket = checkUnitConfig "HierarchyTokenBucket" [ 1437 (assertOnlyFields [ 1438 "Parent" 1439 "Handle" 1440 "DefaultClass" 1441 "RateToQuantum" 1442 ]) 1443 (assertInt "RateToQuantum") 1444 ]; 1445 1446 sectionHierarchyTokenBucketClass = checkUnitConfig "HierarchyTokenBucketClass" [ 1447 (assertOnlyFields [ 1448 "Parent" 1449 "ClassId" 1450 "Priority" 1451 "QuantumBytes" 1452 "MTUBytes" 1453 "OverheadBytes" 1454 "Rate" 1455 "CeilRate" 1456 "BufferBytes" 1457 "CeilBufferBytes" 1458 ]) 1459 ]; 1460 1461 sectionHeavyHitterFilter = checkUnitConfig "HeavyHitterFilter" [ 1462 (assertOnlyFields [ 1463 "Parent" 1464 "Handle" 1465 "PacketLimit" 1466 ]) 1467 (assertInt "PacketLimit") 1468 (assertRange "PacketLimit" 0 4294967294) 1469 ]; 1470 1471 sectionQuickFairQueueing = checkUnitConfig "QuickFairQueueing" [ 1472 (assertOnlyFields [ 1473 "Parent" 1474 "Handle" 1475 ]) 1476 ]; 1477 1478 sectionQuickFairQueueingClass = checkUnitConfig "QuickFairQueueingClass" [ 1479 (assertOnlyFields [ 1480 "Parent" 1481 "ClassId" 1482 "Weight" 1483 "MaxPacketBytes" 1484 ]) 1485 (assertInt "Weight") 1486 (assertRange "Weight" 1 1023) 1487 ]; 1488 1489 sectionBridgeVLAN = checkUnitConfig "BridgeVLAN" [ 1490 (assertOnlyFields [ 1491 "VLAN" 1492 "EgressUntagged" 1493 "PVID" 1494 ]) 1495 (assertInt "PVID") 1496 (assertRange "PVID" 0 4094) 1497 ]; 1498 }; 1499 }; 1500 1501 commonNetworkOptions = { 1502 1503 enable = mkOption { 1504 default = true; 1505 type = types.bool; 1506 description = lib.mdDoc '' 1507 Whether to manage network configuration using {command}`systemd-network`. 1508 1509 This also enables {option}`systemd.networkd.enable`. 1510 ''; 1511 }; 1512 1513 matchConfig = mkOption { 1514 default = {}; 1515 example = { Name = "eth0"; }; 1516 type = types.attrsOf unitOption; 1517 description = lib.mdDoc '' 1518 Each attribute in this set specifies an option in the 1519 `[Match]` section of the unit. See 1520 {manpage}`systemd.link(5)` 1521 {manpage}`systemd.netdev(5)` 1522 {manpage}`systemd.network(5)` 1523 for details. 1524 ''; 1525 }; 1526 1527 extraConfig = mkOption { 1528 default = ""; 1529 type = types.lines; 1530 description = lib.mdDoc "Extra configuration append to unit"; 1531 }; 1532 }; 1533 1534 networkdOptions = { 1535 networkConfig = mkOption { 1536 default = {}; 1537 example = { SpeedMeter = true; ManageForeignRoutingPolicyRules = false; }; 1538 type = types.addCheck (types.attrsOf unitOption) check.global.sectionNetwork; 1539 description = lib.mdDoc '' 1540 Each attribute in this set specifies an option in the 1541 `[Network]` section of the networkd config. 1542 See {manpage}`networkd.conf(5)` for details. 1543 ''; 1544 }; 1545 1546 dhcpV4Config = mkOption { 1547 default = {}; 1548 example = { DUIDType = "vendor"; }; 1549 type = types.addCheck (types.attrsOf unitOption) check.global.sectionDHCPv4; 1550 description = lib.mdDoc '' 1551 Each attribute in this set specifies an option in the 1552 `[DHCPv4]` section of the networkd config. 1553 See {manpage}`networkd.conf(5)` for details. 1554 ''; 1555 }; 1556 1557 dhcpV6Config = mkOption { 1558 default = {}; 1559 example = { DUIDType = "vendor"; }; 1560 type = types.addCheck (types.attrsOf unitOption) check.global.sectionDHCPv6; 1561 description = lib.mdDoc '' 1562 Each attribute in this set specifies an option in the 1563 `[DHCPv6]` section of the networkd config. 1564 See {manpage}`networkd.conf(5)` for details. 1565 ''; 1566 }; 1567 }; 1568 1569 linkOptions = commonNetworkOptions // { 1570 # overwrite enable option from above 1571 enable = mkOption { 1572 default = true; 1573 type = types.bool; 1574 description = lib.mdDoc '' 1575 Whether to enable this .link unit. It's handled by udev no matter if {command}`systemd-networkd` is enabled or not 1576 ''; 1577 }; 1578 1579 linkConfig = mkOption { 1580 default = {}; 1581 example = { MACAddress = "00:ff:ee:aa:cc:dd"; }; 1582 type = types.addCheck (types.attrsOf unitOption) check.link.sectionLink; 1583 description = lib.mdDoc '' 1584 Each attribute in this set specifies an option in the 1585 `[Link]` section of the unit. See 1586 {manpage}`systemd.link(5)` for details. 1587 ''; 1588 }; 1589 1590 }; 1591 1592 1593 l2tpSessionOptions = { 1594 options = { 1595 l2tpSessionConfig = mkOption { 1596 default = {}; 1597 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionL2TPSession; 1598 description = lib.mdDoc '' 1599 Each attribute in this set specifies an option in the 1600 `[L2TPSession]` section of the unit. See 1601 {manpage}`systemd.netdev(5)` for details. 1602 ''; 1603 }; 1604 }; 1605 }; 1606 1607 wireguardPeerOptions = { 1608 options = { 1609 wireguardPeerConfig = mkOption { 1610 default = {}; 1611 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionWireGuardPeer; 1612 description = lib.mdDoc '' 1613 Each attribute in this set specifies an option in the 1614 `[WireGuardPeer]` section of the unit. See 1615 {manpage}`systemd.network(5)` for details. 1616 ''; 1617 }; 1618 }; 1619 }; 1620 1621 netdevOptions = commonNetworkOptions // { 1622 1623 netdevConfig = mkOption { 1624 example = { Name = "mybridge"; Kind = "bridge"; }; 1625 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionNetdev; 1626 description = lib.mdDoc '' 1627 Each attribute in this set specifies an option in the 1628 `[Netdev]` section of the unit. See 1629 {manpage}`systemd.netdev(5)` for details. 1630 ''; 1631 }; 1632 1633 vlanConfig = mkOption { 1634 default = {}; 1635 example = { Id = 4; }; 1636 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionVLAN; 1637 description = lib.mdDoc '' 1638 Each attribute in this set specifies an option in the 1639 `[VLAN]` section of the unit. See 1640 {manpage}`systemd.netdev(5)` for details. 1641 ''; 1642 }; 1643 1644 ipvlanConfig = mkOption { 1645 default = {}; 1646 example = { Mode = "L2"; Flags = "private"; }; 1647 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionIPVLAN; 1648 description = lib.mdDoc '' 1649 Each attribute in this set specifies an option in the `[IPVLAN]` section of the unit. 1650 See {manpage}`systemd.netdev(5)` for details. 1651 ''; 1652 }; 1653 1654 ipvtapConfig = mkOption { 1655 default = {}; 1656 example = { Mode = "L3"; Flags = "vepa"; }; 1657 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionIPVTAP; 1658 description = lib.mdDoc '' 1659 Each attribute in this set specifies an option in the `[IPVTAP]` section of the unit. 1660 See {manpage}`systemd.netdev(5)` for details. 1661 ''; 1662 }; 1663 1664 macvlanConfig = mkOption { 1665 default = {}; 1666 example = { Mode = "private"; }; 1667 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionMACVLAN; 1668 description = lib.mdDoc '' 1669 Each attribute in this set specifies an option in the 1670 `[MACVLAN]` section of the unit. See 1671 {manpage}`systemd.netdev(5)` for details. 1672 ''; 1673 }; 1674 1675 vxlanConfig = mkOption { 1676 default = {}; 1677 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionVXLAN; 1678 description = lib.mdDoc '' 1679 Each attribute in this set specifies an option in the 1680 `[VXLAN]` section of the unit. See 1681 {manpage}`systemd.netdev(5)` for details. 1682 ''; 1683 }; 1684 1685 tunnelConfig = mkOption { 1686 default = {}; 1687 example = { Remote = "192.168.1.1"; }; 1688 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionTunnel; 1689 description = lib.mdDoc '' 1690 Each attribute in this set specifies an option in the 1691 `[Tunnel]` section of the unit. See 1692 {manpage}`systemd.netdev(5)` for details. 1693 ''; 1694 }; 1695 1696 fooOverUDPConfig = mkOption { 1697 default = { }; 1698 example = { Port = 9001; }; 1699 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionFooOverUDP; 1700 description = lib.mdDoc '' 1701 Each attribute in this set specifies an option in the 1702 `[FooOverUDP]` section of the unit. See 1703 {manpage}`systemd.netdev(5)` for details. 1704 ''; 1705 }; 1706 1707 peerConfig = mkOption { 1708 default = {}; 1709 example = { Name = "veth2"; }; 1710 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionPeer; 1711 description = lib.mdDoc '' 1712 Each attribute in this set specifies an option in the 1713 `[Peer]` section of the unit. See 1714 {manpage}`systemd.netdev(5)` for details. 1715 ''; 1716 }; 1717 1718 tunConfig = mkOption { 1719 default = {}; 1720 example = { User = "openvpn"; }; 1721 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionTun; 1722 description = lib.mdDoc '' 1723 Each attribute in this set specifies an option in the 1724 `[Tun]` section of the unit. See 1725 {manpage}`systemd.netdev(5)` for details. 1726 ''; 1727 }; 1728 1729 tapConfig = mkOption { 1730 default = {}; 1731 example = { User = "openvpn"; }; 1732 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionTap; 1733 description = lib.mdDoc '' 1734 Each attribute in this set specifies an option in the 1735 `[Tap]` section of the unit. See 1736 {manpage}`systemd.netdev(5)` for details. 1737 ''; 1738 }; 1739 1740 l2tpConfig = mkOption { 1741 default = {}; 1742 example = { 1743 TunnelId = 10; 1744 PeerTunnelId = 12; 1745 Local = "static"; 1746 Remote = "192.168.30.101"; 1747 EncapsulationType = "ip"; 1748 }; 1749 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionL2TP; 1750 description = lib.mdDoc '' 1751 Each attribute in this set specifies an option in the 1752 `[L2TP]` section of the unit. See 1753 {manpage}`systemd.netdev(5)` for details. 1754 ''; 1755 }; 1756 1757 l2tpSessions = mkOption { 1758 default = []; 1759 example = [ { l2tpSessionConfig={ 1760 SessionId = 25; 1761 PeerSessionId = 26; 1762 Name = "l2tp-sess"; 1763 };}]; 1764 type = with types; listOf (submodule l2tpSessionOptions); 1765 description = lib.mdDoc '' 1766 Each item in this array specifies an option in the 1767 `[L2TPSession]` section of the unit. See 1768 {manpage}`systemd.netdev(5)` for details. 1769 ''; 1770 }; 1771 1772 wireguardConfig = mkOption { 1773 default = {}; 1774 example = { 1775 PrivateKeyFile = "/etc/wireguard/secret.key"; 1776 ListenPort = 51820; 1777 FirewallMark = 42; 1778 }; 1779 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionWireGuard; 1780 description = lib.mdDoc '' 1781 Each attribute in this set specifies an option in the 1782 `[WireGuard]` section of the unit. See 1783 {manpage}`systemd.netdev(5)` for details. 1784 Use `PrivateKeyFile` instead of 1785 `PrivateKey`: the nix store is 1786 world-readable. 1787 ''; 1788 }; 1789 1790 wireguardPeers = mkOption { 1791 default = []; 1792 example = [ { wireguardPeerConfig={ 1793 Endpoint = "192.168.1.1:51820"; 1794 PublicKey = "27s0OvaBBdHoJYkH9osZpjpgSOVNw+RaKfboT/Sfq0g="; 1795 PresharedKeyFile = "/etc/wireguard/psk.key"; 1796 AllowedIPs = [ "10.0.0.1/32" ]; 1797 PersistentKeepalive = 15; 1798 };}]; 1799 type = with types; listOf (submodule wireguardPeerOptions); 1800 description = lib.mdDoc '' 1801 Each item in this array specifies an option in the 1802 `[WireGuardPeer]` section of the unit. See 1803 {manpage}`systemd.netdev(5)` for details. 1804 Use `PresharedKeyFile` instead of 1805 `PresharedKey`: the nix store is 1806 world-readable. 1807 ''; 1808 }; 1809 1810 bondConfig = mkOption { 1811 default = {}; 1812 example = { Mode = "802.3ad"; }; 1813 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionBond; 1814 description = lib.mdDoc '' 1815 Each attribute in this set specifies an option in the 1816 `[Bond]` section of the unit. See 1817 {manpage}`systemd.netdev(5)` for details. 1818 ''; 1819 }; 1820 1821 xfrmConfig = mkOption { 1822 default = {}; 1823 example = { InterfaceId = 1; }; 1824 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionXfrm; 1825 description = lib.mdDoc '' 1826 Each attribute in this set specifies an option in the 1827 `[Xfrm]` section of the unit. See 1828 {manpage}`systemd.netdev(5)` for details. 1829 ''; 1830 }; 1831 1832 vrfConfig = mkOption { 1833 default = {}; 1834 example = { Table = 2342; }; 1835 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionVRF; 1836 description = lib.mdDoc '' 1837 Each attribute in this set specifies an option in the 1838 `[VRF]` section of the unit. See 1839 {manpage}`systemd.netdev(5)` for details. 1840 A detailed explanation about how VRFs work can be found in the 1841 [kernel docs](https://www.kernel.org/doc/Documentation/networking/vrf.txt). 1842 ''; 1843 }; 1844 1845 wlanConfig = mkOption { 1846 default = {}; 1847 example = { PhysicalDevice = 0; Type = "station"; }; 1848 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionWLAN; 1849 description = lib.mdDoc '' 1850 Each attribute in this set specifies an option in the `[WLAN]` section of the unit. 1851 See {manpage}`systemd.netdev(5)` for details. 1852 ''; 1853 }; 1854 1855 batmanAdvancedConfig = mkOption { 1856 default = {}; 1857 example = { 1858 GatewayMode = "server"; 1859 RoutingAlgorithm = "batman-v"; 1860 }; 1861 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionBatmanAdvanced; 1862 description = lib.mdDoc '' 1863 Each attribute in this set specifies an option in the 1864 `[BatmanAdvanced]` section of the unit. See 1865 {manpage}`systemd.netdev(5)` for details. 1866 ''; 1867 }; 1868 1869 }; 1870 1871 addressOptions = { 1872 options = { 1873 addressConfig = mkOption { 1874 example = { Address = "192.168.0.100/24"; }; 1875 type = types.addCheck (types.attrsOf unitOption) check.network.sectionAddress; 1876 description = lib.mdDoc '' 1877 Each attribute in this set specifies an option in the 1878 `[Address]` section of the unit. See 1879 {manpage}`systemd.network(5)` for details. 1880 ''; 1881 }; 1882 }; 1883 }; 1884 1885 routingPolicyRulesOptions = { 1886 options = { 1887 routingPolicyRuleConfig = mkOption { 1888 default = { }; 1889 example = { Table = 10; IncomingInterface = "eth1"; Family = "both"; }; 1890 type = types.addCheck (types.attrsOf unitOption) check.network.sectionRoutingPolicyRule; 1891 description = lib.mdDoc '' 1892 Each attribute in this set specifies an option in the 1893 `[RoutingPolicyRule]` section of the unit. See 1894 {manpage}`systemd.network(5)` for details. 1895 ''; 1896 }; 1897 }; 1898 }; 1899 1900 routeOptions = { 1901 options = { 1902 routeConfig = mkOption { 1903 default = {}; 1904 example = { Gateway = "192.168.0.1"; }; 1905 type = types.addCheck (types.attrsOf unitOption) check.network.sectionRoute; 1906 description = lib.mdDoc '' 1907 Each attribute in this set specifies an option in the 1908 `[Route]` section of the unit. See 1909 {manpage}`systemd.network(5)` for details. 1910 ''; 1911 }; 1912 }; 1913 }; 1914 1915 ipv6PrefixOptions = { 1916 options = { 1917 ipv6PrefixConfig = mkOption { 1918 default = {}; 1919 example = { Prefix = "fd00::/64"; }; 1920 type = types.addCheck (types.attrsOf unitOption) check.network.sectionIPv6Prefix; 1921 description = lib.mdDoc '' 1922 Each attribute in this set specifies an option in the 1923 `[IPv6Prefix]` section of the unit. See 1924 {manpage}`systemd.network(5)` for details. 1925 ''; 1926 }; 1927 }; 1928 }; 1929 1930 ipv6RoutePrefixOptions = { 1931 options = { 1932 ipv6RoutePrefixConfig = mkOption { 1933 default = {}; 1934 example = { Route = "fd00::/64"; }; 1935 type = types.addCheck (types.attrsOf unitOption) check.network.sectionIPv6RoutePrefix; 1936 description = lib.mdDoc '' 1937 Each attribute in this set specifies an option in the 1938 `[IPv6RoutePrefix]` section of the unit. See 1939 {manpage}`systemd.network(5)` for details. 1940 ''; 1941 }; 1942 }; 1943 }; 1944 1945 dhcpServerStaticLeaseOptions = { 1946 options = { 1947 dhcpServerStaticLeaseConfig = mkOption { 1948 default = {}; 1949 example = { MACAddress = "65:43:4a:5b:d8:5f"; Address = "192.168.1.42"; }; 1950 type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPServerStaticLease; 1951 description = lib.mdDoc '' 1952 Each attribute in this set specifies an option in the 1953 `[DHCPServerStaticLease]` section of the unit. See 1954 {manpage}`systemd.network(5)` for details. 1955 1956 Make sure to configure the corresponding client interface to use 1957 `ClientIdentifier=mac`. 1958 ''; 1959 }; 1960 }; 1961 }; 1962 1963 bridgeFDBOptions = { 1964 options = { 1965 bridgeFDBConfig = mkOption { 1966 default = {}; 1967 example = { MACAddress = "65:43:4a:5b:d8:5f"; Destination = "192.168.1.42"; VNI = 20; }; 1968 type = types.addCheck (types.attrsOf unitOption) check.network.sectionBridgeFDB; 1969 description = lib.mdDoc '' 1970 Each attribute in this set specifies an option in the 1971 `[BridgeFDB]` section of the unit. See 1972 {manpage}`systemd.network(5)` for details. 1973 ''; 1974 }; 1975 }; 1976 }; 1977 1978 bridgeMDBOptions = { 1979 options = { 1980 bridgeMDBConfig = mkOption { 1981 default = {}; 1982 example = { MulticastGroupAddress = "ff02::1:2:3:4"; VLANId = 10; }; 1983 type = types.addCheck (types.attrsOf unitOption) check.network.sectionBridgeMDB; 1984 description = lib.mdDoc '' 1985 Each attribute in this set specifies an option in the 1986 `[BridgeMDB]` section of the unit. See 1987 {manpage}`systemd.network(5)` for details. 1988 ''; 1989 }; 1990 }; 1991 }; 1992 1993 bridgeVLANOptions = { 1994 options = { 1995 bridgeVLANConfig = mkOption { 1996 default = {}; 1997 example = { VLAN = 20; }; 1998 type = types.addCheck (types.attrsOf unitOption) check.network.sectionBridgeVLAN; 1999 description = lib.mdDoc '' 2000 Each attribute in this set specifies an option in the 2001 `[BridgeVLAN]` section of the unit. See 2002 {manpage}`systemd.network(5)` for details. 2003 ''; 2004 }; 2005 }; 2006 }; 2007 2008 networkOptions = commonNetworkOptions // { 2009 2010 linkConfig = mkOption { 2011 default = {}; 2012 example = { Unmanaged = true; }; 2013 type = types.addCheck (types.attrsOf unitOption) check.network.sectionLink; 2014 description = lib.mdDoc '' 2015 Each attribute in this set specifies an option in the 2016 `[Link]` section of the unit. See 2017 {manpage}`systemd.network(5)` for details. 2018 ''; 2019 }; 2020 2021 networkConfig = mkOption { 2022 default = {}; 2023 example = { Description = "My Network"; }; 2024 type = types.addCheck (types.attrsOf unitOption) check.network.sectionNetwork; 2025 description = lib.mdDoc '' 2026 Each attribute in this set specifies an option in the 2027 `[Network]` section of the unit. See 2028 {manpage}`systemd.network(5)` for details. 2029 ''; 2030 }; 2031 2032 # systemd.network.networks.*.dhcpConfig has been deprecated in favor of ….dhcpV4Config 2033 # Produce a nice warning message so users know it is gone. 2034 dhcpConfig = mkOption { 2035 visible = false; 2036 apply = _: throw "The option `systemd.network.networks.*.dhcpConfig` can no longer be used since it's been removed. Please use `systemd.network.networks.*.dhcpV4Config` instead."; 2037 }; 2038 2039 dhcpV4Config = mkOption { 2040 default = {}; 2041 example = { UseDNS = true; UseRoutes = true; }; 2042 type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPv4; 2043 description = lib.mdDoc '' 2044 Each attribute in this set specifies an option in the 2045 `[DHCPv4]` section of the unit. See 2046 {manpage}`systemd.network(5)` for details. 2047 ''; 2048 }; 2049 2050 dhcpV6Config = mkOption { 2051 default = {}; 2052 example = { UseDNS = true; }; 2053 type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPv6; 2054 description = lib.mdDoc '' 2055 Each attribute in this set specifies an option in the 2056 `[DHCPv6]` section of the unit. See 2057 {manpage}`systemd.network(5)` for details. 2058 ''; 2059 }; 2060 2061 dhcpV6PrefixDelegationConfig = mkOption { 2062 visible = false; 2063 apply = _: throw "The option `systemd.network.networks.<name>.dhcpV6PrefixDelegationConfig` has been renamed to `systemd.network.networks.<name>.dhcpPrefixDelegationConfig`."; 2064 }; 2065 2066 dhcpPrefixDelegationConfig = mkOption { 2067 default = {}; 2068 example = { SubnetId = "auto"; Announce = true; }; 2069 type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPPrefixDelegation; 2070 description = lib.mdDoc '' 2071 Each attribute in this set specifies an option in the 2072 `[DHCPPrefixDelegation]` section of the unit. See 2073 {manpage}`systemd.network(5)` for details. 2074 ''; 2075 }; 2076 2077 ipv6AcceptRAConfig = mkOption { 2078 default = {}; 2079 example = { UseDNS = true; DHCPv6Client = "always"; }; 2080 type = types.addCheck (types.attrsOf unitOption) check.network.sectionIPv6AcceptRA; 2081 description = lib.mdDoc '' 2082 Each attribute in this set specifies an option in the 2083 `[IPv6AcceptRA]` section of the unit. See 2084 {manpage}`systemd.network(5)` for details. 2085 ''; 2086 }; 2087 2088 dhcpServerConfig = mkOption { 2089 default = {}; 2090 example = { PoolOffset = 50; EmitDNS = false; }; 2091 type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPServer; 2092 description = lib.mdDoc '' 2093 Each attribute in this set specifies an option in the 2094 `[DHCPServer]` section of the unit. See 2095 {manpage}`systemd.network(5)` for details. 2096 ''; 2097 }; 2098 2099 # systemd.network.networks.*.ipv6PrefixDelegationConfig has been deprecated 2100 # in 247 in favor of systemd.network.networks.*.ipv6SendRAConfig. 2101 ipv6PrefixDelegationConfig = mkOption { 2102 visible = false; 2103 apply = _: throw "The option `systemd.network.networks.*.ipv6PrefixDelegationConfig` has been replaced by `systemd.network.networks.*.ipv6SendRAConfig`."; 2104 }; 2105 2106 ipv6SendRAConfig = mkOption { 2107 default = {}; 2108 example = { EmitDNS = true; Managed = true; OtherInformation = true; }; 2109 type = types.addCheck (types.attrsOf unitOption) check.network.sectionIPv6SendRA; 2110 description = lib.mdDoc '' 2111 Each attribute in this set specifies an option in the 2112 `[IPv6SendRA]` section of the unit. See 2113 {manpage}`systemd.network(5)` for details. 2114 ''; 2115 }; 2116 2117 dhcpServerStaticLeases = mkOption { 2118 default = []; 2119 example = [ { dhcpServerStaticLeaseConfig = { MACAddress = "65:43:4a:5b:d8:5f"; Address = "192.168.1.42"; }; } ]; 2120 type = with types; listOf (submodule dhcpServerStaticLeaseOptions); 2121 description = lib.mdDoc '' 2122 A list of DHCPServerStaticLease sections to be added to the unit. See 2123 {manpage}`systemd.network(5)` for details. 2124 ''; 2125 }; 2126 2127 ipv6Prefixes = mkOption { 2128 default = []; 2129 example = [ { ipv6PrefixConfig = { AddressAutoconfiguration = true; OnLink = true; }; } ]; 2130 type = with types; listOf (submodule ipv6PrefixOptions); 2131 description = lib.mdDoc '' 2132 A list of ipv6Prefix sections to be added to the unit. See 2133 {manpage}`systemd.network(5)` for details. 2134 ''; 2135 }; 2136 2137 ipv6RoutePrefixes = mkOption { 2138 default = []; 2139 example = [ { ipv6RoutePrefixConfig = { Route = "fd00::/64"; LifetimeSec = 3600; }; } ]; 2140 type = with types; listOf (submodule ipv6RoutePrefixOptions); 2141 description = lib.mdDoc '' 2142 A list of ipv6RoutePrefix sections to be added to the unit. See 2143 {manpage}`systemd.network(5)` for details. 2144 ''; 2145 }; 2146 2147 bridgeConfig = mkOption { 2148 default = {}; 2149 example = { MulticastFlood = false; Cost = 20; }; 2150 type = types.addCheck (types.attrsOf unitOption) check.network.sectionBridge; 2151 description = lib.mdDoc '' 2152 Each attribute in this set specifies an option in the 2153 `[Bridge]` section of the unit. See 2154 {manpage}`systemd.network(5)` for details. 2155 ''; 2156 }; 2157 2158 bridgeFDBs = mkOption { 2159 default = []; 2160 example = [ { bridgeFDBConfig = { MACAddress = "90:e2:ba:43:fc:71"; Destination = "192.168.100.4"; VNI = 3600; }; } ]; 2161 type = with types; listOf (submodule bridgeFDBOptions); 2162 description = lib.mdDoc '' 2163 A list of BridgeFDB sections to be added to the unit. See 2164 {manpage}`systemd.network(5)` for details. 2165 ''; 2166 }; 2167 2168 bridgeMDBs = mkOption { 2169 default = []; 2170 example = [ { bridgeMDBConfig = { MulticastGroupAddress = "ff02::1:2:3:4"; VLANId = 10; } ; } ]; 2171 type = with types; listOf (submodule bridgeMDBOptions); 2172 description = lib.mdDoc '' 2173 A list of BridgeMDB sections to be added to the unit. See 2174 {manpage}`systemd.network(5)` for details. 2175 ''; 2176 }; 2177 2178 lldpConfig = mkOption { 2179 default = {}; 2180 example = { MUDURL = "https://things.example.org/product_abc123/v5"; }; 2181 type = types.addCheck (types.attrsOf unitOption) check.network.sectionLLDP; 2182 description = lib.mdDoc '' 2183 Each attribute in this set specifies an option in the 2184 `[LLDP]` section of the unit. See 2185 {manpage}`systemd.network(5)` for details. 2186 ''; 2187 }; 2188 2189 canConfig = mkOption { 2190 default = {}; 2191 example = { }; 2192 type = types.addCheck (types.attrsOf unitOption) check.network.sectionCAN; 2193 description = lib.mdDoc '' 2194 Each attribute in this set specifies an option in the 2195 `[CAN]` section of the unit. See 2196 {manpage}`systemd.network(5)` for details. 2197 ''; 2198 }; 2199 2200 ipoIBConfig = mkOption { 2201 default = {}; 2202 example = { }; 2203 type = types.addCheck (types.attrsOf unitOption) check.network.sectionIPoIB; 2204 description = lib.mdDoc '' 2205 Each attribute in this set specifies an option in the 2206 `[IPoIB]` section of the unit. See 2207 {manpage}`systemd.network(5)` for details. 2208 ''; 2209 }; 2210 2211 qdiscConfig = mkOption { 2212 default = {}; 2213 example = { Parent = "ingress"; }; 2214 type = types.addCheck (types.attrsOf unitOption) check.network.sectionQDisc; 2215 description = lib.mdDoc '' 2216 Each attribute in this set specifies an option in the 2217 `[QDisc]` section of the unit. See 2218 {manpage}`systemd.network(5)` for details. 2219 ''; 2220 }; 2221 2222 networkEmulatorConfig = mkOption { 2223 default = {}; 2224 example = { Parent = "ingress"; DelaySec = "20msec"; }; 2225 type = types.addCheck (types.attrsOf unitOption) check.network.sectionNetworkEmulator; 2226 description = lib.mdDoc '' 2227 Each attribute in this set specifies an option in the 2228 `[NetworkEmulator]` section of the unit. See 2229 {manpage}`systemd.network(5)` for details. 2230 ''; 2231 }; 2232 2233 tokenBucketFilterConfig = mkOption { 2234 default = {}; 2235 example = { Parent = "ingress"; Rate = "100k"; }; 2236 type = types.addCheck (types.attrsOf unitOption) check.network.sectionTokenBucketFilter; 2237 description = lib.mdDoc '' 2238 Each attribute in this set specifies an option in the 2239 `[TokenBucketFilter]` section of the unit. See 2240 {manpage}`systemd.network(5)` for details. 2241 ''; 2242 }; 2243 2244 pieConfig = mkOption { 2245 default = {}; 2246 example = { Parent = "ingress"; PacketLimit = "3847"; }; 2247 type = types.addCheck (types.attrsOf unitOption) check.network.sectionPIE; 2248 description = lib.mdDoc '' 2249 Each attribute in this set specifies an option in the 2250 `[PIE]` section of the unit. See 2251 {manpage}`systemd.network(5)` for details. 2252 ''; 2253 }; 2254 2255 flowQueuePIEConfig = mkOption { 2256 default = {}; 2257 example = { Parent = "ingress"; PacketLimit = "3847"; }; 2258 type = types.addCheck (types.attrsOf unitOption) check.network.sectionFlowQueuePIE; 2259 description = lib.mdDoc '' 2260 Each attribute in this set specifies an option in the 2261 `[FlowQueuePIE]` section of the unit. See 2262 {manpage}`systemd.network(5)` for details. 2263 ''; 2264 }; 2265 2266 stochasticFairBlueConfig = mkOption { 2267 default = {}; 2268 example = { Parent = "ingress"; PacketLimit = "3847"; }; 2269 type = types.addCheck (types.attrsOf unitOption) check.network.sectionStochasticFairBlue; 2270 description = lib.mdDoc '' 2271 Each attribute in this set specifies an option in the 2272 `[StochasticFairBlue]` section of the unit. See 2273 {manpage}`systemd.network(5)` for details. 2274 ''; 2275 }; 2276 2277 stochasticFairnessQueueingConfig = mkOption { 2278 default = {}; 2279 example = { Parent = "ingress"; PerturbPeriodSec = "30"; }; 2280 type = types.addCheck (types.attrsOf unitOption) check.network.sectionStochasticFairnessQueueing; 2281 description = lib.mdDoc '' 2282 Each attribute in this set specifies an option in the 2283 `[StochasticFairnessQueueing]` section of the unit. See 2284 {manpage}`systemd.network(5)` for details. 2285 ''; 2286 }; 2287 2288 bfifoConfig = mkOption { 2289 default = {}; 2290 example = { Parent = "ingress"; LimitBytes = "20K"; }; 2291 type = types.addCheck (types.attrsOf unitOption) check.network.sectionBFIFO; 2292 description = lib.mdDoc '' 2293 Each attribute in this set specifies an option in the 2294 `[BFIFO]` section of the unit. See 2295 {manpage}`systemd.network(5)` for details. 2296 ''; 2297 }; 2298 2299 pfifoConfig = mkOption { 2300 default = {}; 2301 example = { Parent = "ingress"; PacketLimit = "300"; }; 2302 type = types.addCheck (types.attrsOf unitOption) check.network.sectionPFIFO; 2303 description = lib.mdDoc '' 2304 Each attribute in this set specifies an option in the 2305 `[PFIFO]` section of the unit. See 2306 {manpage}`systemd.network(5)` for details. 2307 ''; 2308 }; 2309 2310 pfifoHeadDropConfig = mkOption { 2311 default = {}; 2312 example = { Parent = "ingress"; PacketLimit = "300"; }; 2313 type = types.addCheck (types.attrsOf unitOption) check.network.sectionPFIFOHeadDrop; 2314 description = lib.mdDoc '' 2315 Each attribute in this set specifies an option in the 2316 `[PFIFOHeadDrop]` section of the unit. See 2317 {manpage}`systemd.network(5)` for details. 2318 ''; 2319 }; 2320 2321 pfifoFastConfig = mkOption { 2322 default = {}; 2323 example = { Parent = "ingress"; }; 2324 type = types.addCheck (types.attrsOf unitOption) check.network.sectionPFIFOFast; 2325 description = lib.mdDoc '' 2326 Each attribute in this set specifies an option in the 2327 `[PFIFOFast]` section of the unit. See 2328 {manpage}`systemd.network(5)` for details. 2329 ''; 2330 }; 2331 2332 cakeConfig = mkOption { 2333 default = {}; 2334 example = { Bandwidth = "40M"; OverheadBytes = 8; CompensationMode = "ptm"; }; 2335 type = types.addCheck (types.attrsOf unitOption) check.network.sectionCAKE; 2336 description = lib.mdDoc '' 2337 Each attribute in this set specifies an option in the 2338 `[CAKE]` section of the unit. See 2339 {manpage}`systemd.network(5)` for details. 2340 ''; 2341 }; 2342 2343 controlledDelayConfig = mkOption { 2344 default = {}; 2345 example = { Parent = "ingress"; TargetSec = "20msec"; }; 2346 type = types.addCheck (types.attrsOf unitOption) check.network.sectionControlledDelay; 2347 description = lib.mdDoc '' 2348 Each attribute in this set specifies an option in the 2349 `[ControlledDelay]` section of the unit. See 2350 {manpage}`systemd.network(5)` for details. 2351 ''; 2352 }; 2353 2354 deficitRoundRobinSchedulerConfig = mkOption { 2355 default = {}; 2356 example = { Parent = "root"; }; 2357 type = types.addCheck (types.attrsOf unitOption) check.network.sectionDeficitRoundRobinScheduler; 2358 description = lib.mdDoc '' 2359 Each attribute in this set specifies an option in the 2360 `[DeficitRoundRobinScheduler]` section of the unit. See 2361 {manpage}`systemd.network(5)` for details. 2362 ''; 2363 }; 2364 2365 deficitRoundRobinSchedulerClassConfig = mkOption { 2366 default = {}; 2367 example = { Parent = "root"; QuantumBytes = "300k"; }; 2368 type = types.addCheck (types.attrsOf unitOption) check.network.sectionDeficitRoundRobinSchedulerClass; 2369 description = lib.mdDoc '' 2370 Each attribute in this set specifies an option in the 2371 `[DeficitRoundRobinSchedulerClass]` section of the unit. See 2372 {manpage}`systemd.network(5)` for details. 2373 ''; 2374 }; 2375 2376 enhancedTransmissionSelectionConfig = mkOption { 2377 default = {}; 2378 example = { Parent = "root"; QuantumBytes = "300k"; Bands = 3; PriorityMap = "100 200 300"; }; 2379 type = types.addCheck (types.attrsOf unitOption) check.network.sectionEnhancedTransmissionSelection; 2380 description = lib.mdDoc '' 2381 Each attribute in this set specifies an option in the 2382 `[EnhancedTransmissionSelection]` section of the unit. See 2383 {manpage}`systemd.network(5)` for details. 2384 ''; 2385 }; 2386 2387 genericRandomEarlyDetectionConfig = mkOption { 2388 default = {}; 2389 example = { Parent = "root"; VirtualQueues = 5; DefaultVirtualQueue = 3; }; 2390 type = types.addCheck (types.attrsOf unitOption) check.network.sectionGenericRandomEarlyDetection; 2391 description = lib.mdDoc '' 2392 Each attribute in this set specifies an option in the 2393 `[GenericRandomEarlyDetection]` section of the unit. See 2394 {manpage}`systemd.network(5)` for details. 2395 ''; 2396 }; 2397 2398 fairQueueingControlledDelayConfig = mkOption { 2399 default = {}; 2400 example = { Parent = "root"; Flows = 5; }; 2401 type = types.addCheck (types.attrsOf unitOption) check.network.sectionFairQueueingControlledDelay; 2402 description = lib.mdDoc '' 2403 Each attribute in this set specifies an option in the 2404 `[FairQueueingControlledDelay]` section of the unit. See 2405 {manpage}`systemd.network(5)` for details. 2406 ''; 2407 }; 2408 2409 fairQueueingConfig = mkOption { 2410 default = {}; 2411 example = { Parent = "root"; FlowLimit = 5; }; 2412 type = types.addCheck (types.attrsOf unitOption) check.network.sectionFairQueueing; 2413 description = lib.mdDoc '' 2414 Each attribute in this set specifies an option in the 2415 `[FairQueueing]` section of the unit. See 2416 {manpage}`systemd.network(5)` for details. 2417 ''; 2418 }; 2419 2420 trivialLinkEqualizerConfig = mkOption { 2421 default = {}; 2422 example = { Parent = "root"; Id = 0; }; 2423 type = types.addCheck (types.attrsOf unitOption) check.network.sectionTrivialLinkEqualizer; 2424 description = lib.mdDoc '' 2425 Each attribute in this set specifies an option in the 2426 `[TrivialLinkEqualizer]` section of the unit. See 2427 {manpage}`systemd.network(5)` for details. 2428 ''; 2429 }; 2430 2431 hierarchyTokenBucketConfig = mkOption { 2432 default = {}; 2433 example = { Parent = "root"; }; 2434 type = types.addCheck (types.attrsOf unitOption) check.network.sectionHierarchyTokenBucket; 2435 description = lib.mdDoc '' 2436 Each attribute in this set specifies an option in the 2437 `[HierarchyTokenBucket]` section of the unit. See 2438 {manpage}`systemd.network(5)` for details. 2439 ''; 2440 }; 2441 2442 hierarchyTokenBucketClassConfig = mkOption { 2443 default = {}; 2444 example = { Parent = "root"; Rate = "10M"; }; 2445 type = types.addCheck (types.attrsOf unitOption) check.network.sectionHierarchyTokenBucketClass; 2446 description = lib.mdDoc '' 2447 Each attribute in this set specifies an option in the 2448 `[HierarchyTokenBucketClass]` section of the unit. See 2449 {manpage}`systemd.network(5)` for details. 2450 ''; 2451 }; 2452 2453 heavyHitterFilterConfig = mkOption { 2454 default = {}; 2455 example = { Parent = "root"; PacketLimit = 10000; }; 2456 type = types.addCheck (types.attrsOf unitOption) check.network.sectionHeavyHitterFilter; 2457 description = lib.mdDoc '' 2458 Each attribute in this set specifies an option in the 2459 `[HeavyHitterFilter]` section of the unit. See 2460 {manpage}`systemd.network(5)` for details. 2461 ''; 2462 }; 2463 2464 quickFairQueueingConfig = mkOption { 2465 default = {}; 2466 example = { Parent = "root"; }; 2467 type = types.addCheck (types.attrsOf unitOption) check.network.sectionQuickFairQueueing; 2468 description = lib.mdDoc '' 2469 Each attribute in this set specifies an option in the 2470 `[QuickFairQueueing]` section of the unit. See 2471 {manpage}`systemd.network(5)` for details. 2472 ''; 2473 }; 2474 2475 quickFairQueueingConfigClass = mkOption { 2476 default = {}; 2477 example = { Parent = "root"; Weight = 133; }; 2478 type = types.addCheck (types.attrsOf unitOption) check.network.sectionQuickFairQueueingClass; 2479 description = lib.mdDoc '' 2480 Each attribute in this set specifies an option in the 2481 `[QuickFairQueueingClass]` section of the unit. See 2482 {manpage}`systemd.network(5)` for details. 2483 ''; 2484 }; 2485 2486 bridgeVLANs = mkOption { 2487 default = []; 2488 example = [ { bridgeVLANConfig = { VLAN = "10-20"; }; } ]; 2489 type = with types; listOf (submodule bridgeVLANOptions); 2490 description = lib.mdDoc '' 2491 A list of BridgeVLAN sections to be added to the unit. See 2492 {manpage}`systemd.network(5)` for details. 2493 ''; 2494 }; 2495 2496 name = mkOption { 2497 type = types.nullOr types.str; 2498 default = null; 2499 description = lib.mdDoc '' 2500 The name of the network interface to match against. 2501 ''; 2502 }; 2503 2504 DHCP = mkOption { 2505 type = types.nullOr types.str; 2506 default = null; 2507 description = lib.mdDoc '' 2508 Whether to enable DHCP on the interfaces matched. 2509 ''; 2510 }; 2511 2512 domains = mkOption { 2513 type = types.nullOr (types.listOf types.str); 2514 default = null; 2515 description = lib.mdDoc '' 2516 A list of domains to pass to the network config. 2517 ''; 2518 }; 2519 2520 address = mkOption { 2521 default = [ ]; 2522 type = types.listOf types.str; 2523 description = lib.mdDoc '' 2524 A list of addresses to be added to the network section of the 2525 unit. See {manpage}`systemd.network(5)` for details. 2526 ''; 2527 }; 2528 2529 gateway = mkOption { 2530 default = [ ]; 2531 type = types.listOf types.str; 2532 description = lib.mdDoc '' 2533 A list of gateways to be added to the network section of the 2534 unit. See {manpage}`systemd.network(5)` for details. 2535 ''; 2536 }; 2537 2538 dns = mkOption { 2539 default = [ ]; 2540 type = types.listOf types.str; 2541 description = lib.mdDoc '' 2542 A list of dns servers to be added to the network section of the 2543 unit. See {manpage}`systemd.network(5)` for details. 2544 ''; 2545 }; 2546 2547 ntp = mkOption { 2548 default = [ ]; 2549 type = types.listOf types.str; 2550 description = lib.mdDoc '' 2551 A list of ntp servers to be added to the network section of the 2552 unit. See {manpage}`systemd.network(5)` for details. 2553 ''; 2554 }; 2555 2556 bridge = mkOption { 2557 default = [ ]; 2558 type = types.listOf types.str; 2559 description = lib.mdDoc '' 2560 A list of bridge interfaces to be added to the network section of the 2561 unit. See {manpage}`systemd.network(5)` for details. 2562 ''; 2563 }; 2564 2565 bond = mkOption { 2566 default = [ ]; 2567 type = types.listOf types.str; 2568 description = lib.mdDoc '' 2569 A list of bond interfaces to be added to the network section of the 2570 unit. See {manpage}`systemd.network(5)` for details. 2571 ''; 2572 }; 2573 2574 vrf = mkOption { 2575 default = [ ]; 2576 type = types.listOf types.str; 2577 description = lib.mdDoc '' 2578 A list of vrf interfaces to be added to the network section of the 2579 unit. See {manpage}`systemd.network(5)` for details. 2580 ''; 2581 }; 2582 2583 vlan = mkOption { 2584 default = [ ]; 2585 type = types.listOf types.str; 2586 description = lib.mdDoc '' 2587 A list of vlan interfaces to be added to the network section of the 2588 unit. See {manpage}`systemd.network(5)` for details. 2589 ''; 2590 }; 2591 2592 macvlan = mkOption { 2593 default = [ ]; 2594 type = types.listOf types.str; 2595 description = lib.mdDoc '' 2596 A list of macvlan interfaces to be added to the network section of the 2597 unit. See {manpage}`systemd.network(5)` for details. 2598 ''; 2599 }; 2600 2601 macvtap = mkOption { 2602 default = [ ]; 2603 type = types.listOf types.str; 2604 description = lib.mdDoc '' 2605 A list of macvtap interfaces to be added to the network section of the 2606 unit. See {manpage}`systemd.network(5)` for details. 2607 ''; 2608 }; 2609 2610 vxlan = mkOption { 2611 default = [ ]; 2612 type = types.listOf types.str; 2613 description = lib.mdDoc '' 2614 A list of vxlan interfaces to be added to the network section of the 2615 unit. See {manpage}`systemd.network(5)` for details. 2616 ''; 2617 }; 2618 2619 tunnel = mkOption { 2620 default = [ ]; 2621 type = types.listOf types.str; 2622 description = lib.mdDoc '' 2623 A list of tunnel interfaces to be added to the network section of the 2624 unit. See {manpage}`systemd.network(5)` for details. 2625 ''; 2626 }; 2627 2628 xfrm = mkOption { 2629 default = [ ]; 2630 type = types.listOf types.str; 2631 description = lib.mdDoc '' 2632 A list of xfrm interfaces to be added to the network section of the 2633 unit. See {manpage}`systemd.network(5)` for details. 2634 ''; 2635 }; 2636 2637 addresses = mkOption { 2638 default = [ ]; 2639 type = with types; listOf (submodule addressOptions); 2640 description = lib.mdDoc '' 2641 A list of address sections to be added to the unit. See 2642 {manpage}`systemd.network(5)` for details. 2643 ''; 2644 }; 2645 2646 routingPolicyRules = mkOption { 2647 default = [ ]; 2648 type = with types; listOf (submodule routingPolicyRulesOptions); 2649 description = lib.mdDoc '' 2650 A list of routing policy rules sections to be added to the unit. See 2651 {manpage}`systemd.network(5)` for details. 2652 ''; 2653 }; 2654 2655 routes = mkOption { 2656 default = [ ]; 2657 type = with types; listOf (submodule routeOptions); 2658 description = lib.mdDoc '' 2659 A list of route sections to be added to the unit. See 2660 {manpage}`systemd.network(5)` for details. 2661 ''; 2662 }; 2663 2664 }; 2665 2666 networkConfig = { config, ... }: { 2667 config = { 2668 matchConfig = optionalAttrs (config.name != null) { 2669 Name = config.name; 2670 }; 2671 networkConfig = optionalAttrs (config.DHCP != null) { 2672 DHCP = config.DHCP; 2673 } // optionalAttrs (config.domains != null) { 2674 Domains = concatStringsSep " " config.domains; 2675 }; 2676 }; 2677 }; 2678 2679 networkdConfig = { config, ... }: { 2680 options = { 2681 routeTables = mkOption { 2682 default = {}; 2683 example = { foo = 27; }; 2684 type = with types; attrsOf int; 2685 description = lib.mdDoc '' 2686 Defines route table names as an attrset of name to number. 2687 See {manpage}`networkd.conf(5)` for details. 2688 ''; 2689 }; 2690 2691 addRouteTablesToIPRoute2 = mkOption { 2692 default = true; 2693 example = false; 2694 type = types.bool; 2695 description = lib.mdDoc '' 2696 If true and routeTables are set, then the specified route tables 2697 will also be installed into /etc/iproute2/rt_tables. 2698 ''; 2699 }; 2700 }; 2701 2702 config = { 2703 networkConfig = optionalAttrs (config.routeTables != { }) { 2704 RouteTable = mapAttrsToList 2705 (name: number: "${name}:${toString number}") 2706 config.routeTables; 2707 }; 2708 }; 2709 }; 2710 2711 renderConfig = def: 2712 { text = '' 2713 [Network] 2714 ${attrsToSection def.networkConfig} 2715 '' 2716 + optionalString (def.dhcpV4Config != { }) '' 2717 [DHCPv4] 2718 ${attrsToSection def.dhcpV4Config} 2719 '' 2720 + optionalString (def.dhcpV6Config != { }) '' 2721 [DHCPv6] 2722 ${attrsToSection def.dhcpV6Config} 2723 ''; }; 2724 2725 mkUnitFiles = prefix: cfg: listToAttrs (map (name: { 2726 name = "${prefix}systemd/network/${name}"; 2727 value.source = "${cfg.units.${name}.unit}/${name}"; 2728 }) (attrNames cfg.units)); 2729 2730 commonOptions = visible: { 2731 2732 enable = mkOption { 2733 default = false; 2734 type = types.bool; 2735 description = lib.mdDoc '' 2736 Whether to enable networkd or not. 2737 ''; 2738 }; 2739 2740 links = mkOption { 2741 default = {}; 2742 inherit visible; 2743 type = with types; attrsOf (submodule [ { options = linkOptions; } ]); 2744 description = lib.mdDoc "Definition of systemd network links."; 2745 }; 2746 2747 netdevs = mkOption { 2748 default = {}; 2749 inherit visible; 2750 type = with types; attrsOf (submodule [ { options = netdevOptions; } ]); 2751 description = lib.mdDoc "Definition of systemd network devices."; 2752 }; 2753 2754 networks = mkOption { 2755 default = {}; 2756 inherit visible; 2757 type = with types; attrsOf (submodule [ { options = networkOptions; } networkConfig ]); 2758 description = lib.mdDoc "Definition of systemd networks."; 2759 }; 2760 2761 config = mkOption { 2762 default = {}; 2763 inherit visible; 2764 type = with types; submodule [ { options = networkdOptions; } networkdConfig ]; 2765 description = lib.mdDoc "Definition of global systemd network config."; 2766 }; 2767 2768 units = mkOption { 2769 description = lib.mdDoc "Definition of networkd units."; 2770 default = {}; 2771 internal = true; 2772 type = with types; attrsOf (submodule ( 2773 { name, config, ... }: 2774 { options = mapAttrs (_: x: x // { internal = true; }) concreteUnitOptions; 2775 config = { 2776 unit = mkDefault (makeUnit name config); 2777 }; 2778 })); 2779 }; 2780 2781 wait-online = { 2782 enable = mkOption { 2783 type = types.bool; 2784 default = true; 2785 example = false; 2786 description = lib.mdDoc '' 2787 Whether to enable the systemd-networkd-wait-online service. 2788 2789 systemd-networkd-wait-online can timeout and fail if there are no network interfaces 2790 available for it to manage. When systemd-networkd is enabled but a different service is 2791 responsible for managing the system's internet connection (for example, NetworkManager or 2792 connman are used to manage WiFi connections), this service is unnecessary and can be 2793 disabled. 2794 ''; 2795 }; 2796 anyInterface = mkOption { 2797 description = lib.mdDoc '' 2798 Whether to consider the network online when any interface is online, as opposed to all of them. 2799 This is useful on portable machines with a wired and a wireless interface, for example. 2800 2801 This is on by default if {option}`networking.useDHCP` is enabled. 2802 ''; 2803 type = types.bool; 2804 defaultText = "config.networking.useDHCP"; 2805 default = config.networking.useDHCP; 2806 }; 2807 2808 ignoredInterfaces = mkOption { 2809 description = lib.mdDoc '' 2810 Network interfaces to be ignored when deciding if the system is online. 2811 ''; 2812 type = with types; listOf str; 2813 default = []; 2814 example = [ "wg0" ]; 2815 }; 2816 2817 timeout = mkOption { 2818 description = lib.mdDoc '' 2819 Time to wait for the network to come online, in seconds. Set to 0 to disable. 2820 ''; 2821 type = types.ints.unsigned; 2822 default = 120; 2823 example = 0; 2824 }; 2825 2826 extraArgs = mkOption { 2827 description = lib.mdDoc '' 2828 Extra command-line arguments to pass to systemd-networkd-wait-online. 2829 These also affect per-interface `systemd-network-wait-online@` services. 2830 2831 See {manpage}`systemd-networkd-wait-online.service(8)` for all available options. 2832 ''; 2833 type = with types; listOf str; 2834 default = []; 2835 }; 2836 }; 2837 2838 }; 2839 2840 commonConfig = config: let 2841 cfg = config.systemd.network; 2842 mkUnit = f: def: { inherit (def) enable; text = f def; }; 2843 in mkMerge [ 2844 2845 # .link units are honored by udev, no matter if systemd-networkd is enabled or not. 2846 { 2847 systemd.network.units = mapAttrs' (n: v: nameValuePair "${n}.link" (mkUnit linkToUnit v)) cfg.links; 2848 2849 systemd.network.wait-online.extraArgs = 2850 [ "--timeout=${toString cfg.wait-online.timeout}" ] 2851 ++ optional cfg.wait-online.anyInterface "--any" 2852 ++ map (i: "--ignore=${i}") cfg.wait-online.ignoredInterfaces; 2853 } 2854 2855 (mkIf config.systemd.network.enable { 2856 2857 systemd.network.units = mapAttrs' (n: v: nameValuePair "${n}.netdev" (mkUnit netdevToUnit v)) cfg.netdevs 2858 // mapAttrs' (n: v: nameValuePair "${n}.network" (mkUnit networkToUnit v)) cfg.networks; 2859 2860 # systemd-networkd is socket-activated by kernel netlink route change 2861 # messages. It is important to have systemd buffer those on behalf of 2862 # networkd. 2863 systemd.sockets.systemd-networkd.wantedBy = [ "sockets.target" ]; 2864 2865 systemd.services.systemd-networkd-wait-online = { 2866 inherit (cfg.wait-online) enable; 2867 wantedBy = [ "network-online.target" ]; 2868 serviceConfig.ExecStart = [ 2869 "" 2870 "${config.systemd.package}/lib/systemd/systemd-networkd-wait-online ${utils.escapeSystemdExecArgs cfg.wait-online.extraArgs}" 2871 ]; 2872 }; 2873 2874 systemd.services."systemd-network-wait-online@" = { 2875 description = "Wait for Network Interface %I to be Configured"; 2876 conflicts = [ "shutdown.target" ]; 2877 requisite = [ "systemd-networkd.service" ]; 2878 after = [ "systemd-networkd.service" ]; 2879 serviceConfig = { 2880 Type = "oneshot"; 2881 RemainAfterExit = true; 2882 ExecStart = "${config.systemd.package}/lib/systemd/systemd-networkd-wait-online -i %I ${utils.escapeSystemdExecArgs cfg.wait-online.extraArgs}"; 2883 }; 2884 }; 2885 2886 }) 2887 ]; 2888 2889 stage2Config = let 2890 cfg = config.systemd.network; 2891 unitFiles = mkUnitFiles "" cfg; 2892 in mkMerge [ 2893 (commonConfig config) 2894 2895 { environment.etc = unitFiles; } 2896 2897 (mkIf config.systemd.network.enable { 2898 2899 users.users.systemd-network.group = "systemd-network"; 2900 2901 systemd.additionalUpstreamSystemUnits = [ 2902 "systemd-networkd-wait-online.service" 2903 "systemd-networkd.service" 2904 "systemd-networkd.socket" 2905 ]; 2906 2907 environment.etc."systemd/networkd.conf" = renderConfig cfg.config; 2908 2909 systemd.services.systemd-networkd = let 2910 isReloadableUnitFileName = unitFileName: strings.hasSuffix ".network" unitFileName; 2911 reloadableUnitFiles = attrsets.filterAttrs (k: v: isReloadableUnitFileName k) unitFiles; 2912 nonReloadableUnitFiles = attrsets.filterAttrs (k: v: !isReloadableUnitFileName k) unitFiles; 2913 unitFileSources = unitFiles: map (x: x.source) (attrValues unitFiles); 2914 in { 2915 wantedBy = [ "multi-user.target" ]; 2916 reloadTriggers = unitFileSources reloadableUnitFiles; 2917 restartTriggers = unitFileSources nonReloadableUnitFiles ++ [ 2918 config.environment.etc."systemd/networkd.conf".source 2919 ]; 2920 aliases = [ "dbus-org.freedesktop.network1.service" ]; 2921 }; 2922 2923 networking.iproute2 = mkIf (cfg.config.addRouteTablesToIPRoute2 && cfg.config.routeTables != { }) { 2924 enable = mkDefault true; 2925 rttablesExtraConfig = '' 2926 2927 # Extra tables defined in NixOS systemd.networkd.config.routeTables. 2928 ${concatStringsSep "\n" (mapAttrsToList (name: number: "${toString number} ${name}") cfg.config.routeTables)} 2929 ''; 2930 }; 2931 2932 services.resolved.enable = mkDefault true; 2933 2934 }) 2935 ]; 2936 2937 stage1Options = { 2938 options.boot.initrd.systemd.network.networks = mkOption { 2939 type = with types; attrsOf (submodule { 2940 # Default in initrd is dhcp-on-stop, which is correct if flushBeforeStage2 = false 2941 config = mkIf config.boot.initrd.network.flushBeforeStage2 { 2942 networkConfig.KeepConfiguration = mkDefault false; 2943 }; 2944 }); 2945 }; 2946 }; 2947 2948 stage1Config = let 2949 cfg = config.boot.initrd.systemd.network; 2950 in mkMerge [ 2951 (commonConfig config.boot.initrd) 2952 2953 { 2954 systemd.network.enable = mkDefault config.boot.initrd.network.enable; 2955 systemd.contents = mkUnitFiles "/etc/" cfg; 2956 2957 # Networkd link files are used early by udev to set up interfaces early. 2958 # This must be done in stage 1 to avoid race conditions between udev and 2959 # network daemons. 2960 systemd.network.units = lib.filterAttrs (n: _: hasSuffix ".link" n) config.systemd.network.units; 2961 systemd.storePaths = ["${config.boot.initrd.systemd.package}/lib/systemd/network/99-default.link"]; 2962 } 2963 2964 (mkIf cfg.enable { 2965 2966 # For networkctl 2967 systemd.dbus.enable = mkDefault true; 2968 2969 systemd.additionalUpstreamUnits = [ 2970 "systemd-networkd-wait-online.service" 2971 "systemd-networkd.service" 2972 "systemd-networkd.socket" 2973 "systemd-network-generator.service" 2974 "network-online.target" 2975 "network-pre.target" 2976 "network.target" 2977 "nss-lookup.target" 2978 "nss-user-lookup.target" 2979 "remote-fs-pre.target" 2980 "remote-fs.target" 2981 ]; 2982 systemd.users.systemd-network = {}; 2983 systemd.groups.systemd-network = {}; 2984 2985 systemd.contents."/etc/systemd/networkd.conf" = renderConfig cfg.config; 2986 2987 systemd.services.systemd-networkd = { 2988 wantedBy = [ "initrd.target" ]; 2989 # These before and conflicts lines can be removed when this PR makes it into a release: 2990 # https://github.com/systemd/systemd/pull/27791 2991 before = ["initrd-switch-root.target"]; 2992 conflicts = ["initrd-switch-root.target"]; 2993 }; 2994 systemd.sockets.systemd-networkd = { 2995 wantedBy = [ "initrd.target" ]; 2996 before = ["initrd-switch-root.target"]; 2997 conflicts = ["initrd-switch-root.target"]; 2998 }; 2999 3000 systemd.services.systemd-network-generator.wantedBy = [ "sysinit.target" ]; 3001 3002 systemd.storePaths = [ 3003 "${config.boot.initrd.systemd.package}/lib/systemd/systemd-networkd" 3004 "${config.boot.initrd.systemd.package}/lib/systemd/systemd-networkd-wait-online" 3005 "${config.boot.initrd.systemd.package}/lib/systemd/systemd-network-generator" 3006 ]; 3007 kernelModules = [ "af_packet" ]; 3008 3009 }) 3010 ]; 3011 3012in 3013 3014{ 3015 imports = [ stage1Options ]; 3016 3017 options = { 3018 systemd.network = commonOptions true; 3019 boot.initrd.systemd.network = commonOptions "shallow"; 3020 }; 3021 3022 config = mkMerge [ 3023 stage2Config 3024 (mkIf config.boot.initrd.systemd.enable { 3025 assertions = [{ 3026 assertion = !config.boot.initrd.network.udhcpc.enable && config.boot.initrd.network.udhcpc.extraArgs == []; 3027 message = '' 3028 systemd stage 1 networking does not support 'boot.initrd.network.udhcpc'. Configure 3029 DHCP with 'networking.*' options or with 'boot.initrd.systemd.network' options. 3030 ''; 3031 }]; 3032 3033 boot.initrd = stage1Config; 3034 }) 3035 ]; 3036}