pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / system / boot / networkd.nix
at 23.11-pre 106 kB view raw
1{ config, lib, pkgs, utils, ... }: 2 3with utils.systemdUtils.unitOptions; 4with utils.systemdUtils.lib; 5with lib; 6 7let 8 9 check = { 10 11 global = { 12 sectionNetwork = checkUnitConfig "Network" [ 13 (assertOnlyFields [ 14 "SpeedMeter" 15 "SpeedMeterIntervalSec" 16 "ManageForeignRoutingPolicyRules" 17 "ManageForeignRoutes" 18 "RouteTable" 19 ]) 20 (assertValueOneOf "SpeedMeter" boolValues) 21 (assertInt "SpeedMeterIntervalSec") 22 (assertValueOneOf "ManageForeignRoutingPolicyRules" boolValues) 23 (assertValueOneOf "ManageForeignRoutes" boolValues) 24 ]; 25 26 sectionDHCPv4 = checkUnitConfig "DHCPv4" [ 27 (assertOnlyFields [ 28 "DUIDType" 29 "DUIDRawData" 30 ]) 31 ]; 32 33 sectionDHCPv6 = checkUnitConfig "DHCPv6" [ 34 (assertOnlyFields [ 35 "DUIDType" 36 "DUIDRawData" 37 ]) 38 ]; 39 }; 40 41 link = { 42 43 sectionLink = checkUnitConfig "Link" [ 44 (assertOnlyFields [ 45 "Description" 46 "Alias" 47 "MACAddressPolicy" 48 "MACAddress" 49 "NamePolicy" 50 "Name" 51 "AlternativeNamesPolicy" 52 "AlternativeName" 53 "MTUBytes" 54 "BitsPerSecond" 55 "Duplex" 56 "AutoNegotiation" 57 "WakeOnLan" 58 "Port" 59 "Advertise" 60 "ReceiveChecksumOffload" 61 "TransmitChecksumOffload" 62 "TCPSegmentationOffload" 63 "TCP6SegmentationOffload" 64 "GenericSegmentationOffload" 65 "GenericReceiveOffload" 66 "LargeReceiveOffload" 67 "RxChannels" 68 "TxChannels" 69 "OtherChannels" 70 "CombinedChannels" 71 "RxBufferSize" 72 "TxBufferSize" 73 "ReceiveQueues" 74 "TransmitQueues" 75 "TransmitQueueLength" 76 ]) 77 (assertValueOneOf "MACAddressPolicy" ["persistent" "random" "none"]) 78 (assertMacAddress "MACAddress") 79 (assertByteFormat "MTUBytes") 80 (assertByteFormat "BitsPerSecond") 81 (assertValueOneOf "Duplex" ["half" "full"]) 82 (assertValueOneOf "AutoNegotiation" boolValues) 83 (assertValueOneOf "WakeOnLan" ["phy" "unicast" "multicast" "broadcast" "arp" "magic" "secureon" "off"]) 84 (assertValueOneOf "Port" ["tp" "aui" "bnc" "mii" "fibre"]) 85 (assertValueOneOf "ReceiveChecksumOffload" boolValues) 86 (assertValueOneOf "TransmitChecksumOffload" boolValues) 87 (assertValueOneOf "TCPSegmentationOffload" boolValues) 88 (assertValueOneOf "TCP6SegmentationOffload" boolValues) 89 (assertValueOneOf "GenericSegmentationOffload" boolValues) 90 (assertValueOneOf "GenericReceiveOffload" boolValues) 91 (assertValueOneOf "LargeReceiveOffload" boolValues) 92 (assertInt "RxChannels") 93 (assertRange "RxChannels" 1 4294967295) 94 (assertInt "TxChannels") 95 (assertRange "TxChannels" 1 4294967295) 96 (assertInt "OtherChannels") 97 (assertRange "OtherChannels" 1 4294967295) 98 (assertInt "CombinedChannels") 99 (assertRange "CombinedChannels" 1 4294967295) 100 (assertInt "RxBufferSize") 101 (assertInt "TxBufferSize") 102 (assertRange "ReceiveQueues" 1 4096) 103 (assertRange "TransmitQueues" 1 4096) 104 (assertRange "TransmitQueueLength" 1 4294967294) 105 ]; 106 }; 107 108 netdev = let 109 110 tunChecks = [ 111 (assertOnlyFields [ 112 "MultiQueue" 113 "PacketInfo" 114 "VNetHeader" 115 "User" 116 "Group" 117 ]) 118 (assertValueOneOf "MultiQueue" boolValues) 119 (assertValueOneOf "PacketInfo" boolValues) 120 (assertValueOneOf "VNetHeader" boolValues) 121 ]; 122 in { 123 124 sectionNetdev = checkUnitConfig "Netdev" [ 125 (assertOnlyFields [ 126 "Description" 127 "Name" 128 "Kind" 129 "MTUBytes" 130 "MACAddress" 131 ]) 132 (assertHasField "Name") 133 (assertHasField "Kind") 134 (assertValueOneOf "Kind" [ 135 "bond" 136 "bridge" 137 "dummy" 138 "gre" 139 "gretap" 140 "erspan" 141 "ip6gre" 142 "ip6tnl" 143 "ip6gretap" 144 "ipip" 145 "ipvlan" 146 "macvlan" 147 "macvtap" 148 "sit" 149 "tap" 150 "tun" 151 "veth" 152 "vlan" 153 "vti" 154 "vti6" 155 "vxlan" 156 "geneve" 157 "l2tp" 158 "macsec" 159 "vrf" 160 "vcan" 161 "vxcan" 162 "wireguard" 163 "netdevsim" 164 "nlmon" 165 "fou" 166 "xfrm" 167 "ifb" 168 "batadv" 169 ]) 170 (assertByteFormat "MTUBytes") 171 (assertMacAddress "MACAddress") 172 ]; 173 174 sectionVLAN = checkUnitConfig "VLAN" [ 175 (assertOnlyFields [ 176 "Id" 177 "GVRP" 178 "MVRP" 179 "LooseBinding" 180 "ReorderHeader" 181 ]) 182 (assertInt "Id") 183 (assertRange "Id" 0 4094) 184 (assertValueOneOf "GVRP" boolValues) 185 (assertValueOneOf "MVRP" boolValues) 186 (assertValueOneOf "LooseBinding" boolValues) 187 (assertValueOneOf "ReorderHeader" boolValues) 188 ]; 189 190 sectionMACVLAN = checkUnitConfig "MACVLAN" [ 191 (assertOnlyFields [ 192 "Mode" 193 ]) 194 (assertValueOneOf "Mode" ["private" "vepa" "bridge" "passthru"]) 195 ]; 196 197 sectionVXLAN = checkUnitConfig "VXLAN" [ 198 (assertOnlyFields [ 199 "VNI" 200 "Remote" 201 "Local" 202 "Group" 203 "TOS" 204 "TTL" 205 "MacLearning" 206 "FDBAgeingSec" 207 "MaximumFDBEntries" 208 "ReduceARPProxy" 209 "L2MissNotification" 210 "L3MissNotification" 211 "RouteShortCircuit" 212 "UDPChecksum" 213 "UDP6ZeroChecksumTx" 214 "UDP6ZeroChecksumRx" 215 "RemoteChecksumTx" 216 "RemoteChecksumRx" 217 "GroupPolicyExtension" 218 "GenericProtocolExtension" 219 "DestinationPort" 220 "PortRange" 221 "FlowLabel" 222 "IPDoNotFragment" 223 ]) 224 (assertInt "VNI") 225 (assertRange "VNI" 1 16777215) 226 (assertValueOneOf "MacLearning" boolValues) 227 (assertInt "MaximumFDBEntries") 228 (assertValueOneOf "ReduceARPProxy" boolValues) 229 (assertValueOneOf "L2MissNotification" boolValues) 230 (assertValueOneOf "L3MissNotification" boolValues) 231 (assertValueOneOf "RouteShortCircuit" boolValues) 232 (assertValueOneOf "UDPChecksum" boolValues) 233 (assertValueOneOf "UDP6ZeroChecksumTx" boolValues) 234 (assertValueOneOf "UDP6ZeroChecksumRx" boolValues) 235 (assertValueOneOf "RemoteChecksumTx" boolValues) 236 (assertValueOneOf "RemoteChecksumRx" boolValues) 237 (assertValueOneOf "GroupPolicyExtension" boolValues) 238 (assertValueOneOf "GenericProtocolExtension" boolValues) 239 (assertInt "FlowLabel") 240 (assertRange "FlowLabel" 0 1048575) 241 (assertValueOneOf "IPDoNotFragment" (boolValues + ["inherit"])) 242 ]; 243 244 sectionTunnel = checkUnitConfig "Tunnel" [ 245 (assertOnlyFields [ 246 "Local" 247 "Remote" 248 "TOS" 249 "TTL" 250 "DiscoverPathMTU" 251 "IPv6FlowLabel" 252 "CopyDSCP" 253 "EncapsulationLimit" 254 "Key" 255 "InputKey" 256 "OutputKey" 257 "Mode" 258 "Independent" 259 "AssignToLoopback" 260 "AllowLocalRemote" 261 "FooOverUDP" 262 "FOUDestinationPort" 263 "FOUSourcePort" 264 "Encapsulation" 265 "IPv6RapidDeploymentPrefix" 266 "ISATAP" 267 "SerializeTunneledPackets" 268 "ERSPANIndex" 269 ]) 270 (assertInt "TTL") 271 (assertRange "TTL" 0 255) 272 (assertValueOneOf "DiscoverPathMTU" boolValues) 273 (assertValueOneOf "CopyDSCP" boolValues) 274 (assertValueOneOf "Mode" ["ip6ip6" "ipip6" "any"]) 275 (assertValueOneOf "Independent" boolValues) 276 (assertValueOneOf "AssignToLoopback" boolValues) 277 (assertValueOneOf "AllowLocalRemote" boolValues) 278 (assertValueOneOf "FooOverUDP" boolValues) 279 (assertPort "FOUDestinationPort") 280 (assertPort "FOUSourcePort") 281 (assertValueOneOf "Encapsulation" ["FooOverUDP" "GenericUDPEncapsulation"]) 282 (assertValueOneOf "ISATAP" boolValues) 283 (assertValueOneOf "SerializeTunneledPackets" boolValues) 284 (assertInt "ERSPANIndex") 285 (assertRange "ERSPANIndex" 1 1048575) 286 ]; 287 288 sectionFooOverUDP = checkUnitConfig "FooOverUDP" [ 289 (assertOnlyFields [ 290 "Port" 291 "Encapsulation" 292 "Protocol" 293 ]) 294 (assertPort "Port") 295 (assertValueOneOf "Encapsulation" ["FooOverUDP" "GenericUDPEncapsulation"]) 296 ]; 297 298 sectionPeer = checkUnitConfig "Peer" [ 299 (assertOnlyFields [ 300 "Name" 301 "MACAddress" 302 ]) 303 (assertMacAddress "MACAddress") 304 ]; 305 306 sectionTun = checkUnitConfig "Tun" tunChecks; 307 308 sectionTap = checkUnitConfig "Tap" tunChecks; 309 310 sectionL2TP = checkUnitConfig "L2TP" [ 311 (assertOnlyFields [ 312 "TunnelId" 313 "PeerTunnelId" 314 "Remote" 315 "Local" 316 "EncapsulationType" 317 "UDPSourcePort" 318 "UDPDestinationPort" 319 "UDPChecksum" 320 "UDP6ZeroChecksumTx" 321 "UDP6ZeroChecksumRx" 322 ]) 323 (assertInt "TunnelId") 324 (assertRange "TunnelId" 1 4294967295) 325 (assertInt "PeerTunnelId") 326 (assertRange "PeerTunnelId" 1 4294967295) 327 (assertValueOneOf "EncapsulationType" [ "ip" "udp" ]) 328 (assertPort "UDPSourcePort") 329 (assertPort "UDPDestinationPort") 330 (assertValueOneOf "UDPChecksum" boolValues) 331 (assertValueOneOf "UDP6ZeroChecksumTx" boolValues) 332 (assertValueOneOf "UDP6ZeroChecksumRx" boolValues) 333 ]; 334 335 sectionL2TPSession = checkUnitConfig "L2TPSession" [ 336 (assertOnlyFields [ 337 "Name" 338 "SessionId" 339 "PeerSessionId" 340 "Layer2SpecificHeader" 341 ]) 342 (assertHasField "Name") 343 (assertHasField "SessionId") 344 (assertInt "SessionId") 345 (assertRange "SessionId" 1 4294967295) 346 (assertHasField "PeerSessionId") 347 (assertInt "PeerSessionId") 348 (assertRange "PeerSessionId" 1 4294967295) 349 (assertValueOneOf "Layer2SpecificHeader" [ "none" "default" ]) 350 ]; 351 352 # NOTE The PrivateKey directive is missing on purpose here, please 353 # do not add it to this list. The nix store is world-readable let's 354 # refrain ourselves from providing a footgun. 355 sectionWireGuard = checkUnitConfig "WireGuard" [ 356 (assertOnlyFields [ 357 "PrivateKeyFile" 358 "ListenPort" 359 "FirewallMark" 360 "RouteTable" 361 "RouteMetric" 362 ]) 363 (assertInt "FirewallMark") 364 (assertRange "FirewallMark" 1 4294967295) 365 ]; 366 367 # NOTE The PresharedKey directive is missing on purpose here, please 368 # do not add it to this list. The nix store is world-readable,let's 369 # refrain ourselves from providing a footgun. 370 sectionWireGuardPeer = checkUnitConfig "WireGuardPeer" [ 371 (assertOnlyFields [ 372 "PublicKey" 373 "PresharedKeyFile" 374 "AllowedIPs" 375 "Endpoint" 376 "PersistentKeepalive" 377 "RouteTable" 378 "RouteMetric" 379 ]) 380 (assertInt "PersistentKeepalive") 381 (assertRange "PersistentKeepalive" 0 65535) 382 ]; 383 384 sectionBond = checkUnitConfig "Bond" [ 385 (assertOnlyFields [ 386 "Mode" 387 "TransmitHashPolicy" 388 "LACPTransmitRate" 389 "MIIMonitorSec" 390 "UpDelaySec" 391 "DownDelaySec" 392 "LearnPacketIntervalSec" 393 "AdSelect" 394 "AdActorSystemPriority" 395 "AdUserPortKey" 396 "AdActorSystem" 397 "FailOverMACPolicy" 398 "ARPValidate" 399 "ARPIntervalSec" 400 "ARPIPTargets" 401 "ARPAllTargets" 402 "PrimaryReselectPolicy" 403 "ResendIGMP" 404 "PacketsPerSlave" 405 "GratuitousARP" 406 "AllSlavesActive" 407 "DynamicTransmitLoadBalancing" 408 "MinLinks" 409 ]) 410 (assertValueOneOf "Mode" [ 411 "balance-rr" 412 "active-backup" 413 "balance-xor" 414 "broadcast" 415 "802.3ad" 416 "balance-tlb" 417 "balance-alb" 418 ]) 419 (assertValueOneOf "TransmitHashPolicy" [ 420 "layer2" 421 "layer3+4" 422 "layer2+3" 423 "encap2+3" 424 "encap3+4" 425 ]) 426 (assertValueOneOf "LACPTransmitRate" ["slow" "fast"]) 427 (assertValueOneOf "AdSelect" ["stable" "bandwidth" "count"]) 428 (assertInt "AdActorSystemPriority") 429 (assertRange "AdActorSystemPriority" 1 65535) 430 (assertInt "AdUserPortKey") 431 (assertRange "AdUserPortKey" 0 1023) 432 (assertValueOneOf "FailOverMACPolicy" ["none" "active" "follow"]) 433 (assertValueOneOf "ARPValidate" ["none" "active" "backup" "all"]) 434 (assertValueOneOf "ARPAllTargets" ["any" "all"]) 435 (assertValueOneOf "PrimaryReselectPolicy" ["always" "better" "failure"]) 436 (assertInt "ResendIGMP") 437 (assertRange "ResendIGMP" 0 255) 438 (assertInt "PacketsPerSlave") 439 (assertRange "PacketsPerSlave" 0 65535) 440 (assertInt "GratuitousARP") 441 (assertRange "GratuitousARP" 0 255) 442 (assertValueOneOf "AllSlavesActive" boolValues) 443 (assertValueOneOf "DynamicTransmitLoadBalancing" boolValues) 444 (assertInt "MinLinks") 445 (assertMinimum "MinLinks" 0) 446 ]; 447 448 sectionXfrm = checkUnitConfig "Xfrm" [ 449 (assertOnlyFields [ 450 "InterfaceId" 451 "Independent" 452 ]) 453 (assertInt "InterfaceId") 454 (assertRange "InterfaceId" 1 4294967295) 455 (assertValueOneOf "Independent" boolValues) 456 ]; 457 458 sectionVRF = checkUnitConfig "VRF" [ 459 (assertOnlyFields [ 460 "Table" 461 ]) 462 (assertInt "Table") 463 (assertMinimum "Table" 0) 464 ]; 465 466 sectionBatmanAdvanced = checkUnitConfig "BatmanAdvanced" [ 467 (assertOnlyFields [ 468 "GatewayMode" 469 "Aggregation" 470 "BridgeLoopAvoidance" 471 "DistributedArpTable" 472 "Fragmentation" 473 "HopPenalty" 474 "OriginatorIntervalSec" 475 "GatewayBandwithDown" 476 "GatewayBandwithUp" 477 "RoutingAlgorithm" 478 ]) 479 (assertValueOneOf "GatewayMode" ["off" "client" "server"]) 480 (assertValueOneOf "Aggregation" boolValues) 481 (assertValueOneOf "BridgeLoopAvoidance" boolValues) 482 (assertValueOneOf "DistributedArpTable" boolValues) 483 (assertValueOneOf "Fragmentation" boolValues) 484 (assertInt "HopPenalty") 485 (assertRange "HopPenalty" 0 255) 486 (assertValueOneOf "RoutingAlgorithm" ["batman-v" "batman-iv"]) 487 ]; 488 }; 489 490 network = { 491 492 sectionLink = checkUnitConfig "Link" [ 493 (assertOnlyFields [ 494 "MACAddress" 495 "MTUBytes" 496 "ARP" 497 "Multicast" 498 "AllMulticast" 499 "Unmanaged" 500 "Group" 501 "RequiredForOnline" 502 "RequiredFamilyForOnline" 503 "ActivationPolicy" 504 "Promiscuous" 505 ]) 506 (assertMacAddress "MACAddress") 507 (assertByteFormat "MTUBytes") 508 (assertValueOneOf "ARP" boolValues) 509 (assertValueOneOf "Multicast" boolValues) 510 (assertValueOneOf "AllMulticast" boolValues) 511 (assertValueOneOf "Promiscuous" boolValues) 512 (assertValueOneOf "Unmanaged" boolValues) 513 (assertInt "Group") 514 (assertRange "Group" 0 2147483647) 515 (assertValueOneOf "RequiredForOnline" (boolValues ++ [ 516 "missing" 517 "off" 518 "no-carrier" 519 "dormant" 520 "degraded-carrier" 521 "carrier" 522 "degraded" 523 "enslaved" 524 "routable" 525 ])) 526 (assertValueOneOf "RequiredFamilyForOnline" [ 527 "ipv4" 528 "ipv6" 529 "both" 530 "any" 531 ]) 532 (assertValueOneOf "ActivationPolicy" ([ 533 "up" 534 "always-up" 535 "manual" 536 "always-down" 537 "down" 538 "bound" 539 ])) 540 ]; 541 542 sectionNetwork = checkUnitConfig "Network" [ 543 (assertOnlyFields [ 544 "Description" 545 "DHCP" 546 "DHCPServer" 547 "LinkLocalAddressing" 548 "IPv4LLRoute" 549 "DefaultRouteOnDevice" 550 "LLMNR" 551 "MulticastDNS" 552 "DNSOverTLS" 553 "DNSSEC" 554 "DNSSECNegativeTrustAnchors" 555 "LLDP" 556 "EmitLLDP" 557 "BindCarrier" 558 "Address" 559 "Gateway" 560 "DNS" 561 "Domains" 562 "DNSDefaultRoute" 563 "NTP" 564 "IPForward" 565 "IPMasquerade" 566 "IPv6PrivacyExtensions" 567 "IPv6AcceptRA" 568 "IPv6DuplicateAddressDetection" 569 "IPv6HopLimit" 570 "IPv4ProxyARP" 571 "IPv6ProxyNDP" 572 "IPv6ProxyNDPAddress" 573 "IPv6SendRA" 574 "DHCPPrefixDelegation" 575 "IPv6MTUBytes" 576 "Bridge" 577 "Bond" 578 "VRF" 579 "VLAN" 580 "IPVLAN" 581 "MACVLAN" 582 "VXLAN" 583 "Tunnel" 584 "MACsec" 585 "ActiveSlave" 586 "PrimarySlave" 587 "ConfigureWithoutCarrier" 588 "IgnoreCarrierLoss" 589 "Xfrm" 590 "KeepConfiguration" 591 "BatmanAdvanced" 592 ]) 593 # Note: For DHCP the values both, none, v4, v6 are deprecated 594 (assertValueOneOf "DHCP" ["yes" "no" "ipv4" "ipv6"]) 595 (assertValueOneOf "DHCPServer" boolValues) 596 (assertValueOneOf "LinkLocalAddressing" ["yes" "no" "ipv4" "ipv6" "fallback" "ipv4-fallback"]) 597 (assertValueOneOf "IPv4LLRoute" boolValues) 598 (assertValueOneOf "DefaultRouteOnDevice" boolValues) 599 (assertValueOneOf "LLMNR" (boolValues ++ ["resolve"])) 600 (assertValueOneOf "MulticastDNS" (boolValues ++ ["resolve"])) 601 (assertValueOneOf "DNSOverTLS" (boolValues ++ ["opportunistic"])) 602 (assertValueOneOf "DNSSEC" (boolValues ++ ["allow-downgrade"])) 603 (assertValueOneOf "LLDP" (boolValues ++ ["routers-only"])) 604 (assertValueOneOf "EmitLLDP" (boolValues ++ ["nearest-bridge" "non-tpmr-bridge" "customer-bridge"])) 605 (assertValueOneOf "DNSDefaultRoute" boolValues) 606 (assertValueOneOf "IPForward" (boolValues ++ ["ipv4" "ipv6"])) 607 (assertValueOneOf "IPMasquerade" (boolValues ++ ["ipv4" "ipv6" "both"])) 608 (assertValueOneOf "IPv6PrivacyExtensions" (boolValues ++ ["prefer-public" "kernel"])) 609 (assertValueOneOf "IPv6AcceptRA" boolValues) 610 (assertInt "IPv6DuplicateAddressDetection") 611 (assertMinimum "IPv6DuplicateAddressDetection" 0) 612 (assertInt "IPv6HopLimit") 613 (assertMinimum "IPv6HopLimit" 0) 614 (assertValueOneOf "IPv4ProxyARP" boolValues) 615 (assertValueOneOf "IPv6ProxyNDP" boolValues) 616 (assertValueOneOf "IPv6SendRA" boolValues) 617 (assertValueOneOf "DHCPPrefixDelegation" boolValues) 618 (assertByteFormat "IPv6MTUBytes") 619 (assertValueOneOf "ActiveSlave" boolValues) 620 (assertValueOneOf "PrimarySlave" boolValues) 621 (assertValueOneOf "ConfigureWithoutCarrier" boolValues) 622 (assertValueOneOf "KeepConfiguration" (boolValues ++ ["static" "dhcp-on-stop" "dhcp"])) 623 ]; 624 625 sectionAddress = checkUnitConfig "Address" [ 626 (assertOnlyFields [ 627 "Address" 628 "Peer" 629 "Broadcast" 630 "Label" 631 "PreferredLifetime" 632 "Scope" 633 "RouteMetric" 634 "HomeAddress" 635 "DuplicateAddressDetection" 636 "ManageTemporaryAddress" 637 "AddPrefixRoute" 638 "AutoJoin" 639 ]) 640 (assertHasField "Address") 641 (assertValueOneOf "PreferredLifetime" ["forever" "infinity" "0" 0]) 642 (assertInt "RouteMetric") 643 (assertValueOneOf "HomeAddress" boolValues) 644 (assertValueOneOf "DuplicateAddressDetection" ["ipv4" "ipv6" "both" "none"]) 645 (assertValueOneOf "ManageTemporaryAddress" boolValues) 646 (assertValueOneOf "AddPrefixRoute" boolValues) 647 (assertValueOneOf "AutoJoin" boolValues) 648 ]; 649 650 sectionRoutingPolicyRule = checkUnitConfig "RoutingPolicyRule" [ 651 (assertOnlyFields [ 652 "TypeOfService" 653 "From" 654 "To" 655 "FirewallMark" 656 "Table" 657 "Priority" 658 "IncomingInterface" 659 "OutgoingInterface" 660 "SourcePort" 661 "DestinationPort" 662 "IPProtocol" 663 "InvertRule" 664 "Family" 665 "User" 666 "SuppressPrefixLength" 667 "Type" 668 "SuppressInterfaceGroup" 669 ]) 670 (assertInt "TypeOfService") 671 (assertRange "TypeOfService" 0 255) 672 (assertInt "FirewallMark") 673 (assertRange "FirewallMark" 1 4294967295) 674 (assertInt "Priority") 675 (assertPort "SourcePort") 676 (assertPort "DestinationPort") 677 (assertValueOneOf "InvertRule" boolValues) 678 (assertValueOneOf "Family" ["ipv4" "ipv6" "both"]) 679 (assertInt "SuppressPrefixLength") 680 (assertRange "SuppressPrefixLength" 0 128) 681 (assertValueOneOf "Type" ["blackhole" "unreachable" "prohibit"]) 682 (assertRange "SuppressInterfaceGroup" 0 2147483647) 683 ]; 684 685 sectionRoute = checkUnitConfig "Route" [ 686 (assertOnlyFields [ 687 "Gateway" 688 "GatewayOnLink" 689 "Destination" 690 "Source" 691 "Metric" 692 "IPv6Preference" 693 "Scope" 694 "PreferredSource" 695 "Table" 696 "Protocol" 697 "Type" 698 "InitialCongestionWindow" 699 "InitialAdvertisedReceiveWindow" 700 "QuickAck" 701 "FastOpenNoCookie" 702 "TTLPropagate" 703 "MTUBytes" 704 "IPServiceType" 705 "MultiPathRoute" 706 ]) 707 (assertValueOneOf "GatewayOnLink" boolValues) 708 (assertInt "Metric") 709 (assertValueOneOf "IPv6Preference" ["low" "medium" "high"]) 710 (assertValueOneOf "Scope" ["global" "site" "link" "host" "nowhere"]) 711 (assertValueOneOf "Type" [ 712 "unicast" 713 "local" 714 "broadcast" 715 "anycast" 716 "multicast" 717 "blackhole" 718 "unreachable" 719 "prohibit" 720 "throw" 721 "nat" 722 "xresolve" 723 ]) 724 (assertValueOneOf "QuickAck" boolValues) 725 (assertValueOneOf "FastOpenNoCookie" boolValues) 726 (assertValueOneOf "TTLPropagate" boolValues) 727 (assertByteFormat "MTUBytes") 728 (assertValueOneOf "IPServiceType" ["CS6" "CS4"]) 729 ]; 730 731 sectionDHCPv4 = checkUnitConfig "DHCPv4" [ 732 (assertOnlyFields [ 733 "UseDNS" 734 "RoutesToDNS" 735 "UseNTP" 736 "UseSIP" 737 "UseMTU" 738 "Anonymize" 739 "SendHostname" 740 "UseHostname" 741 "Hostname" 742 "UseDomains" 743 "UseRoutes" 744 "UseTimezone" 745 "ClientIdentifier" 746 "VendorClassIdentifier" 747 "UserClass" 748 "MaxAttempts" 749 "DUIDType" 750 "DUIDRawData" 751 "IAID" 752 "RequestBroadcast" 753 "RouteMetric" 754 "RouteTable" 755 "RouteMTUBytes" 756 "ListenPort" 757 "SendRelease" 758 "SendDecline" 759 "BlackList" 760 "RequestOptions" 761 "SendOption" 762 "FallbackLeaseLifetimeSec" 763 "Label" 764 "Use6RD" 765 ]) 766 (assertValueOneOf "UseDNS" boolValues) 767 (assertValueOneOf "RoutesToDNS" boolValues) 768 (assertValueOneOf "UseNTP" boolValues) 769 (assertValueOneOf "UseSIP" boolValues) 770 (assertValueOneOf "UseMTU" boolValues) 771 (assertValueOneOf "Anonymize" boolValues) 772 (assertValueOneOf "SendHostname" boolValues) 773 (assertValueOneOf "UseHostname" boolValues) 774 (assertValueOneOf "UseDomains" (boolValues ++ ["route"])) 775 (assertValueOneOf "UseRoutes" boolValues) 776 (assertValueOneOf "UseTimezone" boolValues) 777 (assertValueOneOf "ClientIdentifier" ["mac" "duid" "duid-only"]) 778 (assertInt "IAID") 779 (assertValueOneOf "RequestBroadcast" boolValues) 780 (assertInt "RouteMetric") 781 (assertInt "RouteTable") 782 (assertRange "RouteTable" 0 4294967295) 783 (assertByteFormat "RouteMTUBytes") 784 (assertPort "ListenPort") 785 (assertValueOneOf "SendRelease" boolValues) 786 (assertValueOneOf "SendDecline" boolValues) 787 (assertValueOneOf "FallbackLeaseLifetimeSec" ["forever" "infinity"]) 788 (assertValueOneOf "Use6RD" boolValues) 789 ]; 790 791 sectionDHCPv6 = checkUnitConfig "DHCPv6" [ 792 (assertOnlyFields [ 793 "UseAddress" 794 "UseDNS" 795 "UseNTP" 796 "RouteMetric" 797 "RapidCommit" 798 "MUDURL" 799 "RequestOptions" 800 "SendVendorOption" 801 "PrefixDelegationHint" 802 "WithoutRA" 803 "SendOption" 804 "UserClass" 805 "VendorClass" 806 "DUIDType" 807 "DUIDRawData" 808 "IAID" 809 "UseDelegatedPrefix" 810 ]) 811 (assertValueOneOf "UseAddress" boolValues) 812 (assertValueOneOf "UseDNS" boolValues) 813 (assertValueOneOf "UseNTP" boolValues) 814 (assertInt "RouteMetric") 815 (assertValueOneOf "RapidCommit" boolValues) 816 (assertValueOneOf "WithoutRA" ["no" "solicit" "information-request"]) 817 (assertRange "SendOption" 1 65536) 818 (assertInt "IAID") 819 (assertValueOneOf "UseDelegatedPrefix" boolValues) 820 ]; 821 822 sectionDHCPPrefixDelegation = checkUnitConfig "DHCPPrefixDelegation" [ 823 (assertOnlyFields [ 824 "UplinkInterface" 825 "SubnetId" 826 "Announce" 827 "Assign" 828 "Token" 829 "ManageTemporaryAddress" 830 "RouteMetric" 831 ]) 832 (assertValueOneOf "Announce" boolValues) 833 (assertValueOneOf "Assign" boolValues) 834 (assertValueOneOf "ManageTemporaryAddress" boolValues) 835 (assertRange "RouteMetric" 0 4294967295) 836 ]; 837 838 sectionIPv6AcceptRA = checkUnitConfig "IPv6AcceptRA" [ 839 (assertOnlyFields [ 840 "UseDNS" 841 "UseDomains" 842 "RouteTable" 843 "UseAutonomousPrefix" 844 "UseOnLinkPrefix" 845 "RouterDenyList" 846 "RouterAllowList" 847 "PrefixDenyList" 848 "PrefixAllowList" 849 "RouteDenyList" 850 "RouteAllowList" 851 "DHCPv6Client" 852 "RouteMetric" 853 "UseMTU" 854 "UseGateway" 855 "UseRoutePrefix" 856 "Token" 857 ]) 858 (assertValueOneOf "UseDNS" boolValues) 859 (assertValueOneOf "UseDomains" (boolValues ++ ["route"])) 860 (assertRange "RouteTable" 0 4294967295) 861 (assertValueOneOf "UseAutonomousPrefix" boolValues) 862 (assertValueOneOf "UseOnLinkPrefix" boolValues) 863 (assertValueOneOf "DHCPv6Client" (boolValues ++ ["always"])) 864 (assertValueOneOf "UseMTU" boolValues) 865 (assertValueOneOf "UseGateway" boolValues) 866 (assertValueOneOf "UseRoutePrefix" boolValues) 867 ]; 868 869 sectionDHCPServer = checkUnitConfig "DHCPServer" [ 870 (assertOnlyFields [ 871 "ServerAddress" 872 "PoolOffset" 873 "PoolSize" 874 "DefaultLeaseTimeSec" 875 "MaxLeaseTimeSec" 876 "UplinkInterface" 877 "EmitDNS" 878 "DNS" 879 "EmitNTP" 880 "NTP" 881 "EmitSIP" 882 "SIP" 883 "EmitPOP3" 884 "POP3" 885 "EmitSMTP" 886 "SMTP" 887 "EmitLPR" 888 "LPR" 889 "EmitRouter" 890 "Router" 891 "EmitTimezone" 892 "Timezone" 893 "SendOption" 894 "SendVendorOption" 895 "BindToInterface" 896 "RelayTarget" 897 "RelayAgentCircuitId" 898 "RelayAgentRemoteId" 899 ]) 900 (assertInt "PoolOffset") 901 (assertMinimum "PoolOffset" 0) 902 (assertInt "PoolSize") 903 (assertMinimum "PoolSize" 0) 904 (assertValueOneOf "EmitDNS" boolValues) 905 (assertValueOneOf "EmitNTP" boolValues) 906 (assertValueOneOf "EmitSIP" boolValues) 907 (assertValueOneOf "EmitPOP3" boolValues) 908 (assertValueOneOf "EmitSMTP" boolValues) 909 (assertValueOneOf "EmitLPR" boolValues) 910 (assertValueOneOf "EmitRouter" boolValues) 911 (assertValueOneOf "EmitTimezone" boolValues) 912 (assertValueOneOf "BindToInterface" boolValues) 913 ]; 914 915 sectionIPv6SendRA = checkUnitConfig "IPv6SendRA" [ 916 (assertOnlyFields [ 917 "Managed" 918 "OtherInformation" 919 "RouterLifetimeSec" 920 "RouterPreference" 921 "UplinkInterface" 922 "EmitDNS" 923 "DNS" 924 "EmitDomains" 925 "Domains" 926 "DNSLifetimeSec" 927 ]) 928 (assertValueOneOf "Managed" boolValues) 929 (assertValueOneOf "OtherInformation" boolValues) 930 (assertValueOneOf "RouterPreference" ["high" "medium" "low" "normal" "default"]) 931 (assertValueOneOf "EmitDNS" boolValues) 932 (assertValueOneOf "EmitDomains" boolValues) 933 ]; 934 935 sectionIPv6Prefix = checkUnitConfig "IPv6Prefix" [ 936 (assertOnlyFields [ 937 "AddressAutoconfiguration" 938 "OnLink" 939 "Prefix" 940 "PreferredLifetimeSec" 941 "ValidLifetimeSec" 942 "Token" 943 ]) 944 (assertValueOneOf "AddressAutoconfiguration" boolValues) 945 (assertValueOneOf "OnLink" boolValues) 946 ]; 947 948 sectionIPv6RoutePrefix = checkUnitConfig "IPv6RoutePrefix" [ 949 (assertOnlyFields [ 950 "Route" 951 "LifetimeSec" 952 ]) 953 (assertHasField "Route") 954 (assertInt "LifetimeSec") 955 ]; 956 957 sectionDHCPServerStaticLease = checkUnitConfig "DHCPServerStaticLease" [ 958 (assertOnlyFields [ 959 "MACAddress" 960 "Address" 961 ]) 962 (assertHasField "MACAddress") 963 (assertHasField "Address") 964 (assertMacAddress "MACAddress") 965 ]; 966 967 sectionBridge = checkUnitConfig "Bridge" [ 968 (assertOnlyFields [ 969 "UnicastFlood" 970 "MulticastFlood" 971 "MulticastToUnicast" 972 "NeighborSuppression" 973 "Learning" 974 "Hairpin" 975 "Isolated" 976 "UseBPDU" 977 "FastLeave" 978 "AllowPortToBeRoot" 979 "ProxyARP" 980 "ProxyARPWiFi" 981 "MulticastRouter" 982 "Cost" 983 "Priority" 984 ]) 985 (assertValueOneOf "UnicastFlood" boolValues) 986 (assertValueOneOf "MulticastFlood" boolValues) 987 (assertValueOneOf "MulticastToUnicast" boolValues) 988 (assertValueOneOf "NeighborSuppression" boolValues) 989 (assertValueOneOf "Learning" boolValues) 990 (assertValueOneOf "Hairpin" boolValues) 991 (assertValueOneOf "Isolated" boolValues) 992 (assertValueOneOf "UseBPDU" boolValues) 993 (assertValueOneOf "FastLeave" boolValues) 994 (assertValueOneOf "AllowPortToBeRoot" boolValues) 995 (assertValueOneOf "ProxyARP" boolValues) 996 (assertValueOneOf "ProxyARPWiFi" boolValues) 997 (assertValueOneOf "MulticastRouter" [ "no" "query" "permanent" "temporary" ]) 998 (assertInt "Cost") 999 (assertRange "Cost" 1 65535) 1000 (assertInt "Priority") 1001 (assertRange "Priority" 0 63) 1002 ]; 1003 1004 sectionBridgeFDB = checkUnitConfig "BridgeFDB" [ 1005 (assertOnlyFields [ 1006 "MACAddress" 1007 "Destination" 1008 "VLANId" 1009 "VNI" 1010 "AssociatedWith" 1011 "OutgoingInterface" 1012 ]) 1013 (assertHasField "MACAddress") 1014 (assertInt "VLANId") 1015 (assertRange "VLANId" 0 4094) 1016 (assertInt "VNI") 1017 (assertRange "VNI" 1 16777215) 1018 (assertValueOneOf "AssociatedWith" [ "use" "self" "master" "router" ]) 1019 ]; 1020 1021 sectionBridgeMDB = checkUnitConfig "BridgeMDB" [ 1022 (assertOnlyFields [ 1023 "MulticastGroupAddress" 1024 "VLANId" 1025 ]) 1026 (assertHasField "MulticastGroupAddress") 1027 (assertInt "VLANId") 1028 (assertRange "VLANId" 0 4094) 1029 ]; 1030 1031 sectionLLDP = checkUnitConfig "LLDP" [ 1032 (assertOnlyFields [ 1033 "MUDURL" 1034 ]) 1035 ]; 1036 1037 sectionCAN = checkUnitConfig "CAN" [ 1038 (assertOnlyFields [ 1039 "BitRate" 1040 "SamplePoint" 1041 "TimeQuantaNSec" 1042 "PropagationSegment" 1043 "PhaseBufferSegment1" 1044 "PhaseBufferSegment2" 1045 "SyncJumpWidth" 1046 "DataBitRate" 1047 "DataSamplePoint" 1048 "DataTimeQuantaNSec" 1049 "DataPropagationSegment" 1050 "DataPhaseBufferSegment1" 1051 "DataPhaseBufferSegment2" 1052 "DataSyncJumpWidth" 1053 "FDMode" 1054 "FDNonISO" 1055 "RestartSec" 1056 "Termination" 1057 "TripleSampling" 1058 "BusErrorReporting" 1059 "ListenOnly" 1060 "Loopback" 1061 "OneShot" 1062 "PresumeAck" 1063 "ClassicDataLengthCode" 1064 ]) 1065 (assertInt "TimeQuantaNSec" ) 1066 (assertRange "TimeQuantaNSec" 0 4294967295 ) 1067 (assertInt "PropagationSegment" ) 1068 (assertRange "PropagationSegment" 0 4294967295 ) 1069 (assertInt "PhaseBufferSegment1" ) 1070 (assertRange "PhaseBufferSegment1" 0 4294967295 ) 1071 (assertInt "PhaseBufferSegment2" ) 1072 (assertRange "PhaseBufferSegment2" 0 4294967295 ) 1073 (assertInt "SyncJumpWidth" ) 1074 (assertRange "SyncJumpWidth" 0 4294967295 ) 1075 (assertInt "DataTimeQuantaNSec" ) 1076 (assertRange "DataTimeQuantaNSec" 0 4294967295 ) 1077 (assertInt "DataPropagationSegment" ) 1078 (assertRange "DataPropagationSegment" 0 4294967295 ) 1079 (assertInt "DataPhaseBufferSegment1" ) 1080 (assertRange "DataPhaseBufferSegment1" 0 4294967295 ) 1081 (assertInt "DataPhaseBufferSegment2" ) 1082 (assertRange "DataPhaseBufferSegment2" 0 4294967295 ) 1083 (assertInt "DataSyncJumpWidth" ) 1084 (assertRange "DataSyncJumpWidth" 0 4294967295 ) 1085 (assertValueOneOf "FDMode" boolValues) 1086 (assertValueOneOf "FDNonISO" boolValues) 1087 (assertValueOneOf "TripleSampling" boolValues) 1088 (assertValueOneOf "BusErrorReporting" boolValues) 1089 (assertValueOneOf "ListenOnly" boolValues) 1090 (assertValueOneOf "Loopback" boolValues) 1091 (assertValueOneOf "OneShot" boolValues) 1092 (assertValueOneOf "PresumeAck" boolValues) 1093 (assertValueOneOf "ClassicDataLengthCode" boolValues) 1094 ]; 1095 1096 sectionIPoIB = checkUnitConfig "IPoIB" [ 1097 (assertOnlyFields [ 1098 "Mode" 1099 "IgnoreUserspaceMulticastGroup" 1100 ]) 1101 (assertValueOneOf "Mode" [ "datagram" "connected" ]) 1102 (assertValueOneOf "IgnoreUserspaceMulticastGroup" boolValues) 1103 ]; 1104 1105 sectionQDisc = checkUnitConfig "QDisc" [ 1106 (assertOnlyFields [ 1107 "Parent" 1108 "Handle" 1109 ]) 1110 (assertValueOneOf "Parent" [ "clsact" "ingress" ]) 1111 ]; 1112 1113 sectionNetworkEmulator = checkUnitConfig "NetworkEmulator" [ 1114 (assertOnlyFields [ 1115 "Parent" 1116 "Handle" 1117 "DelaySec" 1118 "DelayJitterSec" 1119 "PacketLimit" 1120 "LossRate" 1121 "DuplicateRate" 1122 ]) 1123 (assertInt "PacketLimit") 1124 (assertRange "PacketLimit" 0 4294967294) 1125 ]; 1126 1127 sectionTokenBucketFilter = checkUnitConfig "TokenBucketFilter" [ 1128 (assertOnlyFields [ 1129 "Parent" 1130 "Handle" 1131 "LatencySec" 1132 "LimitBytes" 1133 "BurstBytes" 1134 "Rate" 1135 "MPUBytes" 1136 "PeakRate" 1137 "MTUBytes" 1138 ]) 1139 ]; 1140 1141 sectionPIE = checkUnitConfig "PIE" [ 1142 (assertOnlyFields [ 1143 "Parent" 1144 "Handle" 1145 "PacketLimit" 1146 ]) 1147 (assertInt "PacketLimit") 1148 (assertRange "PacketLimit" 1 4294967294) 1149 ]; 1150 1151 sectionFlowQueuePIE = checkUnitConfig "FlowQueuePIE" [ 1152 (assertOnlyFields [ 1153 "Parent" 1154 "Handle" 1155 "PacketLimit" 1156 ]) 1157 (assertInt "PacketLimit") 1158 (assertRange "PacketLimit" 1 4294967294) 1159 ]; 1160 1161 sectionStochasticFairBlue = checkUnitConfig "StochasticFairBlue" [ 1162 (assertOnlyFields [ 1163 "Parent" 1164 "Handle" 1165 "PacketLimit" 1166 ]) 1167 (assertInt "PacketLimit") 1168 (assertRange "PacketLimit" 1 4294967294) 1169 ]; 1170 1171 sectionStochasticFairnessQueueing = checkUnitConfig "StochasticFairnessQueueing" [ 1172 (assertOnlyFields [ 1173 "Parent" 1174 "Handle" 1175 "PerturbPeriodSec" 1176 ]) 1177 (assertInt "PerturbPeriodSec") 1178 ]; 1179 1180 sectionBFIFO = checkUnitConfig "BFIFO" [ 1181 (assertOnlyFields [ 1182 "Parent" 1183 "Handle" 1184 "LimitBytes" 1185 ]) 1186 ]; 1187 1188 sectionPFIFO = checkUnitConfig "PFIFO" [ 1189 (assertOnlyFields [ 1190 "Parent" 1191 "Handle" 1192 "PacketLimit" 1193 ]) 1194 (assertInt "PacketLimit") 1195 (assertRange "PacketLimit" 0 4294967294) 1196 ]; 1197 1198 sectionPFIFOHeadDrop = checkUnitConfig "PFIFOHeadDrop" [ 1199 (assertOnlyFields [ 1200 "Parent" 1201 "Handle" 1202 "PacketLimit" 1203 ]) 1204 (assertInt "PacketLimit") 1205 (assertRange "PacketLimit" 0 4294967294) 1206 ]; 1207 1208 sectionPFIFOFast = checkUnitConfig "PFIFOFast" [ 1209 (assertOnlyFields [ 1210 "Parent" 1211 "Handle" 1212 ]) 1213 ]; 1214 1215 sectionCAKE = checkUnitConfig "CAKE" [ 1216 (assertOnlyFields [ 1217 "Parent" 1218 "Handle" 1219 "Bandwidth" 1220 "AutoRateIngress" 1221 "OverheadBytes" 1222 "MPUBytes" 1223 "CompensationMode" 1224 "UseRawPacketSize" 1225 "FlowIsolationMode" 1226 "NAT" 1227 "PriorityQueueingPreset" 1228 "FirewallMark" 1229 "Wash" 1230 "SplitGSO" 1231 ]) 1232 (assertValueOneOf "AutoRateIngress" boolValues) 1233 (assertInt "OverheadBytes") 1234 (assertRange "OverheadBytes" (-64) 256) 1235 (assertInt "MPUBytes") 1236 (assertRange "MPUBytes" 1 256) 1237 (assertValueOneOf "CompensationMode" [ "none" "atm" "ptm" ]) 1238 (assertValueOneOf "UseRawPacketSize" boolValues) 1239 (assertValueOneOf "FlowIsolationMode" 1240 [ 1241 "none" 1242 "src-host" 1243 "dst-host" 1244 "hosts" 1245 "flows" 1246 "dual-src-host" 1247 "dual-dst-host" 1248 "triple" 1249 ]) 1250 (assertValueOneOf "NAT" boolValues) 1251 (assertValueOneOf "PriorityQueueingPreset" 1252 [ 1253 "besteffort" 1254 "precedence" 1255 "diffserv8" 1256 "diffserv4" 1257 "diffserv3" 1258 ]) 1259 (assertInt "FirewallMark") 1260 (assertRange "FirewallMark" 1 4294967295) 1261 (assertValueOneOf "Wash" boolValues) 1262 (assertValueOneOf "SplitGSO" boolValues) 1263 ]; 1264 1265 sectionControlledDelay = checkUnitConfig "ControlledDelay" [ 1266 (assertOnlyFields [ 1267 "Parent" 1268 "Handle" 1269 "PacketLimit" 1270 "TargetSec" 1271 "IntervalSec" 1272 "ECN" 1273 "CEThresholdSec" 1274 ]) 1275 (assertValueOneOf "ECN" boolValues) 1276 ]; 1277 1278 sectionDeficitRoundRobinScheduler = checkUnitConfig "DeficitRoundRobinScheduler" [ 1279 (assertOnlyFields [ 1280 "Parent" 1281 "Handle" 1282 ]) 1283 ]; 1284 1285 sectionDeficitRoundRobinSchedulerClass = checkUnitConfig "DeficitRoundRobinSchedulerClass" [ 1286 (assertOnlyFields [ 1287 "Parent" 1288 "Handle" 1289 "QuantumBytes" 1290 ]) 1291 ]; 1292 1293 sectionEnhancedTransmissionSelection = checkUnitConfig "EnhancedTransmissionSelection" [ 1294 (assertOnlyFields [ 1295 "Parent" 1296 "Handle" 1297 "Bands" 1298 "StrictBands" 1299 "QuantumBytes" 1300 "PriorityMap" 1301 ]) 1302 (assertInt "Bands") 1303 (assertRange "Bands" 1 16) 1304 (assertInt "StrictBands") 1305 (assertRange "StrictBands" 1 16) 1306 ]; 1307 1308 sectionGenericRandomEarlyDetection = checkUnitConfig "GenericRandomEarlyDetection" [ 1309 (assertOnlyFields [ 1310 "Parent" 1311 "Handle" 1312 "VirtualQueues" 1313 "DefaultVirtualQueue" 1314 "GenericRIO" 1315 ]) 1316 (assertInt "VirtualQueues") 1317 (assertRange "VirtualQueues" 1 16) 1318 (assertInt "DefaultVirtualQueue") 1319 (assertRange "DefaultVirtualQueue" 1 16) 1320 (assertValueOneOf "GenericRIO" boolValues) 1321 ]; 1322 1323 sectionFairQueueingControlledDelay = checkUnitConfig "FairQueueingControlledDelay" [ 1324 (assertOnlyFields [ 1325 "Parent" 1326 "Handle" 1327 "PacketLimit" 1328 "MemoryLimitBytes" 1329 "Flows" 1330 "TargetSec" 1331 "IntervalSec" 1332 "QuantumBytes" 1333 "ECN" 1334 "CEThresholdSec" 1335 ]) 1336 (assertInt "PacketLimit") 1337 (assertInt "Flows") 1338 (assertValueOneOf "ECN" boolValues) 1339 ]; 1340 1341 sectionFairQueueing = checkUnitConfig "FairQueueing" [ 1342 (assertOnlyFields [ 1343 "Parent" 1344 "Handle" 1345 "PacketLimit" 1346 "FlowLimit" 1347 "QuantumBytes" 1348 "InitualQuantumBytes" 1349 "MaximumRate" 1350 "Buckets" 1351 "OrphanMask" 1352 "Pacing" 1353 "CEThresholdSec" 1354 ]) 1355 (assertInt "PacketLimit") 1356 (assertInt "FlowLimit") 1357 (assertInt "OrphanMask") 1358 (assertValueOneOf "Pacing" boolValues) 1359 ]; 1360 1361 sectionTrivialLinkEqualizer = checkUnitConfig "TrivialLinkEqualizer" [ 1362 (assertOnlyFields [ 1363 "Parent" 1364 "Handle" 1365 "Id" 1366 ]) 1367 ]; 1368 1369 sectionHierarchyTokenBucket = checkUnitConfig "HierarchyTokenBucket" [ 1370 (assertOnlyFields [ 1371 "Parent" 1372 "Handle" 1373 "DefaultClass" 1374 "RateToQuantum" 1375 ]) 1376 (assertInt "RateToQuantum") 1377 ]; 1378 1379 sectionHierarchyTokenBucketClass = checkUnitConfig "HierarchyTokenBucketClass" [ 1380 (assertOnlyFields [ 1381 "Parent" 1382 "ClassId" 1383 "Priority" 1384 "QuantumBytes" 1385 "MTUBytes" 1386 "OverheadBytes" 1387 "Rate" 1388 "CeilRate" 1389 "BufferBytes" 1390 "CeilBufferBytes" 1391 ]) 1392 ]; 1393 1394 sectionHeavyHitterFilter = checkUnitConfig "HeavyHitterFilter" [ 1395 (assertOnlyFields [ 1396 "Parent" 1397 "Handle" 1398 "PacketLimit" 1399 ]) 1400 (assertInt "PacketLimit") 1401 (assertRange "PacketLimit" 0 4294967294) 1402 ]; 1403 1404 sectionQuickFairQueueing = checkUnitConfig "QuickFairQueueing" [ 1405 (assertOnlyFields [ 1406 "Parent" 1407 "Handle" 1408 ]) 1409 ]; 1410 1411 sectionQuickFairQueueingClass = checkUnitConfig "QuickFairQueueingClass" [ 1412 (assertOnlyFields [ 1413 "Parent" 1414 "ClassId" 1415 "Weight" 1416 "MaxPacketBytes" 1417 ]) 1418 (assertInt "Weight") 1419 (assertRange "Weight" 1 1023) 1420 ]; 1421 1422 sectionBridgeVLAN = checkUnitConfig "BridgeVLAN" [ 1423 (assertOnlyFields [ 1424 "VLAN" 1425 "EgressUntagged" 1426 "PVID" 1427 ]) 1428 (assertInt "PVID") 1429 (assertRange "PVID" 0 4094) 1430 ]; 1431 }; 1432 }; 1433 1434 commonNetworkOptions = { 1435 1436 enable = mkOption { 1437 default = true; 1438 type = types.bool; 1439 description = lib.mdDoc '' 1440 Whether to manage network configuration using {command}`systemd-network`. 1441 1442 This also enables {option}`systemd.networkd.enable`. 1443 ''; 1444 }; 1445 1446 matchConfig = mkOption { 1447 default = {}; 1448 example = { Name = "eth0"; }; 1449 type = types.attrsOf unitOption; 1450 description = lib.mdDoc '' 1451 Each attribute in this set specifies an option in the 1452 `[Match]` section of the unit. See 1453 {manpage}`systemd.link(5)` 1454 {manpage}`systemd.netdev(5)` 1455 {manpage}`systemd.network(5)` 1456 for details. 1457 ''; 1458 }; 1459 1460 extraConfig = mkOption { 1461 default = ""; 1462 type = types.lines; 1463 description = lib.mdDoc "Extra configuration append to unit"; 1464 }; 1465 }; 1466 1467 networkdOptions = { 1468 networkConfig = mkOption { 1469 default = {}; 1470 example = { SpeedMeter = true; ManageForeignRoutingPolicyRules = false; }; 1471 type = types.addCheck (types.attrsOf unitOption) check.global.sectionNetwork; 1472 description = lib.mdDoc '' 1473 Each attribute in this set specifies an option in the 1474 `[Network]` section of the networkd config. 1475 See {manpage}`networkd.conf(5)` for details. 1476 ''; 1477 }; 1478 1479 dhcpV4Config = mkOption { 1480 default = {}; 1481 example = { DUIDType = "vendor"; }; 1482 type = types.addCheck (types.attrsOf unitOption) check.global.sectionDHCPv4; 1483 description = lib.mdDoc '' 1484 Each attribute in this set specifies an option in the 1485 `[DHCPv4]` section of the networkd config. 1486 See {manpage}`networkd.conf(5)` for details. 1487 ''; 1488 }; 1489 1490 dhcpV6Config = mkOption { 1491 default = {}; 1492 example = { DUIDType = "vendor"; }; 1493 type = types.addCheck (types.attrsOf unitOption) check.global.sectionDHCPv6; 1494 description = lib.mdDoc '' 1495 Each attribute in this set specifies an option in the 1496 `[DHCPv6]` section of the networkd config. 1497 See {manpage}`networkd.conf(5)` for details. 1498 ''; 1499 }; 1500 }; 1501 1502 linkOptions = commonNetworkOptions // { 1503 # overwrite enable option from above 1504 enable = mkOption { 1505 default = true; 1506 type = types.bool; 1507 description = lib.mdDoc '' 1508 Whether to enable this .link unit. It's handled by udev no matter if {command}`systemd-networkd` is enabled or not 1509 ''; 1510 }; 1511 1512 linkConfig = mkOption { 1513 default = {}; 1514 example = { MACAddress = "00:ff:ee:aa:cc:dd"; }; 1515 type = types.addCheck (types.attrsOf unitOption) check.link.sectionLink; 1516 description = lib.mdDoc '' 1517 Each attribute in this set specifies an option in the 1518 `[Link]` section of the unit. See 1519 {manpage}`systemd.link(5)` for details. 1520 ''; 1521 }; 1522 1523 }; 1524 1525 1526 l2tpSessionOptions = { 1527 options = { 1528 l2tpSessionConfig = mkOption { 1529 default = {}; 1530 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionL2TPSession; 1531 description = lib.mdDoc '' 1532 Each attribute in this set specifies an option in the 1533 `[L2TPSession]` section of the unit. See 1534 {manpage}`systemd.netdev(5)` for details. 1535 ''; 1536 }; 1537 }; 1538 }; 1539 1540 wireguardPeerOptions = { 1541 options = { 1542 wireguardPeerConfig = mkOption { 1543 default = {}; 1544 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionWireGuardPeer; 1545 description = lib.mdDoc '' 1546 Each attribute in this set specifies an option in the 1547 `[WireGuardPeer]` section of the unit. See 1548 {manpage}`systemd.network(5)` for details. 1549 ''; 1550 }; 1551 }; 1552 }; 1553 1554 netdevOptions = commonNetworkOptions // { 1555 1556 netdevConfig = mkOption { 1557 example = { Name = "mybridge"; Kind = "bridge"; }; 1558 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionNetdev; 1559 description = lib.mdDoc '' 1560 Each attribute in this set specifies an option in the 1561 `[Netdev]` section of the unit. See 1562 {manpage}`systemd.netdev(5)` for details. 1563 ''; 1564 }; 1565 1566 vlanConfig = mkOption { 1567 default = {}; 1568 example = { Id = 4; }; 1569 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionVLAN; 1570 description = lib.mdDoc '' 1571 Each attribute in this set specifies an option in the 1572 `[VLAN]` section of the unit. See 1573 {manpage}`systemd.netdev(5)` for details. 1574 ''; 1575 }; 1576 1577 macvlanConfig = mkOption { 1578 default = {}; 1579 example = { Mode = "private"; }; 1580 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionMACVLAN; 1581 description = lib.mdDoc '' 1582 Each attribute in this set specifies an option in the 1583 `[MACVLAN]` section of the unit. See 1584 {manpage}`systemd.netdev(5)` for details. 1585 ''; 1586 }; 1587 1588 vxlanConfig = mkOption { 1589 default = {}; 1590 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionVXLAN; 1591 description = lib.mdDoc '' 1592 Each attribute in this set specifies an option in the 1593 `[VXLAN]` section of the unit. See 1594 {manpage}`systemd.netdev(5)` for details. 1595 ''; 1596 }; 1597 1598 tunnelConfig = mkOption { 1599 default = {}; 1600 example = { Remote = "192.168.1.1"; }; 1601 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionTunnel; 1602 description = lib.mdDoc '' 1603 Each attribute in this set specifies an option in the 1604 `[Tunnel]` section of the unit. See 1605 {manpage}`systemd.netdev(5)` for details. 1606 ''; 1607 }; 1608 1609 fooOverUDPConfig = mkOption { 1610 default = { }; 1611 example = { Port = 9001; }; 1612 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionFooOverUDP; 1613 description = lib.mdDoc '' 1614 Each attribute in this set specifies an option in the 1615 `[FooOverUDP]` section of the unit. See 1616 {manpage}`systemd.netdev(5)` for details. 1617 ''; 1618 }; 1619 1620 peerConfig = mkOption { 1621 default = {}; 1622 example = { Name = "veth2"; }; 1623 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionPeer; 1624 description = lib.mdDoc '' 1625 Each attribute in this set specifies an option in the 1626 `[Peer]` section of the unit. See 1627 {manpage}`systemd.netdev(5)` for details. 1628 ''; 1629 }; 1630 1631 tunConfig = mkOption { 1632 default = {}; 1633 example = { User = "openvpn"; }; 1634 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionTun; 1635 description = lib.mdDoc '' 1636 Each attribute in this set specifies an option in the 1637 `[Tun]` section of the unit. See 1638 {manpage}`systemd.netdev(5)` for details. 1639 ''; 1640 }; 1641 1642 tapConfig = mkOption { 1643 default = {}; 1644 example = { User = "openvpn"; }; 1645 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionTap; 1646 description = lib.mdDoc '' 1647 Each attribute in this set specifies an option in the 1648 `[Tap]` section of the unit. See 1649 {manpage}`systemd.netdev(5)` for details. 1650 ''; 1651 }; 1652 1653 l2tpConfig = mkOption { 1654 default = {}; 1655 example = { 1656 TunnelId = 10; 1657 PeerTunnelId = 12; 1658 Local = "static"; 1659 Remote = "192.168.30.101"; 1660 EncapsulationType = "ip"; 1661 }; 1662 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionL2TP; 1663 description = lib.mdDoc '' 1664 Each attribute in this set specifies an option in the 1665 `[L2TP]` section of the unit. See 1666 {manpage}`systemd.netdev(5)` for details. 1667 ''; 1668 }; 1669 1670 l2tpSessions = mkOption { 1671 default = []; 1672 example = [ { l2tpSessionConfig={ 1673 SessionId = 25; 1674 PeerSessionId = 26; 1675 Name = "l2tp-sess"; 1676 };}]; 1677 type = with types; listOf (submodule l2tpSessionOptions); 1678 description = lib.mdDoc '' 1679 Each item in this array specifies an option in the 1680 `[L2TPSession]` section of the unit. See 1681 {manpage}`systemd.netdev(5)` for details. 1682 ''; 1683 }; 1684 1685 wireguardConfig = mkOption { 1686 default = {}; 1687 example = { 1688 PrivateKeyFile = "/etc/wireguard/secret.key"; 1689 ListenPort = 51820; 1690 FirewallMark = 42; 1691 }; 1692 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionWireGuard; 1693 description = lib.mdDoc '' 1694 Each attribute in this set specifies an option in the 1695 `[WireGuard]` section of the unit. See 1696 {manpage}`systemd.netdev(5)` for details. 1697 Use `PrivateKeyFile` instead of 1698 `PrivateKey`: the nix store is 1699 world-readable. 1700 ''; 1701 }; 1702 1703 wireguardPeers = mkOption { 1704 default = []; 1705 example = [ { wireguardPeerConfig={ 1706 Endpoint = "192.168.1.1:51820"; 1707 PublicKey = "27s0OvaBBdHoJYkH9osZpjpgSOVNw+RaKfboT/Sfq0g="; 1708 PresharedKeyFile = "/etc/wireguard/psk.key"; 1709 AllowedIPs = [ "10.0.0.1/32" ]; 1710 PersistentKeepalive = 15; 1711 };}]; 1712 type = with types; listOf (submodule wireguardPeerOptions); 1713 description = lib.mdDoc '' 1714 Each item in this array specifies an option in the 1715 `[WireGuardPeer]` section of the unit. See 1716 {manpage}`systemd.netdev(5)` for details. 1717 Use `PresharedKeyFile` instead of 1718 `PresharedKey`: the nix store is 1719 world-readable. 1720 ''; 1721 }; 1722 1723 bondConfig = mkOption { 1724 default = {}; 1725 example = { Mode = "802.3ad"; }; 1726 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionBond; 1727 description = lib.mdDoc '' 1728 Each attribute in this set specifies an option in the 1729 `[Bond]` section of the unit. See 1730 {manpage}`systemd.netdev(5)` for details. 1731 ''; 1732 }; 1733 1734 xfrmConfig = mkOption { 1735 default = {}; 1736 example = { InterfaceId = 1; }; 1737 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionXfrm; 1738 description = lib.mdDoc '' 1739 Each attribute in this set specifies an option in the 1740 `[Xfrm]` section of the unit. See 1741 {manpage}`systemd.netdev(5)` for details. 1742 ''; 1743 }; 1744 1745 vrfConfig = mkOption { 1746 default = {}; 1747 example = { Table = 2342; }; 1748 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionVRF; 1749 description = lib.mdDoc '' 1750 Each attribute in this set specifies an option in the 1751 `[VRF]` section of the unit. See 1752 {manpage}`systemd.netdev(5)` for details. 1753 A detailed explanation about how VRFs work can be found in the 1754 [kernel docs](https://www.kernel.org/doc/Documentation/networking/vrf.txt). 1755 ''; 1756 }; 1757 1758 batmanAdvancedConfig = mkOption { 1759 default = {}; 1760 example = { 1761 GatewayMode = "server"; 1762 RoutingAlgorithm = "batman-v"; 1763 }; 1764 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionBatmanAdvanced; 1765 description = lib.mdDoc '' 1766 Each attribute in this set specifies an option in the 1767 `[BatmanAdvanced]` section of the unit. See 1768 {manpage}`systemd.netdev(5)` for details. 1769 ''; 1770 }; 1771 1772 }; 1773 1774 addressOptions = { 1775 options = { 1776 addressConfig = mkOption { 1777 example = { Address = "192.168.0.100/24"; }; 1778 type = types.addCheck (types.attrsOf unitOption) check.network.sectionAddress; 1779 description = lib.mdDoc '' 1780 Each attribute in this set specifies an option in the 1781 `[Address]` section of the unit. See 1782 {manpage}`systemd.network(5)` for details. 1783 ''; 1784 }; 1785 }; 1786 }; 1787 1788 routingPolicyRulesOptions = { 1789 options = { 1790 routingPolicyRuleConfig = mkOption { 1791 default = { }; 1792 example = { Table = 10; IncomingInterface = "eth1"; Family = "both"; }; 1793 type = types.addCheck (types.attrsOf unitOption) check.network.sectionRoutingPolicyRule; 1794 description = lib.mdDoc '' 1795 Each attribute in this set specifies an option in the 1796 `[RoutingPolicyRule]` section of the unit. See 1797 {manpage}`systemd.network(5)` for details. 1798 ''; 1799 }; 1800 }; 1801 }; 1802 1803 routeOptions = { 1804 options = { 1805 routeConfig = mkOption { 1806 default = {}; 1807 example = { Gateway = "192.168.0.1"; }; 1808 type = types.addCheck (types.attrsOf unitOption) check.network.sectionRoute; 1809 description = lib.mdDoc '' 1810 Each attribute in this set specifies an option in the 1811 `[Route]` section of the unit. See 1812 {manpage}`systemd.network(5)` for details. 1813 ''; 1814 }; 1815 }; 1816 }; 1817 1818 ipv6PrefixOptions = { 1819 options = { 1820 ipv6PrefixConfig = mkOption { 1821 default = {}; 1822 example = { Prefix = "fd00::/64"; }; 1823 type = types.addCheck (types.attrsOf unitOption) check.network.sectionIPv6Prefix; 1824 description = lib.mdDoc '' 1825 Each attribute in this set specifies an option in the 1826 `[IPv6Prefix]` section of the unit. See 1827 {manpage}`systemd.network(5)` for details. 1828 ''; 1829 }; 1830 }; 1831 }; 1832 1833 ipv6RoutePrefixOptions = { 1834 options = { 1835 ipv6RoutePrefixConfig = mkOption { 1836 default = {}; 1837 example = { Route = "fd00::/64"; }; 1838 type = types.addCheck (types.attrsOf unitOption) check.network.sectionIPv6RoutePrefix; 1839 description = lib.mdDoc '' 1840 Each attribute in this set specifies an option in the 1841 `[IPv6RoutePrefix]` section of the unit. See 1842 {manpage}`systemd.network(5)` for details. 1843 ''; 1844 }; 1845 }; 1846 }; 1847 1848 dhcpServerStaticLeaseOptions = { 1849 options = { 1850 dhcpServerStaticLeaseConfig = mkOption { 1851 default = {}; 1852 example = { MACAddress = "65:43:4a:5b:d8:5f"; Address = "192.168.1.42"; }; 1853 type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPServerStaticLease; 1854 description = lib.mdDoc '' 1855 Each attribute in this set specifies an option in the 1856 `[DHCPServerStaticLease]` section of the unit. See 1857 {manpage}`systemd.network(5)` for details. 1858 1859 Make sure to configure the corresponding client interface to use 1860 `ClientIdentifier=mac`. 1861 ''; 1862 }; 1863 }; 1864 }; 1865 1866 bridgeFDBOptions = { 1867 options = { 1868 bridgeFDBConfig = mkOption { 1869 default = {}; 1870 example = { MACAddress = "65:43:4a:5b:d8:5f"; Destination = "192.168.1.42"; VNI = 20; }; 1871 type = types.addCheck (types.attrsOf unitOption) check.network.sectionBridgeFDB; 1872 description = lib.mdDoc '' 1873 Each attribute in this set specifies an option in the 1874 `[BridgeFDB]` section of the unit. See 1875 {manpage}`systemd.network(5)` for details. 1876 ''; 1877 }; 1878 }; 1879 }; 1880 1881 bridgeMDBOptions = { 1882 options = { 1883 bridgeMDBConfig = mkOption { 1884 default = {}; 1885 example = { MulticastGroupAddress = "ff02::1:2:3:4"; VLANId = 10; }; 1886 type = types.addCheck (types.attrsOf unitOption) check.network.sectionBridgeMDB; 1887 description = lib.mdDoc '' 1888 Each attribute in this set specifies an option in the 1889 `[BridgeMDB]` section of the unit. See 1890 {manpage}`systemd.network(5)` for details. 1891 ''; 1892 }; 1893 }; 1894 }; 1895 1896 bridgeVLANOptions = { 1897 options = { 1898 bridgeMDBConfig = mkOption { 1899 default = {}; 1900 example = { VLAN = 20; }; 1901 type = types.addCheck (types.attrsOf unitOption) check.network.sectionBridgeVLAN; 1902 description = lib.mdDoc '' 1903 Each attribute in this set specifies an option in the 1904 `[BridgeVLAN]` section of the unit. See 1905 {manpage}`systemd.network(5)` for details. 1906 ''; 1907 }; 1908 }; 1909 }; 1910 1911 networkOptions = commonNetworkOptions // { 1912 1913 linkConfig = mkOption { 1914 default = {}; 1915 example = { Unmanaged = true; }; 1916 type = types.addCheck (types.attrsOf unitOption) check.network.sectionLink; 1917 description = lib.mdDoc '' 1918 Each attribute in this set specifies an option in the 1919 `[Link]` section of the unit. See 1920 {manpage}`systemd.network(5)` for details. 1921 ''; 1922 }; 1923 1924 networkConfig = mkOption { 1925 default = {}; 1926 example = { Description = "My Network"; }; 1927 type = types.addCheck (types.attrsOf unitOption) check.network.sectionNetwork; 1928 description = lib.mdDoc '' 1929 Each attribute in this set specifies an option in the 1930 `[Network]` section of the unit. See 1931 {manpage}`systemd.network(5)` for details. 1932 ''; 1933 }; 1934 1935 # systemd.network.networks.*.dhcpConfig has been deprecated in favor of ….dhcpV4Config 1936 # Produce a nice warning message so users know it is gone. 1937 dhcpConfig = mkOption { 1938 visible = false; 1939 apply = _: throw "The option `systemd.network.networks.*.dhcpConfig` can no longer be used since it's been removed. Please use `systemd.network.networks.*.dhcpV4Config` instead."; 1940 }; 1941 1942 dhcpV4Config = mkOption { 1943 default = {}; 1944 example = { UseDNS = true; UseRoutes = true; }; 1945 type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPv4; 1946 description = lib.mdDoc '' 1947 Each attribute in this set specifies an option in the 1948 `[DHCPv4]` section of the unit. See 1949 {manpage}`systemd.network(5)` for details. 1950 ''; 1951 }; 1952 1953 dhcpV6Config = mkOption { 1954 default = {}; 1955 example = { UseDNS = true; }; 1956 type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPv6; 1957 description = lib.mdDoc '' 1958 Each attribute in this set specifies an option in the 1959 `[DHCPv6]` section of the unit. See 1960 {manpage}`systemd.network(5)` for details. 1961 ''; 1962 }; 1963 1964 dhcpV6PrefixDelegationConfig = mkOption { 1965 visible = false; 1966 apply = _: throw "The option `systemd.network.networks.<name>.dhcpV6PrefixDelegationConfig` has been renamed to `systemd.network.networks.<name>.dhcpPrefixDelegationConfig`."; 1967 }; 1968 1969 dhcpPrefixDelegationConfig = mkOption { 1970 default = {}; 1971 example = { SubnetId = "auto"; Announce = true; }; 1972 type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPPrefixDelegation; 1973 description = lib.mdDoc '' 1974 Each attribute in this set specifies an option in the 1975 `[DHCPPrefixDelegation]` section of the unit. See 1976 {manpage}`systemd.network(5)` for details. 1977 ''; 1978 }; 1979 1980 ipv6AcceptRAConfig = mkOption { 1981 default = {}; 1982 example = { UseDNS = true; DHCPv6Client = "always"; }; 1983 type = types.addCheck (types.attrsOf unitOption) check.network.sectionIPv6AcceptRA; 1984 description = lib.mdDoc '' 1985 Each attribute in this set specifies an option in the 1986 `[IPv6AcceptRA]` section of the unit. See 1987 {manpage}`systemd.network(5)` for details. 1988 ''; 1989 }; 1990 1991 dhcpServerConfig = mkOption { 1992 default = {}; 1993 example = { PoolOffset = 50; EmitDNS = false; }; 1994 type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPServer; 1995 description = lib.mdDoc '' 1996 Each attribute in this set specifies an option in the 1997 `[DHCPServer]` section of the unit. See 1998 {manpage}`systemd.network(5)` for details. 1999 ''; 2000 }; 2001 2002 # systemd.network.networks.*.ipv6PrefixDelegationConfig has been deprecated 2003 # in 247 in favor of systemd.network.networks.*.ipv6SendRAConfig. 2004 ipv6PrefixDelegationConfig = mkOption { 2005 visible = false; 2006 apply = _: throw "The option `systemd.network.networks.*.ipv6PrefixDelegationConfig` has been replaced by `systemd.network.networks.*.ipv6SendRAConfig`."; 2007 }; 2008 2009 ipv6SendRAConfig = mkOption { 2010 default = {}; 2011 example = { EmitDNS = true; Managed = true; OtherInformation = true; }; 2012 type = types.addCheck (types.attrsOf unitOption) check.network.sectionIPv6SendRA; 2013 description = lib.mdDoc '' 2014 Each attribute in this set specifies an option in the 2015 `[IPv6SendRA]` section of the unit. See 2016 {manpage}`systemd.network(5)` for details. 2017 ''; 2018 }; 2019 2020 dhcpServerStaticLeases = mkOption { 2021 default = []; 2022 example = [ { dhcpServerStaticLeaseConfig = { MACAddress = "65:43:4a:5b:d8:5f"; Address = "192.168.1.42"; }; } ]; 2023 type = with types; listOf (submodule dhcpServerStaticLeaseOptions); 2024 description = lib.mdDoc '' 2025 A list of DHCPServerStaticLease sections to be added to the unit. See 2026 {manpage}`systemd.network(5)` for details. 2027 ''; 2028 }; 2029 2030 ipv6Prefixes = mkOption { 2031 default = []; 2032 example = [ { ipv6PrefixConfig = { AddressAutoconfiguration = true; OnLink = true; }; } ]; 2033 type = with types; listOf (submodule ipv6PrefixOptions); 2034 description = lib.mdDoc '' 2035 A list of ipv6Prefix sections to be added to the unit. See 2036 {manpage}`systemd.network(5)` for details. 2037 ''; 2038 }; 2039 2040 ipv6RoutePrefixes = mkOption { 2041 default = []; 2042 example = [ { ipv6RoutePrefixConfig = { Route = "fd00::/64"; LifetimeSec = 3600; }; } ]; 2043 type = with types; listOf (submodule ipv6RoutePrefixOptions); 2044 description = lib.mdDoc '' 2045 A list of ipv6RoutePrefix sections to be added to the unit. See 2046 {manpage}`systemd.network(5)` for details. 2047 ''; 2048 }; 2049 2050 bridgeConfig = mkOption { 2051 default = {}; 2052 example = { MulticastFlood = false; Cost = 20; }; 2053 type = types.addCheck (types.attrsOf unitOption) check.network.sectionBridge; 2054 description = lib.mdDoc '' 2055 Each attribute in this set specifies an option in the 2056 `[Bridge]` section of the unit. See 2057 {manpage}`systemd.network(5)` for details. 2058 ''; 2059 }; 2060 2061 bridgeFDBs = mkOption { 2062 default = []; 2063 example = [ { bridgeFDBConfig = { MACAddress = "90:e2:ba:43:fc:71"; Destination = "192.168.100.4"; VNI = 3600; }; } ]; 2064 type = with types; listOf (submodule bridgeFDBOptions); 2065 description = lib.mdDoc '' 2066 A list of BridgeFDB sections to be added to the unit. See 2067 {manpage}`systemd.network(5)` for details. 2068 ''; 2069 }; 2070 2071 bridgeMDBs = mkOption { 2072 default = []; 2073 example = [ { bridgeMDBConfig = { MulticastGroupAddress = "ff02::1:2:3:4"; VLANId = 10; } ; } ]; 2074 type = with types; listOf (submodule bridgeMDBOptions); 2075 description = lib.mdDoc '' 2076 A list of BridgeMDB sections to be added to the unit. See 2077 {manpage}`systemd.network(5)` for details. 2078 ''; 2079 }; 2080 2081 lldpConfig = mkOption { 2082 default = {}; 2083 example = { MUDURL = "https://things.example.org/product_abc123/v5"; }; 2084 type = types.addCheck (types.attrsOf unitOption) check.network.sectionLLDP; 2085 description = lib.mdDoc '' 2086 Each attribute in this set specifies an option in the 2087 `[LLDP]` section of the unit. See 2088 {manpage}`systemd.network(5)` for details. 2089 ''; 2090 }; 2091 2092 canConfig = mkOption { 2093 default = {}; 2094 example = { }; 2095 type = types.addCheck (types.attrsOf unitOption) check.network.sectionCAN; 2096 description = lib.mdDoc '' 2097 Each attribute in this set specifies an option in the 2098 `[CAN]` section of the unit. See 2099 {manpage}`systemd.network(5)` for details. 2100 ''; 2101 }; 2102 2103 ipoIBConfig = mkOption { 2104 default = {}; 2105 example = { }; 2106 type = types.addCheck (types.attrsOf unitOption) check.network.sectionIPoIB; 2107 description = lib.mdDoc '' 2108 Each attribute in this set specifies an option in the 2109 `[IPoIB]` section of the unit. See 2110 {manpage}`systemd.network(5)` for details. 2111 ''; 2112 }; 2113 2114 qdiscConfig = mkOption { 2115 default = {}; 2116 example = { Parent = "ingress"; }; 2117 type = types.addCheck (types.attrsOf unitOption) check.network.sectionQDisc; 2118 description = lib.mdDoc '' 2119 Each attribute in this set specifies an option in the 2120 `[QDisc]` section of the unit. See 2121 {manpage}`systemd.network(5)` for details. 2122 ''; 2123 }; 2124 2125 networkEmulatorConfig = mkOption { 2126 default = {}; 2127 example = { Parent = "ingress"; DelaySec = "20msec"; }; 2128 type = types.addCheck (types.attrsOf unitOption) check.network.sectionNetworkEmulator; 2129 description = lib.mdDoc '' 2130 Each attribute in this set specifies an option in the 2131 `[NetworkEmulator]` section of the unit. See 2132 {manpage}`systemd.network(5)` for details. 2133 ''; 2134 }; 2135 2136 tokenBucketFilterConfig = mkOption { 2137 default = {}; 2138 example = { Parent = "ingress"; Rate = "100k"; }; 2139 type = types.addCheck (types.attrsOf unitOption) check.network.sectionTokenBucketFilter; 2140 description = lib.mdDoc '' 2141 Each attribute in this set specifies an option in the 2142 `[TokenBucketFilter]` section of the unit. See 2143 {manpage}`systemd.network(5)` for details. 2144 ''; 2145 }; 2146 2147 pieConfig = mkOption { 2148 default = {}; 2149 example = { Parent = "ingress"; PacketLimit = "3847"; }; 2150 type = types.addCheck (types.attrsOf unitOption) check.network.sectionPIE; 2151 description = lib.mdDoc '' 2152 Each attribute in this set specifies an option in the 2153 `[PIE]` section of the unit. See 2154 {manpage}`systemd.network(5)` for details. 2155 ''; 2156 }; 2157 2158 flowQueuePIEConfig = mkOption { 2159 default = {}; 2160 example = { Parent = "ingress"; PacketLimit = "3847"; }; 2161 type = types.addCheck (types.attrsOf unitOption) check.network.sectionFlowQueuePIE; 2162 description = lib.mdDoc '' 2163 Each attribute in this set specifies an option in the 2164 `[FlowQueuePIE]` section of the unit. See 2165 {manpage}`systemd.network(5)` for details. 2166 ''; 2167 }; 2168 2169 stochasticFairBlueConfig = mkOption { 2170 default = {}; 2171 example = { Parent = "ingress"; PacketLimit = "3847"; }; 2172 type = types.addCheck (types.attrsOf unitOption) check.network.sectionStochasticFairBlue; 2173 description = lib.mdDoc '' 2174 Each attribute in this set specifies an option in the 2175 `[StochasticFairBlue]` section of the unit. See 2176 {manpage}`systemd.network(5)` for details. 2177 ''; 2178 }; 2179 2180 stochasticFairnessQueueingConfig = mkOption { 2181 default = {}; 2182 example = { Parent = "ingress"; PerturbPeriodSec = "30"; }; 2183 type = types.addCheck (types.attrsOf unitOption) check.network.sectionStochasticFairnessQueueing; 2184 description = lib.mdDoc '' 2185 Each attribute in this set specifies an option in the 2186 `[StochasticFairnessQueueing]` section of the unit. See 2187 {manpage}`systemd.network(5)` for details. 2188 ''; 2189 }; 2190 2191 bfifoConfig = mkOption { 2192 default = {}; 2193 example = { Parent = "ingress"; LimitBytes = "20K"; }; 2194 type = types.addCheck (types.attrsOf unitOption) check.network.sectionBFIFO; 2195 description = lib.mdDoc '' 2196 Each attribute in this set specifies an option in the 2197 `[BFIFO]` section of the unit. See 2198 {manpage}`systemd.network(5)` for details. 2199 ''; 2200 }; 2201 2202 pfifoConfig = mkOption { 2203 default = {}; 2204 example = { Parent = "ingress"; PacketLimit = "300"; }; 2205 type = types.addCheck (types.attrsOf unitOption) check.network.sectionPFIFO; 2206 description = lib.mdDoc '' 2207 Each attribute in this set specifies an option in the 2208 `[PFIFO]` section of the unit. See 2209 {manpage}`systemd.network(5)` for details. 2210 ''; 2211 }; 2212 2213 pfifoHeadDropConfig = mkOption { 2214 default = {}; 2215 example = { Parent = "ingress"; PacketLimit = "300"; }; 2216 type = types.addCheck (types.attrsOf unitOption) check.network.sectionPFIFOHeadDrop; 2217 description = lib.mdDoc '' 2218 Each attribute in this set specifies an option in the 2219 `[PFIFOHeadDrop]` section of the unit. See 2220 {manpage}`systemd.network(5)` for details. 2221 ''; 2222 }; 2223 2224 pfifoFastConfig = mkOption { 2225 default = {}; 2226 example = { Parent = "ingress"; }; 2227 type = types.addCheck (types.attrsOf unitOption) check.network.sectionPFIFOFast; 2228 description = lib.mdDoc '' 2229 Each attribute in this set specifies an option in the 2230 `[PFIFOFast]` section of the unit. See 2231 {manpage}`systemd.network(5)` for details. 2232 ''; 2233 }; 2234 2235 cakeConfig = mkOption { 2236 default = {}; 2237 example = { Bandwidth = "40M"; OverheadBytes = 8; CompensationMode = "ptm"; }; 2238 type = types.addCheck (types.attrsOf unitOption) check.network.sectionCAKE; 2239 description = lib.mdDoc '' 2240 Each attribute in this set specifies an option in the 2241 `[CAKE]` section of the unit. See 2242 {manpage}`systemd.network(5)` for details. 2243 ''; 2244 }; 2245 2246 controlledDelayConfig = mkOption { 2247 default = {}; 2248 example = { Parent = "ingress"; TargetSec = "20msec"; }; 2249 type = types.addCheck (types.attrsOf unitOption) check.network.sectionControlledDelay; 2250 description = lib.mdDoc '' 2251 Each attribute in this set specifies an option in the 2252 `[ControlledDelay]` section of the unit. See 2253 {manpage}`systemd.network(5)` for details. 2254 ''; 2255 }; 2256 2257 deficitRoundRobinSchedulerConfig = mkOption { 2258 default = {}; 2259 example = { Parent = "root"; }; 2260 type = types.addCheck (types.attrsOf unitOption) check.network.sectionDeficitRoundRobinScheduler; 2261 description = lib.mdDoc '' 2262 Each attribute in this set specifies an option in the 2263 `[DeficitRoundRobinScheduler]` section of the unit. See 2264 {manpage}`systemd.network(5)` for details. 2265 ''; 2266 }; 2267 2268 deficitRoundRobinSchedulerClassConfig = mkOption { 2269 default = {}; 2270 example = { Parent = "root"; QuantumBytes = "300k"; }; 2271 type = types.addCheck (types.attrsOf unitOption) check.network.sectionDeficitRoundRobinSchedulerClass; 2272 description = lib.mdDoc '' 2273 Each attribute in this set specifies an option in the 2274 `[DeficitRoundRobinSchedulerClass]` section of the unit. See 2275 {manpage}`systemd.network(5)` for details. 2276 ''; 2277 }; 2278 2279 enhancedTransmissionSelectionConfig = mkOption { 2280 default = {}; 2281 example = { Parent = "root"; QuantumBytes = "300k"; Bands = 3; PriorityMap = "100 200 300"; }; 2282 type = types.addCheck (types.attrsOf unitOption) check.network.sectionEnhancedTransmissionSelection; 2283 description = lib.mdDoc '' 2284 Each attribute in this set specifies an option in the 2285 `[EnhancedTransmissionSelection]` section of the unit. See 2286 {manpage}`systemd.network(5)` for details. 2287 ''; 2288 }; 2289 2290 genericRandomEarlyDetectionConfig = mkOption { 2291 default = {}; 2292 example = { Parent = "root"; VirtualQueues = 5; DefaultVirtualQueue = 3; }; 2293 type = types.addCheck (types.attrsOf unitOption) check.network.sectionGenericRandomEarlyDetection; 2294 description = lib.mdDoc '' 2295 Each attribute in this set specifies an option in the 2296 `[GenericRandomEarlyDetection]` section of the unit. See 2297 {manpage}`systemd.network(5)` for details. 2298 ''; 2299 }; 2300 2301 fairQueueingControlledDelayConfig = mkOption { 2302 default = {}; 2303 example = { Parent = "root"; Flows = 5; }; 2304 type = types.addCheck (types.attrsOf unitOption) check.network.sectionFairQueueingControlledDelay; 2305 description = lib.mdDoc '' 2306 Each attribute in this set specifies an option in the 2307 `[FairQueueingControlledDelay]` section of the unit. See 2308 {manpage}`systemd.network(5)` for details. 2309 ''; 2310 }; 2311 2312 fairQueueingConfig = mkOption { 2313 default = {}; 2314 example = { Parent = "root"; FlowLimit = 5; }; 2315 type = types.addCheck (types.attrsOf unitOption) check.network.sectionFairQueueing; 2316 description = lib.mdDoc '' 2317 Each attribute in this set specifies an option in the 2318 `[FairQueueing]` section of the unit. See 2319 {manpage}`systemd.network(5)` for details. 2320 ''; 2321 }; 2322 2323 trivialLinkEqualizerConfig = mkOption { 2324 default = {}; 2325 example = { Parent = "root"; Id = 0; }; 2326 type = types.addCheck (types.attrsOf unitOption) check.network.sectionTrivialLinkEqualizer; 2327 description = lib.mdDoc '' 2328 Each attribute in this set specifies an option in the 2329 `[TrivialLinkEqualizer]` section of the unit. See 2330 {manpage}`systemd.network(5)` for details. 2331 ''; 2332 }; 2333 2334 hierarchyTokenBucketConfig = mkOption { 2335 default = {}; 2336 example = { Parent = "root"; }; 2337 type = types.addCheck (types.attrsOf unitOption) check.network.sectionHierarchyTokenBucket; 2338 description = lib.mdDoc '' 2339 Each attribute in this set specifies an option in the 2340 `[HierarchyTokenBucket]` section of the unit. See 2341 {manpage}`systemd.network(5)` for details. 2342 ''; 2343 }; 2344 2345 hierarchyTokenBucketClassConfig = mkOption { 2346 default = {}; 2347 example = { Parent = "root"; Rate = "10M"; }; 2348 type = types.addCheck (types.attrsOf unitOption) check.network.sectionHierarchyTokenBucketClass; 2349 description = lib.mdDoc '' 2350 Each attribute in this set specifies an option in the 2351 `[HierarchyTokenBucketClass]` section of the unit. See 2352 {manpage}`systemd.network(5)` for details. 2353 ''; 2354 }; 2355 2356 heavyHitterFilterConfig = mkOption { 2357 default = {}; 2358 example = { Parent = "root"; PacketLimit = 10000; }; 2359 type = types.addCheck (types.attrsOf unitOption) check.network.sectionHeavyHitterFilter; 2360 description = lib.mdDoc '' 2361 Each attribute in this set specifies an option in the 2362 `[HeavyHitterFilter]` section of the unit. See 2363 {manpage}`systemd.network(5)` for details. 2364 ''; 2365 }; 2366 2367 quickFairQueueingConfig = mkOption { 2368 default = {}; 2369 example = { Parent = "root"; }; 2370 type = types.addCheck (types.attrsOf unitOption) check.network.sectionQuickFairQueueing; 2371 description = lib.mdDoc '' 2372 Each attribute in this set specifies an option in the 2373 `[QuickFairQueueing]` section of the unit. See 2374 {manpage}`systemd.network(5)` for details. 2375 ''; 2376 }; 2377 2378 quickFairQueueingConfigClass = mkOption { 2379 default = {}; 2380 example = { Parent = "root"; Weight = 133; }; 2381 type = types.addCheck (types.attrsOf unitOption) check.network.sectionQuickFairQueueingClass; 2382 description = lib.mdDoc '' 2383 Each attribute in this set specifies an option in the 2384 `[QuickFairQueueingClass]` section of the unit. See 2385 {manpage}`systemd.network(5)` for details. 2386 ''; 2387 }; 2388 2389 bridgeVLANConfig = mkOption { 2390 default = {}; 2391 example = { VLAN = "10-20"; }; 2392 type = types.addCheck (types.attrsOf unitOption) check.network.sectionBridgeVLAN; 2393 description = lib.mdDoc '' 2394 Each attribute in this set specifies an option in the 2395 `[BridgeVLAN]` section of the unit. See 2396 {manpage}`systemd.network(5)` for details. 2397 ''; 2398 }; 2399 2400 bridgeVLANs = mkOption { 2401 default = []; 2402 example = [ { bridgeVLANConfig = { VLAN = "10-20"; }; } ]; 2403 type = with types; listOf (submodule bridgeVLANOptions); 2404 description = lib.mdDoc '' 2405 A list of BridgeVLAN sections to be added to the unit. See 2406 {manpage}`systemd.network(5)` for details. 2407 ''; 2408 }; 2409 2410 name = mkOption { 2411 type = types.nullOr types.str; 2412 default = null; 2413 description = lib.mdDoc '' 2414 The name of the network interface to match against. 2415 ''; 2416 }; 2417 2418 DHCP = mkOption { 2419 type = types.nullOr types.str; 2420 default = null; 2421 description = lib.mdDoc '' 2422 Whether to enable DHCP on the interfaces matched. 2423 ''; 2424 }; 2425 2426 domains = mkOption { 2427 type = types.nullOr (types.listOf types.str); 2428 default = null; 2429 description = lib.mdDoc '' 2430 A list of domains to pass to the network config. 2431 ''; 2432 }; 2433 2434 address = mkOption { 2435 default = [ ]; 2436 type = types.listOf types.str; 2437 description = lib.mdDoc '' 2438 A list of addresses to be added to the network section of the 2439 unit. See {manpage}`systemd.network(5)` for details. 2440 ''; 2441 }; 2442 2443 gateway = mkOption { 2444 default = [ ]; 2445 type = types.listOf types.str; 2446 description = lib.mdDoc '' 2447 A list of gateways to be added to the network section of the 2448 unit. See {manpage}`systemd.network(5)` for details. 2449 ''; 2450 }; 2451 2452 dns = mkOption { 2453 default = [ ]; 2454 type = types.listOf types.str; 2455 description = lib.mdDoc '' 2456 A list of dns servers to be added to the network section of the 2457 unit. See {manpage}`systemd.network(5)` for details. 2458 ''; 2459 }; 2460 2461 ntp = mkOption { 2462 default = [ ]; 2463 type = types.listOf types.str; 2464 description = lib.mdDoc '' 2465 A list of ntp servers to be added to the network section of the 2466 unit. See {manpage}`systemd.network(5)` for details. 2467 ''; 2468 }; 2469 2470 bridge = mkOption { 2471 default = [ ]; 2472 type = types.listOf types.str; 2473 description = lib.mdDoc '' 2474 A list of bridge interfaces to be added to the network section of the 2475 unit. See {manpage}`systemd.network(5)` for details. 2476 ''; 2477 }; 2478 2479 bond = mkOption { 2480 default = [ ]; 2481 type = types.listOf types.str; 2482 description = lib.mdDoc '' 2483 A list of bond interfaces to be added to the network section of the 2484 unit. See {manpage}`systemd.network(5)` for details. 2485 ''; 2486 }; 2487 2488 vrf = mkOption { 2489 default = [ ]; 2490 type = types.listOf types.str; 2491 description = lib.mdDoc '' 2492 A list of vrf interfaces to be added to the network section of the 2493 unit. See {manpage}`systemd.network(5)` for details. 2494 ''; 2495 }; 2496 2497 vlan = mkOption { 2498 default = [ ]; 2499 type = types.listOf types.str; 2500 description = lib.mdDoc '' 2501 A list of vlan interfaces to be added to the network section of the 2502 unit. See {manpage}`systemd.network(5)` for details. 2503 ''; 2504 }; 2505 2506 macvlan = mkOption { 2507 default = [ ]; 2508 type = types.listOf types.str; 2509 description = lib.mdDoc '' 2510 A list of macvlan interfaces to be added to the network section of the 2511 unit. See {manpage}`systemd.network(5)` for details. 2512 ''; 2513 }; 2514 2515 vxlan = mkOption { 2516 default = [ ]; 2517 type = types.listOf types.str; 2518 description = lib.mdDoc '' 2519 A list of vxlan interfaces to be added to the network section of the 2520 unit. See {manpage}`systemd.network(5)` for details. 2521 ''; 2522 }; 2523 2524 tunnel = mkOption { 2525 default = [ ]; 2526 type = types.listOf types.str; 2527 description = lib.mdDoc '' 2528 A list of tunnel interfaces to be added to the network section of the 2529 unit. See {manpage}`systemd.network(5)` for details. 2530 ''; 2531 }; 2532 2533 xfrm = mkOption { 2534 default = [ ]; 2535 type = types.listOf types.str; 2536 description = lib.mdDoc '' 2537 A list of xfrm interfaces to be added to the network section of the 2538 unit. See {manpage}`systemd.network(5)` for details. 2539 ''; 2540 }; 2541 2542 addresses = mkOption { 2543 default = [ ]; 2544 type = with types; listOf (submodule addressOptions); 2545 description = lib.mdDoc '' 2546 A list of address sections to be added to the unit. See 2547 {manpage}`systemd.network(5)` for details. 2548 ''; 2549 }; 2550 2551 routingPolicyRules = mkOption { 2552 default = [ ]; 2553 type = with types; listOf (submodule routingPolicyRulesOptions); 2554 description = lib.mdDoc '' 2555 A list of routing policy rules sections to be added to the unit. See 2556 {manpage}`systemd.network(5)` for details. 2557 ''; 2558 }; 2559 2560 routes = mkOption { 2561 default = [ ]; 2562 type = with types; listOf (submodule routeOptions); 2563 description = lib.mdDoc '' 2564 A list of route sections to be added to the unit. See 2565 {manpage}`systemd.network(5)` for details. 2566 ''; 2567 }; 2568 2569 }; 2570 2571 networkConfig = { config, ... }: { 2572 config = { 2573 matchConfig = optionalAttrs (config.name != null) { 2574 Name = config.name; 2575 }; 2576 networkConfig = optionalAttrs (config.DHCP != null) { 2577 DHCP = config.DHCP; 2578 } // optionalAttrs (config.domains != null) { 2579 Domains = concatStringsSep " " config.domains; 2580 }; 2581 }; 2582 }; 2583 2584 networkdConfig = { config, ... }: { 2585 options = { 2586 routeTables = mkOption { 2587 default = {}; 2588 example = { foo = 27; }; 2589 type = with types; attrsOf int; 2590 description = lib.mdDoc '' 2591 Defines route table names as an attrset of name to number. 2592 See {manpage}`networkd.conf(5)` for details. 2593 ''; 2594 }; 2595 2596 addRouteTablesToIPRoute2 = mkOption { 2597 default = true; 2598 example = false; 2599 type = types.bool; 2600 description = lib.mdDoc '' 2601 If true and routeTables are set, then the specified route tables 2602 will also be installed into /etc/iproute2/rt_tables. 2603 ''; 2604 }; 2605 }; 2606 2607 config = { 2608 networkConfig = optionalAttrs (config.routeTables != { }) { 2609 RouteTable = mapAttrsToList 2610 (name: number: "${name}:${toString number}") 2611 config.routeTables; 2612 }; 2613 }; 2614 }; 2615 2616 commonMatchText = def: optionalString (def.matchConfig != { }) '' 2617 [Match] 2618 ${attrsToSection def.matchConfig} 2619 ''; 2620 2621 linkToUnit = name: def: 2622 { inherit (def) enable; 2623 text = commonMatchText def 2624 + '' 2625 [Link] 2626 ${attrsToSection def.linkConfig} 2627 '' 2628 + def.extraConfig; 2629 }; 2630 2631 netdevToUnit = name: def: 2632 { inherit (def) enable; 2633 text = commonMatchText def 2634 + '' 2635 [NetDev] 2636 ${attrsToSection def.netdevConfig} 2637 '' 2638 + optionalString (def.vlanConfig != { }) '' 2639 [VLAN] 2640 ${attrsToSection def.vlanConfig} 2641 '' 2642 + optionalString (def.macvlanConfig != { }) '' 2643 [MACVLAN] 2644 ${attrsToSection def.macvlanConfig} 2645 '' 2646 + optionalString (def.vxlanConfig != { }) '' 2647 [VXLAN] 2648 ${attrsToSection def.vxlanConfig} 2649 '' 2650 + optionalString (def.tunnelConfig != { }) '' 2651 [Tunnel] 2652 ${attrsToSection def.tunnelConfig} 2653 '' 2654 + optionalString (def.fooOverUDPConfig != { }) '' 2655 [FooOverUDP] 2656 ${attrsToSection def.fooOverUDPConfig} 2657 '' 2658 + optionalString (def.peerConfig != { }) '' 2659 [Peer] 2660 ${attrsToSection def.peerConfig} 2661 '' 2662 + optionalString (def.tunConfig != { }) '' 2663 [Tun] 2664 ${attrsToSection def.tunConfig} 2665 '' 2666 + optionalString (def.tapConfig != { }) '' 2667 [Tap] 2668 ${attrsToSection def.tapConfig} 2669 '' 2670 + optionalString (def.l2tpConfig != { }) '' 2671 [L2TP] 2672 ${attrsToSection def.l2tpConfig} 2673 '' 2674 + flip concatMapStrings def.l2tpSessions (x: '' 2675 [L2TPSession] 2676 ${attrsToSection x.l2tpSessionConfig} 2677 '') 2678 + optionalString (def.wireguardConfig != { }) '' 2679 [WireGuard] 2680 ${attrsToSection def.wireguardConfig} 2681 '' 2682 + flip concatMapStrings def.wireguardPeers (x: '' 2683 [WireGuardPeer] 2684 ${attrsToSection x.wireguardPeerConfig} 2685 '') 2686 + optionalString (def.bondConfig != { }) '' 2687 [Bond] 2688 ${attrsToSection def.bondConfig} 2689 '' 2690 + optionalString (def.xfrmConfig != { }) '' 2691 [Xfrm] 2692 ${attrsToSection def.xfrmConfig} 2693 '' 2694 + optionalString (def.vrfConfig != { }) '' 2695 [VRF] 2696 ${attrsToSection def.vrfConfig} 2697 '' 2698 + optionalString (def.batmanAdvancedConfig != { }) '' 2699 [BatmanAdvanced] 2700 ${attrsToSection def.batmanAdvancedConfig} 2701 '' 2702 + def.extraConfig; 2703 }; 2704 2705 renderConfig = def: 2706 { text = '' 2707 [Network] 2708 ${attrsToSection def.networkConfig} 2709 '' 2710 + optionalString (def.dhcpV4Config != { }) '' 2711 [DHCPv4] 2712 ${attrsToSection def.dhcpV4Config} 2713 '' 2714 + optionalString (def.dhcpV6Config != { }) '' 2715 [DHCPv6] 2716 ${attrsToSection def.dhcpV6Config} 2717 ''; }; 2718 2719 networkToUnit = name: def: 2720 { inherit (def) enable; 2721 text = commonMatchText def 2722 + optionalString (def.linkConfig != { }) '' 2723 [Link] 2724 ${attrsToSection def.linkConfig} 2725 '' 2726 + '' 2727 [Network] 2728 '' 2729 + attrsToSection def.networkConfig 2730 + optionalString (def.address != [ ]) '' 2731 ${concatStringsSep "\n" (map (s: "Address=${s}") def.address)} 2732 '' 2733 + optionalString (def.gateway != [ ]) '' 2734 ${concatStringsSep "\n" (map (s: "Gateway=${s}") def.gateway)} 2735 '' 2736 + optionalString (def.dns != [ ]) '' 2737 ${concatStringsSep "\n" (map (s: "DNS=${s}") def.dns)} 2738 '' 2739 + optionalString (def.ntp != [ ]) '' 2740 ${concatStringsSep "\n" (map (s: "NTP=${s}") def.ntp)} 2741 '' 2742 + optionalString (def.bridge != [ ]) '' 2743 ${concatStringsSep "\n" (map (s: "Bridge=${s}") def.bridge)} 2744 '' 2745 + optionalString (def.bond != [ ]) '' 2746 ${concatStringsSep "\n" (map (s: "Bond=${s}") def.bond)} 2747 '' 2748 + optionalString (def.vrf != [ ]) '' 2749 ${concatStringsSep "\n" (map (s: "VRF=${s}") def.vrf)} 2750 '' 2751 + optionalString (def.vlan != [ ]) '' 2752 ${concatStringsSep "\n" (map (s: "VLAN=${s}") def.vlan)} 2753 '' 2754 + optionalString (def.macvlan != [ ]) '' 2755 ${concatStringsSep "\n" (map (s: "MACVLAN=${s}") def.macvlan)} 2756 '' 2757 + optionalString (def.vxlan != [ ]) '' 2758 ${concatStringsSep "\n" (map (s: "VXLAN=${s}") def.vxlan)} 2759 '' 2760 + optionalString (def.tunnel != [ ]) '' 2761 ${concatStringsSep "\n" (map (s: "Tunnel=${s}") def.tunnel)} 2762 '' 2763 + optionalString (def.xfrm != [ ]) '' 2764 ${concatStringsSep "\n" (map (s: "Xfrm=${s}") def.xfrm)} 2765 '' 2766 + '' 2767 2768 '' 2769 + flip concatMapStrings def.addresses (x: '' 2770 [Address] 2771 ${attrsToSection x.addressConfig} 2772 '') 2773 + flip concatMapStrings def.routingPolicyRules (x: '' 2774 [RoutingPolicyRule] 2775 ${attrsToSection x.routingPolicyRuleConfig} 2776 '') 2777 + flip concatMapStrings def.routes (x: '' 2778 [Route] 2779 ${attrsToSection x.routeConfig} 2780 '') 2781 + optionalString (def.dhcpV4Config != { }) '' 2782 [DHCPv4] 2783 ${attrsToSection def.dhcpV4Config} 2784 '' 2785 + optionalString (def.dhcpV6Config != { }) '' 2786 [DHCPv6] 2787 ${attrsToSection def.dhcpV6Config} 2788 '' 2789 + optionalString (def.dhcpPrefixDelegationConfig != { }) '' 2790 [DHCPPrefixDelegation] 2791 ${attrsToSection def.dhcpPrefixDelegationConfig} 2792 '' 2793 + optionalString (def.ipv6AcceptRAConfig != { }) '' 2794 [IPv6AcceptRA] 2795 ${attrsToSection def.ipv6AcceptRAConfig} 2796 '' 2797 + optionalString (def.dhcpServerConfig != { }) '' 2798 [DHCPServer] 2799 ${attrsToSection def.dhcpServerConfig} 2800 '' 2801 + optionalString (def.ipv6SendRAConfig != { }) '' 2802 [IPv6SendRA] 2803 ${attrsToSection def.ipv6SendRAConfig} 2804 '' 2805 + flip concatMapStrings def.ipv6Prefixes (x: '' 2806 [IPv6Prefix] 2807 ${attrsToSection x.ipv6PrefixConfig} 2808 '') 2809 + flip concatMapStrings def.ipv6RoutePrefixes (x: '' 2810 [IPv6RoutePrefix] 2811 ${attrsToSection x.ipv6RoutePrefixConfig} 2812 '') 2813 + flip concatMapStrings def.dhcpServerStaticLeases (x: '' 2814 [DHCPServerStaticLease] 2815 ${attrsToSection x.dhcpServerStaticLeaseConfig} 2816 '') 2817 + optionalString (def.bridgeConfig != { }) '' 2818 [Bridge] 2819 ${attrsToSection def.bridgeConfig} 2820 '' 2821 + flip concatMapStrings def.bridgeFDBs (x: '' 2822 [BridgeFDB] 2823 ${attrsToSection x.bridgeFDBConfig} 2824 '') 2825 + flip concatMapStrings def.bridgeMDBs (x: '' 2826 [BridgeMDB] 2827 ${attrsToSection x.bridgeMDBConfig} 2828 '') 2829 + optionalString (def.lldpConfig != { }) '' 2830 [LLDP] 2831 ${attrsToSection def.lldpConfig} 2832 '' 2833 + optionalString (def.canConfig != { }) '' 2834 [CAN] 2835 ${attrsToSection def.canConfig} 2836 '' 2837 + optionalString (def.ipoIBConfig != { }) '' 2838 [IPoIB] 2839 ${attrsToSection def.ipoIBConfig} 2840 '' 2841 + optionalString (def.qdiscConfig != { }) '' 2842 [QDisc] 2843 ${attrsToSection def.qdiscConfig} 2844 '' 2845 + optionalString (def.networkEmulatorConfig != { }) '' 2846 [NetworkEmulator] 2847 ${attrsToSection def.networkEmulatorConfig} 2848 '' 2849 + optionalString (def.tokenBucketFilterConfig != { }) '' 2850 [TokenBucketFilter] 2851 ${attrsToSection def.tokenBucketFilterConfig} 2852 '' 2853 + optionalString (def.pieConfig != { }) '' 2854 [PIE] 2855 ${attrsToSection def.pieConfig} 2856 '' 2857 + optionalString (def.flowQueuePIEConfig != { }) '' 2858 [FlowQueuePIE] 2859 ${attrsToSection def.flowQueuePIEConfig} 2860 '' 2861 + optionalString (def.stochasticFairBlueConfig != { }) '' 2862 [StochasticFairBlue] 2863 ${attrsToSection def.stochasticFairBlueConfig} 2864 '' 2865 + optionalString (def.stochasticFairnessQueueingConfig != { }) '' 2866 [StochasticFairnessQueueing] 2867 ${attrsToSection def.stochasticFairnessQueueingConfig} 2868 '' 2869 + optionalString (def.bfifoConfig != { }) '' 2870 [BFIFO] 2871 ${attrsToSection def.bfifoConfig} 2872 '' 2873 + optionalString (def.pfifoConfig != { }) '' 2874 [PFIFO] 2875 ${attrsToSection def.pfifoConfig} 2876 '' 2877 + optionalString (def.pfifoHeadDropConfig != { }) '' 2878 [PFIFOHeadDrop] 2879 ${attrsToSection def.pfifoHeadDropConfig} 2880 '' 2881 + optionalString (def.pfifoFastConfig != { }) '' 2882 [PFIFOFast] 2883 ${attrsToSection def.pfifoFastConfig} 2884 '' 2885 + optionalString (def.cakeConfig != { }) '' 2886 [CAKE] 2887 ${attrsToSection def.cakeConfig} 2888 '' 2889 + optionalString (def.controlledDelayConfig != { }) '' 2890 [ControlledDelay] 2891 ${attrsToSection def.controlledDelayConfig} 2892 '' 2893 + optionalString (def.deficitRoundRobinSchedulerConfig != { }) '' 2894 [DeficitRoundRobinScheduler] 2895 ${attrsToSection def.deficitRoundRobinSchedulerConfig} 2896 '' 2897 + optionalString (def.deficitRoundRobinSchedulerClassConfig != { }) '' 2898 [DeficitRoundRobinSchedulerClass] 2899 ${attrsToSection def.deficitRoundRobinSchedulerClassConfig} 2900 '' 2901 + optionalString (def.enhancedTransmissionSelectionConfig != { }) '' 2902 [EnhancedTransmissionSelection] 2903 ${attrsToSection def.enhancedTransmissionSelectionConfig} 2904 '' 2905 + optionalString (def.genericRandomEarlyDetectionConfig != { }) '' 2906 [GenericRandomEarlyDetection] 2907 ${attrsToSection def.genericRandomEarlyDetectionConfig} 2908 '' 2909 + optionalString (def.fairQueueingControlledDelayConfig != { }) '' 2910 [FairQueueingControlledDelay] 2911 ${attrsToSection def.fairQueueingControlledDelayConfig} 2912 '' 2913 + optionalString (def.fairQueueingConfig != { }) '' 2914 [FairQueueing] 2915 ${attrsToSection def.fairQueueingConfig} 2916 '' 2917 + optionalString (def.trivialLinkEqualizerConfig != { }) '' 2918 [TrivialLinkEqualizer] 2919 ${attrsToSection def.trivialLinkEqualizerConfig} 2920 '' 2921 + optionalString (def.hierarchyTokenBucketConfig != { }) '' 2922 [HierarchyTokenBucket] 2923 ${attrsToSection def.hierarchyTokenBucketConfig} 2924 '' 2925 + optionalString (def.hierarchyTokenBucketClassConfig != { }) '' 2926 [HierarchyTokenBucketClass] 2927 ${attrsToSection def.hierarchyTokenBucketClassConfig} 2928 '' 2929 + optionalString (def.heavyHitterFilterConfig != { }) '' 2930 [HeavyHitterFilter] 2931 ${attrsToSection def.heavyHitterFilterConfig} 2932 '' 2933 + optionalString (def.quickFairQueueingConfig != { }) '' 2934 [QuickFairQueueing] 2935 ${attrsToSection def.quickFairQueueingConfig} 2936 '' 2937 + optionalString (def.quickFairQueueingConfigClass != { }) '' 2938 [QuickFairQueueingClass] 2939 ${attrsToSection def.quickFairQueueingConfigClass} 2940 '' 2941 + flip concatMapStrings def.bridgeVLANs (x: '' 2942 [BridgeVLAN] 2943 ${attrsToSection x.bridgeVLANConfig} 2944 '') 2945 + def.extraConfig; 2946 }; 2947 2948 mkUnitFiles = prefix: cfg: listToAttrs (map (name: { 2949 name = "${prefix}systemd/network/${name}"; 2950 value.source = "${cfg.units.${name}.unit}/${name}"; 2951 }) (attrNames cfg.units)); 2952 2953 commonOptions = visible: { 2954 2955 enable = mkOption { 2956 default = false; 2957 type = types.bool; 2958 description = lib.mdDoc '' 2959 Whether to enable networkd or not. 2960 ''; 2961 }; 2962 2963 links = mkOption { 2964 default = {}; 2965 inherit visible; 2966 type = with types; attrsOf (submodule [ { options = linkOptions; } ]); 2967 description = lib.mdDoc "Definition of systemd network links."; 2968 }; 2969 2970 netdevs = mkOption { 2971 default = {}; 2972 inherit visible; 2973 type = with types; attrsOf (submodule [ { options = netdevOptions; } ]); 2974 description = lib.mdDoc "Definition of systemd network devices."; 2975 }; 2976 2977 networks = mkOption { 2978 default = {}; 2979 inherit visible; 2980 type = with types; attrsOf (submodule [ { options = networkOptions; } networkConfig ]); 2981 description = lib.mdDoc "Definition of systemd networks."; 2982 }; 2983 2984 config = mkOption { 2985 default = {}; 2986 inherit visible; 2987 type = with types; submodule [ { options = networkdOptions; } networkdConfig ]; 2988 description = lib.mdDoc "Definition of global systemd network config."; 2989 }; 2990 2991 units = mkOption { 2992 description = lib.mdDoc "Definition of networkd units."; 2993 default = {}; 2994 internal = true; 2995 type = with types; attrsOf (submodule ( 2996 { name, config, ... }: 2997 { options = mapAttrs (_: x: x // { internal = true; }) concreteUnitOptions; 2998 config = { 2999 unit = mkDefault (makeUnit name config); 3000 }; 3001 })); 3002 }; 3003 3004 wait-online = { 3005 enable = mkOption { 3006 type = types.bool; 3007 default = true; 3008 example = false; 3009 description = lib.mdDoc '' 3010 Whether to enable the systemd-networkd-wait-online service. 3011 3012 systemd-networkd-wait-online can timeout and fail if there are no network interfaces 3013 available for it to manage. When systemd-networkd is enabled but a different service is 3014 responsible for managing the system's internet connection (for example, NetworkManager or 3015 connman are used to manage WiFi connections), this service is unnecessary and can be 3016 disabled. 3017 ''; 3018 }; 3019 anyInterface = mkOption { 3020 description = lib.mdDoc '' 3021 Whether to consider the network online when any interface is online, as opposed to all of them. 3022 This is useful on portable machines with a wired and a wireless interface, for example. 3023 ''; 3024 type = types.bool; 3025 default = false; 3026 }; 3027 3028 ignoredInterfaces = mkOption { 3029 description = lib.mdDoc '' 3030 Network interfaces to be ignored when deciding if the system is online. 3031 ''; 3032 type = with types; listOf str; 3033 default = []; 3034 example = [ "wg0" ]; 3035 }; 3036 3037 timeout = mkOption { 3038 description = lib.mdDoc '' 3039 Time to wait for the network to come online, in seconds. Set to 0 to disable. 3040 ''; 3041 type = types.ints.unsigned; 3042 default = 120; 3043 example = 0; 3044 }; 3045 3046 extraArgs = mkOption { 3047 description = lib.mdDoc '' 3048 Extra command-line arguments to pass to systemd-networkd-wait-online. 3049 These also affect per-interface `systemd-network-wait-online@` services. 3050 3051 See {manpage}`systemd-networkd-wait-online.service(8)` for all available options. 3052 ''; 3053 type = with types; listOf str; 3054 default = []; 3055 }; 3056 }; 3057 3058 }; 3059 3060 commonConfig = config: let cfg = config.systemd.network; in mkMerge [ 3061 3062 # .link units are honored by udev, no matter if systemd-networkd is enabled or not. 3063 { 3064 systemd.network.units = mapAttrs' (n: v: nameValuePair "${n}.link" (linkToUnit n v)) cfg.links; 3065 3066 systemd.network.wait-online.extraArgs = 3067 [ "--timeout=${toString cfg.wait-online.timeout}" ] 3068 ++ optional cfg.wait-online.anyInterface "--any" 3069 ++ map (i: "--ignore=${i}") cfg.wait-online.ignoredInterfaces; 3070 } 3071 3072 (mkIf config.systemd.network.enable { 3073 3074 systemd.network.units = mapAttrs' (n: v: nameValuePair "${n}.netdev" (netdevToUnit n v)) cfg.netdevs 3075 // mapAttrs' (n: v: nameValuePair "${n}.network" (networkToUnit n v)) cfg.networks; 3076 3077 # systemd-networkd is socket-activated by kernel netlink route change 3078 # messages. It is important to have systemd buffer those on behalf of 3079 # networkd. 3080 systemd.sockets.systemd-networkd.wantedBy = [ "sockets.target" ]; 3081 3082 systemd.services.systemd-networkd-wait-online = { 3083 inherit (cfg.wait-online) enable; 3084 wantedBy = [ "network-online.target" ]; 3085 serviceConfig.ExecStart = [ 3086 "" 3087 "${config.systemd.package}/lib/systemd/systemd-networkd-wait-online ${utils.escapeSystemdExecArgs cfg.wait-online.extraArgs}" 3088 ]; 3089 }; 3090 3091 systemd.services."systemd-network-wait-online@" = { 3092 description = "Wait for Network Interface %I to be Configured"; 3093 conflicts = [ "shutdown.target" ]; 3094 requisite = [ "systemd-networkd.service" ]; 3095 after = [ "systemd-networkd.service" ]; 3096 serviceConfig = { 3097 Type = "oneshot"; 3098 RemainAfterExit = true; 3099 ExecStart = "${config.systemd.package}/lib/systemd/systemd-networkd-wait-online -i %I ${utils.escapeSystemdExecArgs cfg.wait-online.extraArgs}"; 3100 }; 3101 }; 3102 3103 }) 3104 ]; 3105 3106 stage2Config = let 3107 cfg = config.systemd.network; 3108 unitFiles = mkUnitFiles "" cfg; 3109 in mkMerge [ 3110 (commonConfig config) 3111 3112 { environment.etc = unitFiles; } 3113 3114 (mkIf config.systemd.network.enable { 3115 3116 users.users.systemd-network.group = "systemd-network"; 3117 3118 systemd.additionalUpstreamSystemUnits = [ 3119 "systemd-networkd-wait-online.service" 3120 "systemd-networkd.service" 3121 "systemd-networkd.socket" 3122 ]; 3123 3124 environment.etc."systemd/networkd.conf" = renderConfig cfg.config; 3125 3126 systemd.services.systemd-networkd = { 3127 wantedBy = [ "multi-user.target" ]; 3128 restartTriggers = map (x: x.source) (attrValues unitFiles) ++ [ 3129 config.environment.etc."systemd/networkd.conf".source 3130 ]; 3131 aliases = [ "dbus-org.freedesktop.network1.service" ]; 3132 }; 3133 3134 networking.iproute2 = mkIf (cfg.config.addRouteTablesToIPRoute2 && cfg.config.routeTables != { }) { 3135 enable = mkDefault true; 3136 rttablesExtraConfig = '' 3137 3138 # Extra tables defined in NixOS systemd.networkd.config.routeTables. 3139 ${concatStringsSep "\n" (mapAttrsToList (name: number: "${toString number} ${name}") cfg.config.routeTables)} 3140 ''; 3141 }; 3142 3143 services.resolved.enable = mkDefault true; 3144 3145 }) 3146 ]; 3147 3148 stage1Config = let 3149 cfg = config.boot.initrd.systemd.network; 3150 in mkMerge [ 3151 (commonConfig config.boot.initrd) 3152 3153 { 3154 systemd.network.enable = mkDefault config.boot.initrd.network.enable; 3155 systemd.contents = mkUnitFiles "/etc/" cfg; 3156 3157 # Networkd link files are used early by udev to set up interfaces early. 3158 # This must be done in stage 1 to avoid race conditions between udev and 3159 # network daemons. 3160 systemd.network.units = lib.filterAttrs (n: _: hasSuffix ".link" n) config.systemd.network.units; 3161 systemd.storePaths = ["${config.boot.initrd.systemd.package}/lib/systemd/network/99-default.link"]; 3162 } 3163 3164 (mkIf cfg.enable { 3165 3166 systemd.package = pkgs.systemdStage1Network; 3167 3168 # For networkctl 3169 systemd.dbus.enable = mkDefault true; 3170 3171 systemd.additionalUpstreamUnits = [ 3172 "systemd-networkd-wait-online.service" 3173 "systemd-networkd.service" 3174 "systemd-networkd.socket" 3175 "systemd-network-generator.service" 3176 "network-online.target" 3177 "network-pre.target" 3178 "network.target" 3179 "nss-lookup.target" 3180 "nss-user-lookup.target" 3181 "remote-fs-pre.target" 3182 "remote-fs.target" 3183 ]; 3184 systemd.users.systemd-network = {}; 3185 systemd.groups.systemd-network = {}; 3186 3187 systemd.contents."/etc/systemd/networkd.conf" = renderConfig cfg.config; 3188 3189 systemd.services.systemd-networkd.wantedBy = [ "initrd.target" ]; 3190 systemd.services.systemd-network-generator.wantedBy = [ "sysinit.target" ]; 3191 3192 systemd.storePaths = [ 3193 "${config.boot.initrd.systemd.package}/lib/systemd/systemd-networkd" 3194 "${config.boot.initrd.systemd.package}/lib/systemd/systemd-networkd-wait-online" 3195 "${config.boot.initrd.systemd.package}/lib/systemd/systemd-network-generator" 3196 ]; 3197 kernelModules = [ "af_packet" ]; 3198 3199 systemd.services.nixos-flush-networkd = mkIf config.boot.initrd.network.flushBeforeStage2 { 3200 description = "Flush Network Configuration"; 3201 wantedBy = ["initrd.target"]; 3202 after = ["systemd-networkd.service" "dbus.socket" "dbus.service"]; 3203 before = ["shutdown.target" "initrd-switch-root.target"]; 3204 conflicts = ["shutdown.target" "initrd-switch-root.target"]; 3205 unitConfig.DefaultDependencies = false; 3206 serviceConfig = { 3207 # This service does nothing when starting, but brings down 3208 # interfaces when switching root. This is the easiest way to 3209 # ensure proper ordering while stopping. See systemd.unit(5) 3210 # section on Before= and After=. The important part is that 3211 # we are stopped before units we need, like dbus.service, 3212 # and that we are stopped before starting units like 3213 # initrd-switch-root.target 3214 Type = "oneshot"; 3215 RemainAfterExit = true; 3216 ExecStart = "/bin/true"; 3217 }; 3218 # systemd-networkd doesn't bring down interfaces on its own 3219 # when it exits (see: systemd-networkd(8)), so we have to do 3220 # it ourselves. The networkctl command doesn't have a way to 3221 # bring all interfaces down, so we have to iterate over the 3222 # list and filter out unmanaged interfaces to bring them down 3223 # individually. 3224 preStop = '' 3225 networkctl list --full --no-legend | while read _idx link _type _operational setup _; do 3226 [ "$setup" = unmanaged ] && continue 3227 networkctl down "$link" 3228 done 3229 ''; 3230 }; 3231 3232 }) 3233 ]; 3234 3235in 3236 3237{ 3238 options = { 3239 systemd.network = commonOptions true; 3240 boot.initrd.systemd.network = commonOptions "shallow"; 3241 }; 3242 3243 config = mkMerge [ 3244 stage2Config 3245 (mkIf config.boot.initrd.systemd.enable { 3246 assertions = [{ 3247 assertion = config.boot.initrd.network.udhcpc.extraArgs == []; 3248 message = '' 3249 boot.initrd.network.udhcpc.extraArgs is not supported when 3250 boot.initrd.systemd.enable is enabled 3251 ''; 3252 }]; 3253 3254 boot.initrd = stage1Config; 3255 }) 3256 ]; 3257}