pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / system / boot / networkd.nix
at 24.11-pre 99 kB view raw
1{ config, lib, pkgs, utils, ... }: 2 3with utils.systemdUtils.unitOptions; 4with utils.systemdUtils.lib; 5with utils.systemdUtils.network.units; 6with lib; 7 8let 9 10 check = { 11 12 global = { 13 sectionNetwork = checkUnitConfig "Network" [ 14 (assertOnlyFields [ 15 "SpeedMeter" 16 "SpeedMeterIntervalSec" 17 "ManageForeignRoutingPolicyRules" 18 "ManageForeignRoutes" 19 "RouteTable" 20 "IPv6PrivacyExtensions" 21 ]) 22 (assertValueOneOf "SpeedMeter" boolValues) 23 (assertInt "SpeedMeterIntervalSec") 24 (assertValueOneOf "ManageForeignRoutingPolicyRules" boolValues) 25 (assertValueOneOf "ManageForeignRoutes" boolValues) 26 (assertValueOneOf "IPv6PrivacyExtensions" (boolValues ++ ["prefer-public" "kernel"])) 27 ]; 28 29 sectionDHCPv4 = checkUnitConfig "DHCPv4" [ 30 (assertOnlyFields [ 31 "ClientIdentifier" 32 "DUIDType" 33 "DUIDRawData" 34 ]) 35 (assertValueOneOf "ClientIdentifier" ["mac" "duid" "duid-only"]) 36 ]; 37 38 sectionDHCPv6 = checkUnitConfig "DHCPv6" [ 39 (assertOnlyFields [ 40 "DUIDType" 41 "DUIDRawData" 42 ]) 43 ]; 44 }; 45 46 link = { 47 48 sectionLink = checkUnitConfig "Link" [ 49 (assertOnlyFields [ 50 "Description" 51 "Alias" 52 "MACAddressPolicy" 53 "MACAddress" 54 "NamePolicy" 55 "Name" 56 "AlternativeNamesPolicy" 57 "AlternativeName" 58 "MTUBytes" 59 "BitsPerSecond" 60 "Duplex" 61 "AutoNegotiation" 62 "WakeOnLan" 63 "Port" 64 "Advertise" 65 "ReceiveChecksumOffload" 66 "TransmitChecksumOffload" 67 "TCPSegmentationOffload" 68 "TCP6SegmentationOffload" 69 "GenericSegmentationOffload" 70 "GenericReceiveOffload" 71 "LargeReceiveOffload" 72 "RxChannels" 73 "TxChannels" 74 "OtherChannels" 75 "CombinedChannels" 76 "RxBufferSize" 77 "TxBufferSize" 78 "ReceiveQueues" 79 "TransmitQueues" 80 "TransmitQueueLength" 81 ]) 82 (assertValueOneOf "MACAddressPolicy" ["persistent" "random" "none"]) 83 (assertMacAddress "MACAddress") 84 (assertByteFormat "MTUBytes") 85 (assertByteFormat "BitsPerSecond") 86 (assertValueOneOf "Duplex" ["half" "full"]) 87 (assertValueOneOf "AutoNegotiation" boolValues) 88 (assertValuesSomeOfOr "WakeOnLan" ["phy" "unicast" "multicast" "broadcast" "arp" "magic" "secureon"] "off") 89 (assertValueOneOf "Port" ["tp" "aui" "bnc" "mii" "fibre"]) 90 (assertValueOneOf "ReceiveChecksumOffload" boolValues) 91 (assertValueOneOf "TransmitChecksumOffload" boolValues) 92 (assertValueOneOf "TCPSegmentationOffload" boolValues) 93 (assertValueOneOf "TCP6SegmentationOffload" boolValues) 94 (assertValueOneOf "GenericSegmentationOffload" boolValues) 95 (assertValueOneOf "GenericReceiveOffload" boolValues) 96 (assertValueOneOf "LargeReceiveOffload" boolValues) 97 (assertInt "RxChannels") 98 (assertRange "RxChannels" 1 4294967295) 99 (assertInt "TxChannels") 100 (assertRange "TxChannels" 1 4294967295) 101 (assertInt "OtherChannels") 102 (assertRange "OtherChannels" 1 4294967295) 103 (assertInt "CombinedChannels") 104 (assertRange "CombinedChannels" 1 4294967295) 105 (assertInt "RxBufferSize") 106 (assertInt "TxBufferSize") 107 (assertRange "ReceiveQueues" 1 4096) 108 (assertRange "TransmitQueues" 1 4096) 109 (assertRange "TransmitQueueLength" 1 4294967294) 110 ]; 111 }; 112 113 netdev = let 114 115 tunChecks = [ 116 (assertOnlyFields [ 117 "MultiQueue" 118 "PacketInfo" 119 "VNetHeader" 120 "User" 121 "Group" 122 ]) 123 (assertValueOneOf "MultiQueue" boolValues) 124 (assertValueOneOf "PacketInfo" boolValues) 125 (assertValueOneOf "VNetHeader" boolValues) 126 ]; 127 128 # See https://www.freedesktop.org/software/systemd/man/latest/systemd.netdev.html#%5BIPVTAP%5D%20Section%20Options 129 ipVlanVtapChecks = [ 130 (assertOnlyFields [ 131 "Mode" 132 "Flags" 133 ]) 134 (assertValueOneOf "Mode" ["L2" "L3" "L3S" ]) 135 (assertValueOneOf "Flags" ["private" "vepa" "bridge" ]) 136 ]; 137 in { 138 139 sectionNetdev = checkUnitConfig "Netdev" [ 140 (assertOnlyFields [ 141 "Description" 142 "Name" 143 "Kind" 144 "MTUBytes" 145 "MACAddress" 146 ]) 147 (assertHasField "Name") 148 (assertHasField "Kind") 149 (assertValueOneOf "Kind" [ 150 "bond" 151 "bridge" 152 "dummy" 153 "gre" 154 "gretap" 155 "erspan" 156 "ip6gre" 157 "ip6tnl" 158 "ip6gretap" 159 "ipip" 160 "ipvlan" 161 "ipvtap" 162 "macvlan" 163 "macvtap" 164 "sit" 165 "tap" 166 "tun" 167 "veth" 168 "vlan" 169 "vti" 170 "vti6" 171 "vxlan" 172 "geneve" 173 "l2tp" 174 "macsec" 175 "wlan" 176 "vrf" 177 "vcan" 178 "vxcan" 179 "wireguard" 180 "netdevsim" 181 "nlmon" 182 "fou" 183 "xfrm" 184 "ifb" 185 "batadv" 186 ]) 187 (assertByteFormat "MTUBytes") 188 (assertNetdevMacAddress "MACAddress") 189 ]; 190 191 sectionBridge = checkUnitConfig "Bridge" [ 192 (assertOnlyFields [ 193 "HelloTimeSec" 194 "MaxAgeSec" 195 "ForwardDelaySec" 196 "AgeingTimeSec" 197 "Priority" 198 "GroupForwardMask" 199 "DefaultPVID" 200 "MulticastQuerier" 201 "MulticastSnooping" 202 "VLANFiltering" 203 "VLANProtocol" 204 "STP" 205 "MulticastIGMPVersion" 206 ]) 207 (assertInt "HelloTimeSec") 208 (assertInt "MaxAgeSec") 209 (assertInt "ForwardDelaySec") 210 (assertInt "AgeingTimeSec") 211 (assertRange "Priority" 0 65535) 212 (assertRange "GroupForwardMask" 0 65535) 213 (assertRangeOrOneOf "DefaultPVID" 0 4094 ["none"]) 214 (assertValueOneOf "MulticastQuerier" boolValues) 215 (assertValueOneOf "MulticastSnooping" boolValues) 216 (assertValueOneOf "VLANFiltering" boolValues) 217 (assertValueOneOf "VLANProtocol" ["802.1q" "802.ad"]) 218 (assertValueOneOf "STP" boolValues) 219 (assertValueOneOf "MulticastIGMPVersion" [2 3]) 220 ]; 221 222 sectionVLAN = checkUnitConfig "VLAN" [ 223 (assertOnlyFields [ 224 "Id" 225 "GVRP" 226 "MVRP" 227 "LooseBinding" 228 "ReorderHeader" 229 ]) 230 (assertInt "Id") 231 (assertRange "Id" 0 4094) 232 (assertValueOneOf "GVRP" boolValues) 233 (assertValueOneOf "MVRP" boolValues) 234 (assertValueOneOf "LooseBinding" boolValues) 235 (assertValueOneOf "ReorderHeader" boolValues) 236 ]; 237 238 sectionIPVLAN = checkUnitConfig "IPVLAN" ipVlanVtapChecks; 239 240 sectionIPVTAP = checkUnitConfig "IPVTAP" ipVlanVtapChecks; 241 242 sectionMACVLAN = checkUnitConfig "MACVLAN" [ 243 (assertOnlyFields [ 244 "Mode" 245 ]) 246 (assertValueOneOf "Mode" ["private" "vepa" "bridge" "passthru"]) 247 ]; 248 249 sectionVXLAN = checkUnitConfig "VXLAN" [ 250 (assertOnlyFields [ 251 "VNI" 252 "Remote" 253 "Local" 254 "Group" 255 "TOS" 256 "TTL" 257 "MacLearning" 258 "FDBAgeingSec" 259 "MaximumFDBEntries" 260 "ReduceARPProxy" 261 "L2MissNotification" 262 "L3MissNotification" 263 "RouteShortCircuit" 264 "UDPChecksum" 265 "UDP6ZeroChecksumTx" 266 "UDP6ZeroChecksumRx" 267 "RemoteChecksumTx" 268 "RemoteChecksumRx" 269 "GroupPolicyExtension" 270 "GenericProtocolExtension" 271 "DestinationPort" 272 "PortRange" 273 "FlowLabel" 274 "IPDoNotFragment" 275 "Independent" 276 ]) 277 (assertInt "VNI") 278 (assertRange "VNI" 1 16777215) 279 (assertValueOneOf "MacLearning" boolValues) 280 (assertInt "MaximumFDBEntries") 281 (assertValueOneOf "ReduceARPProxy" boolValues) 282 (assertValueOneOf "L2MissNotification" boolValues) 283 (assertValueOneOf "L3MissNotification" boolValues) 284 (assertValueOneOf "RouteShortCircuit" boolValues) 285 (assertValueOneOf "UDPChecksum" boolValues) 286 (assertValueOneOf "UDP6ZeroChecksumTx" boolValues) 287 (assertValueOneOf "UDP6ZeroChecksumRx" boolValues) 288 (assertValueOneOf "RemoteChecksumTx" boolValues) 289 (assertValueOneOf "RemoteChecksumRx" boolValues) 290 (assertValueOneOf "GroupPolicyExtension" boolValues) 291 (assertValueOneOf "GenericProtocolExtension" boolValues) 292 (assertInt "FlowLabel") 293 (assertRange "FlowLabel" 0 1048575) 294 (assertValueOneOf "IPDoNotFragment" (boolValues + ["inherit"])) 295 (assertValueOneOf "Independent" boolValues) 296 ]; 297 298 sectionTunnel = checkUnitConfig "Tunnel" [ 299 (assertOnlyFields [ 300 "Local" 301 "Remote" 302 "TOS" 303 "TTL" 304 "DiscoverPathMTU" 305 "IPv6FlowLabel" 306 "CopyDSCP" 307 "EncapsulationLimit" 308 "Key" 309 "InputKey" 310 "OutputKey" 311 "Mode" 312 "Independent" 313 "AssignToLoopback" 314 "AllowLocalRemote" 315 "FooOverUDP" 316 "FOUDestinationPort" 317 "FOUSourcePort" 318 "Encapsulation" 319 "IPv6RapidDeploymentPrefix" 320 "ISATAP" 321 "SerializeTunneledPackets" 322 "ERSPANIndex" 323 ]) 324 (assertInt "TTL") 325 (assertRange "TTL" 0 255) 326 (assertValueOneOf "DiscoverPathMTU" boolValues) 327 (assertValueOneOf "CopyDSCP" boolValues) 328 (assertValueOneOf "Mode" ["ip6ip6" "ipip6" "any"]) 329 (assertValueOneOf "Independent" boolValues) 330 (assertValueOneOf "AssignToLoopback" boolValues) 331 (assertValueOneOf "AllowLocalRemote" boolValues) 332 (assertValueOneOf "FooOverUDP" boolValues) 333 (assertPort "FOUDestinationPort") 334 (assertPort "FOUSourcePort") 335 (assertValueOneOf "Encapsulation" ["FooOverUDP" "GenericUDPEncapsulation"]) 336 (assertValueOneOf "ISATAP" boolValues) 337 (assertValueOneOf "SerializeTunneledPackets" boolValues) 338 (assertInt "ERSPANIndex") 339 (assertRange "ERSPANIndex" 1 1048575) 340 ]; 341 342 sectionFooOverUDP = checkUnitConfig "FooOverUDP" [ 343 (assertOnlyFields [ 344 "Port" 345 "Encapsulation" 346 "Protocol" 347 ]) 348 (assertPort "Port") 349 (assertValueOneOf "Encapsulation" ["FooOverUDP" "GenericUDPEncapsulation"]) 350 ]; 351 352 sectionPeer = checkUnitConfig "Peer" [ 353 (assertOnlyFields [ 354 "Name" 355 "MACAddress" 356 ]) 357 (assertMacAddress "MACAddress") 358 ]; 359 360 sectionTun = checkUnitConfig "Tun" tunChecks; 361 362 sectionTap = checkUnitConfig "Tap" tunChecks; 363 364 sectionL2TP = checkUnitConfig "L2TP" [ 365 (assertOnlyFields [ 366 "TunnelId" 367 "PeerTunnelId" 368 "Remote" 369 "Local" 370 "EncapsulationType" 371 "UDPSourcePort" 372 "UDPDestinationPort" 373 "UDPChecksum" 374 "UDP6ZeroChecksumTx" 375 "UDP6ZeroChecksumRx" 376 ]) 377 (assertInt "TunnelId") 378 (assertRange "TunnelId" 1 4294967295) 379 (assertInt "PeerTunnelId") 380 (assertRange "PeerTunnelId" 1 4294967295) 381 (assertValueOneOf "EncapsulationType" [ "ip" "udp" ]) 382 (assertPort "UDPSourcePort") 383 (assertPort "UDPDestinationPort") 384 (assertValueOneOf "UDPChecksum" boolValues) 385 (assertValueOneOf "UDP6ZeroChecksumTx" boolValues) 386 (assertValueOneOf "UDP6ZeroChecksumRx" boolValues) 387 ]; 388 389 sectionL2TPSession = checkUnitConfig "L2TPSession" [ 390 (assertOnlyFields [ 391 "Name" 392 "SessionId" 393 "PeerSessionId" 394 "Layer2SpecificHeader" 395 ]) 396 (assertHasField "Name") 397 (assertHasField "SessionId") 398 (assertInt "SessionId") 399 (assertRange "SessionId" 1 4294967295) 400 (assertHasField "PeerSessionId") 401 (assertInt "PeerSessionId") 402 (assertRange "PeerSessionId" 1 4294967295) 403 (assertValueOneOf "Layer2SpecificHeader" [ "none" "default" ]) 404 ]; 405 406 # NOTE The PrivateKey directive is missing on purpose here, please 407 # do not add it to this list. The nix store is world-readable let's 408 # refrain ourselves from providing a footgun. 409 sectionWireGuard = checkUnitConfig "WireGuard" [ 410 (assertOnlyFields [ 411 "PrivateKeyFile" 412 "ListenPort" 413 "FirewallMark" 414 "RouteTable" 415 "RouteMetric" 416 ]) 417 (assertInt "FirewallMark") 418 (assertRange "FirewallMark" 1 4294967295) 419 ]; 420 421 # NOTE The PresharedKey directive is missing on purpose here, please 422 # do not add it to this list. The nix store is world-readable,let's 423 # refrain ourselves from providing a footgun. 424 sectionWireGuardPeer = checkUnitConfig "WireGuardPeer" [ 425 (assertOnlyFields [ 426 "PublicKey" 427 "PresharedKeyFile" 428 "AllowedIPs" 429 "Endpoint" 430 "PersistentKeepalive" 431 "RouteTable" 432 "RouteMetric" 433 ]) 434 (assertInt "PersistentKeepalive") 435 (assertRange "PersistentKeepalive" 0 65535) 436 ]; 437 438 sectionBond = checkUnitConfig "Bond" [ 439 (assertOnlyFields [ 440 "Mode" 441 "TransmitHashPolicy" 442 "LACPTransmitRate" 443 "MIIMonitorSec" 444 "UpDelaySec" 445 "DownDelaySec" 446 "LearnPacketIntervalSec" 447 "AdSelect" 448 "AdActorSystemPriority" 449 "AdUserPortKey" 450 "AdActorSystem" 451 "FailOverMACPolicy" 452 "ARPValidate" 453 "ARPIntervalSec" 454 "ARPIPTargets" 455 "ARPAllTargets" 456 "PrimaryReselectPolicy" 457 "ResendIGMP" 458 "PacketsPerSlave" 459 "GratuitousARP" 460 "AllSlavesActive" 461 "DynamicTransmitLoadBalancing" 462 "MinLinks" 463 ]) 464 (assertValueOneOf "Mode" [ 465 "balance-rr" 466 "active-backup" 467 "balance-xor" 468 "broadcast" 469 "802.3ad" 470 "balance-tlb" 471 "balance-alb" 472 ]) 473 (assertValueOneOf "TransmitHashPolicy" [ 474 "layer2" 475 "layer3+4" 476 "layer2+3" 477 "encap2+3" 478 "encap3+4" 479 ]) 480 (assertValueOneOf "LACPTransmitRate" ["slow" "fast"]) 481 (assertValueOneOf "AdSelect" ["stable" "bandwidth" "count"]) 482 (assertInt "AdActorSystemPriority") 483 (assertRange "AdActorSystemPriority" 1 65535) 484 (assertInt "AdUserPortKey") 485 (assertRange "AdUserPortKey" 0 1023) 486 (assertValueOneOf "FailOverMACPolicy" ["none" "active" "follow"]) 487 (assertValueOneOf "ARPValidate" ["none" "active" "backup" "all"]) 488 (assertValueOneOf "ARPAllTargets" ["any" "all"]) 489 (assertValueOneOf "PrimaryReselectPolicy" ["always" "better" "failure"]) 490 (assertInt "ResendIGMP") 491 (assertRange "ResendIGMP" 0 255) 492 (assertInt "PacketsPerSlave") 493 (assertRange "PacketsPerSlave" 0 65535) 494 (assertInt "GratuitousARP") 495 (assertRange "GratuitousARP" 0 255) 496 (assertValueOneOf "AllSlavesActive" boolValues) 497 (assertValueOneOf "DynamicTransmitLoadBalancing" boolValues) 498 (assertInt "MinLinks") 499 (assertMinimum "MinLinks" 0) 500 ]; 501 502 sectionXfrm = checkUnitConfig "Xfrm" [ 503 (assertOnlyFields [ 504 "InterfaceId" 505 "Independent" 506 ]) 507 (assertInt "InterfaceId") 508 (assertRange "InterfaceId" 1 4294967295) 509 (assertValueOneOf "Independent" boolValues) 510 ]; 511 512 sectionVRF = checkUnitConfig "VRF" [ 513 (assertOnlyFields [ 514 "Table" 515 ]) 516 (assertInt "Table") 517 (assertMinimum "Table" 0) 518 ]; 519 520 sectionWLAN = checkUnitConfig "WLAN" [ 521 (assertOnlyFields [ 522 "PhysicalDevice" # systemd supports both strings ("phy0") and indexes (0) here. 523 "Type" 524 "WDS" 525 ]) 526 # See https://github.com/systemd/systemd/blob/main/src/basic/linux/nl80211.h#L3382 527 (assertValueOneOf "Type" [ 528 "ad-hoc" 529 "station" 530 "ap" 531 "ap-vlan" 532 "wds" 533 "monitor" 534 "mesh-point" 535 "p2p-client" 536 "p2p-go" 537 "p2p-device" 538 "ocb" 539 "nan" 540 ]) 541 (assertValueOneOf "WDS" boolValues) 542 ]; 543 544 sectionBatmanAdvanced = checkUnitConfig "BatmanAdvanced" [ 545 (assertOnlyFields [ 546 "GatewayMode" 547 "Aggregation" 548 "BridgeLoopAvoidance" 549 "DistributedArpTable" 550 "Fragmentation" 551 "HopPenalty" 552 "OriginatorIntervalSec" 553 "GatewayBandwithDown" 554 "GatewayBandwithUp" 555 "RoutingAlgorithm" 556 ]) 557 (assertValueOneOf "GatewayMode" ["off" "client" "server"]) 558 (assertValueOneOf "Aggregation" boolValues) 559 (assertValueOneOf "BridgeLoopAvoidance" boolValues) 560 (assertValueOneOf "DistributedArpTable" boolValues) 561 (assertValueOneOf "Fragmentation" boolValues) 562 (assertInt "HopPenalty") 563 (assertRange "HopPenalty" 0 255) 564 (assertValueOneOf "RoutingAlgorithm" ["batman-v" "batman-iv"]) 565 ]; 566 }; 567 568 network = { 569 570 sectionLink = checkUnitConfig "Link" [ 571 (assertOnlyFields [ 572 "MACAddress" 573 "MTUBytes" 574 "ARP" 575 "Multicast" 576 "AllMulticast" 577 "Unmanaged" 578 "Group" 579 "RequiredForOnline" 580 "RequiredFamilyForOnline" 581 "ActivationPolicy" 582 "Promiscuous" 583 ]) 584 (assertMacAddress "MACAddress") 585 (assertByteFormat "MTUBytes") 586 (assertValueOneOf "ARP" boolValues) 587 (assertValueOneOf "Multicast" boolValues) 588 (assertValueOneOf "AllMulticast" boolValues) 589 (assertValueOneOf "Promiscuous" boolValues) 590 (assertValueOneOf "Unmanaged" boolValues) 591 (assertInt "Group") 592 (assertRange "Group" 0 2147483647) 593 (assertValueOneOf "RequiredForOnline" (boolValues ++ ( 594 let 595 # https://freedesktop.org/software/systemd/man/networkctl.html#missing 596 operationalStates = [ 597 "missing" 598 "off" 599 "no-carrier" 600 "dormant" 601 "degraded-carrier" 602 "carrier" 603 "degraded" 604 "enslaved" 605 "routable" 606 ]; 607 operationalStateRanges = concatLists (imap0 (i: min: map (max: "${min}:${max}") (drop i operationalStates)) operationalStates); 608 in 609 operationalStates ++ operationalStateRanges 610 ))) 611 (assertValueOneOf "RequiredFamilyForOnline" [ 612 "ipv4" 613 "ipv6" 614 "both" 615 "any" 616 ]) 617 (assertValueOneOf "ActivationPolicy" ([ 618 "up" 619 "always-up" 620 "manual" 621 "always-down" 622 "down" 623 "bound" 624 ])) 625 ]; 626 627 sectionNetwork = checkUnitConfig "Network" [ 628 (assertOnlyFields [ 629 "Description" 630 "DHCP" 631 "DHCPServer" 632 "LinkLocalAddressing" 633 "IPv6LinkLocalAddressGenerationMode" 634 "IPv6StableSecretAddress" 635 "IPv4LLRoute" 636 "DefaultRouteOnDevice" 637 "LLMNR" 638 "MulticastDNS" 639 "DNSOverTLS" 640 "DNSSEC" 641 "DNSSECNegativeTrustAnchors" 642 "LLDP" 643 "EmitLLDP" 644 "BindCarrier" 645 "Address" 646 "Gateway" 647 "DNS" 648 "Domains" 649 "DNSDefaultRoute" 650 "NTP" 651 "IPForward" 652 "IPMasquerade" 653 "IPv6PrivacyExtensions" 654 "IPv6AcceptRA" 655 "IPv6DuplicateAddressDetection" 656 "IPv6HopLimit" 657 "IPv4ProxyARP" 658 "IPv6ProxyNDP" 659 "IPv6ProxyNDPAddress" 660 "IPv6SendRA" 661 "DHCPPrefixDelegation" 662 "IPv6MTUBytes" 663 "Bridge" 664 "Bond" 665 "VRF" 666 "VLAN" 667 "IPVLAN" 668 "IPVTAP" 669 "MACVLAN" 670 "MACVTAP" 671 "VXLAN" 672 "Tunnel" 673 "MACsec" 674 "ActiveSlave" 675 "PrimarySlave" 676 "ConfigureWithoutCarrier" 677 "IgnoreCarrierLoss" 678 "Xfrm" 679 "KeepConfiguration" 680 "BatmanAdvanced" 681 ]) 682 # Note: For DHCP the values both, none, v4, v6 are deprecated 683 (assertValueOneOf "DHCP" (boolValues ++ ["ipv4" "ipv6"])) 684 (assertValueOneOf "DHCPServer" boolValues) 685 (assertValueOneOf "LinkLocalAddressing" (boolValues ++ ["ipv4" "ipv6" "fallback" "ipv4-fallback"])) 686 (assertValueOneOf "IPv6LinkLocalAddressGenerationMode" ["eui64" "none" "stable-privacy" "random"]) 687 (assertValueOneOf "IPv4LLRoute" boolValues) 688 (assertValueOneOf "DefaultRouteOnDevice" boolValues) 689 (assertValueOneOf "LLMNR" (boolValues ++ ["resolve"])) 690 (assertValueOneOf "MulticastDNS" (boolValues ++ ["resolve"])) 691 (assertValueOneOf "DNSOverTLS" (boolValues ++ ["opportunistic"])) 692 (assertValueOneOf "DNSSEC" (boolValues ++ ["allow-downgrade"])) 693 (assertValueOneOf "LLDP" (boolValues ++ ["routers-only"])) 694 (assertValueOneOf "EmitLLDP" (boolValues ++ ["nearest-bridge" "non-tpmr-bridge" "customer-bridge"])) 695 (assertValueOneOf "DNSDefaultRoute" boolValues) 696 (assertValueOneOf "IPForward" (boolValues ++ ["ipv4" "ipv6"])) 697 (assertValueOneOf "IPMasquerade" (boolValues ++ ["ipv4" "ipv6" "both"])) 698 (assertValueOneOf "IPv6PrivacyExtensions" (boolValues ++ ["prefer-public" "kernel"])) 699 (assertValueOneOf "IPv6AcceptRA" boolValues) 700 (assertInt "IPv6DuplicateAddressDetection") 701 (assertMinimum "IPv6DuplicateAddressDetection" 0) 702 (assertInt "IPv6HopLimit") 703 (assertMinimum "IPv6HopLimit" 0) 704 (assertValueOneOf "IPv4ProxyARP" boolValues) 705 (assertValueOneOf "IPv6ProxyNDP" boolValues) 706 (assertValueOneOf "IPv6SendRA" boolValues) 707 (assertValueOneOf "DHCPPrefixDelegation" boolValues) 708 (assertByteFormat "IPv6MTUBytes") 709 (assertValueOneOf "ActiveSlave" boolValues) 710 (assertValueOneOf "PrimarySlave" boolValues) 711 (assertValueOneOf "ConfigureWithoutCarrier" boolValues) 712 (assertValueOneOf "KeepConfiguration" (boolValues ++ ["static" "dhcp-on-stop" "dhcp"])) 713 ]; 714 715 sectionAddress = checkUnitConfig "Address" [ 716 (assertOnlyFields [ 717 "Address" 718 "Peer" 719 "Broadcast" 720 "Label" 721 "PreferredLifetime" 722 "Scope" 723 "RouteMetric" 724 "HomeAddress" 725 "DuplicateAddressDetection" 726 "ManageTemporaryAddress" 727 "AddPrefixRoute" 728 "AutoJoin" 729 ]) 730 (assertHasField "Address") 731 (assertValueOneOf "PreferredLifetime" ["forever" "infinity" "0" 0]) 732 (assertInt "RouteMetric") 733 (assertValueOneOf "HomeAddress" boolValues) 734 (assertValueOneOf "DuplicateAddressDetection" ["ipv4" "ipv6" "both" "none"]) 735 (assertValueOneOf "ManageTemporaryAddress" boolValues) 736 (assertValueOneOf "AddPrefixRoute" boolValues) 737 (assertValueOneOf "AutoJoin" boolValues) 738 ]; 739 740 sectionRoutingPolicyRule = checkUnitConfig "RoutingPolicyRule" [ 741 (assertOnlyFields [ 742 "TypeOfService" 743 "From" 744 "To" 745 "FirewallMark" 746 "Table" 747 "Priority" 748 "IncomingInterface" 749 "OutgoingInterface" 750 "SourcePort" 751 "DestinationPort" 752 "IPProtocol" 753 "InvertRule" 754 "Family" 755 "User" 756 "SuppressPrefixLength" 757 "Type" 758 "SuppressInterfaceGroup" 759 ]) 760 (assertInt "TypeOfService") 761 (assertRange "TypeOfService" 0 255) 762 (assertInt "FirewallMark") 763 (assertRange "FirewallMark" 1 4294967295) 764 (assertInt "Priority") 765 (assertPortOrPortRange "SourcePort") 766 (assertPortOrPortRange "DestinationPort") 767 (assertValueOneOf "InvertRule" boolValues) 768 (assertValueOneOf "Family" ["ipv4" "ipv6" "both"]) 769 (assertInt "SuppressPrefixLength") 770 (assertRange "SuppressPrefixLength" 0 128) 771 (assertValueOneOf "Type" ["blackhole" "unreachable" "prohibit"]) 772 (assertRange "SuppressInterfaceGroup" 0 2147483647) 773 ]; 774 775 sectionRoute = checkUnitConfig "Route" [ 776 (assertOnlyFields [ 777 "Gateway" 778 "GatewayOnLink" 779 "Destination" 780 "Source" 781 "Metric" 782 "IPv6Preference" 783 "Scope" 784 "PreferredSource" 785 "Table" 786 "Protocol" 787 "Type" 788 "InitialCongestionWindow" 789 "InitialAdvertisedReceiveWindow" 790 "QuickAck" 791 "FastOpenNoCookie" 792 "TTLPropagate" 793 "MTUBytes" 794 "IPServiceType" 795 "MultiPathRoute" 796 ]) 797 (assertValueOneOf "GatewayOnLink" boolValues) 798 (assertInt "Metric") 799 (assertValueOneOf "IPv6Preference" ["low" "medium" "high"]) 800 (assertValueOneOf "Scope" ["global" "site" "link" "host" "nowhere"]) 801 (assertValueOneOf "Type" [ 802 "unicast" 803 "local" 804 "broadcast" 805 "anycast" 806 "multicast" 807 "blackhole" 808 "unreachable" 809 "prohibit" 810 "throw" 811 "nat" 812 "xresolve" 813 ]) 814 (assertValueOneOf "QuickAck" boolValues) 815 (assertValueOneOf "FastOpenNoCookie" boolValues) 816 (assertValueOneOf "TTLPropagate" boolValues) 817 (assertByteFormat "MTUBytes") 818 (assertValueOneOf "IPServiceType" ["CS6" "CS4"]) 819 ]; 820 821 sectionDHCPv4 = checkUnitConfig "DHCPv4" [ 822 (assertOnlyFields [ 823 "UseDNS" 824 "RoutesToDNS" 825 "UseNTP" 826 "UseSIP" 827 "UseMTU" 828 "Anonymize" 829 "SendHostname" 830 "UseHostname" 831 "Hostname" 832 "UseDomains" 833 "UseGateway" 834 "UseRoutes" 835 "UseTimezone" 836 "ClientIdentifier" 837 "VendorClassIdentifier" 838 "UserClass" 839 "MaxAttempts" 840 "DUIDType" 841 "DUIDRawData" 842 "IAID" 843 "RequestBroadcast" 844 "RouteMetric" 845 "RouteTable" 846 "RouteMTUBytes" 847 "ListenPort" 848 "SendRelease" 849 "SendDecline" 850 "BlackList" 851 "RequestOptions" 852 "SendOption" 853 "FallbackLeaseLifetimeSec" 854 "Label" 855 "Use6RD" 856 ]) 857 (assertValueOneOf "UseDNS" boolValues) 858 (assertValueOneOf "RoutesToDNS" boolValues) 859 (assertValueOneOf "UseNTP" boolValues) 860 (assertValueOneOf "UseSIP" boolValues) 861 (assertValueOneOf "UseMTU" boolValues) 862 (assertValueOneOf "Anonymize" boolValues) 863 (assertValueOneOf "SendHostname" boolValues) 864 (assertValueOneOf "UseHostname" boolValues) 865 (assertValueOneOf "UseDomains" (boolValues ++ ["route"])) 866 (assertValueOneOf "UseGateway" boolValues) 867 (assertValueOneOf "UseRoutes" boolValues) 868 (assertValueOneOf "UseTimezone" boolValues) 869 (assertValueOneOf "ClientIdentifier" ["mac" "duid" "duid-only"]) 870 (assertInt "IAID") 871 (assertValueOneOf "RequestBroadcast" boolValues) 872 (assertInt "RouteMetric") 873 (assertInt "RouteTable") 874 (assertRange "RouteTable" 0 4294967295) 875 (assertByteFormat "RouteMTUBytes") 876 (assertPort "ListenPort") 877 (assertValueOneOf "SendRelease" boolValues) 878 (assertValueOneOf "SendDecline" boolValues) 879 (assertValueOneOf "FallbackLeaseLifetimeSec" ["forever" "infinity"]) 880 (assertValueOneOf "Use6RD" boolValues) 881 ]; 882 883 sectionDHCPv6 = checkUnitConfig "DHCPv6" [ 884 (assertOnlyFields [ 885 "UseAddress" 886 "UseDNS" 887 "UseNTP" 888 "UseHostname" 889 "UseDomains" 890 "RouteMetric" 891 "RapidCommit" 892 "MUDURL" 893 "RequestOptions" 894 "SendVendorOption" 895 "PrefixDelegationHint" 896 "WithoutRA" 897 "SendOption" 898 "UserClass" 899 "VendorClass" 900 "DUIDType" 901 "DUIDRawData" 902 "IAID" 903 "UseDelegatedPrefix" 904 "SendRelease" 905 ]) 906 (assertValueOneOf "UseAddress" boolValues) 907 (assertValueOneOf "UseDNS" boolValues) 908 (assertValueOneOf "UseNTP" boolValues) 909 (assertValueOneOf "UseHostname" boolValues) 910 (assertValueOneOf "UseDomains" (boolValues ++ ["route"])) 911 (assertInt "RouteMetric") 912 (assertValueOneOf "RapidCommit" boolValues) 913 (assertValueOneOf "WithoutRA" ["no" "solicit" "information-request"]) 914 (assertRange "SendOption" 1 65536) 915 (assertInt "IAID") 916 (assertValueOneOf "UseDelegatedPrefix" boolValues) 917 (assertValueOneOf "SendRelease" boolValues) 918 ]; 919 920 sectionDHCPPrefixDelegation = checkUnitConfig "DHCPPrefixDelegation" [ 921 (assertOnlyFields [ 922 "UplinkInterface" 923 "SubnetId" 924 "Announce" 925 "Assign" 926 "Token" 927 "ManageTemporaryAddress" 928 "RouteMetric" 929 ]) 930 (assertValueOneOf "Announce" boolValues) 931 (assertValueOneOf "Assign" boolValues) 932 (assertValueOneOf "ManageTemporaryAddress" boolValues) 933 (assertRange "RouteMetric" 0 4294967295) 934 ]; 935 936 sectionIPv6AcceptRA = checkUnitConfig "IPv6AcceptRA" [ 937 (assertOnlyFields [ 938 "UseDNS" 939 "UseDomains" 940 "RouteTable" 941 "UseAutonomousPrefix" 942 "UseOnLinkPrefix" 943 "RouterDenyList" 944 "RouterAllowList" 945 "PrefixDenyList" 946 "PrefixAllowList" 947 "RouteDenyList" 948 "RouteAllowList" 949 "DHCPv6Client" 950 "RouteMetric" 951 "UseMTU" 952 "UseGateway" 953 "UseRoutePrefix" 954 "Token" 955 ]) 956 (assertValueOneOf "UseDNS" boolValues) 957 (assertValueOneOf "UseDomains" (boolValues ++ ["route"])) 958 (assertRange "RouteTable" 0 4294967295) 959 (assertValueOneOf "UseAutonomousPrefix" boolValues) 960 (assertValueOneOf "UseOnLinkPrefix" boolValues) 961 (assertValueOneOf "DHCPv6Client" (boolValues ++ ["always"])) 962 (assertValueOneOf "UseMTU" boolValues) 963 (assertValueOneOf "UseGateway" boolValues) 964 (assertValueOneOf "UseRoutePrefix" boolValues) 965 ]; 966 967 sectionDHCPServer = checkUnitConfig "DHCPServer" [ 968 (assertOnlyFields [ 969 "ServerAddress" 970 "PoolOffset" 971 "PoolSize" 972 "DefaultLeaseTimeSec" 973 "MaxLeaseTimeSec" 974 "UplinkInterface" 975 "EmitDNS" 976 "DNS" 977 "EmitNTP" 978 "NTP" 979 "EmitSIP" 980 "SIP" 981 "EmitPOP3" 982 "POP3" 983 "EmitSMTP" 984 "SMTP" 985 "EmitLPR" 986 "LPR" 987 "EmitRouter" 988 "Router" 989 "EmitTimezone" 990 "Timezone" 991 "SendOption" 992 "SendVendorOption" 993 "BindToInterface" 994 "RelayTarget" 995 "RelayAgentCircuitId" 996 "RelayAgentRemoteId" 997 "BootServerAddress" 998 "BootServerName" 999 "BootFilename" 1000 ]) 1001 (assertInt "PoolOffset") 1002 (assertMinimum "PoolOffset" 0) 1003 (assertInt "PoolSize") 1004 (assertMinimum "PoolSize" 0) 1005 (assertValueOneOf "EmitDNS" boolValues) 1006 (assertValueOneOf "EmitNTP" boolValues) 1007 (assertValueOneOf "EmitSIP" boolValues) 1008 (assertValueOneOf "EmitPOP3" boolValues) 1009 (assertValueOneOf "EmitSMTP" boolValues) 1010 (assertValueOneOf "EmitLPR" boolValues) 1011 (assertValueOneOf "EmitRouter" boolValues) 1012 (assertValueOneOf "EmitTimezone" boolValues) 1013 (assertValueOneOf "BindToInterface" boolValues) 1014 ]; 1015 1016 sectionIPv6SendRA = checkUnitConfig "IPv6SendRA" [ 1017 (assertOnlyFields [ 1018 "Managed" 1019 "OtherInformation" 1020 "RouterLifetimeSec" 1021 "RouterPreference" 1022 "UplinkInterface" 1023 "EmitDNS" 1024 "DNS" 1025 "EmitDomains" 1026 "Domains" 1027 "DNSLifetimeSec" 1028 ]) 1029 (assertValueOneOf "Managed" boolValues) 1030 (assertValueOneOf "OtherInformation" boolValues) 1031 (assertValueOneOf "RouterPreference" ["high" "medium" "low" "normal" "default"]) 1032 (assertValueOneOf "EmitDNS" boolValues) 1033 (assertValueOneOf "EmitDomains" boolValues) 1034 ]; 1035 1036 sectionIPv6Prefix = checkUnitConfig "IPv6Prefix" [ 1037 (assertOnlyFields [ 1038 "AddressAutoconfiguration" 1039 "OnLink" 1040 "Prefix" 1041 "PreferredLifetimeSec" 1042 "ValidLifetimeSec" 1043 "Assign" 1044 "Token" 1045 ]) 1046 (assertValueOneOf "AddressAutoconfiguration" boolValues) 1047 (assertValueOneOf "OnLink" boolValues) 1048 (assertValueOneOf "Assign" boolValues) 1049 ]; 1050 1051 sectionIPv6RoutePrefix = checkUnitConfig "IPv6RoutePrefix" [ 1052 (assertOnlyFields [ 1053 "Route" 1054 "LifetimeSec" 1055 ]) 1056 (assertHasField "Route") 1057 (assertInt "LifetimeSec") 1058 ]; 1059 1060 sectionDHCPServerStaticLease = checkUnitConfig "DHCPServerStaticLease" [ 1061 (assertOnlyFields [ 1062 "MACAddress" 1063 "Address" 1064 ]) 1065 (assertHasField "MACAddress") 1066 (assertHasField "Address") 1067 (assertMacAddress "MACAddress") 1068 ]; 1069 1070 sectionBridge = checkUnitConfig "Bridge" [ 1071 (assertOnlyFields [ 1072 "UnicastFlood" 1073 "MulticastFlood" 1074 "MulticastToUnicast" 1075 "NeighborSuppression" 1076 "Learning" 1077 "HairPin" 1078 "Isolated" 1079 "UseBPDU" 1080 "FastLeave" 1081 "AllowPortToBeRoot" 1082 "ProxyARP" 1083 "ProxyARPWiFi" 1084 "MulticastRouter" 1085 "Cost" 1086 "Priority" 1087 ]) 1088 (assertValueOneOf "UnicastFlood" boolValues) 1089 (assertValueOneOf "MulticastFlood" boolValues) 1090 (assertValueOneOf "MulticastToUnicast" boolValues) 1091 (assertValueOneOf "NeighborSuppression" boolValues) 1092 (assertValueOneOf "Learning" boolValues) 1093 (assertValueOneOf "HairPin" boolValues) 1094 (assertValueOneOf "Isolated" boolValues) 1095 (assertValueOneOf "UseBPDU" boolValues) 1096 (assertValueOneOf "FastLeave" boolValues) 1097 (assertValueOneOf "AllowPortToBeRoot" boolValues) 1098 (assertValueOneOf "ProxyARP" boolValues) 1099 (assertValueOneOf "ProxyARPWiFi" boolValues) 1100 (assertValueOneOf "MulticastRouter" [ "no" "query" "permanent" "temporary" ]) 1101 (assertInt "Cost") 1102 (assertRange "Cost" 1 65535) 1103 (assertInt "Priority") 1104 (assertRange "Priority" 0 63) 1105 ]; 1106 1107 sectionBridgeFDB = checkUnitConfig "BridgeFDB" [ 1108 (assertOnlyFields [ 1109 "MACAddress" 1110 "Destination" 1111 "VLANId" 1112 "VNI" 1113 "AssociatedWith" 1114 "OutgoingInterface" 1115 ]) 1116 (assertHasField "MACAddress") 1117 (assertInt "VLANId") 1118 (assertRange "VLANId" 0 4094) 1119 (assertInt "VNI") 1120 (assertRange "VNI" 1 16777215) 1121 (assertValueOneOf "AssociatedWith" [ "use" "self" "master" "router" ]) 1122 ]; 1123 1124 sectionBridgeMDB = checkUnitConfig "BridgeMDB" [ 1125 (assertOnlyFields [ 1126 "MulticastGroupAddress" 1127 "VLANId" 1128 ]) 1129 (assertHasField "MulticastGroupAddress") 1130 (assertInt "VLANId") 1131 (assertRange "VLANId" 0 4094) 1132 ]; 1133 1134 sectionLLDP = checkUnitConfig "LLDP" [ 1135 (assertOnlyFields [ 1136 "MUDURL" 1137 ]) 1138 ]; 1139 1140 sectionCAN = checkUnitConfig "CAN" [ 1141 (assertOnlyFields [ 1142 "BitRate" 1143 "SamplePoint" 1144 "TimeQuantaNSec" 1145 "PropagationSegment" 1146 "PhaseBufferSegment1" 1147 "PhaseBufferSegment2" 1148 "SyncJumpWidth" 1149 "DataBitRate" 1150 "DataSamplePoint" 1151 "DataTimeQuantaNSec" 1152 "DataPropagationSegment" 1153 "DataPhaseBufferSegment1" 1154 "DataPhaseBufferSegment2" 1155 "DataSyncJumpWidth" 1156 "FDMode" 1157 "FDNonISO" 1158 "RestartSec" 1159 "Termination" 1160 "TripleSampling" 1161 "BusErrorReporting" 1162 "ListenOnly" 1163 "Loopback" 1164 "OneShot" 1165 "PresumeAck" 1166 "ClassicDataLengthCode" 1167 ]) 1168 (assertInt "TimeQuantaNSec" ) 1169 (assertRange "TimeQuantaNSec" 0 4294967295 ) 1170 (assertInt "PropagationSegment" ) 1171 (assertRange "PropagationSegment" 0 4294967295 ) 1172 (assertInt "PhaseBufferSegment1" ) 1173 (assertRange "PhaseBufferSegment1" 0 4294967295 ) 1174 (assertInt "PhaseBufferSegment2" ) 1175 (assertRange "PhaseBufferSegment2" 0 4294967295 ) 1176 (assertInt "SyncJumpWidth" ) 1177 (assertRange "SyncJumpWidth" 0 4294967295 ) 1178 (assertInt "DataTimeQuantaNSec" ) 1179 (assertRange "DataTimeQuantaNSec" 0 4294967295 ) 1180 (assertInt "DataPropagationSegment" ) 1181 (assertRange "DataPropagationSegment" 0 4294967295 ) 1182 (assertInt "DataPhaseBufferSegment1" ) 1183 (assertRange "DataPhaseBufferSegment1" 0 4294967295 ) 1184 (assertInt "DataPhaseBufferSegment2" ) 1185 (assertRange "DataPhaseBufferSegment2" 0 4294967295 ) 1186 (assertInt "DataSyncJumpWidth" ) 1187 (assertRange "DataSyncJumpWidth" 0 4294967295 ) 1188 (assertValueOneOf "FDMode" boolValues) 1189 (assertValueOneOf "FDNonISO" boolValues) 1190 (assertValueOneOf "TripleSampling" boolValues) 1191 (assertValueOneOf "BusErrorReporting" boolValues) 1192 (assertValueOneOf "ListenOnly" boolValues) 1193 (assertValueOneOf "Loopback" boolValues) 1194 (assertValueOneOf "OneShot" boolValues) 1195 (assertValueOneOf "PresumeAck" boolValues) 1196 (assertValueOneOf "ClassicDataLengthCode" boolValues) 1197 ]; 1198 1199 sectionIPoIB = checkUnitConfig "IPoIB" [ 1200 (assertOnlyFields [ 1201 "Mode" 1202 "IgnoreUserspaceMulticastGroup" 1203 ]) 1204 (assertValueOneOf "Mode" [ "datagram" "connected" ]) 1205 (assertValueOneOf "IgnoreUserspaceMulticastGroup" boolValues) 1206 ]; 1207 1208 sectionQDisc = checkUnitConfig "QDisc" [ 1209 (assertOnlyFields [ 1210 "Parent" 1211 "Handle" 1212 ]) 1213 (assertValueOneOf "Parent" [ "clsact" "ingress" ]) 1214 ]; 1215 1216 sectionNetworkEmulator = checkUnitConfig "NetworkEmulator" [ 1217 (assertOnlyFields [ 1218 "Parent" 1219 "Handle" 1220 "DelaySec" 1221 "DelayJitterSec" 1222 "PacketLimit" 1223 "LossRate" 1224 "DuplicateRate" 1225 ]) 1226 (assertInt "PacketLimit") 1227 (assertRange "PacketLimit" 0 4294967294) 1228 ]; 1229 1230 sectionTokenBucketFilter = checkUnitConfig "TokenBucketFilter" [ 1231 (assertOnlyFields [ 1232 "Parent" 1233 "Handle" 1234 "LatencySec" 1235 "LimitBytes" 1236 "BurstBytes" 1237 "Rate" 1238 "MPUBytes" 1239 "PeakRate" 1240 "MTUBytes" 1241 ]) 1242 ]; 1243 1244 sectionPIE = checkUnitConfig "PIE" [ 1245 (assertOnlyFields [ 1246 "Parent" 1247 "Handle" 1248 "PacketLimit" 1249 ]) 1250 (assertInt "PacketLimit") 1251 (assertRange "PacketLimit" 1 4294967294) 1252 ]; 1253 1254 sectionFlowQueuePIE = checkUnitConfig "FlowQueuePIE" [ 1255 (assertOnlyFields [ 1256 "Parent" 1257 "Handle" 1258 "PacketLimit" 1259 ]) 1260 (assertInt "PacketLimit") 1261 (assertRange "PacketLimit" 1 4294967294) 1262 ]; 1263 1264 sectionStochasticFairBlue = checkUnitConfig "StochasticFairBlue" [ 1265 (assertOnlyFields [ 1266 "Parent" 1267 "Handle" 1268 "PacketLimit" 1269 ]) 1270 (assertInt "PacketLimit") 1271 (assertRange "PacketLimit" 1 4294967294) 1272 ]; 1273 1274 sectionStochasticFairnessQueueing = checkUnitConfig "StochasticFairnessQueueing" [ 1275 (assertOnlyFields [ 1276 "Parent" 1277 "Handle" 1278 "PerturbPeriodSec" 1279 ]) 1280 (assertInt "PerturbPeriodSec") 1281 ]; 1282 1283 sectionBFIFO = checkUnitConfig "BFIFO" [ 1284 (assertOnlyFields [ 1285 "Parent" 1286 "Handle" 1287 "LimitBytes" 1288 ]) 1289 ]; 1290 1291 sectionPFIFO = checkUnitConfig "PFIFO" [ 1292 (assertOnlyFields [ 1293 "Parent" 1294 "Handle" 1295 "PacketLimit" 1296 ]) 1297 (assertInt "PacketLimit") 1298 (assertRange "PacketLimit" 0 4294967294) 1299 ]; 1300 1301 sectionPFIFOHeadDrop = checkUnitConfig "PFIFOHeadDrop" [ 1302 (assertOnlyFields [ 1303 "Parent" 1304 "Handle" 1305 "PacketLimit" 1306 ]) 1307 (assertInt "PacketLimit") 1308 (assertRange "PacketLimit" 0 4294967294) 1309 ]; 1310 1311 sectionPFIFOFast = checkUnitConfig "PFIFOFast" [ 1312 (assertOnlyFields [ 1313 "Parent" 1314 "Handle" 1315 ]) 1316 ]; 1317 1318 sectionCAKE = checkUnitConfig "CAKE" [ 1319 (assertOnlyFields [ 1320 "Parent" 1321 "Handle" 1322 "Bandwidth" 1323 "AutoRateIngress" 1324 "OverheadBytes" 1325 "MPUBytes" 1326 "CompensationMode" 1327 "UseRawPacketSize" 1328 "FlowIsolationMode" 1329 "NAT" 1330 "PriorityQueueingPreset" 1331 "FirewallMark" 1332 "Wash" 1333 "SplitGSO" 1334 "AckFilter" 1335 ]) 1336 (assertValueOneOf "AutoRateIngress" boolValues) 1337 (assertInt "OverheadBytes") 1338 (assertRange "OverheadBytes" (-64) 256) 1339 (assertInt "MPUBytes") 1340 (assertRange "MPUBytes" 1 256) 1341 (assertValueOneOf "CompensationMode" [ "none" "atm" "ptm" ]) 1342 (assertValueOneOf "UseRawPacketSize" boolValues) 1343 (assertValueOneOf "FlowIsolationMode" 1344 [ 1345 "none" 1346 "src-host" 1347 "dst-host" 1348 "hosts" 1349 "flows" 1350 "dual-src-host" 1351 "dual-dst-host" 1352 "triple" 1353 ]) 1354 (assertValueOneOf "NAT" boolValues) 1355 (assertValueOneOf "PriorityQueueingPreset" 1356 [ 1357 "besteffort" 1358 "precedence" 1359 "diffserv8" 1360 "diffserv4" 1361 "diffserv3" 1362 ]) 1363 (assertInt "FirewallMark") 1364 (assertRange "FirewallMark" 1 4294967295) 1365 (assertValueOneOf "Wash" boolValues) 1366 (assertValueOneOf "SplitGSO" boolValues) 1367 (assertValueOneOf "AckFilter" (boolValues ++ ["aggressive"])) 1368 ]; 1369 1370 sectionControlledDelay = checkUnitConfig "ControlledDelay" [ 1371 (assertOnlyFields [ 1372 "Parent" 1373 "Handle" 1374 "PacketLimit" 1375 "TargetSec" 1376 "IntervalSec" 1377 "ECN" 1378 "CEThresholdSec" 1379 ]) 1380 (assertValueOneOf "ECN" boolValues) 1381 ]; 1382 1383 sectionDeficitRoundRobinScheduler = checkUnitConfig "DeficitRoundRobinScheduler" [ 1384 (assertOnlyFields [ 1385 "Parent" 1386 "Handle" 1387 ]) 1388 ]; 1389 1390 sectionDeficitRoundRobinSchedulerClass = checkUnitConfig "DeficitRoundRobinSchedulerClass" [ 1391 (assertOnlyFields [ 1392 "Parent" 1393 "Handle" 1394 "QuantumBytes" 1395 ]) 1396 ]; 1397 1398 sectionEnhancedTransmissionSelection = checkUnitConfig "EnhancedTransmissionSelection" [ 1399 (assertOnlyFields [ 1400 "Parent" 1401 "Handle" 1402 "Bands" 1403 "StrictBands" 1404 "QuantumBytes" 1405 "PriorityMap" 1406 ]) 1407 (assertInt "Bands") 1408 (assertRange "Bands" 1 16) 1409 (assertInt "StrictBands") 1410 (assertRange "StrictBands" 1 16) 1411 ]; 1412 1413 sectionGenericRandomEarlyDetection = checkUnitConfig "GenericRandomEarlyDetection" [ 1414 (assertOnlyFields [ 1415 "Parent" 1416 "Handle" 1417 "VirtualQueues" 1418 "DefaultVirtualQueue" 1419 "GenericRIO" 1420 ]) 1421 (assertInt "VirtualQueues") 1422 (assertRange "VirtualQueues" 1 16) 1423 (assertInt "DefaultVirtualQueue") 1424 (assertRange "DefaultVirtualQueue" 1 16) 1425 (assertValueOneOf "GenericRIO" boolValues) 1426 ]; 1427 1428 sectionFairQueueingControlledDelay = checkUnitConfig "FairQueueingControlledDelay" [ 1429 (assertOnlyFields [ 1430 "Parent" 1431 "Handle" 1432 "PacketLimit" 1433 "MemoryLimitBytes" 1434 "Flows" 1435 "TargetSec" 1436 "IntervalSec" 1437 "QuantumBytes" 1438 "ECN" 1439 "CEThresholdSec" 1440 ]) 1441 (assertInt "PacketLimit") 1442 (assertInt "Flows") 1443 (assertValueOneOf "ECN" boolValues) 1444 ]; 1445 1446 sectionFairQueueing = checkUnitConfig "FairQueueing" [ 1447 (assertOnlyFields [ 1448 "Parent" 1449 "Handle" 1450 "PacketLimit" 1451 "FlowLimit" 1452 "QuantumBytes" 1453 "InitualQuantumBytes" 1454 "MaximumRate" 1455 "Buckets" 1456 "OrphanMask" 1457 "Pacing" 1458 "CEThresholdSec" 1459 ]) 1460 (assertInt "PacketLimit") 1461 (assertInt "FlowLimit") 1462 (assertInt "OrphanMask") 1463 (assertValueOneOf "Pacing" boolValues) 1464 ]; 1465 1466 sectionTrivialLinkEqualizer = checkUnitConfig "TrivialLinkEqualizer" [ 1467 (assertOnlyFields [ 1468 "Parent" 1469 "Handle" 1470 "Id" 1471 ]) 1472 ]; 1473 1474 sectionHierarchyTokenBucket = checkUnitConfig "HierarchyTokenBucket" [ 1475 (assertOnlyFields [ 1476 "Parent" 1477 "Handle" 1478 "DefaultClass" 1479 "RateToQuantum" 1480 ]) 1481 (assertInt "RateToQuantum") 1482 ]; 1483 1484 sectionHierarchyTokenBucketClass = checkUnitConfig "HierarchyTokenBucketClass" [ 1485 (assertOnlyFields [ 1486 "Parent" 1487 "ClassId" 1488 "Priority" 1489 "QuantumBytes" 1490 "MTUBytes" 1491 "OverheadBytes" 1492 "Rate" 1493 "CeilRate" 1494 "BufferBytes" 1495 "CeilBufferBytes" 1496 ]) 1497 ]; 1498 1499 sectionHeavyHitterFilter = checkUnitConfig "HeavyHitterFilter" [ 1500 (assertOnlyFields [ 1501 "Parent" 1502 "Handle" 1503 "PacketLimit" 1504 ]) 1505 (assertInt "PacketLimit") 1506 (assertRange "PacketLimit" 0 4294967294) 1507 ]; 1508 1509 sectionQuickFairQueueing = checkUnitConfig "QuickFairQueueing" [ 1510 (assertOnlyFields [ 1511 "Parent" 1512 "Handle" 1513 ]) 1514 ]; 1515 1516 sectionQuickFairQueueingClass = checkUnitConfig "QuickFairQueueingClass" [ 1517 (assertOnlyFields [ 1518 "Parent" 1519 "ClassId" 1520 "Weight" 1521 "MaxPacketBytes" 1522 ]) 1523 (assertInt "Weight") 1524 (assertRange "Weight" 1 1023) 1525 ]; 1526 1527 sectionBridgeVLAN = checkUnitConfig "BridgeVLAN" [ 1528 (assertOnlyFields [ 1529 "VLAN" 1530 "EgressUntagged" 1531 "PVID" 1532 ]) 1533 (assertInt "PVID") 1534 (assertRange "PVID" 0 4094) 1535 ]; 1536 }; 1537 }; 1538 1539 commonNetworkOptions = { 1540 1541 enable = mkOption { 1542 default = true; 1543 type = types.bool; 1544 description = '' 1545 Whether to manage network configuration using {command}`systemd-network`. 1546 1547 This also enables {option}`systemd.networkd.enable`. 1548 ''; 1549 }; 1550 1551 matchConfig = mkOption { 1552 default = {}; 1553 example = { Name = "eth0"; }; 1554 type = types.attrsOf unitOption; 1555 description = '' 1556 Each attribute in this set specifies an option in the 1557 `[Match]` section of the unit. See 1558 {manpage}`systemd.link(5)` 1559 {manpage}`systemd.netdev(5)` 1560 {manpage}`systemd.network(5)` 1561 for details. 1562 ''; 1563 }; 1564 1565 extraConfig = mkOption { 1566 default = ""; 1567 type = types.lines; 1568 description = "Extra configuration append to unit"; 1569 }; 1570 }; 1571 1572 networkdOptions = { 1573 networkConfig = mkOption { 1574 default = {}; 1575 example = { SpeedMeter = true; ManageForeignRoutingPolicyRules = false; }; 1576 type = types.addCheck (types.attrsOf unitOption) check.global.sectionNetwork; 1577 description = '' 1578 Each attribute in this set specifies an option in the 1579 `[Network]` section of the networkd config. 1580 See {manpage}`networkd.conf(5)` for details. 1581 ''; 1582 }; 1583 1584 dhcpV4Config = mkOption { 1585 default = {}; 1586 example = { DUIDType = "vendor"; }; 1587 type = types.addCheck (types.attrsOf unitOption) check.global.sectionDHCPv4; 1588 description = '' 1589 Each attribute in this set specifies an option in the 1590 `[DHCPv4]` section of the networkd config. 1591 See {manpage}`networkd.conf(5)` for details. 1592 ''; 1593 }; 1594 1595 dhcpV6Config = mkOption { 1596 default = {}; 1597 example = { DUIDType = "vendor"; }; 1598 type = types.addCheck (types.attrsOf unitOption) check.global.sectionDHCPv6; 1599 description = '' 1600 Each attribute in this set specifies an option in the 1601 `[DHCPv6]` section of the networkd config. 1602 See {manpage}`networkd.conf(5)` for details. 1603 ''; 1604 }; 1605 }; 1606 1607 linkOptions = commonNetworkOptions // { 1608 # overwrite enable option from above 1609 enable = mkOption { 1610 default = true; 1611 type = types.bool; 1612 description = '' 1613 Whether to enable this .link unit. It's handled by udev no matter if {command}`systemd-networkd` is enabled or not 1614 ''; 1615 }; 1616 1617 linkConfig = mkOption { 1618 default = {}; 1619 example = { MACAddress = "00:ff:ee:aa:cc:dd"; }; 1620 type = types.addCheck (types.attrsOf unitOption) check.link.sectionLink; 1621 description = '' 1622 Each attribute in this set specifies an option in the 1623 `[Link]` section of the unit. See 1624 {manpage}`systemd.link(5)` for details. 1625 ''; 1626 }; 1627 1628 }; 1629 1630 1631 l2tpSessionOptions = { 1632 options = { 1633 l2tpSessionConfig = mkOption { 1634 default = {}; 1635 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionL2TPSession; 1636 description = '' 1637 Each attribute in this set specifies an option in the 1638 `[L2TPSession]` section of the unit. See 1639 {manpage}`systemd.netdev(5)` for details. 1640 ''; 1641 }; 1642 }; 1643 }; 1644 1645 wireguardPeerOptions = { 1646 options = { 1647 wireguardPeerConfig = mkOption { 1648 default = {}; 1649 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionWireGuardPeer; 1650 description = '' 1651 Each attribute in this set specifies an option in the 1652 `[WireGuardPeer]` section of the unit. See 1653 {manpage}`systemd.netdev(5)` for details. 1654 ''; 1655 }; 1656 }; 1657 }; 1658 1659 netdevOptions = commonNetworkOptions // { 1660 1661 netdevConfig = mkOption { 1662 example = { Name = "mybridge"; Kind = "bridge"; }; 1663 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionNetdev; 1664 description = '' 1665 Each attribute in this set specifies an option in the 1666 `[Netdev]` section of the unit. See 1667 {manpage}`systemd.netdev(5)` for details. 1668 ''; 1669 }; 1670 1671 bridgeConfig = mkOption { 1672 default = {}; 1673 example = { STP = true; }; 1674 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionBridge; 1675 description = '' 1676 Each attribute in this set specifies an option in the 1677 `[Bridge]` section of the unit. See 1678 {manpage}`systemd.netdev(5)` for details. 1679 ''; 1680 }; 1681 1682 vlanConfig = mkOption { 1683 default = {}; 1684 example = { Id = 4; }; 1685 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionVLAN; 1686 description = '' 1687 Each attribute in this set specifies an option in the 1688 `[VLAN]` section of the unit. See 1689 {manpage}`systemd.netdev(5)` for details. 1690 ''; 1691 }; 1692 1693 ipvlanConfig = mkOption { 1694 default = {}; 1695 example = { Mode = "L2"; Flags = "private"; }; 1696 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionIPVLAN; 1697 description = '' 1698 Each attribute in this set specifies an option in the `[IPVLAN]` section of the unit. 1699 See {manpage}`systemd.netdev(5)` for details. 1700 ''; 1701 }; 1702 1703 ipvtapConfig = mkOption { 1704 default = {}; 1705 example = { Mode = "L3"; Flags = "vepa"; }; 1706 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionIPVTAP; 1707 description = '' 1708 Each attribute in this set specifies an option in the `[IPVTAP]` section of the unit. 1709 See {manpage}`systemd.netdev(5)` for details. 1710 ''; 1711 }; 1712 1713 macvlanConfig = mkOption { 1714 default = {}; 1715 example = { Mode = "private"; }; 1716 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionMACVLAN; 1717 description = '' 1718 Each attribute in this set specifies an option in the 1719 `[MACVLAN]` section of the unit. See 1720 {manpage}`systemd.netdev(5)` for details. 1721 ''; 1722 }; 1723 1724 vxlanConfig = mkOption { 1725 default = {}; 1726 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionVXLAN; 1727 description = '' 1728 Each attribute in this set specifies an option in the 1729 `[VXLAN]` section of the unit. See 1730 {manpage}`systemd.netdev(5)` for details. 1731 ''; 1732 }; 1733 1734 tunnelConfig = mkOption { 1735 default = {}; 1736 example = { Remote = "192.168.1.1"; }; 1737 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionTunnel; 1738 description = '' 1739 Each attribute in this set specifies an option in the 1740 `[Tunnel]` section of the unit. See 1741 {manpage}`systemd.netdev(5)` for details. 1742 ''; 1743 }; 1744 1745 fooOverUDPConfig = mkOption { 1746 default = { }; 1747 example = { Port = 9001; }; 1748 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionFooOverUDP; 1749 description = '' 1750 Each attribute in this set specifies an option in the 1751 `[FooOverUDP]` section of the unit. See 1752 {manpage}`systemd.netdev(5)` for details. 1753 ''; 1754 }; 1755 1756 peerConfig = mkOption { 1757 default = {}; 1758 example = { Name = "veth2"; }; 1759 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionPeer; 1760 description = '' 1761 Each attribute in this set specifies an option in the 1762 `[Peer]` section of the unit. See 1763 {manpage}`systemd.netdev(5)` for details. 1764 ''; 1765 }; 1766 1767 tunConfig = mkOption { 1768 default = {}; 1769 example = { User = "openvpn"; }; 1770 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionTun; 1771 description = '' 1772 Each attribute in this set specifies an option in the 1773 `[Tun]` section of the unit. See 1774 {manpage}`systemd.netdev(5)` for details. 1775 ''; 1776 }; 1777 1778 tapConfig = mkOption { 1779 default = {}; 1780 example = { User = "openvpn"; }; 1781 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionTap; 1782 description = '' 1783 Each attribute in this set specifies an option in the 1784 `[Tap]` section of the unit. See 1785 {manpage}`systemd.netdev(5)` for details. 1786 ''; 1787 }; 1788 1789 l2tpConfig = mkOption { 1790 default = {}; 1791 example = { 1792 TunnelId = 10; 1793 PeerTunnelId = 12; 1794 Local = "static"; 1795 Remote = "192.168.30.101"; 1796 EncapsulationType = "ip"; 1797 }; 1798 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionL2TP; 1799 description = '' 1800 Each attribute in this set specifies an option in the 1801 `[L2TP]` section of the unit. See 1802 {manpage}`systemd.netdev(5)` for details. 1803 ''; 1804 }; 1805 1806 l2tpSessions = mkOption { 1807 default = []; 1808 example = [ { l2tpSessionConfig={ 1809 SessionId = 25; 1810 PeerSessionId = 26; 1811 Name = "l2tp-sess"; 1812 };}]; 1813 type = with types; listOf (submodule l2tpSessionOptions); 1814 description = '' 1815 Each item in this array specifies an option in the 1816 `[L2TPSession]` section of the unit. See 1817 {manpage}`systemd.netdev(5)` for details. 1818 ''; 1819 }; 1820 1821 wireguardConfig = mkOption { 1822 default = {}; 1823 example = { 1824 PrivateKeyFile = "/etc/wireguard/secret.key"; 1825 ListenPort = 51820; 1826 FirewallMark = 42; 1827 }; 1828 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionWireGuard; 1829 description = '' 1830 Each attribute in this set specifies an option in the 1831 `[WireGuard]` section of the unit. See 1832 {manpage}`systemd.netdev(5)` for details. 1833 Use `PrivateKeyFile` instead of 1834 `PrivateKey`: the nix store is 1835 world-readable. 1836 ''; 1837 }; 1838 1839 wireguardPeers = mkOption { 1840 default = []; 1841 example = [ { wireguardPeerConfig={ 1842 Endpoint = "192.168.1.1:51820"; 1843 PublicKey = "27s0OvaBBdHoJYkH9osZpjpgSOVNw+RaKfboT/Sfq0g="; 1844 PresharedKeyFile = "/etc/wireguard/psk.key"; 1845 AllowedIPs = [ "10.0.0.1/32" ]; 1846 PersistentKeepalive = 15; 1847 };}]; 1848 type = with types; listOf (submodule wireguardPeerOptions); 1849 description = '' 1850 Each item in this array specifies an option in the 1851 `[WireGuardPeer]` section of the unit. See 1852 {manpage}`systemd.netdev(5)` for details. 1853 Use `PresharedKeyFile` instead of 1854 `PresharedKey`: the nix store is 1855 world-readable. 1856 ''; 1857 }; 1858 1859 bondConfig = mkOption { 1860 default = {}; 1861 example = { Mode = "802.3ad"; }; 1862 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionBond; 1863 description = '' 1864 Each attribute in this set specifies an option in the 1865 `[Bond]` section of the unit. See 1866 {manpage}`systemd.netdev(5)` for details. 1867 ''; 1868 }; 1869 1870 xfrmConfig = mkOption { 1871 default = {}; 1872 example = { InterfaceId = 1; }; 1873 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionXfrm; 1874 description = '' 1875 Each attribute in this set specifies an option in the 1876 `[Xfrm]` section of the unit. See 1877 {manpage}`systemd.netdev(5)` for details. 1878 ''; 1879 }; 1880 1881 vrfConfig = mkOption { 1882 default = {}; 1883 example = { Table = 2342; }; 1884 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionVRF; 1885 description = '' 1886 Each attribute in this set specifies an option in the 1887 `[VRF]` section of the unit. See 1888 {manpage}`systemd.netdev(5)` for details. 1889 A detailed explanation about how VRFs work can be found in the 1890 [kernel docs](https://www.kernel.org/doc/Documentation/networking/vrf.txt). 1891 ''; 1892 }; 1893 1894 wlanConfig = mkOption { 1895 default = {}; 1896 example = { PhysicalDevice = 0; Type = "station"; }; 1897 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionWLAN; 1898 description = '' 1899 Each attribute in this set specifies an option in the `[WLAN]` section of the unit. 1900 See {manpage}`systemd.netdev(5)` for details. 1901 ''; 1902 }; 1903 1904 batmanAdvancedConfig = mkOption { 1905 default = {}; 1906 example = { 1907 GatewayMode = "server"; 1908 RoutingAlgorithm = "batman-v"; 1909 }; 1910 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionBatmanAdvanced; 1911 description = '' 1912 Each attribute in this set specifies an option in the 1913 `[BatmanAdvanced]` section of the unit. See 1914 {manpage}`systemd.netdev(5)` for details. 1915 ''; 1916 }; 1917 1918 }; 1919 1920 addressOptions = { 1921 options = { 1922 addressConfig = mkOption { 1923 example = { Address = "192.168.0.100/24"; }; 1924 type = types.addCheck (types.attrsOf unitOption) check.network.sectionAddress; 1925 description = '' 1926 Each attribute in this set specifies an option in the 1927 `[Address]` section of the unit. See 1928 {manpage}`systemd.network(5)` for details. 1929 ''; 1930 }; 1931 }; 1932 }; 1933 1934 routingPolicyRulesOptions = { 1935 options = { 1936 routingPolicyRuleConfig = mkOption { 1937 default = { }; 1938 example = { Table = 10; IncomingInterface = "eth1"; Family = "both"; }; 1939 type = types.addCheck (types.attrsOf unitOption) check.network.sectionRoutingPolicyRule; 1940 description = '' 1941 Each attribute in this set specifies an option in the 1942 `[RoutingPolicyRule]` section of the unit. See 1943 {manpage}`systemd.network(5)` for details. 1944 ''; 1945 }; 1946 }; 1947 }; 1948 1949 routeOptions = { 1950 options = { 1951 routeConfig = mkOption { 1952 default = {}; 1953 example = { Gateway = "192.168.0.1"; }; 1954 type = types.addCheck (types.attrsOf unitOption) check.network.sectionRoute; 1955 description = '' 1956 Each attribute in this set specifies an option in the 1957 `[Route]` section of the unit. See 1958 {manpage}`systemd.network(5)` for details. 1959 ''; 1960 }; 1961 }; 1962 }; 1963 1964 ipv6PrefixOptions = { 1965 options = { 1966 ipv6PrefixConfig = mkOption { 1967 default = {}; 1968 example = { Prefix = "fd00::/64"; }; 1969 type = types.addCheck (types.attrsOf unitOption) check.network.sectionIPv6Prefix; 1970 description = '' 1971 Each attribute in this set specifies an option in the 1972 `[IPv6Prefix]` section of the unit. See 1973 {manpage}`systemd.network(5)` for details. 1974 ''; 1975 }; 1976 }; 1977 }; 1978 1979 ipv6RoutePrefixOptions = { 1980 options = { 1981 ipv6RoutePrefixConfig = mkOption { 1982 default = {}; 1983 example = { Route = "fd00::/64"; }; 1984 type = types.addCheck (types.attrsOf unitOption) check.network.sectionIPv6RoutePrefix; 1985 description = '' 1986 Each attribute in this set specifies an option in the 1987 `[IPv6RoutePrefix]` section of the unit. See 1988 {manpage}`systemd.network(5)` for details. 1989 ''; 1990 }; 1991 }; 1992 }; 1993 1994 dhcpServerStaticLeaseOptions = { 1995 options = { 1996 dhcpServerStaticLeaseConfig = mkOption { 1997 default = {}; 1998 example = { MACAddress = "65:43:4a:5b:d8:5f"; Address = "192.168.1.42"; }; 1999 type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPServerStaticLease; 2000 description = '' 2001 Each attribute in this set specifies an option in the 2002 `[DHCPServerStaticLease]` section of the unit. See 2003 {manpage}`systemd.network(5)` for details. 2004 2005 Make sure to configure the corresponding client interface to use 2006 `ClientIdentifier=mac`. 2007 ''; 2008 }; 2009 }; 2010 }; 2011 2012 bridgeFDBOptions = { 2013 options = { 2014 bridgeFDBConfig = mkOption { 2015 default = {}; 2016 example = { MACAddress = "65:43:4a:5b:d8:5f"; Destination = "192.168.1.42"; VNI = 20; }; 2017 type = types.addCheck (types.attrsOf unitOption) check.network.sectionBridgeFDB; 2018 description = '' 2019 Each attribute in this set specifies an option in the 2020 `[BridgeFDB]` section of the unit. See 2021 {manpage}`systemd.network(5)` for details. 2022 ''; 2023 }; 2024 }; 2025 }; 2026 2027 bridgeMDBOptions = { 2028 options = { 2029 bridgeMDBConfig = mkOption { 2030 default = {}; 2031 example = { MulticastGroupAddress = "ff02::1:2:3:4"; VLANId = 10; }; 2032 type = types.addCheck (types.attrsOf unitOption) check.network.sectionBridgeMDB; 2033 description = '' 2034 Each attribute in this set specifies an option in the 2035 `[BridgeMDB]` section of the unit. See 2036 {manpage}`systemd.network(5)` for details. 2037 ''; 2038 }; 2039 }; 2040 }; 2041 2042 bridgeVLANOptions = { 2043 options = { 2044 bridgeVLANConfig = mkOption { 2045 default = {}; 2046 example = { VLAN = 20; }; 2047 type = types.addCheck (types.attrsOf unitOption) check.network.sectionBridgeVLAN; 2048 description = '' 2049 Each attribute in this set specifies an option in the 2050 `[BridgeVLAN]` section of the unit. See 2051 {manpage}`systemd.network(5)` for details. 2052 ''; 2053 }; 2054 }; 2055 }; 2056 2057 networkOptions = commonNetworkOptions // { 2058 2059 linkConfig = mkOption { 2060 default = {}; 2061 example = { Unmanaged = true; }; 2062 type = types.addCheck (types.attrsOf unitOption) check.network.sectionLink; 2063 description = '' 2064 Each attribute in this set specifies an option in the 2065 `[Link]` section of the unit. See 2066 {manpage}`systemd.network(5)` for details. 2067 ''; 2068 }; 2069 2070 networkConfig = mkOption { 2071 default = {}; 2072 example = { Description = "My Network"; }; 2073 type = types.addCheck (types.attrsOf unitOption) check.network.sectionNetwork; 2074 description = '' 2075 Each attribute in this set specifies an option in the 2076 `[Network]` section of the unit. See 2077 {manpage}`systemd.network(5)` for details. 2078 ''; 2079 }; 2080 2081 # systemd.network.networks.*.dhcpConfig has been deprecated in favor of ….dhcpV4Config 2082 # Produce a nice warning message so users know it is gone. 2083 dhcpConfig = mkOption { 2084 visible = false; 2085 apply = _: throw "The option `systemd.network.networks.*.dhcpConfig` can no longer be used since it's been removed. Please use `systemd.network.networks.*.dhcpV4Config` instead."; 2086 }; 2087 2088 dhcpV4Config = mkOption { 2089 default = {}; 2090 example = { UseDNS = true; UseRoutes = true; }; 2091 type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPv4; 2092 description = '' 2093 Each attribute in this set specifies an option in the 2094 `[DHCPv4]` section of the unit. See 2095 {manpage}`systemd.network(5)` for details. 2096 ''; 2097 }; 2098 2099 dhcpV6Config = mkOption { 2100 default = {}; 2101 example = { UseDNS = true; }; 2102 type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPv6; 2103 description = '' 2104 Each attribute in this set specifies an option in the 2105 `[DHCPv6]` section of the unit. See 2106 {manpage}`systemd.network(5)` for details. 2107 ''; 2108 }; 2109 2110 dhcpV6PrefixDelegationConfig = mkOption { 2111 visible = false; 2112 apply = _: throw "The option `systemd.network.networks.<name>.dhcpV6PrefixDelegationConfig` has been renamed to `systemd.network.networks.<name>.dhcpPrefixDelegationConfig`."; 2113 }; 2114 2115 dhcpPrefixDelegationConfig = mkOption { 2116 default = {}; 2117 example = { SubnetId = "auto"; Announce = true; }; 2118 type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPPrefixDelegation; 2119 description = '' 2120 Each attribute in this set specifies an option in the 2121 `[DHCPPrefixDelegation]` section of the unit. See 2122 {manpage}`systemd.network(5)` for details. 2123 ''; 2124 }; 2125 2126 ipv6AcceptRAConfig = mkOption { 2127 default = {}; 2128 example = { UseDNS = true; DHCPv6Client = "always"; }; 2129 type = types.addCheck (types.attrsOf unitOption) check.network.sectionIPv6AcceptRA; 2130 description = '' 2131 Each attribute in this set specifies an option in the 2132 `[IPv6AcceptRA]` section of the unit. See 2133 {manpage}`systemd.network(5)` for details. 2134 ''; 2135 }; 2136 2137 dhcpServerConfig = mkOption { 2138 default = {}; 2139 example = { PoolOffset = 50; EmitDNS = false; }; 2140 type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPServer; 2141 description = '' 2142 Each attribute in this set specifies an option in the 2143 `[DHCPServer]` section of the unit. See 2144 {manpage}`systemd.network(5)` for details. 2145 ''; 2146 }; 2147 2148 # systemd.network.networks.*.ipv6PrefixDelegationConfig has been deprecated 2149 # in 247 in favor of systemd.network.networks.*.ipv6SendRAConfig. 2150 ipv6PrefixDelegationConfig = mkOption { 2151 visible = false; 2152 apply = _: throw "The option `systemd.network.networks.*.ipv6PrefixDelegationConfig` has been replaced by `systemd.network.networks.*.ipv6SendRAConfig`."; 2153 }; 2154 2155 ipv6SendRAConfig = mkOption { 2156 default = {}; 2157 example = { EmitDNS = true; Managed = true; OtherInformation = true; }; 2158 type = types.addCheck (types.attrsOf unitOption) check.network.sectionIPv6SendRA; 2159 description = '' 2160 Each attribute in this set specifies an option in the 2161 `[IPv6SendRA]` section of the unit. See 2162 {manpage}`systemd.network(5)` for details. 2163 ''; 2164 }; 2165 2166 dhcpServerStaticLeases = mkOption { 2167 default = []; 2168 example = [ { dhcpServerStaticLeaseConfig = { MACAddress = "65:43:4a:5b:d8:5f"; Address = "192.168.1.42"; }; } ]; 2169 type = with types; listOf (submodule dhcpServerStaticLeaseOptions); 2170 description = '' 2171 A list of DHCPServerStaticLease sections to be added to the unit. See 2172 {manpage}`systemd.network(5)` for details. 2173 ''; 2174 }; 2175 2176 ipv6Prefixes = mkOption { 2177 default = []; 2178 example = [ { ipv6PrefixConfig = { AddressAutoconfiguration = true; OnLink = true; }; } ]; 2179 type = with types; listOf (submodule ipv6PrefixOptions); 2180 description = '' 2181 A list of ipv6Prefix sections to be added to the unit. See 2182 {manpage}`systemd.network(5)` for details. 2183 ''; 2184 }; 2185 2186 ipv6RoutePrefixes = mkOption { 2187 default = []; 2188 example = [ { ipv6RoutePrefixConfig = { Route = "fd00::/64"; LifetimeSec = 3600; }; } ]; 2189 type = with types; listOf (submodule ipv6RoutePrefixOptions); 2190 description = '' 2191 A list of ipv6RoutePrefix sections to be added to the unit. See 2192 {manpage}`systemd.network(5)` for details. 2193 ''; 2194 }; 2195 2196 bridgeConfig = mkOption { 2197 default = {}; 2198 example = { MulticastFlood = false; Cost = 20; }; 2199 type = types.addCheck (types.attrsOf unitOption) check.network.sectionBridge; 2200 description = '' 2201 Each attribute in this set specifies an option in the 2202 `[Bridge]` section of the unit. See 2203 {manpage}`systemd.network(5)` for details. 2204 ''; 2205 }; 2206 2207 bridgeFDBs = mkOption { 2208 default = []; 2209 example = [ { bridgeFDBConfig = { MACAddress = "90:e2:ba:43:fc:71"; Destination = "192.168.100.4"; VNI = 3600; }; } ]; 2210 type = with types; listOf (submodule bridgeFDBOptions); 2211 description = '' 2212 A list of BridgeFDB sections to be added to the unit. See 2213 {manpage}`systemd.network(5)` for details. 2214 ''; 2215 }; 2216 2217 bridgeMDBs = mkOption { 2218 default = []; 2219 example = [ { bridgeMDBConfig = { MulticastGroupAddress = "ff02::1:2:3:4"; VLANId = 10; } ; } ]; 2220 type = with types; listOf (submodule bridgeMDBOptions); 2221 description = '' 2222 A list of BridgeMDB sections to be added to the unit. See 2223 {manpage}`systemd.network(5)` for details. 2224 ''; 2225 }; 2226 2227 lldpConfig = mkOption { 2228 default = {}; 2229 example = { MUDURL = "https://things.example.org/product_abc123/v5"; }; 2230 type = types.addCheck (types.attrsOf unitOption) check.network.sectionLLDP; 2231 description = '' 2232 Each attribute in this set specifies an option in the 2233 `[LLDP]` section of the unit. See 2234 {manpage}`systemd.network(5)` for details. 2235 ''; 2236 }; 2237 2238 canConfig = mkOption { 2239 default = {}; 2240 example = { }; 2241 type = types.addCheck (types.attrsOf unitOption) check.network.sectionCAN; 2242 description = '' 2243 Each attribute in this set specifies an option in the 2244 `[CAN]` section of the unit. See 2245 {manpage}`systemd.network(5)` for details. 2246 ''; 2247 }; 2248 2249 ipoIBConfig = mkOption { 2250 default = {}; 2251 example = { }; 2252 type = types.addCheck (types.attrsOf unitOption) check.network.sectionIPoIB; 2253 description = '' 2254 Each attribute in this set specifies an option in the 2255 `[IPoIB]` section of the unit. See 2256 {manpage}`systemd.network(5)` for details. 2257 ''; 2258 }; 2259 2260 qdiscConfig = mkOption { 2261 default = {}; 2262 example = { Parent = "ingress"; }; 2263 type = types.addCheck (types.attrsOf unitOption) check.network.sectionQDisc; 2264 description = '' 2265 Each attribute in this set specifies an option in the 2266 `[QDisc]` section of the unit. See 2267 {manpage}`systemd.network(5)` for details. 2268 ''; 2269 }; 2270 2271 networkEmulatorConfig = mkOption { 2272 default = {}; 2273 example = { Parent = "ingress"; DelaySec = "20msec"; }; 2274 type = types.addCheck (types.attrsOf unitOption) check.network.sectionNetworkEmulator; 2275 description = '' 2276 Each attribute in this set specifies an option in the 2277 `[NetworkEmulator]` section of the unit. See 2278 {manpage}`systemd.network(5)` for details. 2279 ''; 2280 }; 2281 2282 tokenBucketFilterConfig = mkOption { 2283 default = {}; 2284 example = { Parent = "ingress"; Rate = "100k"; }; 2285 type = types.addCheck (types.attrsOf unitOption) check.network.sectionTokenBucketFilter; 2286 description = '' 2287 Each attribute in this set specifies an option in the 2288 `[TokenBucketFilter]` section of the unit. See 2289 {manpage}`systemd.network(5)` for details. 2290 ''; 2291 }; 2292 2293 pieConfig = mkOption { 2294 default = {}; 2295 example = { Parent = "ingress"; PacketLimit = "3847"; }; 2296 type = types.addCheck (types.attrsOf unitOption) check.network.sectionPIE; 2297 description = '' 2298 Each attribute in this set specifies an option in the 2299 `[PIE]` section of the unit. See 2300 {manpage}`systemd.network(5)` for details. 2301 ''; 2302 }; 2303 2304 flowQueuePIEConfig = mkOption { 2305 default = {}; 2306 example = { Parent = "ingress"; PacketLimit = "3847"; }; 2307 type = types.addCheck (types.attrsOf unitOption) check.network.sectionFlowQueuePIE; 2308 description = '' 2309 Each attribute in this set specifies an option in the 2310 `[FlowQueuePIE]` section of the unit. See 2311 {manpage}`systemd.network(5)` for details. 2312 ''; 2313 }; 2314 2315 stochasticFairBlueConfig = mkOption { 2316 default = {}; 2317 example = { Parent = "ingress"; PacketLimit = "3847"; }; 2318 type = types.addCheck (types.attrsOf unitOption) check.network.sectionStochasticFairBlue; 2319 description = '' 2320 Each attribute in this set specifies an option in the 2321 `[StochasticFairBlue]` section of the unit. See 2322 {manpage}`systemd.network(5)` for details. 2323 ''; 2324 }; 2325 2326 stochasticFairnessQueueingConfig = mkOption { 2327 default = {}; 2328 example = { Parent = "ingress"; PerturbPeriodSec = "30"; }; 2329 type = types.addCheck (types.attrsOf unitOption) check.network.sectionStochasticFairnessQueueing; 2330 description = '' 2331 Each attribute in this set specifies an option in the 2332 `[StochasticFairnessQueueing]` section of the unit. See 2333 {manpage}`systemd.network(5)` for details. 2334 ''; 2335 }; 2336 2337 bfifoConfig = mkOption { 2338 default = {}; 2339 example = { Parent = "ingress"; LimitBytes = "20K"; }; 2340 type = types.addCheck (types.attrsOf unitOption) check.network.sectionBFIFO; 2341 description = '' 2342 Each attribute in this set specifies an option in the 2343 `[BFIFO]` section of the unit. See 2344 {manpage}`systemd.network(5)` for details. 2345 ''; 2346 }; 2347 2348 pfifoConfig = mkOption { 2349 default = {}; 2350 example = { Parent = "ingress"; PacketLimit = "300"; }; 2351 type = types.addCheck (types.attrsOf unitOption) check.network.sectionPFIFO; 2352 description = '' 2353 Each attribute in this set specifies an option in the 2354 `[PFIFO]` section of the unit. See 2355 {manpage}`systemd.network(5)` for details. 2356 ''; 2357 }; 2358 2359 pfifoHeadDropConfig = mkOption { 2360 default = {}; 2361 example = { Parent = "ingress"; PacketLimit = "300"; }; 2362 type = types.addCheck (types.attrsOf unitOption) check.network.sectionPFIFOHeadDrop; 2363 description = '' 2364 Each attribute in this set specifies an option in the 2365 `[PFIFOHeadDrop]` section of the unit. See 2366 {manpage}`systemd.network(5)` for details. 2367 ''; 2368 }; 2369 2370 pfifoFastConfig = mkOption { 2371 default = {}; 2372 example = { Parent = "ingress"; }; 2373 type = types.addCheck (types.attrsOf unitOption) check.network.sectionPFIFOFast; 2374 description = '' 2375 Each attribute in this set specifies an option in the 2376 `[PFIFOFast]` section of the unit. See 2377 {manpage}`systemd.network(5)` for details. 2378 ''; 2379 }; 2380 2381 cakeConfig = mkOption { 2382 default = {}; 2383 example = { Bandwidth = "40M"; OverheadBytes = 8; CompensationMode = "ptm"; }; 2384 type = types.addCheck (types.attrsOf unitOption) check.network.sectionCAKE; 2385 description = '' 2386 Each attribute in this set specifies an option in the 2387 `[CAKE]` section of the unit. See 2388 {manpage}`systemd.network(5)` for details. 2389 ''; 2390 }; 2391 2392 controlledDelayConfig = mkOption { 2393 default = {}; 2394 example = { Parent = "ingress"; TargetSec = "20msec"; }; 2395 type = types.addCheck (types.attrsOf unitOption) check.network.sectionControlledDelay; 2396 description = '' 2397 Each attribute in this set specifies an option in the 2398 `[ControlledDelay]` section of the unit. See 2399 {manpage}`systemd.network(5)` for details. 2400 ''; 2401 }; 2402 2403 deficitRoundRobinSchedulerConfig = mkOption { 2404 default = {}; 2405 example = { Parent = "root"; }; 2406 type = types.addCheck (types.attrsOf unitOption) check.network.sectionDeficitRoundRobinScheduler; 2407 description = '' 2408 Each attribute in this set specifies an option in the 2409 `[DeficitRoundRobinScheduler]` section of the unit. See 2410 {manpage}`systemd.network(5)` for details. 2411 ''; 2412 }; 2413 2414 deficitRoundRobinSchedulerClassConfig = mkOption { 2415 default = {}; 2416 example = { Parent = "root"; QuantumBytes = "300k"; }; 2417 type = types.addCheck (types.attrsOf unitOption) check.network.sectionDeficitRoundRobinSchedulerClass; 2418 description = '' 2419 Each attribute in this set specifies an option in the 2420 `[DeficitRoundRobinSchedulerClass]` section of the unit. See 2421 {manpage}`systemd.network(5)` for details. 2422 ''; 2423 }; 2424 2425 enhancedTransmissionSelectionConfig = mkOption { 2426 default = {}; 2427 example = { Parent = "root"; QuantumBytes = "300k"; Bands = 3; PriorityMap = "100 200 300"; }; 2428 type = types.addCheck (types.attrsOf unitOption) check.network.sectionEnhancedTransmissionSelection; 2429 description = '' 2430 Each attribute in this set specifies an option in the 2431 `[EnhancedTransmissionSelection]` section of the unit. See 2432 {manpage}`systemd.network(5)` for details. 2433 ''; 2434 }; 2435 2436 genericRandomEarlyDetectionConfig = mkOption { 2437 default = {}; 2438 example = { Parent = "root"; VirtualQueues = 5; DefaultVirtualQueue = 3; }; 2439 type = types.addCheck (types.attrsOf unitOption) check.network.sectionGenericRandomEarlyDetection; 2440 description = '' 2441 Each attribute in this set specifies an option in the 2442 `[GenericRandomEarlyDetection]` section of the unit. See 2443 {manpage}`systemd.network(5)` for details. 2444 ''; 2445 }; 2446 2447 fairQueueingControlledDelayConfig = mkOption { 2448 default = {}; 2449 example = { Parent = "root"; Flows = 5; }; 2450 type = types.addCheck (types.attrsOf unitOption) check.network.sectionFairQueueingControlledDelay; 2451 description = '' 2452 Each attribute in this set specifies an option in the 2453 `[FairQueueingControlledDelay]` section of the unit. See 2454 {manpage}`systemd.network(5)` for details. 2455 ''; 2456 }; 2457 2458 fairQueueingConfig = mkOption { 2459 default = {}; 2460 example = { Parent = "root"; FlowLimit = 5; }; 2461 type = types.addCheck (types.attrsOf unitOption) check.network.sectionFairQueueing; 2462 description = '' 2463 Each attribute in this set specifies an option in the 2464 `[FairQueueing]` section of the unit. See 2465 {manpage}`systemd.network(5)` for details. 2466 ''; 2467 }; 2468 2469 trivialLinkEqualizerConfig = mkOption { 2470 default = {}; 2471 example = { Parent = "root"; Id = 0; }; 2472 type = types.addCheck (types.attrsOf unitOption) check.network.sectionTrivialLinkEqualizer; 2473 description = '' 2474 Each attribute in this set specifies an option in the 2475 `[TrivialLinkEqualizer]` section of the unit. See 2476 {manpage}`systemd.network(5)` for details. 2477 ''; 2478 }; 2479 2480 hierarchyTokenBucketConfig = mkOption { 2481 default = {}; 2482 example = { Parent = "root"; }; 2483 type = types.addCheck (types.attrsOf unitOption) check.network.sectionHierarchyTokenBucket; 2484 description = '' 2485 Each attribute in this set specifies an option in the 2486 `[HierarchyTokenBucket]` section of the unit. See 2487 {manpage}`systemd.network(5)` for details. 2488 ''; 2489 }; 2490 2491 hierarchyTokenBucketClassConfig = mkOption { 2492 default = {}; 2493 example = { Parent = "root"; Rate = "10M"; }; 2494 type = types.addCheck (types.attrsOf unitOption) check.network.sectionHierarchyTokenBucketClass; 2495 description = '' 2496 Each attribute in this set specifies an option in the 2497 `[HierarchyTokenBucketClass]` section of the unit. See 2498 {manpage}`systemd.network(5)` for details. 2499 ''; 2500 }; 2501 2502 heavyHitterFilterConfig = mkOption { 2503 default = {}; 2504 example = { Parent = "root"; PacketLimit = 10000; }; 2505 type = types.addCheck (types.attrsOf unitOption) check.network.sectionHeavyHitterFilter; 2506 description = '' 2507 Each attribute in this set specifies an option in the 2508 `[HeavyHitterFilter]` section of the unit. See 2509 {manpage}`systemd.network(5)` for details. 2510 ''; 2511 }; 2512 2513 quickFairQueueingConfig = mkOption { 2514 default = {}; 2515 example = { Parent = "root"; }; 2516 type = types.addCheck (types.attrsOf unitOption) check.network.sectionQuickFairQueueing; 2517 description = '' 2518 Each attribute in this set specifies an option in the 2519 `[QuickFairQueueing]` section of the unit. See 2520 {manpage}`systemd.network(5)` for details. 2521 ''; 2522 }; 2523 2524 quickFairQueueingConfigClass = mkOption { 2525 default = {}; 2526 example = { Parent = "root"; Weight = 133; }; 2527 type = types.addCheck (types.attrsOf unitOption) check.network.sectionQuickFairQueueingClass; 2528 description = '' 2529 Each attribute in this set specifies an option in the 2530 `[QuickFairQueueingClass]` section of the unit. See 2531 {manpage}`systemd.network(5)` for details. 2532 ''; 2533 }; 2534 2535 bridgeVLANs = mkOption { 2536 default = []; 2537 example = [ { bridgeVLANConfig = { VLAN = "10-20"; }; } ]; 2538 type = with types; listOf (submodule bridgeVLANOptions); 2539 description = '' 2540 A list of BridgeVLAN sections to be added to the unit. See 2541 {manpage}`systemd.network(5)` for details. 2542 ''; 2543 }; 2544 2545 name = mkOption { 2546 type = types.nullOr types.str; 2547 default = null; 2548 description = '' 2549 The name of the network interface to match against. 2550 ''; 2551 }; 2552 2553 DHCP = mkOption { 2554 type = types.nullOr types.str; 2555 default = null; 2556 description = '' 2557 Whether to enable DHCP on the interfaces matched. 2558 ''; 2559 }; 2560 2561 domains = mkOption { 2562 type = types.nullOr (types.listOf types.str); 2563 default = null; 2564 description = '' 2565 A list of domains to pass to the network config. 2566 ''; 2567 }; 2568 2569 address = mkOption { 2570 default = [ ]; 2571 type = types.listOf types.str; 2572 description = '' 2573 A list of addresses to be added to the network section of the 2574 unit. See {manpage}`systemd.network(5)` for details. 2575 ''; 2576 }; 2577 2578 gateway = mkOption { 2579 default = [ ]; 2580 type = types.listOf types.str; 2581 description = '' 2582 A list of gateways to be added to the network section of the 2583 unit. See {manpage}`systemd.network(5)` for details. 2584 ''; 2585 }; 2586 2587 dns = mkOption { 2588 default = [ ]; 2589 type = types.listOf types.str; 2590 description = '' 2591 A list of dns servers to be added to the network section of the 2592 unit. See {manpage}`systemd.network(5)` for details. 2593 ''; 2594 }; 2595 2596 ntp = mkOption { 2597 default = [ ]; 2598 type = types.listOf types.str; 2599 description = '' 2600 A list of ntp servers to be added to the network section of the 2601 unit. See {manpage}`systemd.network(5)` for details. 2602 ''; 2603 }; 2604 2605 bridge = mkOption { 2606 default = [ ]; 2607 type = types.listOf types.str; 2608 description = '' 2609 A list of bridge interfaces to be added to the network section of the 2610 unit. See {manpage}`systemd.network(5)` for details. 2611 ''; 2612 }; 2613 2614 bond = mkOption { 2615 default = [ ]; 2616 type = types.listOf types.str; 2617 description = '' 2618 A list of bond interfaces to be added to the network section of the 2619 unit. See {manpage}`systemd.network(5)` for details. 2620 ''; 2621 }; 2622 2623 vrf = mkOption { 2624 default = [ ]; 2625 type = types.listOf types.str; 2626 description = '' 2627 A list of vrf interfaces to be added to the network section of the 2628 unit. See {manpage}`systemd.network(5)` for details. 2629 ''; 2630 }; 2631 2632 vlan = mkOption { 2633 default = [ ]; 2634 type = types.listOf types.str; 2635 description = '' 2636 A list of vlan interfaces to be added to the network section of the 2637 unit. See {manpage}`systemd.network(5)` for details. 2638 ''; 2639 }; 2640 2641 macvlan = mkOption { 2642 default = [ ]; 2643 type = types.listOf types.str; 2644 description = '' 2645 A list of macvlan interfaces to be added to the network section of the 2646 unit. See {manpage}`systemd.network(5)` for details. 2647 ''; 2648 }; 2649 2650 macvtap = mkOption { 2651 default = [ ]; 2652 type = types.listOf types.str; 2653 description = '' 2654 A list of macvtap interfaces to be added to the network section of the 2655 unit. See {manpage}`systemd.network(5)` for details. 2656 ''; 2657 }; 2658 2659 vxlan = mkOption { 2660 default = [ ]; 2661 type = types.listOf types.str; 2662 description = '' 2663 A list of vxlan interfaces to be added to the network section of the 2664 unit. See {manpage}`systemd.network(5)` for details. 2665 ''; 2666 }; 2667 2668 tunnel = mkOption { 2669 default = [ ]; 2670 type = types.listOf types.str; 2671 description = '' 2672 A list of tunnel interfaces to be added to the network section of the 2673 unit. See {manpage}`systemd.network(5)` for details. 2674 ''; 2675 }; 2676 2677 xfrm = mkOption { 2678 default = [ ]; 2679 type = types.listOf types.str; 2680 description = '' 2681 A list of xfrm interfaces to be added to the network section of the 2682 unit. See {manpage}`systemd.network(5)` for details. 2683 ''; 2684 }; 2685 2686 addresses = mkOption { 2687 default = [ ]; 2688 type = with types; listOf (submodule addressOptions); 2689 description = '' 2690 A list of address sections to be added to the unit. See 2691 {manpage}`systemd.network(5)` for details. 2692 ''; 2693 }; 2694 2695 routingPolicyRules = mkOption { 2696 default = [ ]; 2697 type = with types; listOf (submodule routingPolicyRulesOptions); 2698 description = '' 2699 A list of routing policy rules sections to be added to the unit. See 2700 {manpage}`systemd.network(5)` for details. 2701 ''; 2702 }; 2703 2704 routes = mkOption { 2705 default = [ ]; 2706 type = with types; listOf (submodule routeOptions); 2707 description = '' 2708 A list of route sections to be added to the unit. See 2709 {manpage}`systemd.network(5)` for details. 2710 ''; 2711 }; 2712 2713 }; 2714 2715 networkConfig = { config, ... }: { 2716 config = { 2717 matchConfig = optionalAttrs (config.name != null) { 2718 Name = config.name; 2719 }; 2720 networkConfig = optionalAttrs (config.DHCP != null) { 2721 DHCP = config.DHCP; 2722 } // optionalAttrs (config.domains != null) { 2723 Domains = concatStringsSep " " config.domains; 2724 }; 2725 }; 2726 }; 2727 2728 networkdConfig = { config, ... }: { 2729 options = { 2730 routeTables = mkOption { 2731 default = {}; 2732 example = { foo = 27; }; 2733 type = with types; attrsOf int; 2734 description = '' 2735 Defines route table names as an attrset of name to number. 2736 See {manpage}`networkd.conf(5)` for details. 2737 ''; 2738 }; 2739 2740 addRouteTablesToIPRoute2 = mkOption { 2741 default = true; 2742 example = false; 2743 type = types.bool; 2744 description = '' 2745 If true and routeTables are set, then the specified route tables 2746 will also be installed into /etc/iproute2/rt_tables. 2747 ''; 2748 }; 2749 }; 2750 2751 config = { 2752 networkConfig = optionalAttrs (config.routeTables != { }) { 2753 RouteTable = mapAttrsToList 2754 (name: number: "${name}:${toString number}") 2755 config.routeTables; 2756 }; 2757 }; 2758 }; 2759 2760 renderConfig = def: 2761 { text = '' 2762 [Network] 2763 ${attrsToSection def.networkConfig} 2764 '' 2765 + optionalString (def.dhcpV4Config != { }) '' 2766 [DHCPv4] 2767 ${attrsToSection def.dhcpV4Config} 2768 '' 2769 + optionalString (def.dhcpV6Config != { }) '' 2770 [DHCPv6] 2771 ${attrsToSection def.dhcpV6Config} 2772 ''; }; 2773 2774 mkUnitFiles = prefix: cfg: listToAttrs (map (name: { 2775 name = "${prefix}systemd/network/${name}"; 2776 value.source = "${cfg.units.${name}.unit}/${name}"; 2777 }) (attrNames cfg.units)); 2778 2779 commonOptions = visible: { 2780 2781 enable = mkOption { 2782 default = false; 2783 type = types.bool; 2784 description = '' 2785 Whether to enable networkd or not. 2786 ''; 2787 }; 2788 2789 links = mkOption { 2790 default = {}; 2791 inherit visible; 2792 type = with types; attrsOf (submodule [ { options = linkOptions; } ]); 2793 description = "Definition of systemd network links."; 2794 }; 2795 2796 netdevs = mkOption { 2797 default = {}; 2798 inherit visible; 2799 type = with types; attrsOf (submodule [ { options = netdevOptions; } ]); 2800 description = "Definition of systemd network devices."; 2801 }; 2802 2803 networks = mkOption { 2804 default = {}; 2805 inherit visible; 2806 type = with types; attrsOf (submodule [ { options = networkOptions; } networkConfig ]); 2807 description = "Definition of systemd networks."; 2808 }; 2809 2810 config = mkOption { 2811 default = {}; 2812 inherit visible; 2813 type = with types; submodule [ { options = networkdOptions; } networkdConfig ]; 2814 description = "Definition of global systemd network config."; 2815 }; 2816 2817 units = mkOption { 2818 description = "Definition of networkd units."; 2819 default = {}; 2820 internal = true; 2821 type = with types; attrsOf (submodule ( 2822 { name, config, ... }: 2823 { options = mapAttrs (_: x: x // { internal = true; }) concreteUnitOptions; 2824 config = { 2825 unit = mkDefault (makeUnit name config); 2826 }; 2827 })); 2828 }; 2829 2830 wait-online = { 2831 enable = mkOption { 2832 type = types.bool; 2833 default = true; 2834 example = false; 2835 description = '' 2836 Whether to enable the systemd-networkd-wait-online service. 2837 2838 systemd-networkd-wait-online can timeout and fail if there are no network interfaces 2839 available for it to manage. When systemd-networkd is enabled but a different service is 2840 responsible for managing the system's internet connection (for example, NetworkManager or 2841 connman are used to manage WiFi connections), this service is unnecessary and can be 2842 disabled. 2843 ''; 2844 }; 2845 anyInterface = mkOption { 2846 description = '' 2847 Whether to consider the network online when any interface is online, as opposed to all of them. 2848 This is useful on portable machines with a wired and a wireless interface, for example. 2849 2850 This is on by default if {option}`networking.useDHCP` is enabled. 2851 ''; 2852 type = types.bool; 2853 defaultText = "config.networking.useDHCP"; 2854 default = config.networking.useDHCP; 2855 }; 2856 2857 ignoredInterfaces = mkOption { 2858 description = '' 2859 Network interfaces to be ignored when deciding if the system is online. 2860 ''; 2861 type = with types; listOf str; 2862 default = []; 2863 example = [ "wg0" ]; 2864 }; 2865 2866 timeout = mkOption { 2867 description = '' 2868 Time to wait for the network to come online, in seconds. Set to 0 to disable. 2869 ''; 2870 type = types.ints.unsigned; 2871 default = 120; 2872 example = 0; 2873 }; 2874 2875 extraArgs = mkOption { 2876 description = '' 2877 Extra command-line arguments to pass to systemd-networkd-wait-online. 2878 These also affect per-interface `systemd-network-wait-online@` services. 2879 2880 See {manpage}`systemd-networkd-wait-online.service(8)` for all available options. 2881 ''; 2882 type = with types; listOf str; 2883 default = []; 2884 }; 2885 }; 2886 2887 }; 2888 2889 commonConfig = config: let 2890 cfg = config.systemd.network; 2891 mkUnit = f: def: { inherit (def) enable; text = f def; }; 2892 in mkMerge [ 2893 2894 # .link units are honored by udev, no matter if systemd-networkd is enabled or not. 2895 { 2896 systemd.network.units = mapAttrs' (n: v: nameValuePair "${n}.link" (mkUnit linkToUnit v)) cfg.links; 2897 2898 systemd.network.wait-online.extraArgs = 2899 [ "--timeout=${toString cfg.wait-online.timeout}" ] 2900 ++ optional cfg.wait-online.anyInterface "--any" 2901 ++ map (i: "--ignore=${i}") cfg.wait-online.ignoredInterfaces; 2902 } 2903 2904 (mkIf config.systemd.network.enable { 2905 2906 systemd.network.units = mapAttrs' (n: v: nameValuePair "${n}.netdev" (mkUnit netdevToUnit v)) cfg.netdevs 2907 // mapAttrs' (n: v: nameValuePair "${n}.network" (mkUnit networkToUnit v)) cfg.networks; 2908 2909 # systemd-networkd is socket-activated by kernel netlink route change 2910 # messages. It is important to have systemd buffer those on behalf of 2911 # networkd. 2912 systemd.sockets.systemd-networkd.wantedBy = [ "sockets.target" ]; 2913 2914 systemd.services.systemd-networkd-wait-online = { 2915 inherit (cfg.wait-online) enable; 2916 wantedBy = [ "network-online.target" ]; 2917 serviceConfig.ExecStart = [ 2918 "" 2919 "${config.systemd.package}/lib/systemd/systemd-networkd-wait-online ${utils.escapeSystemdExecArgs cfg.wait-online.extraArgs}" 2920 ]; 2921 }; 2922 2923 systemd.services."systemd-network-wait-online@" = { 2924 description = "Wait for Network Interface %I to be Configured"; 2925 conflicts = [ "shutdown.target" ]; 2926 requisite = [ "systemd-networkd.service" ]; 2927 after = [ "systemd-networkd.service" ]; 2928 serviceConfig = { 2929 Type = "oneshot"; 2930 RemainAfterExit = true; 2931 ExecStart = "${config.systemd.package}/lib/systemd/systemd-networkd-wait-online -i %I ${utils.escapeSystemdExecArgs cfg.wait-online.extraArgs}"; 2932 }; 2933 }; 2934 2935 }) 2936 ]; 2937 2938 stage2Config = let 2939 cfg = config.systemd.network; 2940 unitFiles = mkUnitFiles "" cfg; 2941 in mkMerge [ 2942 (commonConfig config) 2943 2944 { environment.etc = unitFiles; } 2945 2946 (mkIf config.systemd.network.enable { 2947 2948 users.users.systemd-network.group = "systemd-network"; 2949 2950 systemd.additionalUpstreamSystemUnits = [ 2951 "systemd-networkd-wait-online.service" 2952 "systemd-networkd.service" 2953 "systemd-networkd.socket" 2954 ]; 2955 2956 environment.etc."systemd/networkd.conf" = renderConfig cfg.config; 2957 2958 systemd.services.systemd-networkd = let 2959 isReloadableUnitFileName = unitFileName: strings.hasSuffix ".network" unitFileName; 2960 reloadableUnitFiles = attrsets.filterAttrs (k: v: isReloadableUnitFileName k) unitFiles; 2961 nonReloadableUnitFiles = attrsets.filterAttrs (k: v: !isReloadableUnitFileName k) unitFiles; 2962 unitFileSources = unitFiles: map (x: x.source) (attrValues unitFiles); 2963 in { 2964 wantedBy = [ "multi-user.target" ]; 2965 reloadTriggers = unitFileSources reloadableUnitFiles; 2966 restartTriggers = unitFileSources nonReloadableUnitFiles ++ [ 2967 config.environment.etc."systemd/networkd.conf".source 2968 ]; 2969 aliases = [ "dbus-org.freedesktop.network1.service" ]; 2970 }; 2971 2972 networking.iproute2 = mkIf (cfg.config.addRouteTablesToIPRoute2 && cfg.config.routeTables != { }) { 2973 enable = mkDefault true; 2974 rttablesExtraConfig = '' 2975 2976 # Extra tables defined in NixOS systemd.networkd.config.routeTables. 2977 ${concatStringsSep "\n" (mapAttrsToList (name: number: "${toString number} ${name}") cfg.config.routeTables)} 2978 ''; 2979 }; 2980 2981 services.resolved.enable = mkDefault true; 2982 2983 }) 2984 ]; 2985 2986 stage1Options = { 2987 options.boot.initrd.systemd.network.networks = mkOption { 2988 type = with types; attrsOf (submodule { 2989 # Default in initrd is dhcp-on-stop, which is correct if flushBeforeStage2 = false 2990 config = mkIf config.boot.initrd.network.flushBeforeStage2 { 2991 networkConfig.KeepConfiguration = mkDefault false; 2992 }; 2993 }); 2994 }; 2995 }; 2996 2997 stage1Config = let 2998 cfg = config.boot.initrd.systemd.network; 2999 in mkMerge [ 3000 (commonConfig config.boot.initrd) 3001 3002 { 3003 systemd.network.enable = mkDefault config.boot.initrd.network.enable; 3004 systemd.contents = mkUnitFiles "/etc/" cfg; 3005 3006 # Networkd link files are used early by udev to set up interfaces early. 3007 # This must be done in stage 1 to avoid race conditions between udev and 3008 # network daemons. 3009 systemd.network.units = lib.filterAttrs (n: _: hasSuffix ".link" n) config.systemd.network.units; 3010 systemd.storePaths = ["${config.boot.initrd.systemd.package}/lib/systemd/network/99-default.link"]; 3011 } 3012 3013 (mkIf cfg.enable { 3014 3015 # For networkctl 3016 systemd.dbus.enable = mkDefault true; 3017 3018 systemd.additionalUpstreamUnits = [ 3019 "systemd-networkd-wait-online.service" 3020 "systemd-networkd.service" 3021 "systemd-networkd.socket" 3022 "systemd-network-generator.service" 3023 "network-online.target" 3024 "network-pre.target" 3025 "network.target" 3026 "nss-lookup.target" 3027 "nss-user-lookup.target" 3028 "remote-fs-pre.target" 3029 "remote-fs.target" 3030 ]; 3031 systemd.users.systemd-network = {}; 3032 systemd.groups.systemd-network = {}; 3033 3034 systemd.contents."/etc/systemd/networkd.conf" = renderConfig cfg.config; 3035 3036 systemd.services.systemd-networkd = { 3037 wantedBy = [ "initrd.target" ]; 3038 }; 3039 systemd.sockets.systemd-networkd = { 3040 wantedBy = [ "initrd.target" ]; 3041 }; 3042 3043 systemd.services.systemd-network-generator.wantedBy = [ "sysinit.target" ]; 3044 3045 systemd.storePaths = [ 3046 "${config.boot.initrd.systemd.package}/lib/systemd/systemd-networkd" 3047 "${config.boot.initrd.systemd.package}/lib/systemd/systemd-networkd-wait-online" 3048 "${config.boot.initrd.systemd.package}/lib/systemd/systemd-network-generator" 3049 ]; 3050 kernelModules = [ "af_packet" ]; 3051 3052 }) 3053 ]; 3054 3055in 3056 3057{ 3058 imports = [ stage1Options ]; 3059 3060 options = { 3061 systemd.network = commonOptions true; 3062 boot.initrd.systemd.network = commonOptions "shallow"; 3063 }; 3064 3065 config = mkMerge [ 3066 stage2Config 3067 (mkIf config.boot.initrd.systemd.enable { 3068 assertions = [{ 3069 assertion = !config.boot.initrd.network.udhcpc.enable && config.boot.initrd.network.udhcpc.extraArgs == []; 3070 message = '' 3071 systemd stage 1 networking does not support 'boot.initrd.network.udhcpc'. Configure 3072 DHCP with 'networking.*' options or with 'boot.initrd.systemd.network' options. 3073 ''; 3074 }]; 3075 3076 boot.initrd = stage1Config; 3077 }) 3078 ]; 3079}