pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / system / boot / networkd.nix
at 25.11-pre 104 kB view raw
1{ 2 config, 3 lib, 4 pkgs, 5 utils, 6 ... 7}: 8 9with utils.systemdUtils.unitOptions; 10with utils.systemdUtils.lib; 11with utils.systemdUtils.network.units; 12with lib; 13 14let 15 16 check = { 17 18 global = { 19 sectionNetwork = checkUnitConfig "Network" [ 20 (assertOnlyFields [ 21 "SpeedMeter" 22 "SpeedMeterIntervalSec" 23 "ManageForeignRoutingPolicyRules" 24 "ManageForeignRoutes" 25 "RouteTable" 26 "IPv6PrivacyExtensions" 27 "IPv4Forwarding" 28 "IPv6Forwarding" 29 "UseDomains" 30 ]) 31 (assertValueOneOf "SpeedMeter" boolValues) 32 (assertInt "SpeedMeterIntervalSec") 33 (assertValueOneOf "ManageForeignRoutingPolicyRules" boolValues) 34 (assertValueOneOf "ManageForeignRoutes" boolValues) 35 (assertValueOneOf "IPv6PrivacyExtensions" ( 36 boolValues 37 ++ [ 38 "prefer-public" 39 "kernel" 40 ] 41 )) 42 (assertValueOneOf "IPv4Forwarding" boolValues) 43 (assertValueOneOf "IPv6Forwarding" boolValues) 44 (assertValueOneOf "UseDomains" (boolValues ++ [ "route" ])) 45 ]; 46 47 sectionDHCPv4 = checkUnitConfig "DHCPv4" [ 48 (assertOnlyFields [ 49 "ClientIdentifier" 50 "DUIDType" 51 "DUIDRawData" 52 ]) 53 (assertValueOneOf "ClientIdentifier" [ 54 "mac" 55 "duid" 56 "duid-only" 57 ]) 58 ]; 59 60 sectionDHCPv6 = checkUnitConfig "DHCPv6" [ 61 (assertOnlyFields [ 62 "DUIDType" 63 "DUIDRawData" 64 ]) 65 ]; 66 }; 67 68 link = { 69 70 sectionLink = checkUnitConfig "Link" [ 71 (assertOnlyFields [ 72 "Description" 73 "Alias" 74 "MACAddressPolicy" 75 "MACAddress" 76 "NamePolicy" 77 "Name" 78 "AlternativeNamesPolicy" 79 "AlternativeName" 80 "MTUBytes" 81 "BitsPerSecond" 82 "Duplex" 83 "AutoNegotiation" 84 "WakeOnLan" 85 "Port" 86 "Advertise" 87 "ReceiveChecksumOffload" 88 "TransmitChecksumOffload" 89 "TCPSegmentationOffload" 90 "TCP6SegmentationOffload" 91 "GenericSegmentationOffload" 92 "GenericReceiveOffload" 93 "LargeReceiveOffload" 94 "RxChannels" 95 "TxChannels" 96 "OtherChannels" 97 "CombinedChannels" 98 "RxBufferSize" 99 "TxBufferSize" 100 "ReceiveQueues" 101 "TransmitQueues" 102 "TransmitQueueLength" 103 ]) 104 (assertValueOneOf "MACAddressPolicy" [ 105 "persistent" 106 "random" 107 "none" 108 ]) 109 (assertMacAddress "MACAddress") 110 (assertByteFormat "MTUBytes") 111 (assertByteFormat "BitsPerSecond") 112 (assertValueOneOf "Duplex" [ 113 "half" 114 "full" 115 ]) 116 (assertValueOneOf "AutoNegotiation" boolValues) 117 (assertValuesSomeOfOr "WakeOnLan" [ 118 "phy" 119 "unicast" 120 "multicast" 121 "broadcast" 122 "arp" 123 "magic" 124 "secureon" 125 ] "off") 126 (assertValueOneOf "Port" [ 127 "tp" 128 "aui" 129 "bnc" 130 "mii" 131 "fibre" 132 ]) 133 (assertValueOneOf "ReceiveChecksumOffload" boolValues) 134 (assertValueOneOf "TransmitChecksumOffload" boolValues) 135 (assertValueOneOf "TCPSegmentationOffload" boolValues) 136 (assertValueOneOf "TCP6SegmentationOffload" boolValues) 137 (assertValueOneOf "GenericSegmentationOffload" boolValues) 138 (assertValueOneOf "GenericReceiveOffload" boolValues) 139 (assertValueOneOf "LargeReceiveOffload" boolValues) 140 (assertInt "RxChannels") 141 (assertRange "RxChannels" 1 4294967295) 142 (assertInt "TxChannels") 143 (assertRange "TxChannels" 1 4294967295) 144 (assertInt "OtherChannels") 145 (assertRange "OtherChannels" 1 4294967295) 146 (assertInt "CombinedChannels") 147 (assertRange "CombinedChannels" 1 4294967295) 148 (assertInt "RxBufferSize") 149 (assertInt "TxBufferSize") 150 (assertRange "ReceiveQueues" 1 4096) 151 (assertRange "TransmitQueues" 1 4096) 152 (assertRange "TransmitQueueLength" 1 4294967294) 153 ]; 154 }; 155 156 netdev = 157 let 158 159 tunChecks = [ 160 (assertOnlyFields [ 161 "MultiQueue" 162 "PacketInfo" 163 "VNetHeader" 164 "User" 165 "Group" 166 "KeepCarrier" 167 ]) 168 (assertValueOneOf "MultiQueue" boolValues) 169 (assertValueOneOf "PacketInfo" boolValues) 170 (assertValueOneOf "VNetHeader" boolValues) 171 (assertValueOneOf "KeepCarrier" boolValues) 172 ]; 173 174 # See https://www.freedesktop.org/software/systemd/man/latest/systemd.netdev.html#%5BIPVTAP%5D%20Section%20Options 175 ipVlanVtapChecks = [ 176 (assertOnlyFields [ 177 "Mode" 178 "Flags" 179 ]) 180 (assertValueOneOf "Mode" [ 181 "L2" 182 "L3" 183 "L3S" 184 ]) 185 (assertValueOneOf "Flags" [ 186 "private" 187 "vepa" 188 "bridge" 189 ]) 190 ]; 191 in 192 { 193 194 sectionNetdev = checkUnitConfig "Netdev" [ 195 (assertOnlyFields [ 196 "Description" 197 "Name" 198 "Kind" 199 "MTUBytes" 200 "MACAddress" 201 ]) 202 (assertHasField "Name") 203 (assertHasField "Kind") 204 (assertValueOneOf "Kind" [ 205 "bond" 206 "bridge" 207 "dummy" 208 "gre" 209 "gretap" 210 "erspan" 211 "ip6gre" 212 "ip6tnl" 213 "ip6gretap" 214 "ipip" 215 "ipvlan" 216 "ipvtap" 217 "macvlan" 218 "macvtap" 219 "sit" 220 "tap" 221 "tun" 222 "veth" 223 "vlan" 224 "vti" 225 "vti6" 226 "vxlan" 227 "geneve" 228 "l2tp" 229 "macsec" 230 "wlan" 231 "vrf" 232 "vcan" 233 "vxcan" 234 "wireguard" 235 "netdevsim" 236 "nlmon" 237 "fou" 238 "xfrm" 239 "ifb" 240 "batadv" 241 ]) 242 (assertByteFormat "MTUBytes") 243 (assertNetdevMacAddress "MACAddress") 244 ]; 245 246 sectionBridge = checkUnitConfig "Bridge" [ 247 (assertOnlyFields [ 248 "HelloTimeSec" 249 "MaxAgeSec" 250 "ForwardDelaySec" 251 "AgeingTimeSec" 252 "Priority" 253 "GroupForwardMask" 254 "DefaultPVID" 255 "MulticastQuerier" 256 "MulticastSnooping" 257 "VLANFiltering" 258 "VLANProtocol" 259 "STP" 260 "MulticastIGMPVersion" 261 ]) 262 (assertInt "HelloTimeSec") 263 (assertInt "MaxAgeSec") 264 (assertInt "ForwardDelaySec") 265 (assertInt "AgeingTimeSec") 266 (assertRange "Priority" 0 65535) 267 (assertRange "GroupForwardMask" 0 65535) 268 (assertRangeOrOneOf "DefaultPVID" 0 4094 [ "none" ]) 269 (assertValueOneOf "MulticastQuerier" boolValues) 270 (assertValueOneOf "MulticastSnooping" boolValues) 271 (assertValueOneOf "VLANFiltering" boolValues) 272 (assertValueOneOf "VLANProtocol" [ 273 "802.1q" 274 "802.ad" 275 ]) 276 (assertValueOneOf "STP" boolValues) 277 (assertValueOneOf "MulticastIGMPVersion" [ 278 2 279 3 280 ]) 281 ]; 282 283 sectionVLAN = checkUnitConfig "VLAN" [ 284 (assertOnlyFields [ 285 "Id" 286 "GVRP" 287 "MVRP" 288 "LooseBinding" 289 "ReorderHeader" 290 ]) 291 (assertInt "Id") 292 (assertRange "Id" 0 4094) 293 (assertValueOneOf "GVRP" boolValues) 294 (assertValueOneOf "MVRP" boolValues) 295 (assertValueOneOf "LooseBinding" boolValues) 296 (assertValueOneOf "ReorderHeader" boolValues) 297 ]; 298 299 sectionIPVLAN = checkUnitConfig "IPVLAN" ipVlanVtapChecks; 300 301 sectionIPVTAP = checkUnitConfig "IPVTAP" ipVlanVtapChecks; 302 303 sectionMACVLAN = checkUnitConfig "MACVLAN" [ 304 (assertOnlyFields [ 305 "Mode" 306 ]) 307 (assertValueOneOf "Mode" [ 308 "private" 309 "vepa" 310 "bridge" 311 "passthru" 312 ]) 313 ]; 314 315 sectionVXLAN = checkUnitConfig "VXLAN" [ 316 (assertOnlyFields [ 317 "VNI" 318 "Remote" 319 "Local" 320 "Group" 321 "TOS" 322 "TTL" 323 "MacLearning" 324 "FDBAgeingSec" 325 "MaximumFDBEntries" 326 "ReduceARPProxy" 327 "L2MissNotification" 328 "L3MissNotification" 329 "RouteShortCircuit" 330 "UDPChecksum" 331 "UDP6ZeroChecksumTx" 332 "UDP6ZeroChecksumRx" 333 "RemoteChecksumTx" 334 "RemoteChecksumRx" 335 "GroupPolicyExtension" 336 "GenericProtocolExtension" 337 "DestinationPort" 338 "PortRange" 339 "FlowLabel" 340 "IPDoNotFragment" 341 "Independent" 342 ]) 343 (assertInt "VNI") 344 (assertRange "VNI" 1 16777215) 345 (assertValueOneOf "MacLearning" boolValues) 346 (assertInt "MaximumFDBEntries") 347 (assertValueOneOf "ReduceARPProxy" boolValues) 348 (assertValueOneOf "L2MissNotification" boolValues) 349 (assertValueOneOf "L3MissNotification" boolValues) 350 (assertValueOneOf "RouteShortCircuit" boolValues) 351 (assertValueOneOf "UDPChecksum" boolValues) 352 (assertValueOneOf "UDP6ZeroChecksumTx" boolValues) 353 (assertValueOneOf "UDP6ZeroChecksumRx" boolValues) 354 (assertValueOneOf "RemoteChecksumTx" boolValues) 355 (assertValueOneOf "RemoteChecksumRx" boolValues) 356 (assertValueOneOf "GroupPolicyExtension" boolValues) 357 (assertValueOneOf "GenericProtocolExtension" boolValues) 358 (assertInt "FlowLabel") 359 (assertRange "FlowLabel" 0 1048575) 360 (assertValueOneOf "IPDoNotFragment" (boolValues + [ "inherit" ])) 361 (assertValueOneOf "Independent" boolValues) 362 ]; 363 364 sectionTunnel = checkUnitConfig "Tunnel" [ 365 (assertOnlyFields [ 366 "Local" 367 "Remote" 368 "TOS" 369 "TTL" 370 "DiscoverPathMTU" 371 "IPv6FlowLabel" 372 "CopyDSCP" 373 "EncapsulationLimit" 374 "Key" 375 "InputKey" 376 "OutputKey" 377 "Mode" 378 "Independent" 379 "AssignToLoopback" 380 "AllowLocalRemote" 381 "FooOverUDP" 382 "FOUDestinationPort" 383 "FOUSourcePort" 384 "Encapsulation" 385 "IPv6RapidDeploymentPrefix" 386 "ISATAP" 387 "SerializeTunneledPackets" 388 "ERSPANIndex" 389 ]) 390 (assertInt "TTL") 391 (assertRange "TTL" 0 255) 392 (assertValueOneOf "DiscoverPathMTU" boolValues) 393 (assertValueOneOf "CopyDSCP" boolValues) 394 (assertValueOneOf "Mode" [ 395 "ip6ip6" 396 "ipip6" 397 "any" 398 ]) 399 (assertValueOneOf "Independent" boolValues) 400 (assertValueOneOf "AssignToLoopback" boolValues) 401 (assertValueOneOf "AllowLocalRemote" boolValues) 402 (assertValueOneOf "FooOverUDP" boolValues) 403 (assertPort "FOUDestinationPort") 404 (assertPort "FOUSourcePort") 405 (assertValueOneOf "Encapsulation" [ 406 "FooOverUDP" 407 "GenericUDPEncapsulation" 408 ]) 409 (assertValueOneOf "ISATAP" boolValues) 410 (assertValueOneOf "SerializeTunneledPackets" boolValues) 411 (assertInt "ERSPANIndex") 412 (assertRange "ERSPANIndex" 1 1048575) 413 ]; 414 415 sectionFooOverUDP = checkUnitConfig "FooOverUDP" [ 416 (assertOnlyFields [ 417 "Port" 418 "Encapsulation" 419 "Protocol" 420 ]) 421 (assertPort "Port") 422 (assertValueOneOf "Encapsulation" [ 423 "FooOverUDP" 424 "GenericUDPEncapsulation" 425 ]) 426 ]; 427 428 sectionPeer = checkUnitConfig "Peer" [ 429 (assertOnlyFields [ 430 "Name" 431 "MACAddress" 432 ]) 433 (assertMacAddress "MACAddress") 434 ]; 435 436 sectionTun = checkUnitConfig "Tun" tunChecks; 437 438 sectionTap = checkUnitConfig "Tap" tunChecks; 439 440 sectionL2TP = checkUnitConfig "L2TP" [ 441 (assertOnlyFields [ 442 "TunnelId" 443 "PeerTunnelId" 444 "Remote" 445 "Local" 446 "EncapsulationType" 447 "UDPSourcePort" 448 "UDPDestinationPort" 449 "UDPChecksum" 450 "UDP6ZeroChecksumTx" 451 "UDP6ZeroChecksumRx" 452 ]) 453 (assertInt "TunnelId") 454 (assertRange "TunnelId" 1 4294967295) 455 (assertInt "PeerTunnelId") 456 (assertRange "PeerTunnelId" 1 4294967295) 457 (assertValueOneOf "EncapsulationType" [ 458 "ip" 459 "udp" 460 ]) 461 (assertPort "UDPSourcePort") 462 (assertPort "UDPDestinationPort") 463 (assertValueOneOf "UDPChecksum" boolValues) 464 (assertValueOneOf "UDP6ZeroChecksumTx" boolValues) 465 (assertValueOneOf "UDP6ZeroChecksumRx" boolValues) 466 ]; 467 468 sectionL2TPSession = checkUnitConfigWithLegacyKey "l2tpSessionConfig" "L2TPSession" [ 469 (assertOnlyFields [ 470 "Name" 471 "SessionId" 472 "PeerSessionId" 473 "Layer2SpecificHeader" 474 ]) 475 (assertHasField "Name") 476 (assertHasField "SessionId") 477 (assertInt "SessionId") 478 (assertRange "SessionId" 1 4294967295) 479 (assertHasField "PeerSessionId") 480 (assertInt "PeerSessionId") 481 (assertRange "PeerSessionId" 1 4294967295) 482 (assertValueOneOf "Layer2SpecificHeader" [ 483 "none" 484 "default" 485 ]) 486 ]; 487 488 # NOTE Check whether the key starts with an @, in which case it is 489 # interpreted as the name of the credential from which the actual key 490 # shall be read by systemd-creds. 491 # Do not remove this check as the nix store is world-readable. 492 sectionWireGuard = checkUnitConfig "WireGuard" [ 493 (assertKeyIsSystemdCredential "PrivateKey") 494 (assertOnlyFields [ 495 "PrivateKey" 496 "PrivateKeyFile" 497 "ListenPort" 498 "FirewallMark" 499 "RouteTable" 500 "RouteMetric" 501 ]) 502 (assertInt "FirewallMark") 503 (assertRange "FirewallMark" 1 4294967295) 504 ]; 505 506 # NOTE Check whether the key starts with an @, in which case it is 507 # interpreted as the name of the credential from which the actual key 508 # shall be read by systemd-creds. 509 # Do not remove this check as the nix store is world-readable. 510 sectionWireGuardPeer = checkUnitConfigWithLegacyKey "wireguardPeerConfig" "WireGuardPeer" [ 511 (assertKeyIsSystemdCredential "PresharedKey") 512 (assertOnlyFields [ 513 "PublicKey" 514 "PublicKeyFile" 515 "PresharedKey" 516 "PresharedKeyFile" 517 "AllowedIPs" 518 "Endpoint" 519 "PersistentKeepalive" 520 "RouteTable" 521 "RouteMetric" 522 ]) 523 (assertInt "PersistentKeepalive") 524 (assertRange "PersistentKeepalive" 0 65535) 525 ]; 526 527 sectionBond = checkUnitConfig "Bond" [ 528 (assertOnlyFields [ 529 "Mode" 530 "TransmitHashPolicy" 531 "LACPTransmitRate" 532 "MIIMonitorSec" 533 "UpDelaySec" 534 "DownDelaySec" 535 "LearnPacketIntervalSec" 536 "AdSelect" 537 "AdActorSystemPriority" 538 "AdUserPortKey" 539 "AdActorSystem" 540 "FailOverMACPolicy" 541 "ARPValidate" 542 "ARPIntervalSec" 543 "ARPIPTargets" 544 "ARPAllTargets" 545 "PrimaryReselectPolicy" 546 "ResendIGMP" 547 "PacketsPerSlave" 548 "GratuitousARP" 549 "AllSlavesActive" 550 "DynamicTransmitLoadBalancing" 551 "MinLinks" 552 ]) 553 (assertValueOneOf "Mode" [ 554 "balance-rr" 555 "active-backup" 556 "balance-xor" 557 "broadcast" 558 "802.3ad" 559 "balance-tlb" 560 "balance-alb" 561 ]) 562 (assertValueOneOf "TransmitHashPolicy" [ 563 "layer2" 564 "layer3+4" 565 "layer2+3" 566 "encap2+3" 567 "encap3+4" 568 ]) 569 (assertValueOneOf "LACPTransmitRate" [ 570 "slow" 571 "fast" 572 ]) 573 (assertValueOneOf "AdSelect" [ 574 "stable" 575 "bandwidth" 576 "count" 577 ]) 578 (assertInt "AdActorSystemPriority") 579 (assertRange "AdActorSystemPriority" 1 65535) 580 (assertInt "AdUserPortKey") 581 (assertRange "AdUserPortKey" 0 1023) 582 (assertValueOneOf "FailOverMACPolicy" [ 583 "none" 584 "active" 585 "follow" 586 ]) 587 (assertValueOneOf "ARPValidate" [ 588 "none" 589 "active" 590 "backup" 591 "all" 592 ]) 593 (assertValueOneOf "ARPAllTargets" [ 594 "any" 595 "all" 596 ]) 597 (assertValueOneOf "PrimaryReselectPolicy" [ 598 "always" 599 "better" 600 "failure" 601 ]) 602 (assertInt "ResendIGMP") 603 (assertRange "ResendIGMP" 0 255) 604 (assertInt "PacketsPerSlave") 605 (assertRange "PacketsPerSlave" 0 65535) 606 (assertInt "GratuitousARP") 607 (assertRange "GratuitousARP" 0 255) 608 (assertValueOneOf "AllSlavesActive" boolValues) 609 (assertValueOneOf "DynamicTransmitLoadBalancing" boolValues) 610 (assertInt "MinLinks") 611 (assertMinimum "MinLinks" 0) 612 ]; 613 614 sectionXfrm = checkUnitConfig "Xfrm" [ 615 (assertOnlyFields [ 616 "InterfaceId" 617 "Independent" 618 ]) 619 (assertInt "InterfaceId") 620 (assertRange "InterfaceId" 1 4294967295) 621 (assertValueOneOf "Independent" boolValues) 622 ]; 623 624 sectionVRF = checkUnitConfig "VRF" [ 625 (assertOnlyFields [ 626 "Table" 627 ]) 628 (assertInt "Table") 629 (assertMinimum "Table" 0) 630 ]; 631 632 sectionWLAN = checkUnitConfig "WLAN" [ 633 (assertOnlyFields [ 634 "PhysicalDevice" # systemd supports both strings ("phy0") and indexes (0) here. 635 "Type" 636 "WDS" 637 ]) 638 # See https://github.com/systemd/systemd/blob/main/src/basic/linux/nl80211.h#L3382 639 (assertValueOneOf "Type" [ 640 "ad-hoc" 641 "station" 642 "ap" 643 "ap-vlan" 644 "wds" 645 "monitor" 646 "mesh-point" 647 "p2p-client" 648 "p2p-go" 649 "p2p-device" 650 "ocb" 651 "nan" 652 ]) 653 (assertValueOneOf "WDS" boolValues) 654 ]; 655 656 sectionBatmanAdvanced = checkUnitConfig "BatmanAdvanced" [ 657 (assertOnlyFields [ 658 "GatewayMode" 659 "Aggregation" 660 "BridgeLoopAvoidance" 661 "DistributedArpTable" 662 "Fragmentation" 663 "HopPenalty" 664 "OriginatorIntervalSec" 665 "GatewayBandwithDown" 666 "GatewayBandwithUp" 667 "RoutingAlgorithm" 668 ]) 669 (assertValueOneOf "GatewayMode" [ 670 "off" 671 "client" 672 "server" 673 ]) 674 (assertValueOneOf "Aggregation" boolValues) 675 (assertValueOneOf "BridgeLoopAvoidance" boolValues) 676 (assertValueOneOf "DistributedArpTable" boolValues) 677 (assertValueOneOf "Fragmentation" boolValues) 678 (assertInt "HopPenalty") 679 (assertRange "HopPenalty" 0 255) 680 (assertValueOneOf "RoutingAlgorithm" [ 681 "batman-v" 682 "batman-iv" 683 ]) 684 ]; 685 }; 686 687 network = { 688 689 sectionLink = checkUnitConfig "Link" [ 690 (assertOnlyFields [ 691 "MACAddress" 692 "MTUBytes" 693 "ARP" 694 "Multicast" 695 "AllMulticast" 696 "Unmanaged" 697 "Group" 698 "RequiredForOnline" 699 "RequiredFamilyForOnline" 700 "ActivationPolicy" 701 "Promiscuous" 702 ]) 703 (assertMacAddress "MACAddress") 704 (assertByteFormat "MTUBytes") 705 (assertValueOneOf "ARP" boolValues) 706 (assertValueOneOf "Multicast" boolValues) 707 (assertValueOneOf "AllMulticast" boolValues) 708 (assertValueOneOf "Promiscuous" boolValues) 709 (assertValueOneOf "Unmanaged" boolValues) 710 (assertInt "Group") 711 (assertRange "Group" 0 2147483647) 712 (assertValueOneOf "RequiredForOnline" ( 713 boolValues 714 ++ ( 715 let 716 # https://freedesktop.org/software/systemd/man/networkctl.html#missing 717 operationalStates = [ 718 "missing" 719 "off" 720 "no-carrier" 721 "dormant" 722 "degraded-carrier" 723 "carrier" 724 "degraded" 725 "enslaved" 726 "routable" 727 ]; 728 operationalStateRanges = concatLists ( 729 imap0 (i: min: map (max: "${min}:${max}") (drop i operationalStates)) operationalStates 730 ); 731 in 732 operationalStates ++ operationalStateRanges 733 ) 734 )) 735 (assertValueOneOf "RequiredFamilyForOnline" [ 736 "ipv4" 737 "ipv6" 738 "both" 739 "any" 740 ]) 741 (assertValueOneOf "ActivationPolicy" ([ 742 "up" 743 "always-up" 744 "manual" 745 "always-down" 746 "down" 747 "bound" 748 ])) 749 ]; 750 751 sectionNetwork = checkUnitConfig "Network" [ 752 (assertOnlyFields [ 753 "Description" 754 "DHCP" 755 "DHCPServer" 756 "LinkLocalAddressing" 757 "IPv6LinkLocalAddressGenerationMode" 758 "IPv6StableSecretAddress" 759 "IPv4LLStartAddress" 760 "IPv4LLRoute" 761 "DefaultRouteOnDevice" 762 "LLMNR" 763 "MulticastDNS" 764 "DNSOverTLS" 765 "DNSSEC" 766 "DNSSECNegativeTrustAnchors" 767 "LLDP" 768 "EmitLLDP" 769 "BindCarrier" 770 "Address" 771 "Gateway" 772 "DNS" 773 "UseDomains" 774 "Domains" 775 "DNSDefaultRoute" 776 "NTP" 777 "IPForward" 778 "IPv4Forwarding" 779 "IPv6Forwarding" 780 "IPMasquerade" 781 "IPv6PrivacyExtensions" 782 "IPv6AcceptRA" 783 "IPv6DuplicateAddressDetection" 784 "IPv6HopLimit" 785 "IPv6RetransmissionTimeSec" 786 "IPv4ReversePathFilter" 787 "IPv4AcceptLocal" 788 "IPv4RouteLocalnet" 789 "IPv4ProxyARP" 790 "IPv4ProxyARPPrivateVLAN" 791 "IPv6ProxyNDP" 792 "IPv6ProxyNDPAddress" 793 "IPv6SendRA" 794 "DHCPPrefixDelegation" 795 "IPv6MTUBytes" 796 "KeepMaster" 797 "Bridge" 798 "Bond" 799 "VRF" 800 "VLAN" 801 "IPVLAN" 802 "IPVTAP" 803 "MACVLAN" 804 "MACVTAP" 805 "VXLAN" 806 "Tunnel" 807 "MACsec" 808 "ActiveSlave" 809 "PrimarySlave" 810 "ConfigureWithoutCarrier" 811 "IgnoreCarrierLoss" 812 "Xfrm" 813 "KeepConfiguration" 814 "BatmanAdvanced" 815 ]) 816 # Note: For DHCP the values both, none, v4, v6 are deprecated 817 (assertValueOneOf "DHCP" ( 818 boolValues 819 ++ [ 820 "ipv4" 821 "ipv6" 822 ] 823 )) 824 (assertValueOneOf "DHCPServer" boolValues) 825 (assertValueOneOf "LinkLocalAddressing" ( 826 boolValues 827 ++ [ 828 "ipv4" 829 "ipv6" 830 "fallback" 831 "ipv4-fallback" 832 ] 833 )) 834 (assertValueOneOf "IPv6LinkLocalAddressGenerationMode" [ 835 "eui64" 836 "none" 837 "stable-privacy" 838 "random" 839 ]) 840 (assertValueOneOf "IPv4LLRoute" boolValues) 841 (assertValueOneOf "DefaultRouteOnDevice" boolValues) 842 (assertValueOneOf "LLMNR" (boolValues ++ [ "resolve" ])) 843 (assertValueOneOf "MulticastDNS" (boolValues ++ [ "resolve" ])) 844 (assertValueOneOf "DNSOverTLS" (boolValues ++ [ "opportunistic" ])) 845 (assertValueOneOf "DNSSEC" (boolValues ++ [ "allow-downgrade" ])) 846 (assertValueOneOf "LLDP" (boolValues ++ [ "routers-only" ])) 847 (assertValueOneOf "EmitLLDP" ( 848 boolValues 849 ++ [ 850 "nearest-bridge" 851 "non-tpmr-bridge" 852 "customer-bridge" 853 ] 854 )) 855 (assertValueOneOf "UseDomains" (boolValues ++ [ "route" ])) 856 (assertValueOneOf "DNSDefaultRoute" boolValues) 857 (assertRemoved "IPForward" "IPv4Forwarding and IPv6Forwarding in systemd.network(5) and networkd.conf(5). Please note that setting these options on multiple interfaces may lead to unintended results, see https://github.com/systemd/systemd/issues/33414 or the relevant sections in systemd.network(5).") 858 (assertValueOneOf "IPv4Forwarding" boolValues) 859 (assertValueOneOf "IPv6Forwarding" boolValues) 860 (assertValueOneOf "IPMasquerade" ( 861 boolValues 862 ++ [ 863 "ipv4" 864 "ipv6" 865 "both" 866 ] 867 )) 868 (assertValueOneOf "IPv6PrivacyExtensions" ( 869 boolValues 870 ++ [ 871 "prefer-public" 872 "kernel" 873 ] 874 )) 875 (assertValueOneOf "IPv6AcceptRA" boolValues) 876 (assertInt "IPv6DuplicateAddressDetection") 877 (assertMinimum "IPv6DuplicateAddressDetection" 0) 878 (assertInt "IPv6HopLimit") 879 (assertMinimum "IPv6HopLimit" 0) 880 (assertInt "IPv6RetransmissionTimeSec") 881 (assertValueOneOf "IPv4ReversePathFilter" [ 882 "no" 883 "strict" 884 "loose" 885 ]) 886 (assertValueOneOf "IPv4AcceptLocal" boolValues) 887 (assertValueOneOf "IPv4RouteLocalnet" boolValues) 888 (assertValueOneOf "IPv4ProxyARP" boolValues) 889 (assertValueOneOf "IPv4ProxyARPPrivateVLAN" boolValues) 890 (assertValueOneOf "IPv6ProxyNDP" boolValues) 891 (assertValueOneOf "IPv6SendRA" boolValues) 892 (assertValueOneOf "DHCPPrefixDelegation" boolValues) 893 (assertByteFormat "IPv6MTUBytes") 894 (assertValueOneOf "KeepMaster" boolValues) 895 (assertValueOneOf "ActiveSlave" boolValues) 896 (assertValueOneOf "PrimarySlave" boolValues) 897 (assertValueOneOf "ConfigureWithoutCarrier" boolValues) 898 (assertValueOneOf "KeepConfiguration" ( 899 boolValues 900 ++ [ 901 "static" 902 "dhcp-on-stop" 903 "dhcp" 904 ] 905 )) 906 ]; 907 908 sectionAddress = checkUnitConfigWithLegacyKey "addressConfig" "Address" [ 909 (assertOnlyFields [ 910 "Address" 911 "Peer" 912 "Broadcast" 913 "Label" 914 "PreferredLifetime" 915 "Scope" 916 "RouteMetric" 917 "HomeAddress" 918 "DuplicateAddressDetection" 919 "ManageTemporaryAddress" 920 "AddPrefixRoute" 921 "AutoJoin" 922 "NetLabel" 923 "NFTSet" 924 ]) 925 (assertHasField "Address") 926 (assertValueOneOf "PreferredLifetime" [ 927 "forever" 928 "infinity" 929 "0" 930 0 931 ]) 932 (assertInt "RouteMetric") 933 (assertValueOneOf "HomeAddress" boolValues) 934 (assertValueOneOf "DuplicateAddressDetection" [ 935 "ipv4" 936 "ipv6" 937 "both" 938 "none" 939 ]) 940 (assertValueOneOf "ManageTemporaryAddress" boolValues) 941 (assertValueOneOf "AddPrefixRoute" boolValues) 942 (assertValueOneOf "AutoJoin" boolValues) 943 ]; 944 945 sectionRoutingPolicyRule = 946 checkUnitConfigWithLegacyKey "routingPolicyRuleConfig" "RoutingPolicyRule" 947 [ 948 (assertOnlyFields [ 949 "TypeOfService" 950 "From" 951 "To" 952 "FirewallMark" 953 "Table" 954 "Priority" 955 "IncomingInterface" 956 "OutgoingInterface" 957 "L3MasterDevice" 958 "SourcePort" 959 "DestinationPort" 960 "IPProtocol" 961 "InvertRule" 962 "Family" 963 "User" 964 "SuppressPrefixLength" 965 "Type" 966 "SuppressInterfaceGroup" 967 ]) 968 (assertInt "TypeOfService") 969 (assertRange "TypeOfService" 0 255) 970 (assertRangeWithOptionalMask "FirewallMark" 1 4294967295) 971 (assertInt "Priority") 972 (assertValueOneOf "L3MasterDevice" boolValues) 973 (assertPortOrPortRange "SourcePort") 974 (assertPortOrPortRange "DestinationPort") 975 (assertValueOneOf "InvertRule" boolValues) 976 (assertValueOneOf "Family" [ 977 "ipv4" 978 "ipv6" 979 "both" 980 ]) 981 (assertInt "SuppressPrefixLength") 982 (assertRange "SuppressPrefixLength" 0 128) 983 (assertValueOneOf "Type" [ 984 "blackhole" 985 "unreachable" 986 "prohibit" 987 ]) 988 (assertRange "SuppressInterfaceGroup" 0 2147483647) 989 ]; 990 991 sectionRoute = checkUnitConfigWithLegacyKey "routeConfig" "Route" [ 992 (assertOnlyFields [ 993 "Gateway" 994 "GatewayOnLink" 995 "Destination" 996 "Source" 997 "Metric" 998 "IPv6Preference" 999 "Scope" 1000 "PreferredSource" 1001 "Table" 1002 "Protocol" 1003 "Type" 1004 "InitialCongestionWindow" 1005 "InitialAdvertisedReceiveWindow" 1006 "QuickAck" 1007 "FastOpenNoCookie" 1008 "TTLPropagate" 1009 "MTUBytes" 1010 "IPServiceType" 1011 "MultiPathRoute" 1012 ]) 1013 (assertValueOneOf "GatewayOnLink" boolValues) 1014 (assertInt "Metric") 1015 (assertValueOneOf "IPv6Preference" [ 1016 "low" 1017 "medium" 1018 "high" 1019 ]) 1020 (assertValueOneOf "Scope" [ 1021 "global" 1022 "site" 1023 "link" 1024 "host" 1025 "nowhere" 1026 ]) 1027 (assertValueOneOf "Type" [ 1028 "unicast" 1029 "local" 1030 "broadcast" 1031 "anycast" 1032 "multicast" 1033 "blackhole" 1034 "unreachable" 1035 "prohibit" 1036 "throw" 1037 "nat" 1038 "xresolve" 1039 ]) 1040 (assertValueOneOf "QuickAck" boolValues) 1041 (assertValueOneOf "FastOpenNoCookie" boolValues) 1042 (assertValueOneOf "TTLPropagate" boolValues) 1043 (assertByteFormat "MTUBytes") 1044 (assertValueOneOf "IPServiceType" [ 1045 "CS6" 1046 "CS4" 1047 ]) 1048 ]; 1049 1050 sectionDHCPv4 = checkUnitConfig "DHCPv4" [ 1051 (assertOnlyFields [ 1052 "UseDNS" 1053 "RoutesToDNS" 1054 "UseNTP" 1055 "UseSIP" 1056 "UseMTU" 1057 "Anonymize" 1058 "SendHostname" 1059 "UseHostname" 1060 "Hostname" 1061 "UseDomains" 1062 "UseGateway" 1063 "UseRoutes" 1064 "UseTimezone" 1065 "IPv6OnlyMode" 1066 "ClientIdentifier" 1067 "VendorClassIdentifier" 1068 "UserClass" 1069 "MaxAttempts" 1070 "DUIDType" 1071 "DUIDRawData" 1072 "IAID" 1073 "RequestAddress" 1074 "RequestBroadcast" 1075 "RouteMetric" 1076 "RapidCommit" 1077 "RouteTable" 1078 "RouteMTUBytes" 1079 "ListenPort" 1080 "SendRelease" 1081 "SendDecline" 1082 "BlackList" 1083 "RequestOptions" 1084 "SendOption" 1085 "FallbackLeaseLifetimeSec" 1086 "Label" 1087 "Use6RD" 1088 "NetLabel" 1089 "NFTSet" 1090 ]) 1091 (assertValueOneOf "UseDNS" boolValues) 1092 (assertValueOneOf "RoutesToDNS" boolValues) 1093 (assertValueOneOf "UseNTP" boolValues) 1094 (assertValueOneOf "UseSIP" boolValues) 1095 (assertValueOneOf "UseMTU" boolValues) 1096 (assertValueOneOf "Anonymize" boolValues) 1097 (assertValueOneOf "SendHostname" boolValues) 1098 (assertValueOneOf "UseHostname" boolValues) 1099 (assertValueOneOf "UseDomains" (boolValues ++ [ "route" ])) 1100 (assertValueOneOf "UseGateway" boolValues) 1101 (assertValueOneOf "UseRoutes" boolValues) 1102 (assertValueOneOf "UseTimezone" boolValues) 1103 (assertValueOneOf "IPv6OnlyMode" boolValues) 1104 (assertValueOneOf "ClientIdentifier" [ 1105 "mac" 1106 "duid" 1107 "duid-only" 1108 ]) 1109 (assertInt "IAID") 1110 (assertValueOneOf "RequestBroadcast" boolValues) 1111 (assertInt "RouteMetric") 1112 (assertValueOneOf "RapidCommit" boolValues) 1113 (assertInt "RouteTable") 1114 (assertRange "RouteTable" 0 4294967295) 1115 (assertByteFormat "RouteMTUBytes") 1116 (assertPort "ListenPort") 1117 (assertValueOneOf "SendRelease" boolValues) 1118 (assertValueOneOf "SendDecline" boolValues) 1119 (assertValueOneOf "FallbackLeaseLifetimeSec" [ 1120 "forever" 1121 "infinity" 1122 ]) 1123 (assertValueOneOf "Use6RD" boolValues) 1124 ]; 1125 1126 sectionDHCPv6 = checkUnitConfig "DHCPv6" [ 1127 (assertOnlyFields [ 1128 "UseAddress" 1129 "UseDNS" 1130 "UseNTP" 1131 "SendHostname" 1132 "UseHostname" 1133 "Hostname" 1134 "UseDomains" 1135 "RouteMetric" 1136 "RapidCommit" 1137 "MUDURL" 1138 "RequestOptions" 1139 "SendVendorOption" 1140 "PrefixDelegationHint" 1141 "WithoutRA" 1142 "SendOption" 1143 "UserClass" 1144 "VendorClass" 1145 "DUIDType" 1146 "DUIDRawData" 1147 "IAID" 1148 "UseDelegatedPrefix" 1149 "SendRelease" 1150 "NetLabel" 1151 "NFTSet" 1152 ]) 1153 (assertValueOneOf "UseAddress" boolValues) 1154 (assertValueOneOf "UseDNS" boolValues) 1155 (assertValueOneOf "UseNTP" boolValues) 1156 (assertValueOneOf "SendHostname" boolValues) 1157 (assertValueOneOf "UseHostname" boolValues) 1158 (assertValueOneOf "UseDomains" (boolValues ++ [ "route" ])) 1159 (assertInt "RouteMetric") 1160 (assertValueOneOf "RapidCommit" boolValues) 1161 (assertValueOneOf "WithoutRA" [ 1162 "no" 1163 "solicit" 1164 "information-request" 1165 ]) 1166 (assertRange "SendOption" 1 65536) 1167 (assertInt "IAID") 1168 (assertValueOneOf "UseDelegatedPrefix" boolValues) 1169 (assertValueOneOf "SendRelease" boolValues) 1170 ]; 1171 1172 sectionDHCPPrefixDelegation = checkUnitConfig "DHCPPrefixDelegation" [ 1173 (assertOnlyFields [ 1174 "UplinkInterface" 1175 "SubnetId" 1176 "Announce" 1177 "Assign" 1178 "Token" 1179 "ManageTemporaryAddress" 1180 "RouteMetric" 1181 "NetLabel" 1182 "NFTSet" 1183 ]) 1184 (assertValueOneOf "Announce" boolValues) 1185 (assertValueOneOf "Assign" boolValues) 1186 (assertValueOneOf "ManageTemporaryAddress" boolValues) 1187 (assertRange "RouteMetric" 0 4294967295) 1188 ]; 1189 1190 sectionIPv6AcceptRA = checkUnitConfig "IPv6AcceptRA" [ 1191 (assertOnlyFields [ 1192 "UseDNS" 1193 "UseDomains" 1194 "RouteTable" 1195 "UseAutonomousPrefix" 1196 "UseOnLinkPrefix" 1197 "RouterDenyList" 1198 "RouterAllowList" 1199 "PrefixDenyList" 1200 "PrefixAllowList" 1201 "RouteDenyList" 1202 "RouteAllowList" 1203 "DHCPv6Client" 1204 "RouteMetric" 1205 "UseMTU" 1206 "UseGateway" 1207 "UseRoutePrefix" 1208 "Token" 1209 "UsePREF64" 1210 "NetLabel" 1211 "NFTSet" 1212 ]) 1213 (assertValueOneOf "UseDNS" boolValues) 1214 (assertValueOneOf "UseDomains" (boolValues ++ [ "route" ])) 1215 (assertRange "RouteTable" 0 4294967295) 1216 (assertValueOneOf "UseAutonomousPrefix" boolValues) 1217 (assertValueOneOf "UseOnLinkPrefix" boolValues) 1218 (assertValueOneOf "DHCPv6Client" (boolValues ++ [ "always" ])) 1219 (assertValueOneOf "UseMTU" boolValues) 1220 (assertValueOneOf "UseGateway" boolValues) 1221 (assertValueOneOf "UseRoutePrefix" boolValues) 1222 (assertValueOneOf "UsePREF64" boolValues) 1223 ]; 1224 1225 sectionDHCPServer = checkUnitConfig "DHCPServer" [ 1226 (assertOnlyFields [ 1227 "ServerAddress" 1228 "PoolOffset" 1229 "PoolSize" 1230 "DefaultLeaseTimeSec" 1231 "MaxLeaseTimeSec" 1232 "UplinkInterface" 1233 "EmitDNS" 1234 "DNS" 1235 "EmitNTP" 1236 "NTP" 1237 "EmitSIP" 1238 "SIP" 1239 "EmitPOP3" 1240 "POP3" 1241 "EmitSMTP" 1242 "SMTP" 1243 "EmitLPR" 1244 "LPR" 1245 "EmitRouter" 1246 "Router" 1247 "EmitTimezone" 1248 "Timezone" 1249 "SendOption" 1250 "SendVendorOption" 1251 "BindToInterface" 1252 "RelayTarget" 1253 "RelayAgentCircuitId" 1254 "RelayAgentRemoteId" 1255 "BootServerAddress" 1256 "BootServerName" 1257 "BootFilename" 1258 "IPv6OnlyPreferredSec" 1259 "PersistLeases" 1260 ]) 1261 (assertInt "PoolOffset") 1262 (assertMinimum "PoolOffset" 0) 1263 (assertInt "PoolSize") 1264 (assertMinimum "PoolSize" 0) 1265 (assertValueOneOf "EmitDNS" boolValues) 1266 (assertValueOneOf "EmitNTP" boolValues) 1267 (assertValueOneOf "EmitSIP" boolValues) 1268 (assertValueOneOf "EmitPOP3" boolValues) 1269 (assertValueOneOf "EmitSMTP" boolValues) 1270 (assertValueOneOf "EmitLPR" boolValues) 1271 (assertValueOneOf "EmitRouter" boolValues) 1272 (assertValueOneOf "EmitTimezone" boolValues) 1273 (assertValueOneOf "BindToInterface" boolValues) 1274 (assertValueOneOf "PersistLeases" boolValues) 1275 ]; 1276 1277 sectionIPv6SendRA = checkUnitConfig "IPv6SendRA" [ 1278 (assertOnlyFields [ 1279 "Managed" 1280 "OtherInformation" 1281 "RouterLifetimeSec" 1282 "RetransmitSec" 1283 "RouterPreference" 1284 "HopLimit" 1285 "UplinkInterface" 1286 "EmitDNS" 1287 "DNS" 1288 "EmitDomains" 1289 "Domains" 1290 "DNSLifetimeSec" 1291 "HomeAgent" 1292 "HomeAgentLifetimeSec" 1293 "HomeAgentPreference" 1294 ]) 1295 (assertValueOneOf "Managed" boolValues) 1296 (assertValueOneOf "OtherInformation" boolValues) 1297 (assertValueOneOf "RouterPreference" [ 1298 "high" 1299 "medium" 1300 "low" 1301 "normal" 1302 "default" 1303 ]) 1304 (assertInt "HopLimit") 1305 (assertValueOneOf "EmitDNS" boolValues) 1306 (assertValueOneOf "EmitDomains" boolValues) 1307 (assertValueOneOf "HomeAgent" boolValues) 1308 (assertInt "HomeAgentPreference") 1309 ]; 1310 1311 sectionIPv6PREF64Prefix = checkUnitConfigWithLegacyKey "ipv6PREF64PrefixConfig" "IPv6PREF64Prefix" [ 1312 (assertOnlyFields [ 1313 "Prefix" 1314 "LifetimeSec" 1315 ]) 1316 (assertInt "LifetimeSec") 1317 ]; 1318 1319 sectionIPv6Prefix = checkUnitConfigWithLegacyKey "ipv6PrefixConfig" "IPv6Prefix" [ 1320 (assertOnlyFields [ 1321 "AddressAutoconfiguration" 1322 "OnLink" 1323 "Prefix" 1324 "PreferredLifetimeSec" 1325 "ValidLifetimeSec" 1326 "Assign" 1327 "Token" 1328 ]) 1329 (assertValueOneOf "AddressAutoconfiguration" boolValues) 1330 (assertValueOneOf "OnLink" boolValues) 1331 (assertValueOneOf "Assign" boolValues) 1332 ]; 1333 1334 sectionIPv6RoutePrefix = checkUnitConfigWithLegacyKey "ipv6RoutePrefixConfig" "IPv6RoutePrefix" [ 1335 (assertOnlyFields [ 1336 "Route" 1337 "LifetimeSec" 1338 ]) 1339 (assertHasField "Route") 1340 (assertInt "LifetimeSec") 1341 ]; 1342 1343 sectionDHCPServerStaticLease = 1344 checkUnitConfigWithLegacyKey "dhcpServerStaticLeaseConfig" "DHCPServerStaticLease" 1345 [ 1346 (assertOnlyFields [ 1347 "MACAddress" 1348 "Address" 1349 ]) 1350 (assertHasField "MACAddress") 1351 (assertHasField "Address") 1352 (assertMacAddress "MACAddress") 1353 ]; 1354 1355 sectionBridge = checkUnitConfig "Bridge" [ 1356 (assertOnlyFields [ 1357 "UnicastFlood" 1358 "MulticastFlood" 1359 "MulticastToUnicast" 1360 "NeighborSuppression" 1361 "Learning" 1362 "HairPin" 1363 "Isolated" 1364 "UseBPDU" 1365 "FastLeave" 1366 "AllowPortToBeRoot" 1367 "ProxyARP" 1368 "ProxyARPWiFi" 1369 "MulticastRouter" 1370 "Cost" 1371 "Priority" 1372 ]) 1373 (assertValueOneOf "UnicastFlood" boolValues) 1374 (assertValueOneOf "MulticastFlood" boolValues) 1375 (assertValueOneOf "MulticastToUnicast" boolValues) 1376 (assertValueOneOf "NeighborSuppression" boolValues) 1377 (assertValueOneOf "Learning" boolValues) 1378 (assertValueOneOf "HairPin" boolValues) 1379 (assertValueOneOf "Isolated" boolValues) 1380 (assertValueOneOf "UseBPDU" boolValues) 1381 (assertValueOneOf "FastLeave" boolValues) 1382 (assertValueOneOf "AllowPortToBeRoot" boolValues) 1383 (assertValueOneOf "ProxyARP" boolValues) 1384 (assertValueOneOf "ProxyARPWiFi" boolValues) 1385 (assertValueOneOf "MulticastRouter" [ 1386 "no" 1387 "query" 1388 "permanent" 1389 "temporary" 1390 ]) 1391 (assertInt "Cost") 1392 (assertRange "Cost" 1 65535) 1393 (assertInt "Priority") 1394 (assertRange "Priority" 0 63) 1395 ]; 1396 1397 sectionBridgeFDB = checkUnitConfigWithLegacyKey "bridgeFDBConfig" "BridgeFDB" [ 1398 (assertOnlyFields [ 1399 "MACAddress" 1400 "Destination" 1401 "VLANId" 1402 "VNI" 1403 "AssociatedWith" 1404 "OutgoingInterface" 1405 ]) 1406 (assertHasField "MACAddress") 1407 (assertInt "VLANId") 1408 (assertRange "VLANId" 0 4094) 1409 (assertInt "VNI") 1410 (assertRange "VNI" 1 16777215) 1411 (assertValueOneOf "AssociatedWith" [ 1412 "use" 1413 "self" 1414 "master" 1415 "router" 1416 ]) 1417 ]; 1418 1419 sectionBridgeMDB = checkUnitConfigWithLegacyKey "bridgeMDBConfig" "BridgeMDB" [ 1420 (assertOnlyFields [ 1421 "MulticastGroupAddress" 1422 "VLANId" 1423 ]) 1424 (assertHasField "MulticastGroupAddress") 1425 (assertInt "VLANId") 1426 (assertRange "VLANId" 0 4094) 1427 ]; 1428 1429 sectionLLDP = checkUnitConfig "LLDP" [ 1430 (assertOnlyFields [ 1431 "MUDURL" 1432 ]) 1433 ]; 1434 1435 sectionCAN = checkUnitConfig "CAN" [ 1436 (assertOnlyFields [ 1437 "BitRate" 1438 "SamplePoint" 1439 "TimeQuantaNSec" 1440 "PropagationSegment" 1441 "PhaseBufferSegment1" 1442 "PhaseBufferSegment2" 1443 "SyncJumpWidth" 1444 "DataBitRate" 1445 "DataSamplePoint" 1446 "DataTimeQuantaNSec" 1447 "DataPropagationSegment" 1448 "DataPhaseBufferSegment1" 1449 "DataPhaseBufferSegment2" 1450 "DataSyncJumpWidth" 1451 "FDMode" 1452 "FDNonISO" 1453 "RestartSec" 1454 "Termination" 1455 "TripleSampling" 1456 "BusErrorReporting" 1457 "ListenOnly" 1458 "Loopback" 1459 "OneShot" 1460 "PresumeAck" 1461 "ClassicDataLengthCode" 1462 ]) 1463 (assertInt "TimeQuantaNSec") 1464 (assertRange "TimeQuantaNSec" 0 4294967295) 1465 (assertInt "PropagationSegment") 1466 (assertRange "PropagationSegment" 0 4294967295) 1467 (assertInt "PhaseBufferSegment1") 1468 (assertRange "PhaseBufferSegment1" 0 4294967295) 1469 (assertInt "PhaseBufferSegment2") 1470 (assertRange "PhaseBufferSegment2" 0 4294967295) 1471 (assertInt "SyncJumpWidth") 1472 (assertRange "SyncJumpWidth" 0 4294967295) 1473 (assertInt "DataTimeQuantaNSec") 1474 (assertRange "DataTimeQuantaNSec" 0 4294967295) 1475 (assertInt "DataPropagationSegment") 1476 (assertRange "DataPropagationSegment" 0 4294967295) 1477 (assertInt "DataPhaseBufferSegment1") 1478 (assertRange "DataPhaseBufferSegment1" 0 4294967295) 1479 (assertInt "DataPhaseBufferSegment2") 1480 (assertRange "DataPhaseBufferSegment2" 0 4294967295) 1481 (assertInt "DataSyncJumpWidth") 1482 (assertRange "DataSyncJumpWidth" 0 4294967295) 1483 (assertValueOneOf "FDMode" boolValues) 1484 (assertValueOneOf "FDNonISO" boolValues) 1485 (assertValueOneOf "TripleSampling" boolValues) 1486 (assertValueOneOf "BusErrorReporting" boolValues) 1487 (assertValueOneOf "ListenOnly" boolValues) 1488 (assertValueOneOf "Loopback" boolValues) 1489 (assertValueOneOf "OneShot" boolValues) 1490 (assertValueOneOf "PresumeAck" boolValues) 1491 (assertValueOneOf "ClassicDataLengthCode" boolValues) 1492 ]; 1493 1494 sectionIPoIB = checkUnitConfig "IPoIB" [ 1495 (assertOnlyFields [ 1496 "Mode" 1497 "IgnoreUserspaceMulticastGroup" 1498 ]) 1499 (assertValueOneOf "Mode" [ 1500 "datagram" 1501 "connected" 1502 ]) 1503 (assertValueOneOf "IgnoreUserspaceMulticastGroup" boolValues) 1504 ]; 1505 1506 sectionQDisc = checkUnitConfig "QDisc" [ 1507 (assertOnlyFields [ 1508 "Parent" 1509 "Handle" 1510 ]) 1511 (assertValueOneOf "Parent" [ 1512 "clsact" 1513 "ingress" 1514 ]) 1515 ]; 1516 1517 sectionNetworkEmulator = checkUnitConfig "NetworkEmulator" [ 1518 (assertOnlyFields [ 1519 "Parent" 1520 "Handle" 1521 "DelaySec" 1522 "DelayJitterSec" 1523 "PacketLimit" 1524 "LossRate" 1525 "DuplicateRate" 1526 ]) 1527 (assertInt "PacketLimit") 1528 (assertRange "PacketLimit" 0 4294967294) 1529 ]; 1530 1531 sectionTokenBucketFilter = checkUnitConfig "TokenBucketFilter" [ 1532 (assertOnlyFields [ 1533 "Parent" 1534 "Handle" 1535 "LatencySec" 1536 "LimitBytes" 1537 "BurstBytes" 1538 "Rate" 1539 "MPUBytes" 1540 "PeakRate" 1541 "MTUBytes" 1542 ]) 1543 ]; 1544 1545 sectionPIE = checkUnitConfig "PIE" [ 1546 (assertOnlyFields [ 1547 "Parent" 1548 "Handle" 1549 "PacketLimit" 1550 ]) 1551 (assertInt "PacketLimit") 1552 (assertRange "PacketLimit" 1 4294967294) 1553 ]; 1554 1555 sectionFlowQueuePIE = checkUnitConfig "FlowQueuePIE" [ 1556 (assertOnlyFields [ 1557 "Parent" 1558 "Handle" 1559 "PacketLimit" 1560 ]) 1561 (assertInt "PacketLimit") 1562 (assertRange "PacketLimit" 1 4294967294) 1563 ]; 1564 1565 sectionStochasticFairBlue = checkUnitConfig "StochasticFairBlue" [ 1566 (assertOnlyFields [ 1567 "Parent" 1568 "Handle" 1569 "PacketLimit" 1570 ]) 1571 (assertInt "PacketLimit") 1572 (assertRange "PacketLimit" 1 4294967294) 1573 ]; 1574 1575 sectionStochasticFairnessQueueing = checkUnitConfig "StochasticFairnessQueueing" [ 1576 (assertOnlyFields [ 1577 "Parent" 1578 "Handle" 1579 "PerturbPeriodSec" 1580 ]) 1581 (assertInt "PerturbPeriodSec") 1582 ]; 1583 1584 sectionBFIFO = checkUnitConfig "BFIFO" [ 1585 (assertOnlyFields [ 1586 "Parent" 1587 "Handle" 1588 "LimitBytes" 1589 ]) 1590 ]; 1591 1592 sectionPFIFO = checkUnitConfig "PFIFO" [ 1593 (assertOnlyFields [ 1594 "Parent" 1595 "Handle" 1596 "PacketLimit" 1597 ]) 1598 (assertInt "PacketLimit") 1599 (assertRange "PacketLimit" 0 4294967294) 1600 ]; 1601 1602 sectionPFIFOHeadDrop = checkUnitConfig "PFIFOHeadDrop" [ 1603 (assertOnlyFields [ 1604 "Parent" 1605 "Handle" 1606 "PacketLimit" 1607 ]) 1608 (assertInt "PacketLimit") 1609 (assertRange "PacketLimit" 0 4294967294) 1610 ]; 1611 1612 sectionPFIFOFast = checkUnitConfig "PFIFOFast" [ 1613 (assertOnlyFields [ 1614 "Parent" 1615 "Handle" 1616 ]) 1617 ]; 1618 1619 sectionCAKE = checkUnitConfig "CAKE" [ 1620 (assertOnlyFields [ 1621 "Parent" 1622 "Handle" 1623 "Bandwidth" 1624 "AutoRateIngress" 1625 "OverheadBytes" 1626 "MPUBytes" 1627 "CompensationMode" 1628 "UseRawPacketSize" 1629 "FlowIsolationMode" 1630 "NAT" 1631 "PriorityQueueingPreset" 1632 "FirewallMark" 1633 "Wash" 1634 "SplitGSO" 1635 "AckFilter" 1636 "RTTSec" 1637 ]) 1638 (assertValueOneOf "AutoRateIngress" boolValues) 1639 (assertInt "OverheadBytes") 1640 (assertRange "OverheadBytes" (-64) 256) 1641 (assertInt "MPUBytes") 1642 (assertRange "MPUBytes" 1 256) 1643 (assertValueOneOf "CompensationMode" [ 1644 "none" 1645 "atm" 1646 "ptm" 1647 ]) 1648 (assertValueOneOf "UseRawPacketSize" boolValues) 1649 (assertValueOneOf "FlowIsolationMode" [ 1650 "none" 1651 "src-host" 1652 "dst-host" 1653 "hosts" 1654 "flows" 1655 "dual-src-host" 1656 "dual-dst-host" 1657 "triple" 1658 ]) 1659 (assertValueOneOf "NAT" boolValues) 1660 (assertValueOneOf "PriorityQueueingPreset" [ 1661 "besteffort" 1662 "precedence" 1663 "diffserv8" 1664 "diffserv4" 1665 "diffserv3" 1666 ]) 1667 (assertInt "FirewallMark") 1668 (assertRange "FirewallMark" 1 4294967295) 1669 (assertValueOneOf "Wash" boolValues) 1670 (assertValueOneOf "SplitGSO" boolValues) 1671 (assertValueOneOf "AckFilter" (boolValues ++ [ "aggressive" ])) 1672 ]; 1673 1674 sectionControlledDelay = checkUnitConfig "ControlledDelay" [ 1675 (assertOnlyFields [ 1676 "Parent" 1677 "Handle" 1678 "PacketLimit" 1679 "TargetSec" 1680 "IntervalSec" 1681 "ECN" 1682 "CEThresholdSec" 1683 ]) 1684 (assertValueOneOf "ECN" boolValues) 1685 ]; 1686 1687 sectionDeficitRoundRobinScheduler = checkUnitConfig "DeficitRoundRobinScheduler" [ 1688 (assertOnlyFields [ 1689 "Parent" 1690 "Handle" 1691 ]) 1692 ]; 1693 1694 sectionDeficitRoundRobinSchedulerClass = checkUnitConfig "DeficitRoundRobinSchedulerClass" [ 1695 (assertOnlyFields [ 1696 "Parent" 1697 "Handle" 1698 "QuantumBytes" 1699 ]) 1700 ]; 1701 1702 sectionEnhancedTransmissionSelection = checkUnitConfig "EnhancedTransmissionSelection" [ 1703 (assertOnlyFields [ 1704 "Parent" 1705 "Handle" 1706 "Bands" 1707 "StrictBands" 1708 "QuantumBytes" 1709 "PriorityMap" 1710 ]) 1711 (assertInt "Bands") 1712 (assertRange "Bands" 1 16) 1713 (assertInt "StrictBands") 1714 (assertRange "StrictBands" 1 16) 1715 ]; 1716 1717 sectionGenericRandomEarlyDetection = checkUnitConfig "GenericRandomEarlyDetection" [ 1718 (assertOnlyFields [ 1719 "Parent" 1720 "Handle" 1721 "VirtualQueues" 1722 "DefaultVirtualQueue" 1723 "GenericRIO" 1724 ]) 1725 (assertInt "VirtualQueues") 1726 (assertRange "VirtualQueues" 1 16) 1727 (assertInt "DefaultVirtualQueue") 1728 (assertRange "DefaultVirtualQueue" 1 16) 1729 (assertValueOneOf "GenericRIO" boolValues) 1730 ]; 1731 1732 sectionFairQueueingControlledDelay = checkUnitConfig "FairQueueingControlledDelay" [ 1733 (assertOnlyFields [ 1734 "Parent" 1735 "Handle" 1736 "PacketLimit" 1737 "MemoryLimitBytes" 1738 "Flows" 1739 "TargetSec" 1740 "IntervalSec" 1741 "QuantumBytes" 1742 "ECN" 1743 "CEThresholdSec" 1744 ]) 1745 (assertInt "PacketLimit") 1746 (assertInt "Flows") 1747 (assertValueOneOf "ECN" boolValues) 1748 ]; 1749 1750 sectionFairQueueing = checkUnitConfig "FairQueueing" [ 1751 (assertOnlyFields [ 1752 "Parent" 1753 "Handle" 1754 "PacketLimit" 1755 "FlowLimit" 1756 "QuantumBytes" 1757 "InitualQuantumBytes" 1758 "MaximumRate" 1759 "Buckets" 1760 "OrphanMask" 1761 "Pacing" 1762 "CEThresholdSec" 1763 ]) 1764 (assertInt "PacketLimit") 1765 (assertInt "FlowLimit") 1766 (assertInt "OrphanMask") 1767 (assertValueOneOf "Pacing" boolValues) 1768 ]; 1769 1770 sectionTrivialLinkEqualizer = checkUnitConfig "TrivialLinkEqualizer" [ 1771 (assertOnlyFields [ 1772 "Parent" 1773 "Handle" 1774 "Id" 1775 ]) 1776 ]; 1777 1778 sectionHierarchyTokenBucket = checkUnitConfig "HierarchyTokenBucket" [ 1779 (assertOnlyFields [ 1780 "Parent" 1781 "Handle" 1782 "DefaultClass" 1783 "RateToQuantum" 1784 ]) 1785 (assertInt "RateToQuantum") 1786 ]; 1787 1788 sectionHierarchyTokenBucketClass = checkUnitConfig "HierarchyTokenBucketClass" [ 1789 (assertOnlyFields [ 1790 "Parent" 1791 "ClassId" 1792 "Priority" 1793 "QuantumBytes" 1794 "MTUBytes" 1795 "OverheadBytes" 1796 "Rate" 1797 "CeilRate" 1798 "BufferBytes" 1799 "CeilBufferBytes" 1800 ]) 1801 ]; 1802 1803 sectionHeavyHitterFilter = checkUnitConfig "HeavyHitterFilter" [ 1804 (assertOnlyFields [ 1805 "Parent" 1806 "Handle" 1807 "PacketLimit" 1808 ]) 1809 (assertInt "PacketLimit") 1810 (assertRange "PacketLimit" 0 4294967294) 1811 ]; 1812 1813 sectionQuickFairQueueing = checkUnitConfig "QuickFairQueueing" [ 1814 (assertOnlyFields [ 1815 "Parent" 1816 "Handle" 1817 ]) 1818 ]; 1819 1820 sectionQuickFairQueueingClass = checkUnitConfig "QuickFairQueueingClass" [ 1821 (assertOnlyFields [ 1822 "Parent" 1823 "ClassId" 1824 "Weight" 1825 "MaxPacketBytes" 1826 ]) 1827 (assertInt "Weight") 1828 (assertRange "Weight" 1 1023) 1829 ]; 1830 1831 sectionBridgeVLAN = checkUnitConfigWithLegacyKey "bridgeVLANConfig" "BridgeVLAN" [ 1832 (assertOnlyFields [ 1833 "VLAN" 1834 "EgressUntagged" 1835 "PVID" 1836 ]) 1837 (assertInt "PVID") 1838 (assertRange "PVID" 0 4094) 1839 ]; 1840 }; 1841 }; 1842 1843 commonNetworkOptions = { 1844 1845 enable = mkOption { 1846 default = true; 1847 type = types.bool; 1848 description = '' 1849 Whether to manage network configuration using {command}`systemd-network`. 1850 1851 This also enables {option}`systemd.networkd.enable`. 1852 ''; 1853 }; 1854 1855 matchConfig = mkOption { 1856 default = { }; 1857 example = { 1858 Name = "eth0"; 1859 }; 1860 type = types.attrsOf unitOption; 1861 description = '' 1862 Each attribute in this set specifies an option in the 1863 `[Match]` section of the unit. See 1864 {manpage}`systemd.link(5)` 1865 {manpage}`systemd.netdev(5)` 1866 {manpage}`systemd.network(5)` 1867 for details. 1868 ''; 1869 }; 1870 1871 extraConfig = mkOption { 1872 default = ""; 1873 type = types.lines; 1874 description = "Extra configuration append to unit"; 1875 }; 1876 }; 1877 1878 networkdOptions = { 1879 networkConfig = mkOption { 1880 default = { }; 1881 example = { 1882 SpeedMeter = true; 1883 ManageForeignRoutingPolicyRules = false; 1884 }; 1885 type = types.addCheck (types.attrsOf unitOption) check.global.sectionNetwork; 1886 description = '' 1887 Each attribute in this set specifies an option in the 1888 `[Network]` section of the networkd config. 1889 See {manpage}`networkd.conf(5)` for details. 1890 ''; 1891 }; 1892 1893 dhcpV4Config = mkOption { 1894 default = { }; 1895 example = { 1896 DUIDType = "vendor"; 1897 }; 1898 type = types.addCheck (types.attrsOf unitOption) check.global.sectionDHCPv4; 1899 description = '' 1900 Each attribute in this set specifies an option in the 1901 `[DHCPv4]` section of the networkd config. 1902 See {manpage}`networkd.conf(5)` for details. 1903 ''; 1904 }; 1905 1906 dhcpV6Config = mkOption { 1907 default = { }; 1908 example = { 1909 DUIDType = "vendor"; 1910 }; 1911 type = types.addCheck (types.attrsOf unitOption) check.global.sectionDHCPv6; 1912 description = '' 1913 Each attribute in this set specifies an option in the 1914 `[DHCPv6]` section of the networkd config. 1915 See {manpage}`networkd.conf(5)` for details. 1916 ''; 1917 }; 1918 }; 1919 1920 linkOptions = commonNetworkOptions // { 1921 # overwrite enable option from above 1922 enable = mkOption { 1923 default = true; 1924 type = types.bool; 1925 description = '' 1926 Whether to enable this .link unit. It's handled by udev no matter if {command}`systemd-networkd` is enabled or not 1927 ''; 1928 }; 1929 1930 linkConfig = mkOption { 1931 default = { }; 1932 example = { 1933 MACAddress = "00:ff:ee:aa:cc:dd"; 1934 }; 1935 type = types.addCheck (types.attrsOf unitOption) check.link.sectionLink; 1936 description = '' 1937 Each attribute in this set specifies an option in the 1938 `[Link]` section of the unit. See 1939 {manpage}`systemd.link(5)` for details. 1940 ''; 1941 }; 1942 1943 }; 1944 1945 mkSubsectionType = 1946 oldKey: checkF: 1947 let 1948 type = types.addCheck (types.attrsOf unitOption) checkF; 1949 in 1950 type 1951 // { 1952 merge = 1953 loc: defs: 1954 let 1955 final = type.merge loc defs; 1956 in 1957 if final ? ${oldKey} then 1958 warn "Using '${oldKey}' is deprecated! Move all attributes inside one level up and remove it." 1959 final.${oldKey} 1960 else 1961 final; 1962 }; 1963 1964 netdevOptions = commonNetworkOptions // { 1965 1966 netdevConfig = mkOption { 1967 example = { 1968 Name = "mybridge"; 1969 Kind = "bridge"; 1970 }; 1971 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionNetdev; 1972 description = '' 1973 Each attribute in this set specifies an option in the 1974 `[Netdev]` section of the unit. See 1975 {manpage}`systemd.netdev(5)` for details. 1976 ''; 1977 }; 1978 1979 bridgeConfig = mkOption { 1980 default = { }; 1981 example = { 1982 STP = true; 1983 }; 1984 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionBridge; 1985 description = '' 1986 Each attribute in this set specifies an option in the 1987 `[Bridge]` section of the unit. See 1988 {manpage}`systemd.netdev(5)` for details. 1989 ''; 1990 }; 1991 1992 vlanConfig = mkOption { 1993 default = { }; 1994 example = { 1995 Id = 4; 1996 }; 1997 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionVLAN; 1998 description = '' 1999 Each attribute in this set specifies an option in the 2000 `[VLAN]` section of the unit. See 2001 {manpage}`systemd.netdev(5)` for details. 2002 ''; 2003 }; 2004 2005 ipvlanConfig = mkOption { 2006 default = { }; 2007 example = { 2008 Mode = "L2"; 2009 Flags = "private"; 2010 }; 2011 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionIPVLAN; 2012 description = '' 2013 Each attribute in this set specifies an option in the `[IPVLAN]` section of the unit. 2014 See {manpage}`systemd.netdev(5)` for details. 2015 ''; 2016 }; 2017 2018 ipvtapConfig = mkOption { 2019 default = { }; 2020 example = { 2021 Mode = "L3"; 2022 Flags = "vepa"; 2023 }; 2024 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionIPVTAP; 2025 description = '' 2026 Each attribute in this set specifies an option in the `[IPVTAP]` section of the unit. 2027 See {manpage}`systemd.netdev(5)` for details. 2028 ''; 2029 }; 2030 2031 macvlanConfig = mkOption { 2032 default = { }; 2033 example = { 2034 Mode = "private"; 2035 }; 2036 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionMACVLAN; 2037 description = '' 2038 Each attribute in this set specifies an option in the 2039 `[MACVLAN]` section of the unit. See 2040 {manpage}`systemd.netdev(5)` for details. 2041 ''; 2042 }; 2043 2044 vxlanConfig = mkOption { 2045 default = { }; 2046 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionVXLAN; 2047 description = '' 2048 Each attribute in this set specifies an option in the 2049 `[VXLAN]` section of the unit. See 2050 {manpage}`systemd.netdev(5)` for details. 2051 ''; 2052 }; 2053 2054 tunnelConfig = mkOption { 2055 default = { }; 2056 example = { 2057 Remote = "192.168.1.1"; 2058 }; 2059 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionTunnel; 2060 description = '' 2061 Each attribute in this set specifies an option in the 2062 `[Tunnel]` section of the unit. See 2063 {manpage}`systemd.netdev(5)` for details. 2064 ''; 2065 }; 2066 2067 fooOverUDPConfig = mkOption { 2068 default = { }; 2069 example = { 2070 Port = 9001; 2071 }; 2072 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionFooOverUDP; 2073 description = '' 2074 Each attribute in this set specifies an option in the 2075 `[FooOverUDP]` section of the unit. See 2076 {manpage}`systemd.netdev(5)` for details. 2077 ''; 2078 }; 2079 2080 peerConfig = mkOption { 2081 default = { }; 2082 example = { 2083 Name = "veth2"; 2084 }; 2085 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionPeer; 2086 description = '' 2087 Each attribute in this set specifies an option in the 2088 `[Peer]` section of the unit. See 2089 {manpage}`systemd.netdev(5)` for details. 2090 ''; 2091 }; 2092 2093 tunConfig = mkOption { 2094 default = { }; 2095 example = { 2096 User = "openvpn"; 2097 }; 2098 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionTun; 2099 description = '' 2100 Each attribute in this set specifies an option in the 2101 `[Tun]` section of the unit. See 2102 {manpage}`systemd.netdev(5)` for details. 2103 ''; 2104 }; 2105 2106 tapConfig = mkOption { 2107 default = { }; 2108 example = { 2109 User = "openvpn"; 2110 }; 2111 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionTap; 2112 description = '' 2113 Each attribute in this set specifies an option in the 2114 `[Tap]` section of the unit. See 2115 {manpage}`systemd.netdev(5)` for details. 2116 ''; 2117 }; 2118 2119 l2tpConfig = mkOption { 2120 default = { }; 2121 example = { 2122 TunnelId = 10; 2123 PeerTunnelId = 12; 2124 Local = "static"; 2125 Remote = "192.168.30.101"; 2126 EncapsulationType = "ip"; 2127 }; 2128 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionL2TP; 2129 description = '' 2130 Each attribute in this set specifies an option in the 2131 `[L2TP]` section of the unit. See 2132 {manpage}`systemd.netdev(5)` for details. 2133 ''; 2134 }; 2135 2136 l2tpSessions = mkOption { 2137 default = [ ]; 2138 example = [ 2139 { 2140 SessionId = 25; 2141 PeerSessionId = 26; 2142 Name = "l2tp-sess"; 2143 } 2144 ]; 2145 type = types.listOf (mkSubsectionType "l2tpSessionConfig" check.netdev.sectionL2TPSession); 2146 description = '' 2147 Each item in this array specifies an option in the 2148 `[L2TPSession]` section of the unit. See 2149 {manpage}`systemd.netdev(5)` for details. 2150 ''; 2151 }; 2152 2153 wireguardConfig = mkOption { 2154 default = { }; 2155 example = { 2156 PrivateKeyFile = "/etc/wireguard/secret.key"; 2157 ListenPort = 51820; 2158 FirewallMark = 42; 2159 }; 2160 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionWireGuard; 2161 description = '' 2162 Each attribute in this set specifies an option in the 2163 `[WireGuard]` section of the unit. See 2164 {manpage}`systemd.netdev(5)` for details. 2165 Use `PrivateKeyFile` instead of 2166 `PrivateKey`: the nix store is 2167 world-readable. 2168 ''; 2169 }; 2170 2171 wireguardPeers = mkOption { 2172 default = [ ]; 2173 example = [ 2174 { 2175 Endpoint = "192.168.1.1:51820"; 2176 PublicKey = "27s0OvaBBdHoJYkH9osZpjpgSOVNw+RaKfboT/Sfq0g="; 2177 PresharedKeyFile = "/etc/wireguard/psk.key"; 2178 AllowedIPs = [ "10.0.0.1/32" ]; 2179 PersistentKeepalive = 15; 2180 } 2181 ]; 2182 type = types.listOf (mkSubsectionType "wireguardPeerConfig" check.netdev.sectionWireGuardPeer); 2183 description = '' 2184 Each item in this array specifies an option in the 2185 `[WireGuardPeer]` section of the unit. See 2186 {manpage}`systemd.netdev(5)` for details. 2187 Use `PresharedKeyFile` instead of 2188 `PresharedKey`: the nix store is 2189 world-readable. 2190 ''; 2191 }; 2192 2193 bondConfig = mkOption { 2194 default = { }; 2195 example = { 2196 Mode = "802.3ad"; 2197 }; 2198 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionBond; 2199 description = '' 2200 Each attribute in this set specifies an option in the 2201 `[Bond]` section of the unit. See 2202 {manpage}`systemd.netdev(5)` for details. 2203 ''; 2204 }; 2205 2206 xfrmConfig = mkOption { 2207 default = { }; 2208 example = { 2209 InterfaceId = 1; 2210 }; 2211 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionXfrm; 2212 description = '' 2213 Each attribute in this set specifies an option in the 2214 `[Xfrm]` section of the unit. See 2215 {manpage}`systemd.netdev(5)` for details. 2216 ''; 2217 }; 2218 2219 vrfConfig = mkOption { 2220 default = { }; 2221 example = { 2222 Table = 2342; 2223 }; 2224 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionVRF; 2225 description = '' 2226 Each attribute in this set specifies an option in the 2227 `[VRF]` section of the unit. See 2228 {manpage}`systemd.netdev(5)` for details. 2229 A detailed explanation about how VRFs work can be found in the 2230 [kernel docs](https://www.kernel.org/doc/Documentation/networking/vrf.txt). 2231 ''; 2232 }; 2233 2234 wlanConfig = mkOption { 2235 default = { }; 2236 example = { 2237 PhysicalDevice = 0; 2238 Type = "station"; 2239 }; 2240 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionWLAN; 2241 description = '' 2242 Each attribute in this set specifies an option in the `[WLAN]` section of the unit. 2243 See {manpage}`systemd.netdev(5)` for details. 2244 ''; 2245 }; 2246 2247 batmanAdvancedConfig = mkOption { 2248 default = { }; 2249 example = { 2250 GatewayMode = "server"; 2251 RoutingAlgorithm = "batman-v"; 2252 }; 2253 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionBatmanAdvanced; 2254 description = '' 2255 Each attribute in this set specifies an option in the 2256 `[BatmanAdvanced]` section of the unit. See 2257 {manpage}`systemd.netdev(5)` for details. 2258 ''; 2259 }; 2260 2261 }; 2262 2263 networkOptions = commonNetworkOptions // { 2264 2265 linkConfig = mkOption { 2266 default = { }; 2267 example = { 2268 Unmanaged = true; 2269 }; 2270 type = types.addCheck (types.attrsOf unitOption) check.network.sectionLink; 2271 description = '' 2272 Each attribute in this set specifies an option in the 2273 `[Link]` section of the unit. See 2274 {manpage}`systemd.network(5)` for details. 2275 ''; 2276 }; 2277 2278 networkConfig = mkOption { 2279 default = { }; 2280 example = { 2281 Description = "My Network"; 2282 }; 2283 type = types.addCheck (types.attrsOf unitOption) check.network.sectionNetwork; 2284 description = '' 2285 Each attribute in this set specifies an option in the 2286 `[Network]` section of the unit. See 2287 {manpage}`systemd.network(5)` for details. 2288 ''; 2289 }; 2290 2291 # systemd.network.networks.*.dhcpConfig has been deprecated in favor of ….dhcpV4Config 2292 # Produce a nice warning message so users know it is gone. 2293 dhcpConfig = mkOption { 2294 visible = false; 2295 apply = 2296 _: 2297 throw "The option `systemd.network.networks.*.dhcpConfig` can no longer be used since it's been removed. Please use `systemd.network.networks.*.dhcpV4Config` instead."; 2298 }; 2299 2300 dhcpV4Config = mkOption { 2301 default = { }; 2302 example = { 2303 UseDNS = true; 2304 UseRoutes = true; 2305 }; 2306 type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPv4; 2307 description = '' 2308 Each attribute in this set specifies an option in the 2309 `[DHCPv4]` section of the unit. See 2310 {manpage}`systemd.network(5)` for details. 2311 ''; 2312 }; 2313 2314 dhcpV6Config = mkOption { 2315 default = { }; 2316 example = { 2317 UseDNS = true; 2318 }; 2319 type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPv6; 2320 description = '' 2321 Each attribute in this set specifies an option in the 2322 `[DHCPv6]` section of the unit. See 2323 {manpage}`systemd.network(5)` for details. 2324 ''; 2325 }; 2326 2327 dhcpV6PrefixDelegationConfig = mkOption { 2328 visible = false; 2329 apply = 2330 _: 2331 throw "The option `systemd.network.networks.<name>.dhcpV6PrefixDelegationConfig` has been renamed to `systemd.network.networks.<name>.dhcpPrefixDelegationConfig`."; 2332 }; 2333 2334 dhcpPrefixDelegationConfig = mkOption { 2335 default = { }; 2336 example = { 2337 SubnetId = "auto"; 2338 Announce = true; 2339 }; 2340 type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPPrefixDelegation; 2341 description = '' 2342 Each attribute in this set specifies an option in the 2343 `[DHCPPrefixDelegation]` section of the unit. See 2344 {manpage}`systemd.network(5)` for details. 2345 ''; 2346 }; 2347 2348 ipv6AcceptRAConfig = mkOption { 2349 default = { }; 2350 example = { 2351 UseDNS = true; 2352 DHCPv6Client = "always"; 2353 }; 2354 type = types.addCheck (types.attrsOf unitOption) check.network.sectionIPv6AcceptRA; 2355 description = '' 2356 Each attribute in this set specifies an option in the 2357 `[IPv6AcceptRA]` section of the unit. See 2358 {manpage}`systemd.network(5)` for details. 2359 ''; 2360 }; 2361 2362 dhcpServerConfig = mkOption { 2363 default = { }; 2364 example = { 2365 PoolOffset = 50; 2366 EmitDNS = false; 2367 }; 2368 type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPServer; 2369 description = '' 2370 Each attribute in this set specifies an option in the 2371 `[DHCPServer]` section of the unit. See 2372 {manpage}`systemd.network(5)` for details. 2373 ''; 2374 }; 2375 2376 # systemd.network.networks.*.ipv6PrefixDelegationConfig has been deprecated 2377 # in 247 in favor of systemd.network.networks.*.ipv6SendRAConfig. 2378 ipv6PrefixDelegationConfig = mkOption { 2379 visible = false; 2380 apply = 2381 _: 2382 throw "The option `systemd.network.networks.*.ipv6PrefixDelegationConfig` has been replaced by `systemd.network.networks.*.ipv6SendRAConfig`."; 2383 }; 2384 2385 ipv6SendRAConfig = mkOption { 2386 default = { }; 2387 example = { 2388 EmitDNS = true; 2389 Managed = true; 2390 OtherInformation = true; 2391 }; 2392 type = types.addCheck (types.attrsOf unitOption) check.network.sectionIPv6SendRA; 2393 description = '' 2394 Each attribute in this set specifies an option in the 2395 `[IPv6SendRA]` section of the unit. See 2396 {manpage}`systemd.network(5)` for details. 2397 ''; 2398 }; 2399 2400 ipv6PREF64Prefixes = mkOption { 2401 default = [ ]; 2402 example = [ { Prefix = "64:ff9b::/96"; } ]; 2403 type = types.listOf ( 2404 mkSubsectionType "ipv6PREF64PrefixConfig" check.network.sectionIPv6PREF64Prefix 2405 ); 2406 description = '' 2407 A list of IPv6PREF64Prefix sections to be added to the unit. See 2408 {manpage}`systemd.network(5)` for details. 2409 ''; 2410 }; 2411 2412 dhcpServerStaticLeases = mkOption { 2413 default = [ ]; 2414 example = [ 2415 { 2416 MACAddress = "65:43:4a:5b:d8:5f"; 2417 Address = "192.168.1.42"; 2418 } 2419 ]; 2420 type = types.listOf ( 2421 mkSubsectionType "dhcpServerStaticLeaseConfig" check.network.sectionDHCPServerStaticLease 2422 ); 2423 description = '' 2424 A list of DHCPServerStaticLease sections to be added to the unit. See 2425 {manpage}`systemd.network(5)` for details. 2426 ''; 2427 }; 2428 2429 ipv6Prefixes = mkOption { 2430 default = [ ]; 2431 example = [ 2432 { 2433 AddressAutoconfiguration = true; 2434 OnLink = true; 2435 } 2436 ]; 2437 type = types.listOf (mkSubsectionType "ipv6PrefixConfig" check.network.sectionIPv6Prefix); 2438 description = '' 2439 A list of ipv6Prefix sections to be added to the unit. See 2440 {manpage}`systemd.network(5)` for details. 2441 ''; 2442 }; 2443 2444 ipv6RoutePrefixes = mkOption { 2445 default = [ ]; 2446 example = [ 2447 { 2448 Route = "fd00::/64"; 2449 LifetimeSec = 3600; 2450 } 2451 ]; 2452 type = types.listOf (mkSubsectionType "ipv6RoutePrefixConfig" check.network.sectionIPv6RoutePrefix); 2453 description = '' 2454 A list of ipv6RoutePrefix sections to be added to the unit. See 2455 {manpage}`systemd.network(5)` for details. 2456 ''; 2457 }; 2458 2459 bridgeConfig = mkOption { 2460 default = { }; 2461 example = { 2462 MulticastFlood = false; 2463 Cost = 20; 2464 }; 2465 type = types.addCheck (types.attrsOf unitOption) check.network.sectionBridge; 2466 description = '' 2467 Each attribute in this set specifies an option in the 2468 `[Bridge]` section of the unit. See 2469 {manpage}`systemd.network(5)` for details. 2470 ''; 2471 }; 2472 2473 bridgeFDBs = mkOption { 2474 default = [ ]; 2475 example = [ 2476 { 2477 MACAddress = "90:e2:ba:43:fc:71"; 2478 Destination = "192.168.100.4"; 2479 VNI = 3600; 2480 } 2481 ]; 2482 type = types.listOf (mkSubsectionType "bridgeFDBConfig" check.network.sectionBridgeFDB); 2483 description = '' 2484 A list of BridgeFDB sections to be added to the unit. See 2485 {manpage}`systemd.network(5)` for details. 2486 ''; 2487 }; 2488 2489 bridgeMDBs = mkOption { 2490 default = [ ]; 2491 example = [ 2492 { 2493 MulticastGroupAddress = "ff02::1:2:3:4"; 2494 VLANId = 10; 2495 } 2496 ]; 2497 type = types.listOf (mkSubsectionType "bridgeMDBConfig" check.network.sectionBridgeMDB); 2498 description = '' 2499 A list of BridgeMDB sections to be added to the unit. See 2500 {manpage}`systemd.network(5)` for details. 2501 ''; 2502 }; 2503 2504 lldpConfig = mkOption { 2505 default = { }; 2506 example = { 2507 MUDURL = "https://things.example.org/product_abc123/v5"; 2508 }; 2509 type = types.addCheck (types.attrsOf unitOption) check.network.sectionLLDP; 2510 description = '' 2511 Each attribute in this set specifies an option in the 2512 `[LLDP]` section of the unit. See 2513 {manpage}`systemd.network(5)` for details. 2514 ''; 2515 }; 2516 2517 canConfig = mkOption { 2518 default = { }; 2519 example = { }; 2520 type = types.addCheck (types.attrsOf unitOption) check.network.sectionCAN; 2521 description = '' 2522 Each attribute in this set specifies an option in the 2523 `[CAN]` section of the unit. See 2524 {manpage}`systemd.network(5)` for details. 2525 ''; 2526 }; 2527 2528 ipoIBConfig = mkOption { 2529 default = { }; 2530 example = { }; 2531 type = types.addCheck (types.attrsOf unitOption) check.network.sectionIPoIB; 2532 description = '' 2533 Each attribute in this set specifies an option in the 2534 `[IPoIB]` section of the unit. See 2535 {manpage}`systemd.network(5)` for details. 2536 ''; 2537 }; 2538 2539 qdiscConfig = mkOption { 2540 default = { }; 2541 example = { 2542 Parent = "ingress"; 2543 }; 2544 type = types.addCheck (types.attrsOf unitOption) check.network.sectionQDisc; 2545 description = '' 2546 Each attribute in this set specifies an option in the 2547 `[QDisc]` section of the unit. See 2548 {manpage}`systemd.network(5)` for details. 2549 ''; 2550 }; 2551 2552 networkEmulatorConfig = mkOption { 2553 default = { }; 2554 example = { 2555 Parent = "ingress"; 2556 DelaySec = "20msec"; 2557 }; 2558 type = types.addCheck (types.attrsOf unitOption) check.network.sectionNetworkEmulator; 2559 description = '' 2560 Each attribute in this set specifies an option in the 2561 `[NetworkEmulator]` section of the unit. See 2562 {manpage}`systemd.network(5)` for details. 2563 ''; 2564 }; 2565 2566 tokenBucketFilterConfig = mkOption { 2567 default = { }; 2568 example = { 2569 Parent = "ingress"; 2570 Rate = "100k"; 2571 }; 2572 type = types.addCheck (types.attrsOf unitOption) check.network.sectionTokenBucketFilter; 2573 description = '' 2574 Each attribute in this set specifies an option in the 2575 `[TokenBucketFilter]` section of the unit. See 2576 {manpage}`systemd.network(5)` for details. 2577 ''; 2578 }; 2579 2580 pieConfig = mkOption { 2581 default = { }; 2582 example = { 2583 Parent = "ingress"; 2584 PacketLimit = "3847"; 2585 }; 2586 type = types.addCheck (types.attrsOf unitOption) check.network.sectionPIE; 2587 description = '' 2588 Each attribute in this set specifies an option in the 2589 `[PIE]` section of the unit. See 2590 {manpage}`systemd.network(5)` for details. 2591 ''; 2592 }; 2593 2594 flowQueuePIEConfig = mkOption { 2595 default = { }; 2596 example = { 2597 Parent = "ingress"; 2598 PacketLimit = "3847"; 2599 }; 2600 type = types.addCheck (types.attrsOf unitOption) check.network.sectionFlowQueuePIE; 2601 description = '' 2602 Each attribute in this set specifies an option in the 2603 `[FlowQueuePIE]` section of the unit. See 2604 {manpage}`systemd.network(5)` for details. 2605 ''; 2606 }; 2607 2608 stochasticFairBlueConfig = mkOption { 2609 default = { }; 2610 example = { 2611 Parent = "ingress"; 2612 PacketLimit = "3847"; 2613 }; 2614 type = types.addCheck (types.attrsOf unitOption) check.network.sectionStochasticFairBlue; 2615 description = '' 2616 Each attribute in this set specifies an option in the 2617 `[StochasticFairBlue]` section of the unit. See 2618 {manpage}`systemd.network(5)` for details. 2619 ''; 2620 }; 2621 2622 stochasticFairnessQueueingConfig = mkOption { 2623 default = { }; 2624 example = { 2625 Parent = "ingress"; 2626 PerturbPeriodSec = "30"; 2627 }; 2628 type = types.addCheck (types.attrsOf unitOption) check.network.sectionStochasticFairnessQueueing; 2629 description = '' 2630 Each attribute in this set specifies an option in the 2631 `[StochasticFairnessQueueing]` section of the unit. See 2632 {manpage}`systemd.network(5)` for details. 2633 ''; 2634 }; 2635 2636 bfifoConfig = mkOption { 2637 default = { }; 2638 example = { 2639 Parent = "ingress"; 2640 LimitBytes = "20K"; 2641 }; 2642 type = types.addCheck (types.attrsOf unitOption) check.network.sectionBFIFO; 2643 description = '' 2644 Each attribute in this set specifies an option in the 2645 `[BFIFO]` section of the unit. See 2646 {manpage}`systemd.network(5)` for details. 2647 ''; 2648 }; 2649 2650 pfifoConfig = mkOption { 2651 default = { }; 2652 example = { 2653 Parent = "ingress"; 2654 PacketLimit = "300"; 2655 }; 2656 type = types.addCheck (types.attrsOf unitOption) check.network.sectionPFIFO; 2657 description = '' 2658 Each attribute in this set specifies an option in the 2659 `[PFIFO]` section of the unit. See 2660 {manpage}`systemd.network(5)` for details. 2661 ''; 2662 }; 2663 2664 pfifoHeadDropConfig = mkOption { 2665 default = { }; 2666 example = { 2667 Parent = "ingress"; 2668 PacketLimit = "300"; 2669 }; 2670 type = types.addCheck (types.attrsOf unitOption) check.network.sectionPFIFOHeadDrop; 2671 description = '' 2672 Each attribute in this set specifies an option in the 2673 `[PFIFOHeadDrop]` section of the unit. See 2674 {manpage}`systemd.network(5)` for details. 2675 ''; 2676 }; 2677 2678 pfifoFastConfig = mkOption { 2679 default = { }; 2680 example = { 2681 Parent = "ingress"; 2682 }; 2683 type = types.addCheck (types.attrsOf unitOption) check.network.sectionPFIFOFast; 2684 description = '' 2685 Each attribute in this set specifies an option in the 2686 `[PFIFOFast]` section of the unit. See 2687 {manpage}`systemd.network(5)` for details. 2688 ''; 2689 }; 2690 2691 cakeConfig = mkOption { 2692 default = { }; 2693 example = { 2694 Bandwidth = "40M"; 2695 OverheadBytes = 8; 2696 CompensationMode = "ptm"; 2697 }; 2698 type = types.addCheck (types.attrsOf unitOption) check.network.sectionCAKE; 2699 description = '' 2700 Each attribute in this set specifies an option in the 2701 `[CAKE]` section of the unit. See 2702 {manpage}`systemd.network(5)` for details. 2703 ''; 2704 }; 2705 2706 controlledDelayConfig = mkOption { 2707 default = { }; 2708 example = { 2709 Parent = "ingress"; 2710 TargetSec = "20msec"; 2711 }; 2712 type = types.addCheck (types.attrsOf unitOption) check.network.sectionControlledDelay; 2713 description = '' 2714 Each attribute in this set specifies an option in the 2715 `[ControlledDelay]` section of the unit. See 2716 {manpage}`systemd.network(5)` for details. 2717 ''; 2718 }; 2719 2720 deficitRoundRobinSchedulerConfig = mkOption { 2721 default = { }; 2722 example = { 2723 Parent = "root"; 2724 }; 2725 type = types.addCheck (types.attrsOf unitOption) check.network.sectionDeficitRoundRobinScheduler; 2726 description = '' 2727 Each attribute in this set specifies an option in the 2728 `[DeficitRoundRobinScheduler]` section of the unit. See 2729 {manpage}`systemd.network(5)` for details. 2730 ''; 2731 }; 2732 2733 deficitRoundRobinSchedulerClassConfig = mkOption { 2734 default = { }; 2735 example = { 2736 Parent = "root"; 2737 QuantumBytes = "300k"; 2738 }; 2739 type = types.addCheck (types.attrsOf unitOption) check.network.sectionDeficitRoundRobinSchedulerClass; 2740 description = '' 2741 Each attribute in this set specifies an option in the 2742 `[DeficitRoundRobinSchedulerClass]` section of the unit. See 2743 {manpage}`systemd.network(5)` for details. 2744 ''; 2745 }; 2746 2747 enhancedTransmissionSelectionConfig = mkOption { 2748 default = { }; 2749 example = { 2750 Parent = "root"; 2751 QuantumBytes = "300k"; 2752 Bands = 3; 2753 PriorityMap = "100 200 300"; 2754 }; 2755 type = types.addCheck (types.attrsOf unitOption) check.network.sectionEnhancedTransmissionSelection; 2756 description = '' 2757 Each attribute in this set specifies an option in the 2758 `[EnhancedTransmissionSelection]` section of the unit. See 2759 {manpage}`systemd.network(5)` for details. 2760 ''; 2761 }; 2762 2763 genericRandomEarlyDetectionConfig = mkOption { 2764 default = { }; 2765 example = { 2766 Parent = "root"; 2767 VirtualQueues = 5; 2768 DefaultVirtualQueue = 3; 2769 }; 2770 type = types.addCheck (types.attrsOf unitOption) check.network.sectionGenericRandomEarlyDetection; 2771 description = '' 2772 Each attribute in this set specifies an option in the 2773 `[GenericRandomEarlyDetection]` section of the unit. See 2774 {manpage}`systemd.network(5)` for details. 2775 ''; 2776 }; 2777 2778 fairQueueingControlledDelayConfig = mkOption { 2779 default = { }; 2780 example = { 2781 Parent = "root"; 2782 Flows = 5; 2783 }; 2784 type = types.addCheck (types.attrsOf unitOption) check.network.sectionFairQueueingControlledDelay; 2785 description = '' 2786 Each attribute in this set specifies an option in the 2787 `[FairQueueingControlledDelay]` section of the unit. See 2788 {manpage}`systemd.network(5)` for details. 2789 ''; 2790 }; 2791 2792 fairQueueingConfig = mkOption { 2793 default = { }; 2794 example = { 2795 Parent = "root"; 2796 FlowLimit = 5; 2797 }; 2798 type = types.addCheck (types.attrsOf unitOption) check.network.sectionFairQueueing; 2799 description = '' 2800 Each attribute in this set specifies an option in the 2801 `[FairQueueing]` section of the unit. See 2802 {manpage}`systemd.network(5)` for details. 2803 ''; 2804 }; 2805 2806 trivialLinkEqualizerConfig = mkOption { 2807 default = { }; 2808 example = { 2809 Parent = "root"; 2810 Id = 0; 2811 }; 2812 type = types.addCheck (types.attrsOf unitOption) check.network.sectionTrivialLinkEqualizer; 2813 description = '' 2814 Each attribute in this set specifies an option in the 2815 `[TrivialLinkEqualizer]` section of the unit. See 2816 {manpage}`systemd.network(5)` for details. 2817 ''; 2818 }; 2819 2820 hierarchyTokenBucketConfig = mkOption { 2821 default = { }; 2822 example = { 2823 Parent = "root"; 2824 }; 2825 type = types.addCheck (types.attrsOf unitOption) check.network.sectionHierarchyTokenBucket; 2826 description = '' 2827 Each attribute in this set specifies an option in the 2828 `[HierarchyTokenBucket]` section of the unit. See 2829 {manpage}`systemd.network(5)` for details. 2830 ''; 2831 }; 2832 2833 hierarchyTokenBucketClassConfig = mkOption { 2834 default = { }; 2835 example = { 2836 Parent = "root"; 2837 Rate = "10M"; 2838 }; 2839 type = types.addCheck (types.attrsOf unitOption) check.network.sectionHierarchyTokenBucketClass; 2840 description = '' 2841 Each attribute in this set specifies an option in the 2842 `[HierarchyTokenBucketClass]` section of the unit. See 2843 {manpage}`systemd.network(5)` for details. 2844 ''; 2845 }; 2846 2847 heavyHitterFilterConfig = mkOption { 2848 default = { }; 2849 example = { 2850 Parent = "root"; 2851 PacketLimit = 10000; 2852 }; 2853 type = types.addCheck (types.attrsOf unitOption) check.network.sectionHeavyHitterFilter; 2854 description = '' 2855 Each attribute in this set specifies an option in the 2856 `[HeavyHitterFilter]` section of the unit. See 2857 {manpage}`systemd.network(5)` for details. 2858 ''; 2859 }; 2860 2861 quickFairQueueingConfig = mkOption { 2862 default = { }; 2863 example = { 2864 Parent = "root"; 2865 }; 2866 type = types.addCheck (types.attrsOf unitOption) check.network.sectionQuickFairQueueing; 2867 description = '' 2868 Each attribute in this set specifies an option in the 2869 `[QuickFairQueueing]` section of the unit. See 2870 {manpage}`systemd.network(5)` for details. 2871 ''; 2872 }; 2873 2874 quickFairQueueingConfigClass = mkOption { 2875 default = { }; 2876 example = { 2877 Parent = "root"; 2878 Weight = 133; 2879 }; 2880 type = types.addCheck (types.attrsOf unitOption) check.network.sectionQuickFairQueueingClass; 2881 description = '' 2882 Each attribute in this set specifies an option in the 2883 `[QuickFairQueueingClass]` section of the unit. See 2884 {manpage}`systemd.network(5)` for details. 2885 ''; 2886 }; 2887 2888 bridgeVLANs = mkOption { 2889 default = [ ]; 2890 example = [ { VLAN = "10-20"; } ]; 2891 type = types.listOf (mkSubsectionType "bridgeVLANConfig" check.network.sectionBridgeVLAN); 2892 description = '' 2893 A list of BridgeVLAN sections to be added to the unit. See 2894 {manpage}`systemd.network(5)` for details. 2895 ''; 2896 }; 2897 2898 name = mkOption { 2899 type = types.nullOr types.str; 2900 default = null; 2901 description = '' 2902 The name of the network interface to match against. 2903 ''; 2904 }; 2905 2906 DHCP = mkOption { 2907 type = types.nullOr types.str; 2908 default = null; 2909 description = '' 2910 Whether to enable DHCP on the interfaces matched. 2911 ''; 2912 }; 2913 2914 domains = mkOption { 2915 type = types.nullOr (types.listOf types.str); 2916 default = null; 2917 description = '' 2918 A list of domains to pass to the network config. 2919 ''; 2920 }; 2921 2922 address = mkOption { 2923 default = [ ]; 2924 type = types.listOf types.str; 2925 description = '' 2926 A list of addresses to be added to the network section of the 2927 unit. See {manpage}`systemd.network(5)` for details. 2928 ''; 2929 }; 2930 2931 gateway = mkOption { 2932 default = [ ]; 2933 type = types.listOf types.str; 2934 description = '' 2935 A list of gateways to be added to the network section of the 2936 unit. See {manpage}`systemd.network(5)` for details. 2937 ''; 2938 }; 2939 2940 dns = mkOption { 2941 default = [ ]; 2942 type = types.listOf types.str; 2943 description = '' 2944 A list of dns servers to be added to the network section of the 2945 unit. See {manpage}`systemd.network(5)` for details. 2946 ''; 2947 }; 2948 2949 ntp = mkOption { 2950 default = [ ]; 2951 type = types.listOf types.str; 2952 description = '' 2953 A list of ntp servers to be added to the network section of the 2954 unit. See {manpage}`systemd.network(5)` for details. 2955 ''; 2956 }; 2957 2958 bridge = mkOption { 2959 default = [ ]; 2960 type = types.listOf types.str; 2961 description = '' 2962 A list of bridge interfaces to be added to the network section of the 2963 unit. See {manpage}`systemd.network(5)` for details. 2964 ''; 2965 }; 2966 2967 bond = mkOption { 2968 default = [ ]; 2969 type = types.listOf types.str; 2970 description = '' 2971 A list of bond interfaces to be added to the network section of the 2972 unit. See {manpage}`systemd.network(5)` for details. 2973 ''; 2974 }; 2975 2976 vrf = mkOption { 2977 default = [ ]; 2978 type = types.listOf types.str; 2979 description = '' 2980 A list of vrf interfaces to be added to the network section of the 2981 unit. See {manpage}`systemd.network(5)` for details. 2982 ''; 2983 }; 2984 2985 vlan = mkOption { 2986 default = [ ]; 2987 type = types.listOf types.str; 2988 description = '' 2989 A list of vlan interfaces to be added to the network section of the 2990 unit. See {manpage}`systemd.network(5)` for details. 2991 ''; 2992 }; 2993 2994 macvlan = mkOption { 2995 default = [ ]; 2996 type = types.listOf types.str; 2997 description = '' 2998 A list of macvlan interfaces to be added to the network section of the 2999 unit. See {manpage}`systemd.network(5)` for details. 3000 ''; 3001 }; 3002 3003 macvtap = mkOption { 3004 default = [ ]; 3005 type = types.listOf types.str; 3006 description = '' 3007 A list of macvtap interfaces to be added to the network section of the 3008 unit. See {manpage}`systemd.network(5)` for details. 3009 ''; 3010 }; 3011 3012 vxlan = mkOption { 3013 default = [ ]; 3014 type = types.listOf types.str; 3015 description = '' 3016 A list of vxlan interfaces to be added to the network section of the 3017 unit. See {manpage}`systemd.network(5)` for details. 3018 ''; 3019 }; 3020 3021 tunnel = mkOption { 3022 default = [ ]; 3023 type = types.listOf types.str; 3024 description = '' 3025 A list of tunnel interfaces to be added to the network section of the 3026 unit. See {manpage}`systemd.network(5)` for details. 3027 ''; 3028 }; 3029 3030 xfrm = mkOption { 3031 default = [ ]; 3032 type = types.listOf types.str; 3033 description = '' 3034 A list of xfrm interfaces to be added to the network section of the 3035 unit. See {manpage}`systemd.network(5)` for details. 3036 ''; 3037 }; 3038 3039 addresses = mkOption { 3040 default = [ ]; 3041 example = [ { Address = "192.168.0.100/24"; } ]; 3042 type = types.listOf (mkSubsectionType "addressConfig" check.network.sectionAddress); 3043 description = '' 3044 A list of address sections to be added to the unit. See 3045 {manpage}`systemd.network(5)` for details. 3046 ''; 3047 }; 3048 3049 routingPolicyRules = mkOption { 3050 default = [ ]; 3051 example = [ 3052 { 3053 Table = 10; 3054 IncomingInterface = "eth1"; 3055 Family = "both"; 3056 } 3057 ]; 3058 type = types.listOf ( 3059 mkSubsectionType "routingPolicyRuleConfig" check.network.sectionRoutingPolicyRule 3060 ); 3061 description = '' 3062 A list of routing policy rules sections to be added to the unit. See 3063 {manpage}`systemd.network(5)` for details. 3064 ''; 3065 }; 3066 3067 routes = mkOption { 3068 default = [ ]; 3069 example = [ { Gateway = "192.168.0.1"; } ]; 3070 type = types.listOf (mkSubsectionType "routeConfig" check.network.sectionRoute); 3071 description = '' 3072 A list of route sections to be added to the unit. See 3073 {manpage}`systemd.network(5)` for details. 3074 ''; 3075 }; 3076 3077 }; 3078 3079 networkConfig = 3080 { config, ... }: 3081 { 3082 config = { 3083 matchConfig = optionalAttrs (config.name != null) { 3084 Name = config.name; 3085 }; 3086 networkConfig = 3087 optionalAttrs (config.DHCP != null) { 3088 DHCP = config.DHCP; 3089 } 3090 // optionalAttrs (config.domains != null) { 3091 Domains = concatStringsSep " " config.domains; 3092 }; 3093 }; 3094 }; 3095 3096 networkdConfig = 3097 { config, ... }: 3098 { 3099 options = { 3100 routeTables = mkOption { 3101 default = { }; 3102 example = { 3103 foo = 27; 3104 }; 3105 type = with types; attrsOf int; 3106 description = '' 3107 Defines route table names as an attrset of name to number. 3108 See {manpage}`networkd.conf(5)` for details. 3109 ''; 3110 }; 3111 3112 addRouteTablesToIPRoute2 = mkOption { 3113 default = true; 3114 example = false; 3115 type = types.bool; 3116 description = '' 3117 If true and routeTables are set, then the specified route tables 3118 will also be installed into /etc/iproute2/rt_tables. 3119 ''; 3120 }; 3121 }; 3122 3123 config = { 3124 networkConfig = optionalAttrs (config.routeTables != { }) { 3125 RouteTable = mapAttrsToList (name: number: "${name}:${toString number}") config.routeTables; 3126 }; 3127 }; 3128 }; 3129 3130 renderConfig = def: { 3131 text = 3132 '' 3133 [Network] 3134 ${attrsToSection def.networkConfig} 3135 '' 3136 + optionalString (def.dhcpV4Config != { }) '' 3137 [DHCPv4] 3138 ${attrsToSection def.dhcpV4Config} 3139 '' 3140 + optionalString (def.dhcpV6Config != { }) '' 3141 [DHCPv6] 3142 ${attrsToSection def.dhcpV6Config} 3143 ''; 3144 }; 3145 3146 mkUnitFiles = 3147 prefix: cfg: 3148 listToAttrs ( 3149 map (name: { 3150 name = "${prefix}systemd/network/${name}"; 3151 value.source = "${cfg.units.${name}.unit}/${name}"; 3152 }) (attrNames cfg.units) 3153 ); 3154 3155 commonOptions = visible: { 3156 3157 enable = mkOption { 3158 default = false; 3159 type = types.bool; 3160 description = '' 3161 Whether to enable networkd or not. 3162 ''; 3163 }; 3164 3165 links = mkOption { 3166 default = { }; 3167 inherit visible; 3168 type = with types; attrsOf (submodule [ { options = linkOptions; } ]); 3169 description = "Definition of systemd network links."; 3170 }; 3171 3172 netdevs = mkOption { 3173 default = { }; 3174 inherit visible; 3175 type = with types; attrsOf (submodule [ { options = netdevOptions; } ]); 3176 description = "Definition of systemd network devices."; 3177 }; 3178 3179 networks = mkOption { 3180 default = { }; 3181 inherit visible; 3182 type = 3183 with types; 3184 attrsOf (submodule [ 3185 { options = networkOptions; } 3186 networkConfig 3187 ]); 3188 description = "Definition of systemd networks."; 3189 }; 3190 3191 config = mkOption { 3192 default = { }; 3193 inherit visible; 3194 type = 3195 with types; 3196 submodule [ 3197 { options = networkdOptions; } 3198 networkdConfig 3199 ]; 3200 description = "Definition of global systemd network config."; 3201 }; 3202 3203 units = mkOption { 3204 description = "Definition of networkd units."; 3205 default = { }; 3206 internal = true; 3207 type = 3208 with types; 3209 attrsOf ( 3210 submodule ( 3211 { name, config, ... }: 3212 { 3213 options = mapAttrs (_: x: x // { internal = true; }) concreteUnitOptions; 3214 config = { 3215 unit = mkDefault (makeUnit name config); 3216 }; 3217 } 3218 ) 3219 ); 3220 }; 3221 3222 wait-online = { 3223 enable = mkOption { 3224 type = types.bool; 3225 default = true; 3226 example = false; 3227 description = '' 3228 Whether to enable the systemd-networkd-wait-online service. 3229 3230 systemd-networkd-wait-online can timeout and fail if there are no network interfaces 3231 available for it to manage. When systemd-networkd is enabled but a different service is 3232 responsible for managing the system's internet connection (for example, NetworkManager or 3233 connman are used to manage WiFi connections), this service is unnecessary and can be 3234 disabled. 3235 ''; 3236 }; 3237 anyInterface = mkOption { 3238 description = '' 3239 Whether to consider the network online when any interface is online, as opposed to all of them. 3240 This is useful on portable machines with a wired and a wireless interface, for example. 3241 3242 This is on by default if {option}`networking.useDHCP` is enabled. 3243 ''; 3244 type = types.bool; 3245 defaultText = "config.networking.useDHCP"; 3246 default = config.networking.useDHCP; 3247 }; 3248 3249 ignoredInterfaces = mkOption { 3250 description = '' 3251 Network interfaces to be ignored when deciding if the system is online. 3252 ''; 3253 type = with types; listOf str; 3254 default = [ ]; 3255 example = [ "wg0" ]; 3256 }; 3257 3258 timeout = mkOption { 3259 description = '' 3260 Time to wait for the network to come online, in seconds. Set to 0 to disable. 3261 ''; 3262 type = types.ints.unsigned; 3263 default = 120; 3264 example = 0; 3265 }; 3266 3267 extraArgs = mkOption { 3268 description = '' 3269 Extra command-line arguments to pass to systemd-networkd-wait-online. 3270 These also affect per-interface `systemd-network-wait-online@` services. 3271 3272 See {manpage}`systemd-networkd-wait-online.service(8)` for all available options. 3273 ''; 3274 type = with types; listOf str; 3275 default = [ ]; 3276 }; 3277 }; 3278 3279 }; 3280 3281 commonConfig = 3282 config: 3283 let 3284 cfg = config.systemd.network; 3285 mkUnit = f: def: { 3286 inherit (def) enable; 3287 text = f def; 3288 }; 3289 in 3290 mkMerge [ 3291 3292 # .link units are honored by udev, no matter if systemd-networkd is enabled or not. 3293 { 3294 systemd.network.units = mapAttrs' (n: v: nameValuePair "${n}.link" (mkUnit linkToUnit v)) cfg.links; 3295 3296 systemd.network.wait-online.extraArgs = 3297 [ "--timeout=${toString cfg.wait-online.timeout}" ] 3298 ++ optional cfg.wait-online.anyInterface "--any" 3299 ++ map (i: "--ignore=${i}") cfg.wait-online.ignoredInterfaces; 3300 } 3301 3302 (mkIf config.systemd.network.enable { 3303 3304 systemd.network.units = 3305 mapAttrs' (n: v: nameValuePair "${n}.netdev" (mkUnit netdevToUnit v)) cfg.netdevs 3306 // mapAttrs' (n: v: nameValuePair "${n}.network" (mkUnit networkToUnit v)) cfg.networks; 3307 3308 # systemd-networkd is socket-activated by kernel netlink route change 3309 # messages. It is important to have systemd buffer those on behalf of 3310 # networkd. 3311 systemd.sockets.systemd-networkd.wantedBy = [ "sockets.target" ]; 3312 3313 systemd.services.systemd-networkd-wait-online = { 3314 inherit (cfg.wait-online) enable; 3315 wantedBy = [ "network-online.target" ]; 3316 serviceConfig.ExecStart = [ 3317 "" 3318 "${config.systemd.package}/lib/systemd/systemd-networkd-wait-online ${utils.escapeSystemdExecArgs cfg.wait-online.extraArgs}" 3319 ]; 3320 }; 3321 3322 systemd.services."systemd-networkd-wait-online@" = { 3323 serviceConfig.ExecStart = [ 3324 "" 3325 "${config.systemd.package}/lib/systemd/systemd-networkd-wait-online -i %i ${utils.escapeSystemdExecArgs cfg.wait-online.extraArgs}" 3326 ]; 3327 }; 3328 3329 }) 3330 ]; 3331 3332 stage2Config = 3333 let 3334 cfg = config.systemd.network; 3335 unitFiles = mkUnitFiles "" cfg; 3336 in 3337 mkMerge [ 3338 (commonConfig config) 3339 3340 { environment.etc = unitFiles; } 3341 3342 (mkIf config.systemd.network.enable { 3343 3344 users.users.systemd-network.group = "systemd-network"; 3345 3346 systemd.additionalUpstreamSystemUnits = [ 3347 "systemd-networkd-wait-online.service" 3348 "systemd-networkd-wait-online@.service" 3349 "systemd-networkd.service" 3350 "systemd-networkd.socket" 3351 "systemd-networkd-persistent-storage.service" 3352 ]; 3353 3354 environment.etc."systemd/networkd.conf" = renderConfig cfg.config; 3355 3356 systemd.services.systemd-networkd = 3357 let 3358 isReloadableUnitFileName = unitFileName: strings.hasSuffix ".network" unitFileName; 3359 reloadableUnitFiles = attrsets.filterAttrs (k: v: isReloadableUnitFileName k) unitFiles; 3360 nonReloadableUnitFiles = attrsets.filterAttrs (k: v: !isReloadableUnitFileName k) unitFiles; 3361 unitFileSources = unitFiles: map (x: x.source) (attrValues unitFiles); 3362 in 3363 { 3364 wantedBy = [ "multi-user.target" ]; 3365 reloadTriggers = unitFileSources reloadableUnitFiles; 3366 restartTriggers = unitFileSources nonReloadableUnitFiles ++ [ 3367 config.environment.etc."systemd/networkd.conf".source 3368 ]; 3369 aliases = [ "dbus-org.freedesktop.network1.service" ]; 3370 notSocketActivated = true; 3371 stopIfChanged = false; 3372 }; 3373 3374 networking.iproute2 = mkIf (cfg.config.addRouteTablesToIPRoute2 && cfg.config.routeTables != { }) { 3375 enable = mkDefault true; 3376 rttablesExtraConfig = '' 3377 3378 # Extra tables defined in NixOS systemd.networkd.config.routeTables. 3379 ${concatStringsSep "\n" ( 3380 mapAttrsToList (name: number: "${toString number} ${name}") cfg.config.routeTables 3381 )} 3382 ''; 3383 }; 3384 3385 services.resolved.enable = mkDefault true; 3386 3387 }) 3388 ]; 3389 3390 stage1Options = { 3391 options.boot.initrd.systemd.network.networks = mkOption { 3392 type = 3393 with types; 3394 attrsOf (submodule { 3395 # Default in initrd is dhcp-on-stop, which is correct if flushBeforeStage2 = false 3396 config = mkIf config.boot.initrd.network.flushBeforeStage2 { 3397 networkConfig.KeepConfiguration = mkDefault false; 3398 }; 3399 }); 3400 }; 3401 }; 3402 3403 stage1Config = 3404 let 3405 cfg = config.boot.initrd.systemd.network; 3406 in 3407 mkMerge [ 3408 (commonConfig config.boot.initrd) 3409 3410 { 3411 systemd.network.enable = mkDefault config.boot.initrd.network.enable; 3412 systemd.contents = mkUnitFiles "/etc/" cfg; 3413 3414 # Networkd link files are used early by udev to set up interfaces early. 3415 # This must be done in stage 1 to avoid race conditions between udev and 3416 # network daemons. 3417 systemd.network.units = lib.filterAttrs (n: _: hasSuffix ".link" n) config.systemd.network.units; 3418 systemd.storePaths = [ 3419 "${config.boot.initrd.systemd.package}/lib/systemd/network/99-default.link" 3420 ]; 3421 } 3422 3423 (mkIf cfg.enable { 3424 3425 # For networkctl 3426 systemd.dbus.enable = mkDefault true; 3427 3428 systemd.additionalUpstreamUnits = [ 3429 "systemd-networkd-wait-online.service" 3430 "systemd-networkd.service" 3431 "systemd-networkd.socket" 3432 "systemd-network-generator.service" 3433 "network-online.target" 3434 "network-pre.target" 3435 "network.target" 3436 "nss-lookup.target" 3437 "nss-user-lookup.target" 3438 "remote-fs-pre.target" 3439 "remote-fs.target" 3440 ]; 3441 systemd.users.systemd-network = { }; 3442 systemd.groups.systemd-network = { }; 3443 3444 systemd.contents."/etc/systemd/networkd.conf" = renderConfig cfg.config; 3445 3446 systemd.services.systemd-networkd = { 3447 wantedBy = [ "initrd.target" ]; 3448 }; 3449 systemd.sockets.systemd-networkd = { 3450 wantedBy = [ "initrd.target" ]; 3451 }; 3452 3453 systemd.services.systemd-network-generator.wantedBy = [ "sysinit.target" ]; 3454 3455 systemd.storePaths = [ 3456 "${config.boot.initrd.systemd.package}/lib/systemd/systemd-networkd" 3457 "${config.boot.initrd.systemd.package}/lib/systemd/systemd-networkd-wait-online" 3458 "${config.boot.initrd.systemd.package}/lib/systemd/systemd-network-generator" 3459 ]; 3460 kernelModules = [ "af_packet" ]; 3461 3462 }) 3463 ]; 3464 3465in 3466 3467{ 3468 imports = [ stage1Options ]; 3469 3470 options = { 3471 systemd.network = commonOptions true; 3472 boot.initrd.systemd.network = commonOptions "shallow"; 3473 }; 3474 3475 config = mkMerge [ 3476 stage2Config 3477 (mkIf config.boot.initrd.systemd.enable { 3478 assertions = [ 3479 { 3480 assertion = 3481 !config.boot.initrd.network.udhcpc.enable && config.boot.initrd.network.udhcpc.extraArgs == [ ]; 3482 message = '' 3483 systemd stage 1 networking does not support 'boot.initrd.network.udhcpc'. Configure 3484 DHCP with 'networking.*' options or with 'boot.initrd.systemd.network' options. 3485 ''; 3486 } 3487 ]; 3488 3489 boot.initrd = stage1Config; 3490 }) 3491 ]; 3492}