pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / system / boot / networkd.nix
at master 104 kB view raw
1{ 2 config, 3 lib, 4 pkgs, 5 utils, 6 ... 7}: 8 9with utils.systemdUtils.unitOptions; 10with utils.systemdUtils.lib; 11with utils.systemdUtils.network.units; 12with lib; 13 14let 15 16 check = { 17 18 global = { 19 sectionNetwork = checkUnitConfig "Network" [ 20 (assertOnlyFields [ 21 "SpeedMeter" 22 "SpeedMeterIntervalSec" 23 "ManageForeignRoutingPolicyRules" 24 "ManageForeignRoutes" 25 "ManageForeignNextHops" 26 "RouteTable" 27 "IPv6PrivacyExtensions" 28 "IPv4Forwarding" 29 "IPv6Forwarding" 30 "UseDomains" 31 ]) 32 (assertValueOneOf "SpeedMeter" boolValues) 33 (assertInt "SpeedMeterIntervalSec") 34 (assertValueOneOf "ManageForeignRoutingPolicyRules" boolValues) 35 (assertValueOneOf "ManageForeignRoutes" boolValues) 36 (assertValueOneOf "ManageForeignNextHops" boolValues) 37 (assertValueOneOf "IPv6PrivacyExtensions" ( 38 boolValues 39 ++ [ 40 "prefer-public" 41 "kernel" 42 ] 43 )) 44 (assertValueOneOf "IPv4Forwarding" boolValues) 45 (assertValueOneOf "IPv6Forwarding" boolValues) 46 (assertValueOneOf "UseDomains" (boolValues ++ [ "route" ])) 47 ]; 48 49 sectionDHCPv4 = checkUnitConfig "DHCPv4" [ 50 (assertOnlyFields [ 51 "ClientIdentifier" 52 "DUIDType" 53 "DUIDRawData" 54 ]) 55 (assertValueOneOf "ClientIdentifier" [ 56 "mac" 57 "duid" 58 "duid-only" 59 ]) 60 ]; 61 62 sectionDHCPv6 = checkUnitConfig "DHCPv6" [ 63 (assertOnlyFields [ 64 "DUIDType" 65 "DUIDRawData" 66 ]) 67 ]; 68 }; 69 70 link = { 71 72 sectionLink = checkUnitConfig "Link" [ 73 (assertOnlyFields [ 74 "Description" 75 "Alias" 76 "MACAddressPolicy" 77 "MACAddress" 78 "NamePolicy" 79 "Name" 80 "AlternativeNamesPolicy" 81 "AlternativeName" 82 "MTUBytes" 83 "BitsPerSecond" 84 "Duplex" 85 "AutoNegotiation" 86 "WakeOnLan" 87 "Port" 88 "Advertise" 89 "ReceiveChecksumOffload" 90 "TransmitChecksumOffload" 91 "TCPSegmentationOffload" 92 "TCP6SegmentationOffload" 93 "GenericSegmentationOffload" 94 "GenericReceiveOffload" 95 "LargeReceiveOffload" 96 "RxChannels" 97 "TxChannels" 98 "OtherChannels" 99 "CombinedChannels" 100 "RxBufferSize" 101 "TxBufferSize" 102 "ReceiveQueues" 103 "TransmitQueues" 104 "TransmitQueueLength" 105 "RxFlowControl" 106 "TxFlowControl" 107 "AutoNegotiationFlowControl" 108 ]) 109 (assertValueOneOf "MACAddressPolicy" [ 110 "persistent" 111 "random" 112 "none" 113 ]) 114 (assertMacAddress "MACAddress") 115 (assertByteFormat "MTUBytes") 116 (assertByteFormat "BitsPerSecond") 117 (assertValueOneOf "Duplex" [ 118 "half" 119 "full" 120 ]) 121 (assertValueOneOf "AutoNegotiation" boolValues) 122 (assertValuesSomeOfOr "WakeOnLan" [ 123 "phy" 124 "unicast" 125 "multicast" 126 "broadcast" 127 "arp" 128 "magic" 129 "secureon" 130 ] "off") 131 (assertValueOneOf "Port" [ 132 "tp" 133 "aui" 134 "bnc" 135 "mii" 136 "fibre" 137 ]) 138 (assertValueOneOf "ReceiveChecksumOffload" boolValues) 139 (assertValueOneOf "TransmitChecksumOffload" boolValues) 140 (assertValueOneOf "TCPSegmentationOffload" boolValues) 141 (assertValueOneOf "TCP6SegmentationOffload" boolValues) 142 (assertValueOneOf "GenericSegmentationOffload" boolValues) 143 (assertValueOneOf "GenericReceiveOffload" boolValues) 144 (assertValueOneOf "LargeReceiveOffload" boolValues) 145 (assertValueOneOf "RxFlowControl" boolValues) 146 (assertValueOneOf "TxFlowControl" boolValues) 147 (assertValueOneOf "AutoNegotiationFlowControl" boolValues) 148 (assertInt "RxChannels") 149 (assertRange "RxChannels" 1 4294967295) 150 (assertInt "TxChannels") 151 (assertRange "TxChannels" 1 4294967295) 152 (assertInt "OtherChannels") 153 (assertRange "OtherChannels" 1 4294967295) 154 (assertInt "CombinedChannels") 155 (assertRange "CombinedChannels" 1 4294967295) 156 (assertInt "RxBufferSize") 157 (assertInt "TxBufferSize") 158 (assertRange "ReceiveQueues" 1 4096) 159 (assertRange "TransmitQueues" 1 4096) 160 (assertRange "TransmitQueueLength" 1 4294967294) 161 ]; 162 }; 163 164 netdev = 165 let 166 167 tunChecks = [ 168 (assertOnlyFields [ 169 "MultiQueue" 170 "PacketInfo" 171 "VNetHeader" 172 "User" 173 "Group" 174 "KeepCarrier" 175 ]) 176 (assertValueOneOf "MultiQueue" boolValues) 177 (assertValueOneOf "PacketInfo" boolValues) 178 (assertValueOneOf "VNetHeader" boolValues) 179 (assertValueOneOf "KeepCarrier" boolValues) 180 ]; 181 182 # See https://www.freedesktop.org/software/systemd/man/latest/systemd.netdev.html#%5BIPVTAP%5D%20Section%20Options 183 ipVlanVtapChecks = [ 184 (assertOnlyFields [ 185 "Mode" 186 "Flags" 187 ]) 188 (assertValueOneOf "Mode" [ 189 "L2" 190 "L3" 191 "L3S" 192 ]) 193 (assertValueOneOf "Flags" [ 194 "private" 195 "vepa" 196 "bridge" 197 ]) 198 ]; 199 in 200 { 201 202 sectionNetdev = checkUnitConfig "Netdev" [ 203 (assertOnlyFields [ 204 "Description" 205 "Name" 206 "Kind" 207 "MTUBytes" 208 "MACAddress" 209 ]) 210 (assertHasField "Name") 211 (assertHasField "Kind") 212 (assertValueOneOf "Kind" [ 213 "bond" 214 "bridge" 215 "dummy" 216 "gre" 217 "gretap" 218 "erspan" 219 "ip6gre" 220 "ip6tnl" 221 "ip6gretap" 222 "ipip" 223 "ipvlan" 224 "ipvtap" 225 "macvlan" 226 "macvtap" 227 "sit" 228 "tap" 229 "tun" 230 "veth" 231 "vlan" 232 "vti" 233 "vti6" 234 "vxlan" 235 "geneve" 236 "l2tp" 237 "macsec" 238 "wlan" 239 "vrf" 240 "vcan" 241 "vxcan" 242 "wireguard" 243 "netdevsim" 244 "nlmon" 245 "fou" 246 "xfrm" 247 "ifb" 248 "batadv" 249 ]) 250 (assertByteFormat "MTUBytes") 251 (assertNetdevMacAddress "MACAddress") 252 ]; 253 254 sectionBridge = checkUnitConfig "Bridge" [ 255 (assertOnlyFields [ 256 "HelloTimeSec" 257 "MaxAgeSec" 258 "ForwardDelaySec" 259 "AgeingTimeSec" 260 "Priority" 261 "GroupForwardMask" 262 "DefaultPVID" 263 "MulticastQuerier" 264 "MulticastSnooping" 265 "VLANFiltering" 266 "VLANProtocol" 267 "STP" 268 "MulticastIGMPVersion" 269 ]) 270 (assertInt "HelloTimeSec") 271 (assertInt "MaxAgeSec") 272 (assertInt "ForwardDelaySec") 273 (assertInt "AgeingTimeSec") 274 (assertRange "Priority" 0 65535) 275 (assertRange "GroupForwardMask" 0 65535) 276 (assertRangeOrOneOf "DefaultPVID" 0 4094 [ "none" ]) 277 (assertValueOneOf "MulticastQuerier" boolValues) 278 (assertValueOneOf "MulticastSnooping" boolValues) 279 (assertValueOneOf "VLANFiltering" boolValues) 280 (assertValueOneOf "VLANProtocol" [ 281 "802.1q" 282 "802.ad" 283 ]) 284 (assertValueOneOf "STP" boolValues) 285 (assertValueOneOf "MulticastIGMPVersion" [ 286 2 287 3 288 ]) 289 ]; 290 291 sectionVLAN = checkUnitConfig "VLAN" [ 292 (assertOnlyFields [ 293 "Id" 294 "GVRP" 295 "MVRP" 296 "LooseBinding" 297 "ReorderHeader" 298 ]) 299 (assertInt "Id") 300 (assertRange "Id" 0 4094) 301 (assertValueOneOf "GVRP" boolValues) 302 (assertValueOneOf "MVRP" boolValues) 303 (assertValueOneOf "LooseBinding" boolValues) 304 (assertValueOneOf "ReorderHeader" boolValues) 305 ]; 306 307 sectionIPVLAN = checkUnitConfig "IPVLAN" ipVlanVtapChecks; 308 309 sectionIPVTAP = checkUnitConfig "IPVTAP" ipVlanVtapChecks; 310 311 sectionMACVLAN = checkUnitConfig "MACVLAN" [ 312 (assertOnlyFields [ 313 "Mode" 314 ]) 315 (assertValueOneOf "Mode" [ 316 "private" 317 "vepa" 318 "bridge" 319 "passthru" 320 ]) 321 ]; 322 323 sectionVXLAN = checkUnitConfig "VXLAN" [ 324 (assertOnlyFields [ 325 "VNI" 326 "Remote" 327 "Local" 328 "Group" 329 "TOS" 330 "TTL" 331 "MacLearning" 332 "FDBAgeingSec" 333 "MaximumFDBEntries" 334 "ReduceARPProxy" 335 "L2MissNotification" 336 "L3MissNotification" 337 "RouteShortCircuit" 338 "UDPChecksum" 339 "UDP6ZeroChecksumTx" 340 "UDP6ZeroChecksumRx" 341 "RemoteChecksumTx" 342 "RemoteChecksumRx" 343 "GroupPolicyExtension" 344 "GenericProtocolExtension" 345 "DestinationPort" 346 "PortRange" 347 "FlowLabel" 348 "IPDoNotFragment" 349 "Independent" 350 ]) 351 (assertInt "VNI") 352 (assertRange "VNI" 1 16777215) 353 (assertValueOneOf "MacLearning" boolValues) 354 (assertInt "MaximumFDBEntries") 355 (assertValueOneOf "ReduceARPProxy" boolValues) 356 (assertValueOneOf "L2MissNotification" boolValues) 357 (assertValueOneOf "L3MissNotification" boolValues) 358 (assertValueOneOf "RouteShortCircuit" boolValues) 359 (assertValueOneOf "UDPChecksum" boolValues) 360 (assertValueOneOf "UDP6ZeroChecksumTx" boolValues) 361 (assertValueOneOf "UDP6ZeroChecksumRx" boolValues) 362 (assertValueOneOf "RemoteChecksumTx" boolValues) 363 (assertValueOneOf "RemoteChecksumRx" boolValues) 364 (assertValueOneOf "GroupPolicyExtension" boolValues) 365 (assertValueOneOf "GenericProtocolExtension" boolValues) 366 (assertInt "FlowLabel") 367 (assertRange "FlowLabel" 0 1048575) 368 (assertValueOneOf "IPDoNotFragment" (boolValues + [ "inherit" ])) 369 (assertValueOneOf "Independent" boolValues) 370 ]; 371 372 sectionTunnel = checkUnitConfig "Tunnel" [ 373 (assertOnlyFields [ 374 "Local" 375 "Remote" 376 "TOS" 377 "TTL" 378 "DiscoverPathMTU" 379 "IPv6FlowLabel" 380 "CopyDSCP" 381 "EncapsulationLimit" 382 "Key" 383 "InputKey" 384 "OutputKey" 385 "Mode" 386 "Independent" 387 "AssignToLoopback" 388 "AllowLocalRemote" 389 "FooOverUDP" 390 "FOUDestinationPort" 391 "FOUSourcePort" 392 "Encapsulation" 393 "IPv6RapidDeploymentPrefix" 394 "ISATAP" 395 "SerializeTunneledPackets" 396 "ERSPANIndex" 397 ]) 398 (assertInt "TTL") 399 (assertRange "TTL" 0 255) 400 (assertValueOneOf "DiscoverPathMTU" boolValues) 401 (assertValueOneOf "CopyDSCP" boolValues) 402 (assertValueOneOf "Mode" [ 403 "ip6ip6" 404 "ipip6" 405 "any" 406 ]) 407 (assertValueOneOf "Independent" boolValues) 408 (assertValueOneOf "AssignToLoopback" boolValues) 409 (assertValueOneOf "AllowLocalRemote" boolValues) 410 (assertValueOneOf "FooOverUDP" boolValues) 411 (assertPort "FOUDestinationPort") 412 (assertPort "FOUSourcePort") 413 (assertValueOneOf "Encapsulation" [ 414 "FooOverUDP" 415 "GenericUDPEncapsulation" 416 ]) 417 (assertValueOneOf "ISATAP" boolValues) 418 (assertValueOneOf "SerializeTunneledPackets" boolValues) 419 (assertInt "ERSPANIndex") 420 (assertRange "ERSPANIndex" 1 1048575) 421 ]; 422 423 sectionFooOverUDP = checkUnitConfig "FooOverUDP" [ 424 (assertOnlyFields [ 425 "Port" 426 "Encapsulation" 427 "Protocol" 428 ]) 429 (assertPort "Port") 430 (assertValueOneOf "Encapsulation" [ 431 "FooOverUDP" 432 "GenericUDPEncapsulation" 433 ]) 434 ]; 435 436 sectionPeer = checkUnitConfig "Peer" [ 437 (assertOnlyFields [ 438 "Name" 439 "MACAddress" 440 ]) 441 (assertMacAddress "MACAddress") 442 ]; 443 444 sectionTun = checkUnitConfig "Tun" tunChecks; 445 446 sectionTap = checkUnitConfig "Tap" tunChecks; 447 448 sectionL2TP = checkUnitConfig "L2TP" [ 449 (assertOnlyFields [ 450 "TunnelId" 451 "PeerTunnelId" 452 "Remote" 453 "Local" 454 "EncapsulationType" 455 "UDPSourcePort" 456 "UDPDestinationPort" 457 "UDPChecksum" 458 "UDP6ZeroChecksumTx" 459 "UDP6ZeroChecksumRx" 460 ]) 461 (assertInt "TunnelId") 462 (assertRange "TunnelId" 1 4294967295) 463 (assertInt "PeerTunnelId") 464 (assertRange "PeerTunnelId" 1 4294967295) 465 (assertValueOneOf "EncapsulationType" [ 466 "ip" 467 "udp" 468 ]) 469 (assertPort "UDPSourcePort") 470 (assertPort "UDPDestinationPort") 471 (assertValueOneOf "UDPChecksum" boolValues) 472 (assertValueOneOf "UDP6ZeroChecksumTx" boolValues) 473 (assertValueOneOf "UDP6ZeroChecksumRx" boolValues) 474 ]; 475 476 sectionL2TPSession = checkUnitConfigWithLegacyKey "l2tpSessionConfig" "L2TPSession" [ 477 (assertOnlyFields [ 478 "Name" 479 "SessionId" 480 "PeerSessionId" 481 "Layer2SpecificHeader" 482 ]) 483 (assertHasField "Name") 484 (assertHasField "SessionId") 485 (assertInt "SessionId") 486 (assertRange "SessionId" 1 4294967295) 487 (assertHasField "PeerSessionId") 488 (assertInt "PeerSessionId") 489 (assertRange "PeerSessionId" 1 4294967295) 490 (assertValueOneOf "Layer2SpecificHeader" [ 491 "none" 492 "default" 493 ]) 494 ]; 495 496 # NOTE Check whether the key starts with an @, in which case it is 497 # interpreted as the name of the credential from which the actual key 498 # shall be read by systemd-creds. 499 # Do not remove this check as the nix store is world-readable. 500 sectionWireGuard = checkUnitConfig "WireGuard" [ 501 (assertKeyIsSystemdCredential "PrivateKey") 502 (assertOnlyFields [ 503 "PrivateKey" 504 "PrivateKeyFile" 505 "ListenPort" 506 "FirewallMark" 507 "RouteTable" 508 "RouteMetric" 509 ]) 510 (assertInt "FirewallMark") 511 (assertRange "FirewallMark" 1 4294967295) 512 ]; 513 514 # NOTE Check whether the key starts with an @, in which case it is 515 # interpreted as the name of the credential from which the actual key 516 # shall be read by systemd-creds. 517 # Do not remove this check as the nix store is world-readable. 518 sectionWireGuardPeer = checkUnitConfigWithLegacyKey "wireguardPeerConfig" "WireGuardPeer" [ 519 (assertKeyIsSystemdCredential "PresharedKey") 520 (assertOnlyFields [ 521 "PublicKey" 522 "PublicKeyFile" 523 "PresharedKey" 524 "PresharedKeyFile" 525 "AllowedIPs" 526 "Endpoint" 527 "PersistentKeepalive" 528 "RouteTable" 529 "RouteMetric" 530 ]) 531 (assertInt "PersistentKeepalive") 532 (assertRange "PersistentKeepalive" 0 65535) 533 ]; 534 535 sectionBond = checkUnitConfig "Bond" [ 536 (assertOnlyFields [ 537 "Mode" 538 "TransmitHashPolicy" 539 "LACPTransmitRate" 540 "MIIMonitorSec" 541 "UpDelaySec" 542 "DownDelaySec" 543 "LearnPacketIntervalSec" 544 "AdSelect" 545 "AdActorSystemPriority" 546 "AdUserPortKey" 547 "AdActorSystem" 548 "FailOverMACPolicy" 549 "ARPValidate" 550 "ARPIntervalSec" 551 "ARPIPTargets" 552 "ARPAllTargets" 553 "PrimaryReselectPolicy" 554 "ResendIGMP" 555 "PacketsPerSlave" 556 "GratuitousARP" 557 "AllSlavesActive" 558 "DynamicTransmitLoadBalancing" 559 "MinLinks" 560 ]) 561 (assertValueOneOf "Mode" [ 562 "balance-rr" 563 "active-backup" 564 "balance-xor" 565 "broadcast" 566 "802.3ad" 567 "balance-tlb" 568 "balance-alb" 569 ]) 570 (assertValueOneOf "TransmitHashPolicy" [ 571 "layer2" 572 "layer3+4" 573 "layer2+3" 574 "encap2+3" 575 "encap3+4" 576 ]) 577 (assertValueOneOf "LACPTransmitRate" [ 578 "slow" 579 "fast" 580 ]) 581 (assertValueOneOf "AdSelect" [ 582 "stable" 583 "bandwidth" 584 "count" 585 ]) 586 (assertInt "AdActorSystemPriority") 587 (assertRange "AdActorSystemPriority" 1 65535) 588 (assertInt "AdUserPortKey") 589 (assertRange "AdUserPortKey" 0 1023) 590 (assertValueOneOf "FailOverMACPolicy" [ 591 "none" 592 "active" 593 "follow" 594 ]) 595 (assertValueOneOf "ARPValidate" [ 596 "none" 597 "active" 598 "backup" 599 "all" 600 ]) 601 (assertValueOneOf "ARPAllTargets" [ 602 "any" 603 "all" 604 ]) 605 (assertValueOneOf "PrimaryReselectPolicy" [ 606 "always" 607 "better" 608 "failure" 609 ]) 610 (assertInt "ResendIGMP") 611 (assertRange "ResendIGMP" 0 255) 612 (assertInt "PacketsPerSlave") 613 (assertRange "PacketsPerSlave" 0 65535) 614 (assertInt "GratuitousARP") 615 (assertRange "GratuitousARP" 0 255) 616 (assertValueOneOf "AllSlavesActive" boolValues) 617 (assertValueOneOf "DynamicTransmitLoadBalancing" boolValues) 618 (assertInt "MinLinks") 619 (assertMinimum "MinLinks" 0) 620 ]; 621 622 sectionXfrm = checkUnitConfig "Xfrm" [ 623 (assertOnlyFields [ 624 "InterfaceId" 625 "Independent" 626 ]) 627 (assertInt "InterfaceId") 628 (assertRange "InterfaceId" 1 4294967295) 629 (assertValueOneOf "Independent" boolValues) 630 ]; 631 632 sectionVRF = checkUnitConfig "VRF" [ 633 (assertOnlyFields [ 634 "Table" 635 ]) 636 (assertInt "Table") 637 (assertMinimum "Table" 0) 638 ]; 639 640 sectionWLAN = checkUnitConfig "WLAN" [ 641 (assertOnlyFields [ 642 "PhysicalDevice" # systemd supports both strings ("phy0") and indexes (0) here. 643 "Type" 644 "WDS" 645 ]) 646 # See https://github.com/systemd/systemd/blob/main/src/basic/linux/nl80211.h#L3382 647 (assertValueOneOf "Type" [ 648 "ad-hoc" 649 "station" 650 "ap" 651 "ap-vlan" 652 "wds" 653 "monitor" 654 "mesh-point" 655 "p2p-client" 656 "p2p-go" 657 "p2p-device" 658 "ocb" 659 "nan" 660 ]) 661 (assertValueOneOf "WDS" boolValues) 662 ]; 663 664 sectionBatmanAdvanced = checkUnitConfig "BatmanAdvanced" [ 665 (assertOnlyFields [ 666 "GatewayMode" 667 "Aggregation" 668 "BridgeLoopAvoidance" 669 "DistributedArpTable" 670 "Fragmentation" 671 "HopPenalty" 672 "OriginatorIntervalSec" 673 "GatewayBandwithDown" 674 "GatewayBandwithUp" 675 "RoutingAlgorithm" 676 ]) 677 (assertValueOneOf "GatewayMode" [ 678 "off" 679 "client" 680 "server" 681 ]) 682 (assertValueOneOf "Aggregation" boolValues) 683 (assertValueOneOf "BridgeLoopAvoidance" boolValues) 684 (assertValueOneOf "DistributedArpTable" boolValues) 685 (assertValueOneOf "Fragmentation" boolValues) 686 (assertInt "HopPenalty") 687 (assertRange "HopPenalty" 0 255) 688 (assertValueOneOf "RoutingAlgorithm" [ 689 "batman-v" 690 "batman-iv" 691 ]) 692 ]; 693 }; 694 695 network = { 696 697 sectionLink = checkUnitConfig "Link" [ 698 (assertOnlyFields [ 699 "MACAddress" 700 "MTUBytes" 701 "ARP" 702 "Multicast" 703 "AllMulticast" 704 "Unmanaged" 705 "Group" 706 "RequiredForOnline" 707 "RequiredFamilyForOnline" 708 "ActivationPolicy" 709 "Promiscuous" 710 ]) 711 (assertMacAddress "MACAddress") 712 (assertByteFormat "MTUBytes") 713 (assertValueOneOf "ARP" boolValues) 714 (assertValueOneOf "Multicast" boolValues) 715 (assertValueOneOf "AllMulticast" boolValues) 716 (assertValueOneOf "Promiscuous" boolValues) 717 (assertValueOneOf "Unmanaged" boolValues) 718 (assertInt "Group") 719 (assertRange "Group" 0 2147483647) 720 (assertValueOneOf "RequiredForOnline" ( 721 boolValues 722 ++ ( 723 let 724 # https://freedesktop.org/software/systemd/man/networkctl.html#missing 725 operationalStates = [ 726 "missing" 727 "off" 728 "no-carrier" 729 "dormant" 730 "degraded-carrier" 731 "carrier" 732 "degraded" 733 "enslaved" 734 "routable" 735 ]; 736 operationalStateRanges = concatLists ( 737 imap0 (i: min: map (max: "${min}:${max}") (drop i operationalStates)) operationalStates 738 ); 739 in 740 operationalStates ++ operationalStateRanges 741 ) 742 )) 743 (assertValueOneOf "RequiredFamilyForOnline" [ 744 "ipv4" 745 "ipv6" 746 "both" 747 "any" 748 ]) 749 (assertValueOneOf "ActivationPolicy" ([ 750 "up" 751 "always-up" 752 "manual" 753 "always-down" 754 "down" 755 "bound" 756 ])) 757 ]; 758 759 sectionNetwork = checkUnitConfig "Network" [ 760 (assertOnlyFields [ 761 "Description" 762 "DHCP" 763 "DHCPServer" 764 "LinkLocalAddressing" 765 "IPv6LinkLocalAddressGenerationMode" 766 "IPv6StableSecretAddress" 767 "IPv4LLStartAddress" 768 "IPv4LLRoute" 769 "DefaultRouteOnDevice" 770 "LLMNR" 771 "MulticastDNS" 772 "DNSOverTLS" 773 "DNSSEC" 774 "DNSSECNegativeTrustAnchors" 775 "LLDP" 776 "EmitLLDP" 777 "BindCarrier" 778 "Address" 779 "Gateway" 780 "DNS" 781 "UseDomains" 782 "Domains" 783 "DNSDefaultRoute" 784 "NTP" 785 "IPForward" 786 "IPv4Forwarding" 787 "IPv6Forwarding" 788 "IPMasquerade" 789 "IPv6PrivacyExtensions" 790 "IPv6AcceptRA" 791 "IPv6DuplicateAddressDetection" 792 "IPv6HopLimit" 793 "IPv6RetransmissionTimeSec" 794 "IPv4ReversePathFilter" 795 "IPv4AcceptLocal" 796 "IPv4RouteLocalnet" 797 "IPv4ProxyARP" 798 "IPv4ProxyARPPrivateVLAN" 799 "IPv6ProxyNDP" 800 "IPv6ProxyNDPAddress" 801 "IPv6SendRA" 802 "DHCPPrefixDelegation" 803 "IPv6MTUBytes" 804 "KeepMaster" 805 "Bridge" 806 "Bond" 807 "VRF" 808 "VLAN" 809 "IPVLAN" 810 "IPVTAP" 811 "MACVLAN" 812 "MACVTAP" 813 "VXLAN" 814 "Tunnel" 815 "MACsec" 816 "ActiveSlave" 817 "PrimarySlave" 818 "ConfigureWithoutCarrier" 819 "IgnoreCarrierLoss" 820 "Xfrm" 821 "KeepConfiguration" 822 "BatmanAdvanced" 823 ]) 824 # Note: For DHCP the values both, none, v4, v6 are deprecated 825 (assertValueOneOf "DHCP" ( 826 boolValues 827 ++ [ 828 "ipv4" 829 "ipv6" 830 ] 831 )) 832 (assertValueOneOf "DHCPServer" boolValues) 833 (assertValueOneOf "LinkLocalAddressing" ( 834 boolValues 835 ++ [ 836 "ipv4" 837 "ipv6" 838 "fallback" 839 "ipv4-fallback" 840 ] 841 )) 842 (assertValueOneOf "IPv6LinkLocalAddressGenerationMode" [ 843 "eui64" 844 "none" 845 "stable-privacy" 846 "random" 847 ]) 848 (assertValueOneOf "IPv4LLRoute" boolValues) 849 (assertValueOneOf "DefaultRouteOnDevice" boolValues) 850 (assertValueOneOf "LLMNR" (boolValues ++ [ "resolve" ])) 851 (assertValueOneOf "MulticastDNS" (boolValues ++ [ "resolve" ])) 852 (assertValueOneOf "DNSOverTLS" (boolValues ++ [ "opportunistic" ])) 853 (assertValueOneOf "DNSSEC" (boolValues ++ [ "allow-downgrade" ])) 854 (assertValueOneOf "LLDP" (boolValues ++ [ "routers-only" ])) 855 (assertValueOneOf "EmitLLDP" ( 856 boolValues 857 ++ [ 858 "nearest-bridge" 859 "non-tpmr-bridge" 860 "customer-bridge" 861 ] 862 )) 863 (assertValueOneOf "UseDomains" (boolValues ++ [ "route" ])) 864 (assertValueOneOf "DNSDefaultRoute" boolValues) 865 (assertRemoved "IPForward" "IPv4Forwarding and IPv6Forwarding in systemd.network(5) and networkd.conf(5). Please note that setting these options on multiple interfaces may lead to unintended results, see https://github.com/systemd/systemd/issues/33414 or the relevant sections in systemd.network(5).") 866 (assertValueOneOf "IPv4Forwarding" boolValues) 867 (assertValueOneOf "IPv6Forwarding" boolValues) 868 (assertValueOneOf "IPMasquerade" ( 869 boolValues 870 ++ [ 871 "ipv4" 872 "ipv6" 873 "both" 874 ] 875 )) 876 (assertValueOneOf "IPv6PrivacyExtensions" ( 877 boolValues 878 ++ [ 879 "prefer-public" 880 "kernel" 881 ] 882 )) 883 (assertValueOneOf "IPv6AcceptRA" boolValues) 884 (assertInt "IPv6DuplicateAddressDetection") 885 (assertMinimum "IPv6DuplicateAddressDetection" 0) 886 (assertInt "IPv6HopLimit") 887 (assertMinimum "IPv6HopLimit" 0) 888 (assertInt "IPv6RetransmissionTimeSec") 889 (assertValueOneOf "IPv4ReversePathFilter" [ 890 "no" 891 "strict" 892 "loose" 893 ]) 894 (assertValueOneOf "IPv4AcceptLocal" boolValues) 895 (assertValueOneOf "IPv4RouteLocalnet" boolValues) 896 (assertValueOneOf "IPv4ProxyARP" boolValues) 897 (assertValueOneOf "IPv4ProxyARPPrivateVLAN" boolValues) 898 (assertValueOneOf "IPv6ProxyNDP" boolValues) 899 (assertValueOneOf "IPv6SendRA" boolValues) 900 (assertValueOneOf "DHCPPrefixDelegation" boolValues) 901 (assertByteFormat "IPv6MTUBytes") 902 (assertValueOneOf "KeepMaster" boolValues) 903 (assertValueOneOf "ActiveSlave" boolValues) 904 (assertValueOneOf "PrimarySlave" boolValues) 905 (assertValueOneOf "ConfigureWithoutCarrier" boolValues) 906 (assertValueOneOf "KeepConfiguration" ( 907 boolValues 908 ++ [ 909 "static" 910 "dynamic-on-stop" 911 "dynamic" 912 ] 913 )) 914 ]; 915 916 sectionAddress = checkUnitConfigWithLegacyKey "addressConfig" "Address" [ 917 (assertOnlyFields [ 918 "Address" 919 "Peer" 920 "Broadcast" 921 "Label" 922 "PreferredLifetime" 923 "Scope" 924 "RouteMetric" 925 "HomeAddress" 926 "DuplicateAddressDetection" 927 "ManageTemporaryAddress" 928 "AddPrefixRoute" 929 "AutoJoin" 930 "NetLabel" 931 "NFTSet" 932 ]) 933 (assertHasField "Address") 934 (assertValueOneOf "PreferredLifetime" [ 935 "forever" 936 "infinity" 937 "0" 938 0 939 ]) 940 (assertInt "RouteMetric") 941 (assertValueOneOf "HomeAddress" boolValues) 942 (assertValueOneOf "DuplicateAddressDetection" [ 943 "ipv4" 944 "ipv6" 945 "both" 946 "none" 947 ]) 948 (assertValueOneOf "ManageTemporaryAddress" boolValues) 949 (assertValueOneOf "AddPrefixRoute" boolValues) 950 (assertValueOneOf "AutoJoin" boolValues) 951 ]; 952 953 sectionRoutingPolicyRule = 954 checkUnitConfigWithLegacyKey "routingPolicyRuleConfig" "RoutingPolicyRule" 955 [ 956 (assertOnlyFields [ 957 "TypeOfService" 958 "From" 959 "To" 960 "FirewallMark" 961 "Table" 962 "Priority" 963 "IncomingInterface" 964 "OutgoingInterface" 965 "L3MasterDevice" 966 "SourcePort" 967 "DestinationPort" 968 "IPProtocol" 969 "InvertRule" 970 "Family" 971 "User" 972 "SuppressPrefixLength" 973 "Type" 974 "SuppressInterfaceGroup" 975 ]) 976 (assertInt "TypeOfService") 977 (assertRange "TypeOfService" 0 255) 978 (assertRangeWithOptionalMask "FirewallMark" 1 4294967295) 979 (assertInt "Priority") 980 (assertValueOneOf "L3MasterDevice" boolValues) 981 (assertPortOrPortRange "SourcePort") 982 (assertPortOrPortRange "DestinationPort") 983 (assertValueOneOf "InvertRule" boolValues) 984 (assertValueOneOf "Family" [ 985 "ipv4" 986 "ipv6" 987 "both" 988 ]) 989 (assertInt "SuppressPrefixLength") 990 (assertRange "SuppressPrefixLength" 0 128) 991 (assertValueOneOf "Type" [ 992 "blackhole" 993 "unreachable" 994 "prohibit" 995 ]) 996 (assertRange "SuppressInterfaceGroup" 0 2147483647) 997 ]; 998 999 sectionRoute = checkUnitConfigWithLegacyKey "routeConfig" "Route" [ 1000 (assertOnlyFields [ 1001 "Gateway" 1002 "GatewayOnLink" 1003 "Destination" 1004 "Source" 1005 "Metric" 1006 "IPv6Preference" 1007 "Scope" 1008 "PreferredSource" 1009 "Table" 1010 "Protocol" 1011 "Type" 1012 "InitialCongestionWindow" 1013 "InitialAdvertisedReceiveWindow" 1014 "QuickAck" 1015 "FastOpenNoCookie" 1016 "TTLPropagate" 1017 "MTUBytes" 1018 "IPServiceType" 1019 "MultiPathRoute" 1020 ]) 1021 (assertValueOneOf "GatewayOnLink" boolValues) 1022 (assertInt "Metric") 1023 (assertValueOneOf "IPv6Preference" [ 1024 "low" 1025 "medium" 1026 "high" 1027 ]) 1028 (assertValueOneOf "Scope" [ 1029 "global" 1030 "site" 1031 "link" 1032 "host" 1033 "nowhere" 1034 ]) 1035 (assertValueOneOf "Type" [ 1036 "unicast" 1037 "local" 1038 "broadcast" 1039 "anycast" 1040 "multicast" 1041 "blackhole" 1042 "unreachable" 1043 "prohibit" 1044 "throw" 1045 "nat" 1046 "xresolve" 1047 ]) 1048 (assertValueOneOf "QuickAck" boolValues) 1049 (assertValueOneOf "FastOpenNoCookie" boolValues) 1050 (assertValueOneOf "TTLPropagate" boolValues) 1051 (assertByteFormat "MTUBytes") 1052 (assertValueOneOf "IPServiceType" [ 1053 "CS6" 1054 "CS4" 1055 ]) 1056 ]; 1057 1058 sectionDHCPv4 = checkUnitConfig "DHCPv4" [ 1059 (assertOnlyFields [ 1060 "UseDNS" 1061 "RoutesToDNS" 1062 "UseNTP" 1063 "UseSIP" 1064 "UseMTU" 1065 "Anonymize" 1066 "SendHostname" 1067 "UseHostname" 1068 "Hostname" 1069 "UseDomains" 1070 "UseGateway" 1071 "UseRoutes" 1072 "UseTimezone" 1073 "IPv6OnlyMode" 1074 "ClientIdentifier" 1075 "VendorClassIdentifier" 1076 "UserClass" 1077 "MaxAttempts" 1078 "DUIDType" 1079 "DUIDRawData" 1080 "IAID" 1081 "RequestAddress" 1082 "RequestBroadcast" 1083 "RouteMetric" 1084 "RapidCommit" 1085 "RouteTable" 1086 "RouteMTUBytes" 1087 "ListenPort" 1088 "SendRelease" 1089 "SendDecline" 1090 "BlackList" 1091 "RequestOptions" 1092 "SendOption" 1093 "FallbackLeaseLifetimeSec" 1094 "Label" 1095 "Use6RD" 1096 "NetLabel" 1097 "NFTSet" 1098 ]) 1099 (assertValueOneOf "UseDNS" boolValues) 1100 (assertValueOneOf "RoutesToDNS" boolValues) 1101 (assertValueOneOf "UseNTP" boolValues) 1102 (assertValueOneOf "UseSIP" boolValues) 1103 (assertValueOneOf "UseMTU" boolValues) 1104 (assertValueOneOf "Anonymize" boolValues) 1105 (assertValueOneOf "SendHostname" boolValues) 1106 (assertValueOneOf "UseHostname" boolValues) 1107 (assertValueOneOf "UseDomains" (boolValues ++ [ "route" ])) 1108 (assertValueOneOf "UseGateway" boolValues) 1109 (assertValueOneOf "UseRoutes" boolValues) 1110 (assertValueOneOf "UseTimezone" boolValues) 1111 (assertValueOneOf "IPv6OnlyMode" boolValues) 1112 (assertValueOneOf "ClientIdentifier" [ 1113 "mac" 1114 "duid" 1115 "duid-only" 1116 ]) 1117 (assertInt "IAID") 1118 (assertValueOneOf "RequestBroadcast" boolValues) 1119 (assertInt "RouteMetric") 1120 (assertValueOneOf "RapidCommit" boolValues) 1121 (assertInt "RouteTable") 1122 (assertRange "RouteTable" 0 4294967295) 1123 (assertByteFormat "RouteMTUBytes") 1124 (assertPort "ListenPort") 1125 (assertValueOneOf "SendRelease" boolValues) 1126 (assertValueOneOf "SendDecline" boolValues) 1127 (assertValueOneOf "FallbackLeaseLifetimeSec" [ 1128 "forever" 1129 "infinity" 1130 ]) 1131 (assertValueOneOf "Use6RD" boolValues) 1132 ]; 1133 1134 sectionDHCPv6 = checkUnitConfig "DHCPv6" [ 1135 (assertOnlyFields [ 1136 "UseAddress" 1137 "UseDNS" 1138 "UseNTP" 1139 "SendHostname" 1140 "UseHostname" 1141 "Hostname" 1142 "UseDomains" 1143 "RouteMetric" 1144 "RapidCommit" 1145 "MUDURL" 1146 "RequestOptions" 1147 "SendVendorOption" 1148 "PrefixDelegationHint" 1149 "WithoutRA" 1150 "SendOption" 1151 "UserClass" 1152 "VendorClass" 1153 "DUIDType" 1154 "DUIDRawData" 1155 "IAID" 1156 "UseDelegatedPrefix" 1157 "SendRelease" 1158 "NetLabel" 1159 "NFTSet" 1160 ]) 1161 (assertValueOneOf "UseAddress" boolValues) 1162 (assertValueOneOf "UseDNS" boolValues) 1163 (assertValueOneOf "UseNTP" boolValues) 1164 (assertValueOneOf "SendHostname" boolValues) 1165 (assertValueOneOf "UseHostname" boolValues) 1166 (assertValueOneOf "UseDomains" (boolValues ++ [ "route" ])) 1167 (assertInt "RouteMetric") 1168 (assertValueOneOf "RapidCommit" boolValues) 1169 (assertValueOneOf "WithoutRA" [ 1170 "no" 1171 "solicit" 1172 "information-request" 1173 ]) 1174 (assertRange "SendOption" 1 65536) 1175 (assertInt "IAID") 1176 (assertValueOneOf "UseDelegatedPrefix" boolValues) 1177 (assertValueOneOf "SendRelease" boolValues) 1178 ]; 1179 1180 sectionDHCPPrefixDelegation = checkUnitConfig "DHCPPrefixDelegation" [ 1181 (assertOnlyFields [ 1182 "UplinkInterface" 1183 "SubnetId" 1184 "Announce" 1185 "Assign" 1186 "Token" 1187 "ManageTemporaryAddress" 1188 "RouteMetric" 1189 "NetLabel" 1190 "NFTSet" 1191 ]) 1192 (assertValueOneOf "Announce" boolValues) 1193 (assertValueOneOf "Assign" boolValues) 1194 (assertValueOneOf "ManageTemporaryAddress" boolValues) 1195 (assertRange "RouteMetric" 0 4294967295) 1196 ]; 1197 1198 sectionIPv6AcceptRA = checkUnitConfig "IPv6AcceptRA" [ 1199 (assertOnlyFields [ 1200 "UseDNS" 1201 "UseDomains" 1202 "RouteTable" 1203 "UseAutonomousPrefix" 1204 "UseOnLinkPrefix" 1205 "RouterDenyList" 1206 "RouterAllowList" 1207 "PrefixDenyList" 1208 "PrefixAllowList" 1209 "RouteDenyList" 1210 "RouteAllowList" 1211 "DHCPv6Client" 1212 "RouteMetric" 1213 "UseMTU" 1214 "UseGateway" 1215 "UseRoutePrefix" 1216 "Token" 1217 "UsePREF64" 1218 "NetLabel" 1219 "NFTSet" 1220 ]) 1221 (assertValueOneOf "UseDNS" boolValues) 1222 (assertValueOneOf "UseDomains" (boolValues ++ [ "route" ])) 1223 (assertRange "RouteTable" 0 4294967295) 1224 (assertValueOneOf "UseAutonomousPrefix" boolValues) 1225 (assertValueOneOf "UseOnLinkPrefix" boolValues) 1226 (assertValueOneOf "DHCPv6Client" (boolValues ++ [ "always" ])) 1227 (assertValueOneOf "UseMTU" boolValues) 1228 (assertValueOneOf "UseGateway" boolValues) 1229 (assertValueOneOf "UseRoutePrefix" boolValues) 1230 (assertValueOneOf "UsePREF64" boolValues) 1231 ]; 1232 1233 sectionDHCPServer = checkUnitConfig "DHCPServer" [ 1234 (assertOnlyFields [ 1235 "ServerAddress" 1236 "PoolOffset" 1237 "PoolSize" 1238 "DefaultLeaseTimeSec" 1239 "MaxLeaseTimeSec" 1240 "UplinkInterface" 1241 "EmitDNS" 1242 "DNS" 1243 "EmitNTP" 1244 "NTP" 1245 "EmitSIP" 1246 "SIP" 1247 "EmitPOP3" 1248 "POP3" 1249 "EmitSMTP" 1250 "SMTP" 1251 "EmitLPR" 1252 "LPR" 1253 "EmitRouter" 1254 "Router" 1255 "EmitTimezone" 1256 "Timezone" 1257 "SendOption" 1258 "SendVendorOption" 1259 "BindToInterface" 1260 "RelayTarget" 1261 "RelayAgentCircuitId" 1262 "RelayAgentRemoteId" 1263 "BootServerAddress" 1264 "BootServerName" 1265 "BootFilename" 1266 "IPv6OnlyPreferredSec" 1267 "PersistLeases" 1268 ]) 1269 (assertInt "PoolOffset") 1270 (assertMinimum "PoolOffset" 0) 1271 (assertInt "PoolSize") 1272 (assertMinimum "PoolSize" 0) 1273 (assertValueOneOf "EmitDNS" boolValues) 1274 (assertValueOneOf "EmitNTP" boolValues) 1275 (assertValueOneOf "EmitSIP" boolValues) 1276 (assertValueOneOf "EmitPOP3" boolValues) 1277 (assertValueOneOf "EmitSMTP" boolValues) 1278 (assertValueOneOf "EmitLPR" boolValues) 1279 (assertValueOneOf "EmitRouter" boolValues) 1280 (assertValueOneOf "EmitTimezone" boolValues) 1281 (assertValueOneOf "BindToInterface" boolValues) 1282 (assertValueOneOf "PersistLeases" boolValues) 1283 ]; 1284 1285 sectionIPv6SendRA = checkUnitConfig "IPv6SendRA" [ 1286 (assertOnlyFields [ 1287 "Managed" 1288 "OtherInformation" 1289 "RouterLifetimeSec" 1290 "RetransmitSec" 1291 "RouterPreference" 1292 "HopLimit" 1293 "UplinkInterface" 1294 "EmitDNS" 1295 "DNS" 1296 "EmitDomains" 1297 "Domains" 1298 "DNSLifetimeSec" 1299 "HomeAgent" 1300 "HomeAgentLifetimeSec" 1301 "HomeAgentPreference" 1302 ]) 1303 (assertValueOneOf "Managed" boolValues) 1304 (assertValueOneOf "OtherInformation" boolValues) 1305 (assertValueOneOf "RouterPreference" [ 1306 "high" 1307 "medium" 1308 "low" 1309 "normal" 1310 "default" 1311 ]) 1312 (assertInt "HopLimit") 1313 (assertValueOneOf "EmitDNS" boolValues) 1314 (assertValueOneOf "EmitDomains" boolValues) 1315 (assertValueOneOf "HomeAgent" boolValues) 1316 (assertInt "HomeAgentPreference") 1317 ]; 1318 1319 sectionIPv6PREF64Prefix = checkUnitConfigWithLegacyKey "ipv6PREF64PrefixConfig" "IPv6PREF64Prefix" [ 1320 (assertOnlyFields [ 1321 "Prefix" 1322 "LifetimeSec" 1323 ]) 1324 (assertInt "LifetimeSec") 1325 ]; 1326 1327 sectionIPv6Prefix = checkUnitConfigWithLegacyKey "ipv6PrefixConfig" "IPv6Prefix" [ 1328 (assertOnlyFields [ 1329 "AddressAutoconfiguration" 1330 "OnLink" 1331 "Prefix" 1332 "PreferredLifetimeSec" 1333 "ValidLifetimeSec" 1334 "Assign" 1335 "Token" 1336 ]) 1337 (assertValueOneOf "AddressAutoconfiguration" boolValues) 1338 (assertValueOneOf "OnLink" boolValues) 1339 (assertValueOneOf "Assign" boolValues) 1340 ]; 1341 1342 sectionIPv6RoutePrefix = checkUnitConfigWithLegacyKey "ipv6RoutePrefixConfig" "IPv6RoutePrefix" [ 1343 (assertOnlyFields [ 1344 "Route" 1345 "LifetimeSec" 1346 ]) 1347 (assertHasField "Route") 1348 (assertInt "LifetimeSec") 1349 ]; 1350 1351 sectionDHCPServerStaticLease = 1352 checkUnitConfigWithLegacyKey "dhcpServerStaticLeaseConfig" "DHCPServerStaticLease" 1353 [ 1354 (assertOnlyFields [ 1355 "MACAddress" 1356 "Address" 1357 ]) 1358 (assertHasField "MACAddress") 1359 (assertHasField "Address") 1360 (assertMacAddress "MACAddress") 1361 ]; 1362 1363 sectionBridge = checkUnitConfig "Bridge" [ 1364 (assertOnlyFields [ 1365 "UnicastFlood" 1366 "MulticastFlood" 1367 "MulticastToUnicast" 1368 "NeighborSuppression" 1369 "Learning" 1370 "HairPin" 1371 "Isolated" 1372 "UseBPDU" 1373 "FastLeave" 1374 "AllowPortToBeRoot" 1375 "ProxyARP" 1376 "ProxyARPWiFi" 1377 "MulticastRouter" 1378 "Cost" 1379 "Priority" 1380 ]) 1381 (assertValueOneOf "UnicastFlood" boolValues) 1382 (assertValueOneOf "MulticastFlood" boolValues) 1383 (assertValueOneOf "MulticastToUnicast" boolValues) 1384 (assertValueOneOf "NeighborSuppression" boolValues) 1385 (assertValueOneOf "Learning" boolValues) 1386 (assertValueOneOf "HairPin" boolValues) 1387 (assertValueOneOf "Isolated" boolValues) 1388 (assertValueOneOf "UseBPDU" boolValues) 1389 (assertValueOneOf "FastLeave" boolValues) 1390 (assertValueOneOf "AllowPortToBeRoot" boolValues) 1391 (assertValueOneOf "ProxyARP" boolValues) 1392 (assertValueOneOf "ProxyARPWiFi" boolValues) 1393 (assertValueOneOf "MulticastRouter" [ 1394 "no" 1395 "query" 1396 "permanent" 1397 "temporary" 1398 ]) 1399 (assertInt "Cost") 1400 (assertRange "Cost" 1 65535) 1401 (assertInt "Priority") 1402 (assertRange "Priority" 0 63) 1403 ]; 1404 1405 sectionBridgeFDB = checkUnitConfigWithLegacyKey "bridgeFDBConfig" "BridgeFDB" [ 1406 (assertOnlyFields [ 1407 "MACAddress" 1408 "Destination" 1409 "VLANId" 1410 "VNI" 1411 "AssociatedWith" 1412 "OutgoingInterface" 1413 ]) 1414 (assertHasField "MACAddress") 1415 (assertInt "VLANId") 1416 (assertRange "VLANId" 0 4094) 1417 (assertInt "VNI") 1418 (assertRange "VNI" 1 16777215) 1419 (assertValueOneOf "AssociatedWith" [ 1420 "use" 1421 "self" 1422 "master" 1423 "router" 1424 ]) 1425 ]; 1426 1427 sectionBridgeMDB = checkUnitConfigWithLegacyKey "bridgeMDBConfig" "BridgeMDB" [ 1428 (assertOnlyFields [ 1429 "MulticastGroupAddress" 1430 "VLANId" 1431 ]) 1432 (assertHasField "MulticastGroupAddress") 1433 (assertInt "VLANId") 1434 (assertRange "VLANId" 0 4094) 1435 ]; 1436 1437 sectionLLDP = checkUnitConfig "LLDP" [ 1438 (assertOnlyFields [ 1439 "MUDURL" 1440 ]) 1441 ]; 1442 1443 sectionCAN = checkUnitConfig "CAN" [ 1444 (assertOnlyFields [ 1445 "BitRate" 1446 "SamplePoint" 1447 "TimeQuantaNSec" 1448 "PropagationSegment" 1449 "PhaseBufferSegment1" 1450 "PhaseBufferSegment2" 1451 "SyncJumpWidth" 1452 "DataBitRate" 1453 "DataSamplePoint" 1454 "DataTimeQuantaNSec" 1455 "DataPropagationSegment" 1456 "DataPhaseBufferSegment1" 1457 "DataPhaseBufferSegment2" 1458 "DataSyncJumpWidth" 1459 "FDMode" 1460 "FDNonISO" 1461 "RestartSec" 1462 "Termination" 1463 "TripleSampling" 1464 "BusErrorReporting" 1465 "ListenOnly" 1466 "Loopback" 1467 "OneShot" 1468 "PresumeAck" 1469 "ClassicDataLengthCode" 1470 ]) 1471 (assertInt "TimeQuantaNSec") 1472 (assertRange "TimeQuantaNSec" 0 4294967295) 1473 (assertInt "PropagationSegment") 1474 (assertRange "PropagationSegment" 0 4294967295) 1475 (assertInt "PhaseBufferSegment1") 1476 (assertRange "PhaseBufferSegment1" 0 4294967295) 1477 (assertInt "PhaseBufferSegment2") 1478 (assertRange "PhaseBufferSegment2" 0 4294967295) 1479 (assertInt "SyncJumpWidth") 1480 (assertRange "SyncJumpWidth" 0 4294967295) 1481 (assertInt "DataTimeQuantaNSec") 1482 (assertRange "DataTimeQuantaNSec" 0 4294967295) 1483 (assertInt "DataPropagationSegment") 1484 (assertRange "DataPropagationSegment" 0 4294967295) 1485 (assertInt "DataPhaseBufferSegment1") 1486 (assertRange "DataPhaseBufferSegment1" 0 4294967295) 1487 (assertInt "DataPhaseBufferSegment2") 1488 (assertRange "DataPhaseBufferSegment2" 0 4294967295) 1489 (assertInt "DataSyncJumpWidth") 1490 (assertRange "DataSyncJumpWidth" 0 4294967295) 1491 (assertValueOneOf "FDMode" boolValues) 1492 (assertValueOneOf "FDNonISO" boolValues) 1493 (assertValueOneOf "TripleSampling" boolValues) 1494 (assertValueOneOf "BusErrorReporting" boolValues) 1495 (assertValueOneOf "ListenOnly" boolValues) 1496 (assertValueOneOf "Loopback" boolValues) 1497 (assertValueOneOf "OneShot" boolValues) 1498 (assertValueOneOf "PresumeAck" boolValues) 1499 (assertValueOneOf "ClassicDataLengthCode" boolValues) 1500 ]; 1501 1502 sectionIPoIB = checkUnitConfig "IPoIB" [ 1503 (assertOnlyFields [ 1504 "Mode" 1505 "IgnoreUserspaceMulticastGroup" 1506 ]) 1507 (assertValueOneOf "Mode" [ 1508 "datagram" 1509 "connected" 1510 ]) 1511 (assertValueOneOf "IgnoreUserspaceMulticastGroup" boolValues) 1512 ]; 1513 1514 sectionQDisc = checkUnitConfig "QDisc" [ 1515 (assertOnlyFields [ 1516 "Parent" 1517 "Handle" 1518 ]) 1519 (assertValueOneOf "Parent" [ 1520 "clsact" 1521 "ingress" 1522 ]) 1523 ]; 1524 1525 sectionNetworkEmulator = checkUnitConfig "NetworkEmulator" [ 1526 (assertOnlyFields [ 1527 "Parent" 1528 "Handle" 1529 "DelaySec" 1530 "DelayJitterSec" 1531 "PacketLimit" 1532 "LossRate" 1533 "DuplicateRate" 1534 ]) 1535 (assertInt "PacketLimit") 1536 (assertRange "PacketLimit" 0 4294967294) 1537 ]; 1538 1539 sectionTokenBucketFilter = checkUnitConfig "TokenBucketFilter" [ 1540 (assertOnlyFields [ 1541 "Parent" 1542 "Handle" 1543 "LatencySec" 1544 "LimitBytes" 1545 "BurstBytes" 1546 "Rate" 1547 "MPUBytes" 1548 "PeakRate" 1549 "MTUBytes" 1550 ]) 1551 ]; 1552 1553 sectionPIE = checkUnitConfig "PIE" [ 1554 (assertOnlyFields [ 1555 "Parent" 1556 "Handle" 1557 "PacketLimit" 1558 ]) 1559 (assertInt "PacketLimit") 1560 (assertRange "PacketLimit" 1 4294967294) 1561 ]; 1562 1563 sectionFlowQueuePIE = checkUnitConfig "FlowQueuePIE" [ 1564 (assertOnlyFields [ 1565 "Parent" 1566 "Handle" 1567 "PacketLimit" 1568 ]) 1569 (assertInt "PacketLimit") 1570 (assertRange "PacketLimit" 1 4294967294) 1571 ]; 1572 1573 sectionStochasticFairBlue = checkUnitConfig "StochasticFairBlue" [ 1574 (assertOnlyFields [ 1575 "Parent" 1576 "Handle" 1577 "PacketLimit" 1578 ]) 1579 (assertInt "PacketLimit") 1580 (assertRange "PacketLimit" 1 4294967294) 1581 ]; 1582 1583 sectionStochasticFairnessQueueing = checkUnitConfig "StochasticFairnessQueueing" [ 1584 (assertOnlyFields [ 1585 "Parent" 1586 "Handle" 1587 "PerturbPeriodSec" 1588 ]) 1589 (assertInt "PerturbPeriodSec") 1590 ]; 1591 1592 sectionBFIFO = checkUnitConfig "BFIFO" [ 1593 (assertOnlyFields [ 1594 "Parent" 1595 "Handle" 1596 "LimitBytes" 1597 ]) 1598 ]; 1599 1600 sectionPFIFO = checkUnitConfig "PFIFO" [ 1601 (assertOnlyFields [ 1602 "Parent" 1603 "Handle" 1604 "PacketLimit" 1605 ]) 1606 (assertInt "PacketLimit") 1607 (assertRange "PacketLimit" 0 4294967294) 1608 ]; 1609 1610 sectionPFIFOHeadDrop = checkUnitConfig "PFIFOHeadDrop" [ 1611 (assertOnlyFields [ 1612 "Parent" 1613 "Handle" 1614 "PacketLimit" 1615 ]) 1616 (assertInt "PacketLimit") 1617 (assertRange "PacketLimit" 0 4294967294) 1618 ]; 1619 1620 sectionPFIFOFast = checkUnitConfig "PFIFOFast" [ 1621 (assertOnlyFields [ 1622 "Parent" 1623 "Handle" 1624 ]) 1625 ]; 1626 1627 sectionCAKE = checkUnitConfig "CAKE" [ 1628 (assertOnlyFields [ 1629 "Parent" 1630 "Handle" 1631 "Bandwidth" 1632 "AutoRateIngress" 1633 "OverheadBytes" 1634 "MPUBytes" 1635 "CompensationMode" 1636 "UseRawPacketSize" 1637 "FlowIsolationMode" 1638 "NAT" 1639 "PriorityQueueingPreset" 1640 "FirewallMark" 1641 "Wash" 1642 "SplitGSO" 1643 "AckFilter" 1644 "RTTSec" 1645 ]) 1646 (assertValueOneOf "AutoRateIngress" boolValues) 1647 (assertInt "OverheadBytes") 1648 (assertRange "OverheadBytes" (-64) 256) 1649 (assertInt "MPUBytes") 1650 (assertRange "MPUBytes" 1 256) 1651 (assertValueOneOf "CompensationMode" [ 1652 "none" 1653 "atm" 1654 "ptm" 1655 ]) 1656 (assertValueOneOf "UseRawPacketSize" boolValues) 1657 (assertValueOneOf "FlowIsolationMode" [ 1658 "none" 1659 "src-host" 1660 "dst-host" 1661 "hosts" 1662 "flows" 1663 "dual-src-host" 1664 "dual-dst-host" 1665 "triple" 1666 ]) 1667 (assertValueOneOf "NAT" boolValues) 1668 (assertValueOneOf "PriorityQueueingPreset" [ 1669 "besteffort" 1670 "precedence" 1671 "diffserv8" 1672 "diffserv4" 1673 "diffserv3" 1674 ]) 1675 (assertInt "FirewallMark") 1676 (assertRange "FirewallMark" 1 4294967295) 1677 (assertValueOneOf "Wash" boolValues) 1678 (assertValueOneOf "SplitGSO" boolValues) 1679 (assertValueOneOf "AckFilter" (boolValues ++ [ "aggressive" ])) 1680 ]; 1681 1682 sectionControlledDelay = checkUnitConfig "ControlledDelay" [ 1683 (assertOnlyFields [ 1684 "Parent" 1685 "Handle" 1686 "PacketLimit" 1687 "TargetSec" 1688 "IntervalSec" 1689 "ECN" 1690 "CEThresholdSec" 1691 ]) 1692 (assertValueOneOf "ECN" boolValues) 1693 ]; 1694 1695 sectionDeficitRoundRobinScheduler = checkUnitConfig "DeficitRoundRobinScheduler" [ 1696 (assertOnlyFields [ 1697 "Parent" 1698 "Handle" 1699 ]) 1700 ]; 1701 1702 sectionDeficitRoundRobinSchedulerClass = checkUnitConfig "DeficitRoundRobinSchedulerClass" [ 1703 (assertOnlyFields [ 1704 "Parent" 1705 "Handle" 1706 "QuantumBytes" 1707 ]) 1708 ]; 1709 1710 sectionEnhancedTransmissionSelection = checkUnitConfig "EnhancedTransmissionSelection" [ 1711 (assertOnlyFields [ 1712 "Parent" 1713 "Handle" 1714 "Bands" 1715 "StrictBands" 1716 "QuantumBytes" 1717 "PriorityMap" 1718 ]) 1719 (assertInt "Bands") 1720 (assertRange "Bands" 1 16) 1721 (assertInt "StrictBands") 1722 (assertRange "StrictBands" 1 16) 1723 ]; 1724 1725 sectionGenericRandomEarlyDetection = checkUnitConfig "GenericRandomEarlyDetection" [ 1726 (assertOnlyFields [ 1727 "Parent" 1728 "Handle" 1729 "VirtualQueues" 1730 "DefaultVirtualQueue" 1731 "GenericRIO" 1732 ]) 1733 (assertInt "VirtualQueues") 1734 (assertRange "VirtualQueues" 1 16) 1735 (assertInt "DefaultVirtualQueue") 1736 (assertRange "DefaultVirtualQueue" 1 16) 1737 (assertValueOneOf "GenericRIO" boolValues) 1738 ]; 1739 1740 sectionFairQueueingControlledDelay = checkUnitConfig "FairQueueingControlledDelay" [ 1741 (assertOnlyFields [ 1742 "Parent" 1743 "Handle" 1744 "PacketLimit" 1745 "MemoryLimitBytes" 1746 "Flows" 1747 "TargetSec" 1748 "IntervalSec" 1749 "QuantumBytes" 1750 "ECN" 1751 "CEThresholdSec" 1752 ]) 1753 (assertInt "PacketLimit") 1754 (assertInt "Flows") 1755 (assertValueOneOf "ECN" boolValues) 1756 ]; 1757 1758 sectionFairQueueing = checkUnitConfig "FairQueueing" [ 1759 (assertOnlyFields [ 1760 "Parent" 1761 "Handle" 1762 "PacketLimit" 1763 "FlowLimit" 1764 "QuantumBytes" 1765 "InitualQuantumBytes" 1766 "MaximumRate" 1767 "Buckets" 1768 "OrphanMask" 1769 "Pacing" 1770 "CEThresholdSec" 1771 ]) 1772 (assertInt "PacketLimit") 1773 (assertInt "FlowLimit") 1774 (assertInt "OrphanMask") 1775 (assertValueOneOf "Pacing" boolValues) 1776 ]; 1777 1778 sectionTrivialLinkEqualizer = checkUnitConfig "TrivialLinkEqualizer" [ 1779 (assertOnlyFields [ 1780 "Parent" 1781 "Handle" 1782 "Id" 1783 ]) 1784 ]; 1785 1786 sectionHierarchyTokenBucket = checkUnitConfig "HierarchyTokenBucket" [ 1787 (assertOnlyFields [ 1788 "Parent" 1789 "Handle" 1790 "DefaultClass" 1791 "RateToQuantum" 1792 ]) 1793 (assertInt "RateToQuantum") 1794 ]; 1795 1796 sectionHierarchyTokenBucketClass = checkUnitConfig "HierarchyTokenBucketClass" [ 1797 (assertOnlyFields [ 1798 "Parent" 1799 "ClassId" 1800 "Priority" 1801 "QuantumBytes" 1802 "MTUBytes" 1803 "OverheadBytes" 1804 "Rate" 1805 "CeilRate" 1806 "BufferBytes" 1807 "CeilBufferBytes" 1808 ]) 1809 ]; 1810 1811 sectionHeavyHitterFilter = checkUnitConfig "HeavyHitterFilter" [ 1812 (assertOnlyFields [ 1813 "Parent" 1814 "Handle" 1815 "PacketLimit" 1816 ]) 1817 (assertInt "PacketLimit") 1818 (assertRange "PacketLimit" 0 4294967294) 1819 ]; 1820 1821 sectionQuickFairQueueing = checkUnitConfig "QuickFairQueueing" [ 1822 (assertOnlyFields [ 1823 "Parent" 1824 "Handle" 1825 ]) 1826 ]; 1827 1828 sectionQuickFairQueueingClass = checkUnitConfig "QuickFairQueueingClass" [ 1829 (assertOnlyFields [ 1830 "Parent" 1831 "ClassId" 1832 "Weight" 1833 "MaxPacketBytes" 1834 ]) 1835 (assertInt "Weight") 1836 (assertRange "Weight" 1 1023) 1837 ]; 1838 1839 sectionBridgeVLAN = checkUnitConfigWithLegacyKey "bridgeVLANConfig" "BridgeVLAN" [ 1840 (assertOnlyFields [ 1841 "VLAN" 1842 "EgressUntagged" 1843 "PVID" 1844 ]) 1845 (assertInt "PVID") 1846 (assertRange "PVID" 0 4094) 1847 ]; 1848 }; 1849 }; 1850 1851 commonNetworkOptions = { 1852 1853 enable = mkOption { 1854 default = true; 1855 type = types.bool; 1856 description = '' 1857 Whether to manage network configuration using {command}`systemd-network`. 1858 1859 This also enables {option}`systemd.networkd.enable`. 1860 ''; 1861 }; 1862 1863 matchConfig = mkOption { 1864 default = { }; 1865 example = { 1866 Name = "eth0"; 1867 }; 1868 type = types.attrsOf unitOption; 1869 description = '' 1870 Each attribute in this set specifies an option in the 1871 `[Match]` section of the unit. See 1872 {manpage}`systemd.link(5)` 1873 {manpage}`systemd.netdev(5)` 1874 {manpage}`systemd.network(5)` 1875 for details. 1876 ''; 1877 }; 1878 1879 extraConfig = mkOption { 1880 default = ""; 1881 type = types.lines; 1882 description = "Extra configuration append to unit"; 1883 }; 1884 }; 1885 1886 networkdOptions = { 1887 networkConfig = mkOption { 1888 default = { }; 1889 defaultText = lib.literalExpression '' 1890 { 1891 IPv6PrivacyExtensions = true; 1892 } 1893 ''; 1894 example = { 1895 SpeedMeter = true; 1896 ManageForeignRoutingPolicyRules = false; 1897 }; 1898 type = types.addCheck (types.attrsOf unitOption) check.global.sectionNetwork; 1899 description = '' 1900 Each attribute in this set specifies an option in the 1901 `[Network]` section of the networkd config. 1902 See {manpage}`networkd.conf(5)` for details. 1903 ''; 1904 }; 1905 1906 dhcpV4Config = mkOption { 1907 default = { }; 1908 example = { 1909 DUIDType = "vendor"; 1910 }; 1911 type = types.addCheck (types.attrsOf unitOption) check.global.sectionDHCPv4; 1912 description = '' 1913 Each attribute in this set specifies an option in the 1914 `[DHCPv4]` section of the networkd config. 1915 See {manpage}`networkd.conf(5)` for details. 1916 ''; 1917 }; 1918 1919 dhcpV6Config = mkOption { 1920 default = { }; 1921 example = { 1922 DUIDType = "vendor"; 1923 }; 1924 type = types.addCheck (types.attrsOf unitOption) check.global.sectionDHCPv6; 1925 description = '' 1926 Each attribute in this set specifies an option in the 1927 `[DHCPv6]` section of the networkd config. 1928 See {manpage}`networkd.conf(5)` for details. 1929 ''; 1930 }; 1931 }; 1932 1933 linkOptions = commonNetworkOptions // { 1934 # overwrite enable option from above 1935 enable = mkOption { 1936 default = true; 1937 type = types.bool; 1938 description = '' 1939 Whether to enable this .link unit. It's handled by udev no matter if {command}`systemd-networkd` is enabled or not 1940 ''; 1941 }; 1942 1943 linkConfig = mkOption { 1944 default = { }; 1945 example = { 1946 MACAddress = "00:ff:ee:aa:cc:dd"; 1947 }; 1948 type = types.addCheck (types.attrsOf unitOption) check.link.sectionLink; 1949 description = '' 1950 Each attribute in this set specifies an option in the 1951 `[Link]` section of the unit. See 1952 {manpage}`systemd.link(5)` for details. 1953 ''; 1954 }; 1955 1956 }; 1957 1958 mkSubsectionType = 1959 oldKey: checkF: 1960 let 1961 type = types.addCheck (types.attrsOf unitOption) checkF; 1962 in 1963 type 1964 // { 1965 merge = 1966 loc: defs: 1967 let 1968 final = type.merge loc defs; 1969 in 1970 if final ? ${oldKey} then 1971 warn "Using '${oldKey}' is deprecated! Move all attributes inside one level up and remove it." 1972 final.${oldKey} 1973 else 1974 final; 1975 }; 1976 1977 netdevOptions = commonNetworkOptions // { 1978 1979 netdevConfig = mkOption { 1980 example = { 1981 Name = "mybridge"; 1982 Kind = "bridge"; 1983 }; 1984 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionNetdev; 1985 description = '' 1986 Each attribute in this set specifies an option in the 1987 `[Netdev]` section of the unit. See 1988 {manpage}`systemd.netdev(5)` for details. 1989 ''; 1990 }; 1991 1992 bridgeConfig = mkOption { 1993 default = { }; 1994 example = { 1995 STP = true; 1996 }; 1997 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionBridge; 1998 description = '' 1999 Each attribute in this set specifies an option in the 2000 `[Bridge]` section of the unit. See 2001 {manpage}`systemd.netdev(5)` for details. 2002 ''; 2003 }; 2004 2005 vlanConfig = mkOption { 2006 default = { }; 2007 example = { 2008 Id = 4; 2009 }; 2010 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionVLAN; 2011 description = '' 2012 Each attribute in this set specifies an option in the 2013 `[VLAN]` section of the unit. See 2014 {manpage}`systemd.netdev(5)` for details. 2015 ''; 2016 }; 2017 2018 ipvlanConfig = mkOption { 2019 default = { }; 2020 example = { 2021 Mode = "L2"; 2022 Flags = "private"; 2023 }; 2024 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionIPVLAN; 2025 description = '' 2026 Each attribute in this set specifies an option in the `[IPVLAN]` section of the unit. 2027 See {manpage}`systemd.netdev(5)` for details. 2028 ''; 2029 }; 2030 2031 ipvtapConfig = mkOption { 2032 default = { }; 2033 example = { 2034 Mode = "L3"; 2035 Flags = "vepa"; 2036 }; 2037 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionIPVTAP; 2038 description = '' 2039 Each attribute in this set specifies an option in the `[IPVTAP]` section of the unit. 2040 See {manpage}`systemd.netdev(5)` for details. 2041 ''; 2042 }; 2043 2044 macvlanConfig = mkOption { 2045 default = { }; 2046 example = { 2047 Mode = "private"; 2048 }; 2049 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionMACVLAN; 2050 description = '' 2051 Each attribute in this set specifies an option in the 2052 `[MACVLAN]` section of the unit. See 2053 {manpage}`systemd.netdev(5)` for details. 2054 ''; 2055 }; 2056 2057 vxlanConfig = mkOption { 2058 default = { }; 2059 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionVXLAN; 2060 description = '' 2061 Each attribute in this set specifies an option in the 2062 `[VXLAN]` section of the unit. See 2063 {manpage}`systemd.netdev(5)` for details. 2064 ''; 2065 }; 2066 2067 tunnelConfig = mkOption { 2068 default = { }; 2069 example = { 2070 Remote = "192.168.1.1"; 2071 }; 2072 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionTunnel; 2073 description = '' 2074 Each attribute in this set specifies an option in the 2075 `[Tunnel]` section of the unit. See 2076 {manpage}`systemd.netdev(5)` for details. 2077 ''; 2078 }; 2079 2080 fooOverUDPConfig = mkOption { 2081 default = { }; 2082 example = { 2083 Port = 9001; 2084 }; 2085 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionFooOverUDP; 2086 description = '' 2087 Each attribute in this set specifies an option in the 2088 `[FooOverUDP]` section of the unit. See 2089 {manpage}`systemd.netdev(5)` for details. 2090 ''; 2091 }; 2092 2093 peerConfig = mkOption { 2094 default = { }; 2095 example = { 2096 Name = "veth2"; 2097 }; 2098 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionPeer; 2099 description = '' 2100 Each attribute in this set specifies an option in the 2101 `[Peer]` section of the unit. See 2102 {manpage}`systemd.netdev(5)` for details. 2103 ''; 2104 }; 2105 2106 tunConfig = mkOption { 2107 default = { }; 2108 example = { 2109 User = "openvpn"; 2110 }; 2111 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionTun; 2112 description = '' 2113 Each attribute in this set specifies an option in the 2114 `[Tun]` section of the unit. See 2115 {manpage}`systemd.netdev(5)` for details. 2116 ''; 2117 }; 2118 2119 tapConfig = mkOption { 2120 default = { }; 2121 example = { 2122 User = "openvpn"; 2123 }; 2124 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionTap; 2125 description = '' 2126 Each attribute in this set specifies an option in the 2127 `[Tap]` section of the unit. See 2128 {manpage}`systemd.netdev(5)` for details. 2129 ''; 2130 }; 2131 2132 l2tpConfig = mkOption { 2133 default = { }; 2134 example = { 2135 TunnelId = 10; 2136 PeerTunnelId = 12; 2137 Local = "static"; 2138 Remote = "192.168.30.101"; 2139 EncapsulationType = "ip"; 2140 }; 2141 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionL2TP; 2142 description = '' 2143 Each attribute in this set specifies an option in the 2144 `[L2TP]` section of the unit. See 2145 {manpage}`systemd.netdev(5)` for details. 2146 ''; 2147 }; 2148 2149 l2tpSessions = mkOption { 2150 default = [ ]; 2151 example = [ 2152 { 2153 SessionId = 25; 2154 PeerSessionId = 26; 2155 Name = "l2tp-sess"; 2156 } 2157 ]; 2158 type = types.listOf (mkSubsectionType "l2tpSessionConfig" check.netdev.sectionL2TPSession); 2159 description = '' 2160 Each item in this array specifies an option in the 2161 `[L2TPSession]` section of the unit. See 2162 {manpage}`systemd.netdev(5)` for details. 2163 ''; 2164 }; 2165 2166 wireguardConfig = mkOption { 2167 default = { }; 2168 example = { 2169 PrivateKeyFile = "/etc/wireguard/secret.key"; 2170 ListenPort = 51820; 2171 FirewallMark = 42; 2172 }; 2173 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionWireGuard; 2174 description = '' 2175 Each attribute in this set specifies an option in the 2176 `[WireGuard]` section of the unit. See 2177 {manpage}`systemd.netdev(5)` for details. 2178 Use `PrivateKeyFile` instead of 2179 `PrivateKey`: the nix store is 2180 world-readable. 2181 ''; 2182 }; 2183 2184 wireguardPeers = mkOption { 2185 default = [ ]; 2186 example = [ 2187 { 2188 Endpoint = "192.168.1.1:51820"; 2189 PublicKey = "27s0OvaBBdHoJYkH9osZpjpgSOVNw+RaKfboT/Sfq0g="; 2190 PresharedKeyFile = "/etc/wireguard/psk.key"; 2191 AllowedIPs = [ "10.0.0.1/32" ]; 2192 PersistentKeepalive = 15; 2193 } 2194 ]; 2195 type = types.listOf (mkSubsectionType "wireguardPeerConfig" check.netdev.sectionWireGuardPeer); 2196 description = '' 2197 Each item in this array specifies an option in the 2198 `[WireGuardPeer]` section of the unit. See 2199 {manpage}`systemd.netdev(5)` for details. 2200 Use `PresharedKeyFile` instead of 2201 `PresharedKey`: the nix store is 2202 world-readable. 2203 ''; 2204 }; 2205 2206 bondConfig = mkOption { 2207 default = { }; 2208 example = { 2209 Mode = "802.3ad"; 2210 }; 2211 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionBond; 2212 description = '' 2213 Each attribute in this set specifies an option in the 2214 `[Bond]` section of the unit. See 2215 {manpage}`systemd.netdev(5)` for details. 2216 ''; 2217 }; 2218 2219 xfrmConfig = mkOption { 2220 default = { }; 2221 example = { 2222 InterfaceId = 1; 2223 }; 2224 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionXfrm; 2225 description = '' 2226 Each attribute in this set specifies an option in the 2227 `[Xfrm]` section of the unit. See 2228 {manpage}`systemd.netdev(5)` for details. 2229 ''; 2230 }; 2231 2232 vrfConfig = mkOption { 2233 default = { }; 2234 example = { 2235 Table = 2342; 2236 }; 2237 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionVRF; 2238 description = '' 2239 Each attribute in this set specifies an option in the 2240 `[VRF]` section of the unit. See 2241 {manpage}`systemd.netdev(5)` for details. 2242 A detailed explanation about how VRFs work can be found in the 2243 [kernel docs](https://www.kernel.org/doc/Documentation/networking/vrf.txt). 2244 ''; 2245 }; 2246 2247 wlanConfig = mkOption { 2248 default = { }; 2249 example = { 2250 PhysicalDevice = 0; 2251 Type = "station"; 2252 }; 2253 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionWLAN; 2254 description = '' 2255 Each attribute in this set specifies an option in the `[WLAN]` section of the unit. 2256 See {manpage}`systemd.netdev(5)` for details. 2257 ''; 2258 }; 2259 2260 batmanAdvancedConfig = mkOption { 2261 default = { }; 2262 example = { 2263 GatewayMode = "server"; 2264 RoutingAlgorithm = "batman-v"; 2265 }; 2266 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionBatmanAdvanced; 2267 description = '' 2268 Each attribute in this set specifies an option in the 2269 `[BatmanAdvanced]` section of the unit. See 2270 {manpage}`systemd.netdev(5)` for details. 2271 ''; 2272 }; 2273 2274 }; 2275 2276 networkOptions = commonNetworkOptions // { 2277 2278 linkConfig = mkOption { 2279 default = { }; 2280 example = { 2281 Unmanaged = true; 2282 }; 2283 type = types.addCheck (types.attrsOf unitOption) check.network.sectionLink; 2284 description = '' 2285 Each attribute in this set specifies an option in the 2286 `[Link]` section of the unit. See 2287 {manpage}`systemd.network(5)` for details. 2288 ''; 2289 }; 2290 2291 networkConfig = mkOption { 2292 default = { }; 2293 example = { 2294 Description = "My Network"; 2295 }; 2296 type = types.addCheck (types.attrsOf unitOption) check.network.sectionNetwork; 2297 description = '' 2298 Each attribute in this set specifies an option in the 2299 `[Network]` section of the unit. See 2300 {manpage}`systemd.network(5)` for details. 2301 ''; 2302 }; 2303 2304 # systemd.network.networks.*.dhcpConfig has been deprecated in favor of ….dhcpV4Config 2305 # Produce a nice warning message so users know it is gone. 2306 dhcpConfig = mkOption { 2307 visible = false; 2308 apply = 2309 _: 2310 throw "The option `systemd.network.networks.*.dhcpConfig` can no longer be used since it's been removed. Please use `systemd.network.networks.*.dhcpV4Config` instead."; 2311 }; 2312 2313 dhcpV4Config = mkOption { 2314 default = { }; 2315 example = { 2316 UseDNS = true; 2317 UseRoutes = true; 2318 }; 2319 type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPv4; 2320 description = '' 2321 Each attribute in this set specifies an option in the 2322 `[DHCPv4]` section of the unit. See 2323 {manpage}`systemd.network(5)` for details. 2324 ''; 2325 }; 2326 2327 dhcpV6Config = mkOption { 2328 default = { }; 2329 example = { 2330 UseDNS = true; 2331 }; 2332 type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPv6; 2333 description = '' 2334 Each attribute in this set specifies an option in the 2335 `[DHCPv6]` section of the unit. See 2336 {manpage}`systemd.network(5)` for details. 2337 ''; 2338 }; 2339 2340 dhcpV6PrefixDelegationConfig = mkOption { 2341 visible = false; 2342 apply = 2343 _: 2344 throw "The option `systemd.network.networks.<name>.dhcpV6PrefixDelegationConfig` has been renamed to `systemd.network.networks.<name>.dhcpPrefixDelegationConfig`."; 2345 }; 2346 2347 dhcpPrefixDelegationConfig = mkOption { 2348 default = { }; 2349 example = { 2350 SubnetId = "auto"; 2351 Announce = true; 2352 }; 2353 type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPPrefixDelegation; 2354 description = '' 2355 Each attribute in this set specifies an option in the 2356 `[DHCPPrefixDelegation]` section of the unit. See 2357 {manpage}`systemd.network(5)` for details. 2358 ''; 2359 }; 2360 2361 ipv6AcceptRAConfig = mkOption { 2362 default = { }; 2363 example = { 2364 UseDNS = true; 2365 DHCPv6Client = "always"; 2366 }; 2367 type = types.addCheck (types.attrsOf unitOption) check.network.sectionIPv6AcceptRA; 2368 description = '' 2369 Each attribute in this set specifies an option in the 2370 `[IPv6AcceptRA]` section of the unit. See 2371 {manpage}`systemd.network(5)` for details. 2372 ''; 2373 }; 2374 2375 dhcpServerConfig = mkOption { 2376 default = { }; 2377 example = { 2378 PoolOffset = 50; 2379 EmitDNS = false; 2380 }; 2381 type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPServer; 2382 description = '' 2383 Each attribute in this set specifies an option in the 2384 `[DHCPServer]` section of the unit. See 2385 {manpage}`systemd.network(5)` for details. 2386 ''; 2387 }; 2388 2389 # systemd.network.networks.*.ipv6PrefixDelegationConfig has been deprecated 2390 # in 247 in favor of systemd.network.networks.*.ipv6SendRAConfig. 2391 ipv6PrefixDelegationConfig = mkOption { 2392 visible = false; 2393 apply = 2394 _: 2395 throw "The option `systemd.network.networks.*.ipv6PrefixDelegationConfig` has been replaced by `systemd.network.networks.*.ipv6SendRAConfig`."; 2396 }; 2397 2398 ipv6SendRAConfig = mkOption { 2399 default = { }; 2400 example = { 2401 EmitDNS = true; 2402 Managed = true; 2403 OtherInformation = true; 2404 }; 2405 type = types.addCheck (types.attrsOf unitOption) check.network.sectionIPv6SendRA; 2406 description = '' 2407 Each attribute in this set specifies an option in the 2408 `[IPv6SendRA]` section of the unit. See 2409 {manpage}`systemd.network(5)` for details. 2410 ''; 2411 }; 2412 2413 ipv6PREF64Prefixes = mkOption { 2414 default = [ ]; 2415 example = [ { Prefix = "64:ff9b::/96"; } ]; 2416 type = types.listOf ( 2417 mkSubsectionType "ipv6PREF64PrefixConfig" check.network.sectionIPv6PREF64Prefix 2418 ); 2419 description = '' 2420 A list of IPv6PREF64Prefix sections to be added to the unit. See 2421 {manpage}`systemd.network(5)` for details. 2422 ''; 2423 }; 2424 2425 dhcpServerStaticLeases = mkOption { 2426 default = [ ]; 2427 example = [ 2428 { 2429 MACAddress = "65:43:4a:5b:d8:5f"; 2430 Address = "192.168.1.42"; 2431 } 2432 ]; 2433 type = types.listOf ( 2434 mkSubsectionType "dhcpServerStaticLeaseConfig" check.network.sectionDHCPServerStaticLease 2435 ); 2436 description = '' 2437 A list of DHCPServerStaticLease sections to be added to the unit. See 2438 {manpage}`systemd.network(5)` for details. 2439 ''; 2440 }; 2441 2442 ipv6Prefixes = mkOption { 2443 default = [ ]; 2444 example = [ 2445 { 2446 AddressAutoconfiguration = true; 2447 OnLink = true; 2448 } 2449 ]; 2450 type = types.listOf (mkSubsectionType "ipv6PrefixConfig" check.network.sectionIPv6Prefix); 2451 description = '' 2452 A list of ipv6Prefix sections to be added to the unit. See 2453 {manpage}`systemd.network(5)` for details. 2454 ''; 2455 }; 2456 2457 ipv6RoutePrefixes = mkOption { 2458 default = [ ]; 2459 example = [ 2460 { 2461 Route = "fd00::/64"; 2462 LifetimeSec = 3600; 2463 } 2464 ]; 2465 type = types.listOf (mkSubsectionType "ipv6RoutePrefixConfig" check.network.sectionIPv6RoutePrefix); 2466 description = '' 2467 A list of ipv6RoutePrefix sections to be added to the unit. See 2468 {manpage}`systemd.network(5)` for details. 2469 ''; 2470 }; 2471 2472 bridgeConfig = mkOption { 2473 default = { }; 2474 example = { 2475 MulticastFlood = false; 2476 Cost = 20; 2477 }; 2478 type = types.addCheck (types.attrsOf unitOption) check.network.sectionBridge; 2479 description = '' 2480 Each attribute in this set specifies an option in the 2481 `[Bridge]` section of the unit. See 2482 {manpage}`systemd.network(5)` for details. 2483 ''; 2484 }; 2485 2486 bridgeFDBs = mkOption { 2487 default = [ ]; 2488 example = [ 2489 { 2490 MACAddress = "90:e2:ba:43:fc:71"; 2491 Destination = "192.168.100.4"; 2492 VNI = 3600; 2493 } 2494 ]; 2495 type = types.listOf (mkSubsectionType "bridgeFDBConfig" check.network.sectionBridgeFDB); 2496 description = '' 2497 A list of BridgeFDB sections to be added to the unit. See 2498 {manpage}`systemd.network(5)` for details. 2499 ''; 2500 }; 2501 2502 bridgeMDBs = mkOption { 2503 default = [ ]; 2504 example = [ 2505 { 2506 MulticastGroupAddress = "ff02::1:2:3:4"; 2507 VLANId = 10; 2508 } 2509 ]; 2510 type = types.listOf (mkSubsectionType "bridgeMDBConfig" check.network.sectionBridgeMDB); 2511 description = '' 2512 A list of BridgeMDB sections to be added to the unit. See 2513 {manpage}`systemd.network(5)` for details. 2514 ''; 2515 }; 2516 2517 lldpConfig = mkOption { 2518 default = { }; 2519 example = { 2520 MUDURL = "https://things.example.org/product_abc123/v5"; 2521 }; 2522 type = types.addCheck (types.attrsOf unitOption) check.network.sectionLLDP; 2523 description = '' 2524 Each attribute in this set specifies an option in the 2525 `[LLDP]` section of the unit. See 2526 {manpage}`systemd.network(5)` for details. 2527 ''; 2528 }; 2529 2530 canConfig = mkOption { 2531 default = { }; 2532 example = { }; 2533 type = types.addCheck (types.attrsOf unitOption) check.network.sectionCAN; 2534 description = '' 2535 Each attribute in this set specifies an option in the 2536 `[CAN]` section of the unit. See 2537 {manpage}`systemd.network(5)` for details. 2538 ''; 2539 }; 2540 2541 ipoIBConfig = mkOption { 2542 default = { }; 2543 example = { }; 2544 type = types.addCheck (types.attrsOf unitOption) check.network.sectionIPoIB; 2545 description = '' 2546 Each attribute in this set specifies an option in the 2547 `[IPoIB]` section of the unit. See 2548 {manpage}`systemd.network(5)` for details. 2549 ''; 2550 }; 2551 2552 qdiscConfig = mkOption { 2553 default = { }; 2554 example = { 2555 Parent = "ingress"; 2556 }; 2557 type = types.addCheck (types.attrsOf unitOption) check.network.sectionQDisc; 2558 description = '' 2559 Each attribute in this set specifies an option in the 2560 `[QDisc]` section of the unit. See 2561 {manpage}`systemd.network(5)` for details. 2562 ''; 2563 }; 2564 2565 networkEmulatorConfig = mkOption { 2566 default = { }; 2567 example = { 2568 Parent = "ingress"; 2569 DelaySec = "20msec"; 2570 }; 2571 type = types.addCheck (types.attrsOf unitOption) check.network.sectionNetworkEmulator; 2572 description = '' 2573 Each attribute in this set specifies an option in the 2574 `[NetworkEmulator]` section of the unit. See 2575 {manpage}`systemd.network(5)` for details. 2576 ''; 2577 }; 2578 2579 tokenBucketFilterConfig = mkOption { 2580 default = { }; 2581 example = { 2582 Parent = "ingress"; 2583 Rate = "100k"; 2584 }; 2585 type = types.addCheck (types.attrsOf unitOption) check.network.sectionTokenBucketFilter; 2586 description = '' 2587 Each attribute in this set specifies an option in the 2588 `[TokenBucketFilter]` section of the unit. See 2589 {manpage}`systemd.network(5)` for details. 2590 ''; 2591 }; 2592 2593 pieConfig = mkOption { 2594 default = { }; 2595 example = { 2596 Parent = "ingress"; 2597 PacketLimit = "3847"; 2598 }; 2599 type = types.addCheck (types.attrsOf unitOption) check.network.sectionPIE; 2600 description = '' 2601 Each attribute in this set specifies an option in the 2602 `[PIE]` section of the unit. See 2603 {manpage}`systemd.network(5)` for details. 2604 ''; 2605 }; 2606 2607 flowQueuePIEConfig = mkOption { 2608 default = { }; 2609 example = { 2610 Parent = "ingress"; 2611 PacketLimit = "3847"; 2612 }; 2613 type = types.addCheck (types.attrsOf unitOption) check.network.sectionFlowQueuePIE; 2614 description = '' 2615 Each attribute in this set specifies an option in the 2616 `[FlowQueuePIE]` section of the unit. See 2617 {manpage}`systemd.network(5)` for details. 2618 ''; 2619 }; 2620 2621 stochasticFairBlueConfig = mkOption { 2622 default = { }; 2623 example = { 2624 Parent = "ingress"; 2625 PacketLimit = "3847"; 2626 }; 2627 type = types.addCheck (types.attrsOf unitOption) check.network.sectionStochasticFairBlue; 2628 description = '' 2629 Each attribute in this set specifies an option in the 2630 `[StochasticFairBlue]` section of the unit. See 2631 {manpage}`systemd.network(5)` for details. 2632 ''; 2633 }; 2634 2635 stochasticFairnessQueueingConfig = mkOption { 2636 default = { }; 2637 example = { 2638 Parent = "ingress"; 2639 PerturbPeriodSec = "30"; 2640 }; 2641 type = types.addCheck (types.attrsOf unitOption) check.network.sectionStochasticFairnessQueueing; 2642 description = '' 2643 Each attribute in this set specifies an option in the 2644 `[StochasticFairnessQueueing]` section of the unit. See 2645 {manpage}`systemd.network(5)` for details. 2646 ''; 2647 }; 2648 2649 bfifoConfig = mkOption { 2650 default = { }; 2651 example = { 2652 Parent = "ingress"; 2653 LimitBytes = "20K"; 2654 }; 2655 type = types.addCheck (types.attrsOf unitOption) check.network.sectionBFIFO; 2656 description = '' 2657 Each attribute in this set specifies an option in the 2658 `[BFIFO]` section of the unit. See 2659 {manpage}`systemd.network(5)` for details. 2660 ''; 2661 }; 2662 2663 pfifoConfig = mkOption { 2664 default = { }; 2665 example = { 2666 Parent = "ingress"; 2667 PacketLimit = "300"; 2668 }; 2669 type = types.addCheck (types.attrsOf unitOption) check.network.sectionPFIFO; 2670 description = '' 2671 Each attribute in this set specifies an option in the 2672 `[PFIFO]` section of the unit. See 2673 {manpage}`systemd.network(5)` for details. 2674 ''; 2675 }; 2676 2677 pfifoHeadDropConfig = mkOption { 2678 default = { }; 2679 example = { 2680 Parent = "ingress"; 2681 PacketLimit = "300"; 2682 }; 2683 type = types.addCheck (types.attrsOf unitOption) check.network.sectionPFIFOHeadDrop; 2684 description = '' 2685 Each attribute in this set specifies an option in the 2686 `[PFIFOHeadDrop]` section of the unit. See 2687 {manpage}`systemd.network(5)` for details. 2688 ''; 2689 }; 2690 2691 pfifoFastConfig = mkOption { 2692 default = { }; 2693 example = { 2694 Parent = "ingress"; 2695 }; 2696 type = types.addCheck (types.attrsOf unitOption) check.network.sectionPFIFOFast; 2697 description = '' 2698 Each attribute in this set specifies an option in the 2699 `[PFIFOFast]` section of the unit. See 2700 {manpage}`systemd.network(5)` for details. 2701 ''; 2702 }; 2703 2704 cakeConfig = mkOption { 2705 default = { }; 2706 example = { 2707 Bandwidth = "40M"; 2708 OverheadBytes = 8; 2709 CompensationMode = "ptm"; 2710 }; 2711 type = types.addCheck (types.attrsOf unitOption) check.network.sectionCAKE; 2712 description = '' 2713 Each attribute in this set specifies an option in the 2714 `[CAKE]` section of the unit. See 2715 {manpage}`systemd.network(5)` for details. 2716 ''; 2717 }; 2718 2719 controlledDelayConfig = mkOption { 2720 default = { }; 2721 example = { 2722 Parent = "ingress"; 2723 TargetSec = "20msec"; 2724 }; 2725 type = types.addCheck (types.attrsOf unitOption) check.network.sectionControlledDelay; 2726 description = '' 2727 Each attribute in this set specifies an option in the 2728 `[ControlledDelay]` section of the unit. See 2729 {manpage}`systemd.network(5)` for details. 2730 ''; 2731 }; 2732 2733 deficitRoundRobinSchedulerConfig = mkOption { 2734 default = { }; 2735 example = { 2736 Parent = "root"; 2737 }; 2738 type = types.addCheck (types.attrsOf unitOption) check.network.sectionDeficitRoundRobinScheduler; 2739 description = '' 2740 Each attribute in this set specifies an option in the 2741 `[DeficitRoundRobinScheduler]` section of the unit. See 2742 {manpage}`systemd.network(5)` for details. 2743 ''; 2744 }; 2745 2746 deficitRoundRobinSchedulerClassConfig = mkOption { 2747 default = { }; 2748 example = { 2749 Parent = "root"; 2750 QuantumBytes = "300k"; 2751 }; 2752 type = types.addCheck (types.attrsOf unitOption) check.network.sectionDeficitRoundRobinSchedulerClass; 2753 description = '' 2754 Each attribute in this set specifies an option in the 2755 `[DeficitRoundRobinSchedulerClass]` section of the unit. See 2756 {manpage}`systemd.network(5)` for details. 2757 ''; 2758 }; 2759 2760 enhancedTransmissionSelectionConfig = mkOption { 2761 default = { }; 2762 example = { 2763 Parent = "root"; 2764 QuantumBytes = "300k"; 2765 Bands = 3; 2766 PriorityMap = "100 200 300"; 2767 }; 2768 type = types.addCheck (types.attrsOf unitOption) check.network.sectionEnhancedTransmissionSelection; 2769 description = '' 2770 Each attribute in this set specifies an option in the 2771 `[EnhancedTransmissionSelection]` section of the unit. See 2772 {manpage}`systemd.network(5)` for details. 2773 ''; 2774 }; 2775 2776 genericRandomEarlyDetectionConfig = mkOption { 2777 default = { }; 2778 example = { 2779 Parent = "root"; 2780 VirtualQueues = 5; 2781 DefaultVirtualQueue = 3; 2782 }; 2783 type = types.addCheck (types.attrsOf unitOption) check.network.sectionGenericRandomEarlyDetection; 2784 description = '' 2785 Each attribute in this set specifies an option in the 2786 `[GenericRandomEarlyDetection]` section of the unit. See 2787 {manpage}`systemd.network(5)` for details. 2788 ''; 2789 }; 2790 2791 fairQueueingControlledDelayConfig = mkOption { 2792 default = { }; 2793 example = { 2794 Parent = "root"; 2795 Flows = 5; 2796 }; 2797 type = types.addCheck (types.attrsOf unitOption) check.network.sectionFairQueueingControlledDelay; 2798 description = '' 2799 Each attribute in this set specifies an option in the 2800 `[FairQueueingControlledDelay]` section of the unit. See 2801 {manpage}`systemd.network(5)` for details. 2802 ''; 2803 }; 2804 2805 fairQueueingConfig = mkOption { 2806 default = { }; 2807 example = { 2808 Parent = "root"; 2809 FlowLimit = 5; 2810 }; 2811 type = types.addCheck (types.attrsOf unitOption) check.network.sectionFairQueueing; 2812 description = '' 2813 Each attribute in this set specifies an option in the 2814 `[FairQueueing]` section of the unit. See 2815 {manpage}`systemd.network(5)` for details. 2816 ''; 2817 }; 2818 2819 trivialLinkEqualizerConfig = mkOption { 2820 default = { }; 2821 example = { 2822 Parent = "root"; 2823 Id = 0; 2824 }; 2825 type = types.addCheck (types.attrsOf unitOption) check.network.sectionTrivialLinkEqualizer; 2826 description = '' 2827 Each attribute in this set specifies an option in the 2828 `[TrivialLinkEqualizer]` section of the unit. See 2829 {manpage}`systemd.network(5)` for details. 2830 ''; 2831 }; 2832 2833 hierarchyTokenBucketConfig = mkOption { 2834 default = { }; 2835 example = { 2836 Parent = "root"; 2837 }; 2838 type = types.addCheck (types.attrsOf unitOption) check.network.sectionHierarchyTokenBucket; 2839 description = '' 2840 Each attribute in this set specifies an option in the 2841 `[HierarchyTokenBucket]` section of the unit. See 2842 {manpage}`systemd.network(5)` for details. 2843 ''; 2844 }; 2845 2846 hierarchyTokenBucketClassConfig = mkOption { 2847 default = { }; 2848 example = { 2849 Parent = "root"; 2850 Rate = "10M"; 2851 }; 2852 type = types.addCheck (types.attrsOf unitOption) check.network.sectionHierarchyTokenBucketClass; 2853 description = '' 2854 Each attribute in this set specifies an option in the 2855 `[HierarchyTokenBucketClass]` section of the unit. See 2856 {manpage}`systemd.network(5)` for details. 2857 ''; 2858 }; 2859 2860 heavyHitterFilterConfig = mkOption { 2861 default = { }; 2862 example = { 2863 Parent = "root"; 2864 PacketLimit = 10000; 2865 }; 2866 type = types.addCheck (types.attrsOf unitOption) check.network.sectionHeavyHitterFilter; 2867 description = '' 2868 Each attribute in this set specifies an option in the 2869 `[HeavyHitterFilter]` section of the unit. See 2870 {manpage}`systemd.network(5)` for details. 2871 ''; 2872 }; 2873 2874 quickFairQueueingConfig = mkOption { 2875 default = { }; 2876 example = { 2877 Parent = "root"; 2878 }; 2879 type = types.addCheck (types.attrsOf unitOption) check.network.sectionQuickFairQueueing; 2880 description = '' 2881 Each attribute in this set specifies an option in the 2882 `[QuickFairQueueing]` section of the unit. See 2883 {manpage}`systemd.network(5)` for details. 2884 ''; 2885 }; 2886 2887 quickFairQueueingConfigClass = mkOption { 2888 default = { }; 2889 example = { 2890 Parent = "root"; 2891 Weight = 133; 2892 }; 2893 type = types.addCheck (types.attrsOf unitOption) check.network.sectionQuickFairQueueingClass; 2894 description = '' 2895 Each attribute in this set specifies an option in the 2896 `[QuickFairQueueingClass]` section of the unit. See 2897 {manpage}`systemd.network(5)` for details. 2898 ''; 2899 }; 2900 2901 bridgeVLANs = mkOption { 2902 default = [ ]; 2903 example = [ { VLAN = "10-20"; } ]; 2904 type = types.listOf (mkSubsectionType "bridgeVLANConfig" check.network.sectionBridgeVLAN); 2905 description = '' 2906 A list of BridgeVLAN sections to be added to the unit. See 2907 {manpage}`systemd.network(5)` for details. 2908 ''; 2909 }; 2910 2911 name = mkOption { 2912 type = types.nullOr types.str; 2913 default = null; 2914 description = '' 2915 The name of the network interface to match against. 2916 ''; 2917 }; 2918 2919 DHCP = mkOption { 2920 type = types.nullOr types.str; 2921 default = null; 2922 description = '' 2923 Whether to enable DHCP on the interfaces matched. 2924 ''; 2925 }; 2926 2927 domains = mkOption { 2928 type = types.nullOr (types.listOf types.str); 2929 default = null; 2930 description = '' 2931 A list of domains to pass to the network config. 2932 ''; 2933 }; 2934 2935 address = mkOption { 2936 default = [ ]; 2937 type = types.listOf types.str; 2938 description = '' 2939 A list of addresses to be added to the network section of the 2940 unit. See {manpage}`systemd.network(5)` for details. 2941 ''; 2942 }; 2943 2944 gateway = mkOption { 2945 default = [ ]; 2946 type = types.listOf types.str; 2947 description = '' 2948 A list of gateways to be added to the network section of the 2949 unit. See {manpage}`systemd.network(5)` for details. 2950 ''; 2951 }; 2952 2953 dns = mkOption { 2954 default = [ ]; 2955 type = types.listOf types.str; 2956 description = '' 2957 A list of dns servers to be added to the network section of the 2958 unit. See {manpage}`systemd.network(5)` for details. 2959 ''; 2960 }; 2961 2962 ntp = mkOption { 2963 default = [ ]; 2964 type = types.listOf types.str; 2965 description = '' 2966 A list of ntp servers to be added to the network section of the 2967 unit. See {manpage}`systemd.network(5)` for details. 2968 ''; 2969 }; 2970 2971 bridge = mkOption { 2972 default = [ ]; 2973 type = types.listOf types.str; 2974 description = '' 2975 A list of bridge interfaces to be added to the network section of the 2976 unit. See {manpage}`systemd.network(5)` for details. 2977 ''; 2978 }; 2979 2980 bond = mkOption { 2981 default = [ ]; 2982 type = types.listOf types.str; 2983 description = '' 2984 A list of bond interfaces to be added to the network section of the 2985 unit. See {manpage}`systemd.network(5)` for details. 2986 ''; 2987 }; 2988 2989 vrf = mkOption { 2990 default = [ ]; 2991 type = types.listOf types.str; 2992 description = '' 2993 A list of vrf interfaces to be added to the network section of the 2994 unit. See {manpage}`systemd.network(5)` for details. 2995 ''; 2996 }; 2997 2998 vlan = mkOption { 2999 default = [ ]; 3000 type = types.listOf types.str; 3001 description = '' 3002 A list of vlan interfaces to be added to the network section of the 3003 unit. See {manpage}`systemd.network(5)` for details. 3004 ''; 3005 }; 3006 3007 macvlan = mkOption { 3008 default = [ ]; 3009 type = types.listOf types.str; 3010 description = '' 3011 A list of macvlan interfaces to be added to the network section of the 3012 unit. See {manpage}`systemd.network(5)` for details. 3013 ''; 3014 }; 3015 3016 macvtap = mkOption { 3017 default = [ ]; 3018 type = types.listOf types.str; 3019 description = '' 3020 A list of macvtap interfaces to be added to the network section of the 3021 unit. See {manpage}`systemd.network(5)` for details. 3022 ''; 3023 }; 3024 3025 vxlan = mkOption { 3026 default = [ ]; 3027 type = types.listOf types.str; 3028 description = '' 3029 A list of vxlan interfaces to be added to the network section of the 3030 unit. See {manpage}`systemd.network(5)` for details. 3031 ''; 3032 }; 3033 3034 tunnel = mkOption { 3035 default = [ ]; 3036 type = types.listOf types.str; 3037 description = '' 3038 A list of tunnel interfaces to be added to the network section of the 3039 unit. See {manpage}`systemd.network(5)` for details. 3040 ''; 3041 }; 3042 3043 xfrm = mkOption { 3044 default = [ ]; 3045 type = types.listOf types.str; 3046 description = '' 3047 A list of xfrm interfaces to be added to the network section of the 3048 unit. See {manpage}`systemd.network(5)` for details. 3049 ''; 3050 }; 3051 3052 addresses = mkOption { 3053 default = [ ]; 3054 example = [ { Address = "192.168.0.100/24"; } ]; 3055 type = types.listOf (mkSubsectionType "addressConfig" check.network.sectionAddress); 3056 description = '' 3057 A list of address sections to be added to the unit. See 3058 {manpage}`systemd.network(5)` for details. 3059 ''; 3060 }; 3061 3062 routingPolicyRules = mkOption { 3063 default = [ ]; 3064 example = [ 3065 { 3066 Table = 10; 3067 IncomingInterface = "eth1"; 3068 Family = "both"; 3069 } 3070 ]; 3071 type = types.listOf ( 3072 mkSubsectionType "routingPolicyRuleConfig" check.network.sectionRoutingPolicyRule 3073 ); 3074 description = '' 3075 A list of routing policy rules sections to be added to the unit. See 3076 {manpage}`systemd.network(5)` for details. 3077 ''; 3078 }; 3079 3080 routes = mkOption { 3081 default = [ ]; 3082 example = [ { Gateway = "192.168.0.1"; } ]; 3083 type = types.listOf (mkSubsectionType "routeConfig" check.network.sectionRoute); 3084 description = '' 3085 A list of route sections to be added to the unit. See 3086 {manpage}`systemd.network(5)` for details. 3087 ''; 3088 }; 3089 3090 }; 3091 3092 networkConfig = 3093 { config, ... }: 3094 { 3095 config = { 3096 matchConfig = optionalAttrs (config.name != null) { 3097 Name = config.name; 3098 }; 3099 networkConfig = 3100 optionalAttrs (config.DHCP != null) { 3101 DHCP = config.DHCP; 3102 } 3103 // optionalAttrs (config.domains != null) { 3104 Domains = concatStringsSep " " config.domains; 3105 }; 3106 }; 3107 }; 3108 3109 networkdConfig = 3110 { config, ... }: 3111 { 3112 options = { 3113 routeTables = mkOption { 3114 default = { }; 3115 example = { 3116 foo = 27; 3117 }; 3118 type = with types; attrsOf int; 3119 description = '' 3120 Defines route table names as an attrset of name to number. 3121 See {manpage}`networkd.conf(5)` for details. 3122 ''; 3123 }; 3124 3125 addRouteTablesToIPRoute2 = mkOption { 3126 default = true; 3127 example = false; 3128 type = types.bool; 3129 description = '' 3130 If true and routeTables are set, then the specified route tables 3131 will also be installed into /etc/iproute2/rt_tables. 3132 ''; 3133 }; 3134 }; 3135 3136 config = { 3137 networkConfig = { 3138 IPv6PrivacyExtensions = lib.mkOptionDefault true; 3139 } 3140 // optionalAttrs (config.routeTables != { }) { 3141 RouteTable = mapAttrsToList (name: number: "${name}:${toString number}") config.routeTables; 3142 }; 3143 }; 3144 }; 3145 3146 renderConfig = def: { 3147 text = '' 3148 [Network] 3149 ${attrsToSection def.networkConfig} 3150 '' 3151 + optionalString (def.dhcpV4Config != { }) '' 3152 [DHCPv4] 3153 ${attrsToSection def.dhcpV4Config} 3154 '' 3155 + optionalString (def.dhcpV6Config != { }) '' 3156 [DHCPv6] 3157 ${attrsToSection def.dhcpV6Config} 3158 ''; 3159 }; 3160 3161 mkUnitFiles = 3162 prefix: cfg: 3163 listToAttrs ( 3164 map (name: { 3165 name = "${prefix}systemd/network/${name}"; 3166 value.source = "${cfg.units.${name}.unit}/${name}"; 3167 }) (attrNames cfg.units) 3168 ); 3169 3170 commonOptions = visible: { 3171 3172 enable = mkOption { 3173 default = false; 3174 type = types.bool; 3175 description = '' 3176 Whether to enable networkd or not. 3177 ''; 3178 }; 3179 3180 links = mkOption { 3181 default = { }; 3182 inherit visible; 3183 type = with types; attrsOf (submodule [ { options = linkOptions; } ]); 3184 description = "Definition of systemd network links."; 3185 }; 3186 3187 netdevs = mkOption { 3188 default = { }; 3189 inherit visible; 3190 type = with types; attrsOf (submodule [ { options = netdevOptions; } ]); 3191 description = "Definition of systemd network devices."; 3192 }; 3193 3194 networks = mkOption { 3195 default = { }; 3196 inherit visible; 3197 type = 3198 with types; 3199 attrsOf (submodule [ 3200 { options = networkOptions; } 3201 networkConfig 3202 ]); 3203 description = "Definition of systemd networks."; 3204 }; 3205 3206 config = mkOption { 3207 default = { }; 3208 inherit visible; 3209 type = 3210 with types; 3211 submodule [ 3212 { options = networkdOptions; } 3213 networkdConfig 3214 ]; 3215 description = "Definition of global systemd network config."; 3216 }; 3217 3218 units = mkOption { 3219 description = "Definition of networkd units."; 3220 default = { }; 3221 internal = true; 3222 type = 3223 with types; 3224 attrsOf ( 3225 submodule ( 3226 { name, config, ... }: 3227 { 3228 options = mapAttrs (_: x: x // { internal = true; }) concreteUnitOptions; 3229 config = { 3230 unit = mkDefault (makeUnit name config); 3231 }; 3232 } 3233 ) 3234 ); 3235 }; 3236 3237 wait-online = { 3238 enable = mkOption { 3239 type = types.bool; 3240 default = true; 3241 example = false; 3242 description = '' 3243 Whether to enable the systemd-networkd-wait-online service. 3244 3245 systemd-networkd-wait-online can timeout and fail if there are no network interfaces 3246 available for it to manage. When systemd-networkd is enabled but a different service is 3247 responsible for managing the system's internet connection (for example, NetworkManager or 3248 connman are used to manage WiFi connections), this service is unnecessary and can be 3249 disabled. 3250 ''; 3251 }; 3252 anyInterface = mkOption { 3253 description = '' 3254 Whether to consider the network online when any interface is online, as opposed to all of them. 3255 This is useful on portable machines with a wired and a wireless interface, for example. 3256 3257 This is on by default if {option}`networking.useDHCP` is enabled. 3258 ''; 3259 type = types.bool; 3260 defaultText = "config.networking.useDHCP"; 3261 default = config.networking.useDHCP; 3262 }; 3263 3264 ignoredInterfaces = mkOption { 3265 description = '' 3266 Network interfaces to be ignored when deciding if the system is online. 3267 ''; 3268 type = with types; listOf str; 3269 default = [ ]; 3270 example = [ "wg0" ]; 3271 }; 3272 3273 timeout = mkOption { 3274 description = '' 3275 Time to wait for the network to come online, in seconds. Set to 0 to disable. 3276 ''; 3277 type = types.ints.unsigned; 3278 default = 120; 3279 example = 0; 3280 }; 3281 3282 extraArgs = mkOption { 3283 description = '' 3284 Extra command-line arguments to pass to systemd-networkd-wait-online. 3285 These also affect per-interface `systemd-network-wait-online@` services. 3286 3287 See {manpage}`systemd-networkd-wait-online.service(8)` for all available options. 3288 ''; 3289 type = with types; listOf str; 3290 default = [ ]; 3291 }; 3292 }; 3293 3294 }; 3295 3296 commonConfig = 3297 config: 3298 let 3299 cfg = config.systemd.network; 3300 mkUnit = f: def: { 3301 inherit (def) enable; 3302 text = f def; 3303 }; 3304 in 3305 mkMerge [ 3306 3307 # .link units are honored by udev, no matter if systemd-networkd is enabled or not. 3308 { 3309 systemd.network.units = mapAttrs' (n: v: nameValuePair "${n}.link" (mkUnit linkToUnit v)) cfg.links; 3310 3311 systemd.network.wait-online.extraArgs = [ 3312 "--timeout=${toString cfg.wait-online.timeout}" 3313 ] 3314 ++ optional cfg.wait-online.anyInterface "--any" 3315 ++ map (i: "--ignore=${i}") cfg.wait-online.ignoredInterfaces; 3316 } 3317 3318 (mkIf config.systemd.network.enable { 3319 3320 systemd.network.units = 3321 mapAttrs' (n: v: nameValuePair "${n}.netdev" (mkUnit netdevToUnit v)) cfg.netdevs 3322 // mapAttrs' (n: v: nameValuePair "${n}.network" (mkUnit networkToUnit v)) cfg.networks; 3323 3324 # systemd-networkd is socket-activated by kernel netlink route change 3325 # messages. It is important to have systemd buffer those on behalf of 3326 # networkd. 3327 systemd.sockets.systemd-networkd.wantedBy = [ "sockets.target" ]; 3328 3329 systemd.services.systemd-networkd-wait-online = { 3330 inherit (cfg.wait-online) enable; 3331 wantedBy = [ "network-online.target" ]; 3332 serviceConfig.ExecStart = [ 3333 "" 3334 "${config.systemd.package}/lib/systemd/systemd-networkd-wait-online ${utils.escapeSystemdExecArgs cfg.wait-online.extraArgs}" 3335 ]; 3336 }; 3337 3338 systemd.services."systemd-networkd-wait-online@" = { 3339 serviceConfig.ExecStart = [ 3340 "" 3341 "${config.systemd.package}/lib/systemd/systemd-networkd-wait-online -i %i ${utils.escapeSystemdExecArgs cfg.wait-online.extraArgs}" 3342 ]; 3343 }; 3344 3345 }) 3346 ]; 3347 3348 stage2Config = 3349 let 3350 cfg = config.systemd.network; 3351 unitFiles = mkUnitFiles "" cfg; 3352 in 3353 mkMerge [ 3354 (commonConfig config) 3355 3356 { environment.etc = unitFiles; } 3357 3358 (mkIf config.systemd.network.enable { 3359 3360 users.users.systemd-network.group = "systemd-network"; 3361 3362 systemd.additionalUpstreamSystemUnits = [ 3363 "systemd-networkd-wait-online.service" 3364 "systemd-networkd-wait-online@.service" 3365 "systemd-networkd.service" 3366 "systemd-networkd.socket" 3367 "systemd-networkd-persistent-storage.service" 3368 ]; 3369 3370 environment.etc."systemd/networkd.conf" = renderConfig cfg.config; 3371 3372 systemd.services.systemd-networkd = 3373 let 3374 isReloadableUnitFileName = unitFileName: strings.hasSuffix ".network" unitFileName; 3375 reloadableUnitFiles = attrsets.filterAttrs (k: v: isReloadableUnitFileName k) unitFiles; 3376 nonReloadableUnitFiles = attrsets.filterAttrs (k: v: !isReloadableUnitFileName k) unitFiles; 3377 unitFileSources = unitFiles: map (x: x.source) (attrValues unitFiles); 3378 in 3379 { 3380 wantedBy = [ "multi-user.target" ]; 3381 reloadTriggers = unitFileSources reloadableUnitFiles; 3382 restartTriggers = unitFileSources nonReloadableUnitFiles ++ [ 3383 config.environment.etc."systemd/networkd.conf".source 3384 ]; 3385 aliases = [ "dbus-org.freedesktop.network1.service" ]; 3386 notSocketActivated = true; 3387 stopIfChanged = false; 3388 }; 3389 3390 networking.iproute2 = mkIf (cfg.config.addRouteTablesToIPRoute2 && cfg.config.routeTables != { }) { 3391 enable = mkDefault true; 3392 rttablesExtraConfig = '' 3393 3394 # Extra tables defined in NixOS systemd.networkd.config.routeTables. 3395 ${concatStringsSep "\n" ( 3396 mapAttrsToList (name: number: "${toString number} ${name}") cfg.config.routeTables 3397 )} 3398 ''; 3399 }; 3400 3401 services.resolved.enable = mkDefault true; 3402 3403 }) 3404 ]; 3405 3406 stage1Options = { 3407 options.boot.initrd.systemd.network.networks = mkOption { 3408 type = 3409 with types; 3410 attrsOf (submodule { 3411 # Default in initrd is dhcp-on-stop, which is correct if flushBeforeStage2 = false 3412 config = mkIf config.boot.initrd.network.flushBeforeStage2 { 3413 networkConfig.KeepConfiguration = mkDefault false; 3414 }; 3415 }); 3416 }; 3417 }; 3418 3419 stage1Config = 3420 let 3421 cfg = config.boot.initrd.systemd.network; 3422 in 3423 mkMerge [ 3424 (commonConfig config.boot.initrd) 3425 3426 { 3427 systemd.network.enable = mkDefault config.boot.initrd.network.enable; 3428 systemd.contents = mkUnitFiles "/etc/" cfg; 3429 3430 # Networkd link files are used early by udev to set up interfaces early. 3431 # This must be done in stage 1 to avoid race conditions between udev and 3432 # network daemons. 3433 systemd.network.units = lib.filterAttrs (n: _: hasSuffix ".link" n) config.systemd.network.units; 3434 systemd.storePaths = [ 3435 "${config.boot.initrd.systemd.package}/lib/systemd/network/99-default.link" 3436 ]; 3437 } 3438 3439 (mkIf cfg.enable { 3440 3441 # For networkctl 3442 systemd.dbus.enable = mkDefault true; 3443 3444 systemd.additionalUpstreamUnits = [ 3445 "systemd-networkd-wait-online.service" 3446 "systemd-networkd.service" 3447 "systemd-networkd.socket" 3448 "systemd-network-generator.service" 3449 "network-online.target" 3450 "network-pre.target" 3451 "network.target" 3452 "nss-lookup.target" 3453 "nss-user-lookup.target" 3454 "remote-fs-pre.target" 3455 "remote-fs.target" 3456 ]; 3457 systemd.users.systemd-network = { }; 3458 systemd.groups.systemd-network = { }; 3459 3460 systemd.contents."/etc/systemd/networkd.conf" = renderConfig cfg.config; 3461 3462 systemd.services.systemd-networkd = { 3463 wantedBy = [ "initrd.target" ]; 3464 }; 3465 systemd.sockets.systemd-networkd = { 3466 wantedBy = [ "initrd.target" ]; 3467 }; 3468 3469 systemd.services.systemd-network-generator.wantedBy = [ "sysinit.target" ]; 3470 3471 systemd.storePaths = [ 3472 "${config.boot.initrd.systemd.package}/lib/systemd/systemd-networkd" 3473 "${config.boot.initrd.systemd.package}/lib/systemd/systemd-networkd-wait-online" 3474 "${config.boot.initrd.systemd.package}/lib/systemd/systemd-network-generator" 3475 ]; 3476 kernelModules = [ "af_packet" ]; 3477 3478 }) 3479 ]; 3480 3481in 3482 3483{ 3484 imports = [ stage1Options ]; 3485 3486 options = { 3487 systemd.network = commonOptions true; 3488 boot.initrd.systemd.network = commonOptions "shallow"; 3489 }; 3490 3491 config = mkMerge [ 3492 stage2Config 3493 (mkIf config.boot.initrd.systemd.enable { 3494 assertions = [ 3495 { 3496 assertion = 3497 !config.boot.initrd.network.udhcpc.enable && config.boot.initrd.network.udhcpc.extraArgs == [ ]; 3498 message = '' 3499 systemd stage 1 networking does not support 'boot.initrd.network.udhcpc'. Configure 3500 DHCP with 'networking.*' options or with 'boot.initrd.systemd.network' options. 3501 ''; 3502 } 3503 ]; 3504 3505 boot.initrd = stage1Config; 3506 }) 3507 ]; 3508}