pyrox.dev / nixpkgs
lol
fork atom

Merge pull request #293710 from B4dM4n/networkd-policy-rule-port-range

nixos/networkd: allow RoutingPolicyRule port ranges

Will Fancher 486e837c fc7885fb

options
unified split
Changed files
+16 -3
nixos
lib
systemd-lib.nix
modules
system
boot
networkd.nix
+14 -1
nixos/lib/systemd-lib.nix 
···

       
73

       
73

       
 

       
    optional (attr ? ${name} && (! isMacAddress attr.${name} && attr.${name} != "none"))


     

       
74

       
74

       
 

       
      "Systemd ${group} field `${name}` must be a valid MAC address or the special value `none`.";


     

       
75

       
75

       
 

       



     

       
76

       

       
-

       



     

       

       
76

       
+

       
  isNumberOrRangeOf = check: v:


     

       

       
77

       
+

       
    if isInt v


     

       

       
78

       
+

       
    then check v


     

       

       
79

       
+

       
    else let


     

       

       
80

       
+

       
      parts = splitString "-" v;


     

       

       
81

       
+

       
      lower = toIntBase10 (head parts);


     

       

       
82

       
+

       
      upper = if tail parts != [] then toIntBase10 (head (tail parts)) else lower;


     

       

       
83

       
+

       
    in


     

       

       
84

       
+

       
      length parts <= 2 && lower <= upper && check lower && check upper;


     

       
77

       
85

       
 

       
  isPort = i: i >= 0 && i <= 65535;


     

       

       
86

       
+

       
  isPortOrPortRange = isNumberOrRangeOf isPort;


     

       
78

       
87

       
 

       



     

       
79

       
88

       
 

       
  assertPort = name: group: attr:


     

       
80

       
89

       
 

       
    optional (attr ? ${name} && ! isPort attr.${name})


     

       
81

       
90

       
 

       
      "Error on the systemd ${group} field `${name}': ${attr.name} is not a valid port number.";


     

       

       
91

       
+

       



     

       

       
92

       
+

       
  assertPortOrPortRange = name: group: attr:


     

       

       
93

       
+

       
    optional (attr ? ${name} && ! isPortOrPortRange attr.${name})


     

       

       
94

       
+

       
      "Error on the systemd ${group} field `${name}': ${attr.name} is not a valid port number or range of port numbers.";


     

       
82

       
95

       
 

       



     

       
83

       
96

       
 

       
  assertValueOneOf = name: values: group: attr:


     

       
84

       
97

       
 

       
    optional (attr ? ${name} && !elem attr.${name} values)
+2 -2
nixos/modules/system/boot/networkd.nix 
···

       
729

       
729

       
 

       
        (assertInt "FirewallMark")


     

       
730

       
730

       
 

       
        (assertRange "FirewallMark" 1 4294967295)


     

       
731

       
731

       
 

       
        (assertInt "Priority")


     

       
732

       

       
-

       
        (assertPort "SourcePort")


     

       
733

       

       
-

       
        (assertPort "DestinationPort")


     

       

       
732

       
+

       
        (assertPortOrPortRange "SourcePort")


     

       

       
733

       
+

       
        (assertPortOrPortRange "DestinationPort")


     

       
734

       
734

       
 

       
        (assertValueOneOf "InvertRule" boolValues)


     

       
735

       
735

       
 

       
        (assertValueOneOf "Family" ["ipv4" "ipv6" "both"])


     

       
736

       
736

       
 

       
        (assertInt "SuppressPrefixLength")