commit bcfe7b2200af1eff797dfc9868e424c9d906ea23 · pyrox.dev/nixpkgs

+28 -1

nixos/modules/config/networking.nix

···

       84
       84
        
                     dnsmasq_conf=/etc/dnsmasq-conf.conf

     

       85
       85
        
                     dnsmasq_resolv=/etc/dnsmasq-resolv.conf

     

       86
       86
        
                   '';

     

       87
       87
       -
             };

     

       87
       87
       +
       

     

       88
       88
       +
             } // (optionalAttrs config.services.resolved.enable (

     

       89
       89
       +
               if dnsmasqResolve then {

     

       90
       90
       +
                 "dnsmasq-resolv.conf".source = "/run/systemd/resolve/resolv.conf";

     

       91
       91
       +
               } else {

     

       92
       92
       +
                 "resolv.conf".source = "/run/systemd/resolve/resolv.conf";

     

       93
       93
       +
               }

     

       94
       94
       +
             ));

     

       88
       95
        
       

     

       89
       96
        
           # The ‘ip-up’ target is started when we have IP connectivity.  So

     

       90
       97
        
           # services that depend on IP connectivity (like ntpd) should be

     

       91
       98
        
           # pulled in by this target.

     

       92
       99
        
           systemd.targets.ip-up.description = "Services Requiring IP Connectivity";

     

       100
       100
       +
       

     

       101
       101
       +
           # This is needed when /etc/resolv.conf is being overriden by networkd

     

       102
       102
       +
           # and other configurations. If the file is destroyed by an environment

     

       103
       103
       +
           # activation then it must be rebuilt so that applications which interface

     

       104
       104
       +
           # with /etc/resolv.conf directly don't break.

     

       105
       105
       +
           system.activationScripts.resolvconf = stringAfter [ "etc" "tmpfs" "var" ]

     

       106
       106
       +
             ''

     

       107
       107
       +
               # Systemd resolved controls its own resolv.conf

     

       108
       108
       +
               rm -f /run/resolvconf/interfaces/systemd

     

       109
       109
       +
               ${optionalString config.services.resolved.enable ''

     

       110
       110
       +
                 rm -rf /run/resolvconf/interfaces

     

       111
       111
       +
                 mkdir -p /run/resolvconf/interfaces

     

       112
       112
       +
                 ln -s /run/systemd/resolve/resolv.conf /run/resolvconf/interfaces/systemd

     

       113
       113
       +
               ''}

     

       114
       114
       +
       

     

       115
       115
       +
               # Make sure resolv.conf is up to date if not managed by systemd

     

       116
       116
       +
               ${optionalString (!config.services.resolved.enable) ''

     

       117
       117
       +
                 ${pkgs.openresolv}/bin/resolvconf -u

     

       118
       118
       +
               ''}

     

       119
       119
       +
             '';

     

       93
       120
        
       

     

       94
       121
        
         };

     

       95
       122

nixos/modules/module-list.nix

···

       388
       388
        
         ./tasks/kbd.nix

     

       389
       389
        
         ./tasks/lvm.nix

     

       390
       390
        
         ./tasks/network-interfaces.nix

     

       391
       391
       +
         ./tasks/network-interfaces-systemd.nix

     

       392
       392
       +
         ./tasks/network-interfaces-scripted.nix

     

       391
       393
        
         ./tasks/scsi-link-power-management.nix

     

       392
       394
        
         ./tasks/swraid.nix

     

       393
       395
        
         ./tasks/trackpoint.nix

+2 -2

nixos/modules/services/networking/chrony.nix

···

       100
       100
        
           jobs.chronyd =

     

       101
       101
        
             { description = "chrony daemon";

     

       102
       102
        
       

     

       103
       103
       -
               wantedBy = [ "ip-up.target" ];

     

       104
       104
       -
               partOf = [ "ip-up.target" ];

     

       103
       103
       +
               wantedBy = [ "multi-user.target" ];

     

       104
       104
       +
               after = [ "network.target" ];

     

       105
       105
        
       

     

       106
       106
        
               path = [ chrony ];

     

       107
       107

+17 -3

nixos/modules/services/networking/dhcpcd.nix

···

       8
       8
        
       

     

       9
       9
        
         cfg = config.networking.dhcpcd;

     

       10
       10
        
       

     

       11
       11
       +
         interfaces = attrValues config.networking.interfaces;

     

       12
       12
       +
       

     

       13
       13
       +
         enableDHCP = config.networking.useDHCP || any (i: i.useDHCP == true) interfaces;

     

       14
       14
       +
       

     

       11
       15
        
         # Don't start dhcpcd on explicitly configured interfaces or on

     

       12
       16
        
         # interfaces that are part of a bridge, bond or sit device.

     

       13
       17
        
         ignoredInterfaces =

     

       14
       14
       -
           map (i: i.name) (filter (i: i.ip4 != [ ] || i.ipAddress != null) (attrValues config.networking.interfaces))

     

       18
       18
       +
           map (i: i.name) (filter (i: if i.useDHCP != null then !i.useDHCP else i.ip4 != [ ] || i.ipAddress != null) interfaces)

     

       15
       19
        
           ++ mapAttrsToList (i: _: i) config.networking.sits

     

       16
       20
        
           ++ concatLists (attrValues (mapAttrs (n: v: v.interfaces) config.networking.bridges))

     

       17
       21
        
           ++ concatLists (attrValues (mapAttrs (n: v: v.interfaces) config.networking.bonds))

     

       18
       22
        
           ++ config.networking.dhcpcd.denyInterfaces;

     

       23
       23
       +
       

     

       24
       24
       +
         arrayAppendOrNull = a1: a2: if a1 == null && a2 == null then null

     

       25
       25
       +
           else if a1 == null then a2 else if a2 == null then a1

     

       26
       26
       +
             else a1 ++ a2;

     

       27
       27
       +
       

     

       28
       28
       +
         # If dhcp is disabled but explicit interfaces are enabled,

     

       29
       29
       +
         # we need to provide dhcp just for those interfaces.

     

       30
       30
       +
         allowInterfaces = arrayAppendOrNull cfg.allowInterfaces

     

       31
       31
       +
           (if !config.networking.useDHCP && enableDHCP then

     

       32
       32
       +
             map (i: i.name) (filter (i: i.useDHCP == true) interfaces) else null);

     

       19
       33
        
       

     

       20
       34
        
         # Config file adapted from the one that ships with dhcpcd.

     

       21
       35
        
         dhcpcdConf = pkgs.writeText "dhcpcd.conf"

     
···

       41
       55
        
             denyinterfaces ${toString ignoredInterfaces} lo peth* vif* tap* tun* virbr* vnet* vboxnet* sit*

     

       42
       56
        
       

     

       43
       57
        
             # Use the list of allowed interfaces if specified

     

       44
       44
       -
             ${optionalString (cfg.allowInterfaces != null) "allowinterfaces ${toString cfg.allowInterfaces}"}

     

       58
       58
       +
             ${optionalString (allowInterfaces != null) "allowinterfaces ${toString allowInterfaces}"}

     

       45
       59
        
       

     

       46
       60
        
             ${cfg.extraConfig}

     

       47
       61
        
           '';

     
···

       132
       146
        
       

     

       133
       147
        
         ###### implementation

     

       134
       148
        
       

     

       135
       135
       -
         config = mkIf config.networking.useDHCP {

     

       149
       149
       +
         config = mkIf enableDHCP {

     

       136
       150
        
       

     

       137
       151
        
           systemd.services.dhcpcd =

     

       138
       152
        
             { description = "DHCP Client";

+1 -1

nixos/modules/services/networking/dnsmasq.nix

···

       82
       82
        
       

     

       83
       83
        
           systemd.services.dnsmasq = {

     

       84
       84
        
               description = "dnsmasq daemon";

     

       85
       85
       -
               after = [ "network.target" ];

     

       85
       85
       +
               after = [ "network.target" "systemd-resolved.conf" ];

     

       86
       86
        
               wantedBy = [ "multi-user.target" ];

     

       87
       87
        
               path = [ dnsmasq ];

     

       88
       88
        
               preStart = ''

+1 -2

nixos/modules/services/networking/gogoclient.nix

···

       76
       76
        
               exec ${pkgs.gogoclient}/bin/gogoc -y -f /var/lib/gogoc/gogoc.conf

     

       77
       77
        
             '';

     

       78
       78
        
           } // optionalAttrs cfg.autorun {

     

       79
       79
       -
             wantedBy = [ "ip-up.target" ];

     

       80
       80
       -
             partOf = [ "ip-up.target" ];

     

       79
       79
       +
             wantedBy = [ "multi-user.target" ];

     

       81
       80
        
           };

     

       82
       81
        
       

     

       83
       82
        
         };

nixos/modules/services/networking/networkmanager.nix

···

       52
       52
        
           #!/bin/sh

     

       53
       53
        
           if test "$2" = "up"; then

     

       54
       54
        
             ${config.systemd.package}/bin/systemctl start ip-up.target

     

       55
       55
       +
             ${config.systemd.package}/bin/systemctl start network-online.target

     

       55
       56
        
           fi

     

       56
       57
        
         '';

     

       57
       58

+1 -2

nixos/modules/services/networking/ntpd.nix

···

       77
       77
        
           jobs.ntpd =

     

       78
       78
        
             { description = "NTP Daemon";

     

       79
       79
        
       

     

       80
       80
       -
               wantedBy = [ "ip-up.target" ];

     

       81
       81
       -
               partOf = [ "ip-up.target" ];

     

       80
       80
       +
               wantedBy = [ "multi-user.target" ];

     

       82
       81
        
       

     

       83
       82
        
               path = [ ntp ];

     

       84
       83

+1 -2

nixos/modules/services/networking/openntpd.nix

···

       41
       41
        
       

     

       42
       42
        
           systemd.services.openntpd = {

     

       43
       43
        
             description = "OpenNTP Server";

     

       44
       44
       -
             wantedBy = [ "ip-up.target" ];

     

       45
       45
       -
             partOf = [ "ip-up.target" ];

     

       44
       44
       +
             wantedBy = [ "multi-user.target" ];

     

       46
       45
        
             serviceConfig.ExecStart = "${package}/sbin/ntpd -d -f ${cfgFile}";

     

       47
       46
        
           };

     

       48
       47
        
         };

-2

nixos/modules/system/boot/stage-2-init.sh

···

       141
       141
        
       # Use /etc/resolv.conf supplied by systemd-nspawn, if applicable.

     

       142
       142
        
       if [ -n "@useHostResolvConf@" -a -e /etc/resolv.conf ]; then

     

       143
       143
        
           cat /etc/resolv.conf | resolvconf -m 1000 -a host

     

       144
       144
       -
       else

     

       145
       145
       -
           touch /etc/resolv.conf

     

       146
       144
        
       fi

     

       147
       145
        
       

     

       148
       146

+528 -9

nixos/modules/system/boot/systemd-unit-options.nix

···

       4
       4
        
       

     

       5
       5
        
       let

     

       6
       6
        
       

     

       7
       7
       -
         checkService = v:

     

       8
       8
       -
           let assertValueOneOf = name: values: attr:

     

       9
       9
       -
                 let val = attr.${name};

     

       10
       10
       -
                 in optional (attr ? ${name} && !elem val values) "Systemd service field `${name}' cannot have value `${val}'.";

     

       11
       11
       -
               checkType = assertValueOneOf "Type" ["simple" "forking" "oneshot" "dbus" "notify" "idle"];

     

       12
       12
       -
               checkRestart = assertValueOneOf "Restart" ["no" "on-success" "on-failure" "on-abort" "always"];

     

       13
       13
       -
               errors = concatMap (c: c v) [checkType checkRestart];

     

       14
       14
       -
           in if errors == [] then true

     

       15
       15
       -
              else builtins.trace (concatStringsSep "\n" errors) false;

     

       7
       7
       +
         boolValues = [true false "yes" "no"];

     

       8
       8
       +
       

     

       9
       9
       +
         assertValueOneOf = name: values: group: attr:

     

       10
       10
       +
           optional (attr ? ${name} && !elem attr.${name} values)

     

       11
       11
       +
             "Systemd ${group} field `${name}' cannot have value `${attr.${name}}'.";

     

       12
       12
       +
       

     

       13
       13
       +
         assertHasField = name: group: attr:

     

       14
       14
       +
           optional (!(attr ? ${name}))

     

       15
       15
       +
             "Systemd ${group} field `${name}' must exist.";

     

       16
       16
       +
       

     

       17
       17
       +
         assertOnlyFields = fields: group: attr:

     

       18
       18
       +
           let badFields = filter (name: ! elem name fields) (attrNames attr); in

     

       19
       19
       +
           optional (badFields != [ ])

     

       20
       20
       +
             "Systemd ${group} has extra fields [${concatStringsSep " " badFields}].";

     

       21
       21
       +
       

     

       22
       22
       +
         assertRange = name: min: max: group: attr:

     

       23
       23
       +
           optional (attr ? ${name} && !(min <= attr.${name} && max >= attr.${name}))

     

       24
       24
       +
             "Systemd ${group} field `${name}' is outside the range [${toString min},${toString max}]";

     

       25
       25
       +
       

     

       26
       26
       +
         digits = map toString (range 0 9);

     

       27
       27
       +
       

     

       28
       28
       +
         isByteFormat = s:

     

       29
       29
       +
           let

     

       30
       30
       +
             l = reverseList (stringToCharacters s);

     

       31
       31
       +
             suffix = head l;

     

       32
       32
       +
             nums = tail l;

     

       33
       33
       +
           in elem suffix (["K" "M" "G" "T"] ++ digits)

     

       34
       34
       +
             && all (num: elem num digits) nums;

     

       35
       35
       +
       

     

       36
       36
       +
         assertByteFormat = name: group: attr:

     

       37
       37
       +
           optional (attr ? ${name} && ! isByteFormat attr.${name})

     

       38
       38
       +
             "Systemd ${group} field `${name}' must be in byte format [0-9]+[KMGT].";

     

       39
       39
       +
       

     

       40
       40
       +
         hexChars = stringToCharacters "0123456789abcdefABCDEF";

     

       41
       41
       +
       

     

       42
       42
       +
         isMacAddress = s: stringLength s == 17

     

       43
       43
       +
           && flip all (splitString ":" s) (bytes:

     

       44
       44
       +
             all (byte: elem byte hexChars) (stringToCharacters bytes)

     

       45
       45
       +
           );

     

       46
       46
       +
       

     

       47
       47
       +
         assertMacAddress = name: group: attr:

     

       48
       48
       +
           optional (attr ? ${name} && ! isMacAddress attr.${name})

     

       49
       49
       +
             "Systemd ${group} field `${name}' must be a valid mac address.";

     

       50
       50
       +
       

     

       51
       51
       +
         checkUnitConfig = group: checks: v:

     

       52
       52
       +
           let errors = concatMap (c: c group v) checks; in

     

       53
       53
       +
           if errors == [] then true

     

       54
       54
       +
             else builtins.trace (concatStringsSep "\n" errors) false;

     

       55
       55
       +
       

     

       56
       56
       +
         checkService = checkUnitConfig "Service" [

     

       57
       57
       +
           (assertValueOneOf "Type" [

     

       58
       58
       +
             "simple" "forking" "oneshot" "dbus" "notify" "idle"

     

       59
       59
       +
           ])

     

       60
       60
       +
           (assertValueOneOf "Restart" [

     

       61
       61
       +
             "no" "on-success" "on-failure" "on-abort" "always"

     

       62
       62
       +
           ])

     

       63
       63
       +
         ];

     

       64
       64
       +
       

     

       65
       65
       +
         checkLink = checkUnitConfig "Link" [

     

       66
       66
       +
           (assertOnlyFields [

     

       67
       67
       +
             "Description" "Alias" "MACAddressPolicy" "MACAddress" "NamePolicy" "Name"

     

       68
       68
       +
             "MTUBytes" "BitsPerSecond" "Duplex" "WakeOnLan"

     

       69
       69
       +
           ])

     

       70
       70
       +
           (assertValueOneOf "MACAddressPolicy" ["persistent" "random"])

     

       71
       71
       +
           (assertMacAddress "MACAddress")

     

       72
       72
       +
           (assertValueOneOf "NamePolicy" [

     

       73
       73
       +
             "kernel" "database" "onboard" "slot" "path" "mac"

     

       74
       74
       +
           ])

     

       75
       75
       +
           (assertByteFormat "MTUBytes")

     

       76
       76
       +
           (assertByteFormat "BitsPerSecond")

     

       77
       77
       +
           (assertValueOneOf "Duplex" ["half" "full"])

     

       78
       78
       +
           (assertValueOneOf "WakeOnLan" ["phy" "magic" "off"])

     

       79
       79
       +
         ];

     

       80
       80
       +
       

     

       81
       81
       +
         checkNetdev = checkUnitConfig "Netdev" [

     

       82
       82
       +
           (assertOnlyFields [

     

       83
       83
       +
             "Description" "Name" "Kind" "MTUBytes" "MACAddress"

     

       84
       84
       +
           ])

     

       85
       85
       +
           (assertHasField "Name")

     

       86
       86
       +
           (assertHasField "Kind")

     

       87
       87
       +
           (assertValueOneOf "Kind" [

     

       88
       88
       +
             "bridge" "bond" "vlan" "macvlan" "vxlan" "ipip"

     

       89
       89
       +
             "gre" "sit" "vti" "veth" "tun" "tap" "dummy"

     

       90
       90
       +
           ])

     

       91
       91
       +
           (assertByteFormat "MTUBytes")

     

       92
       92
       +
           (assertMacAddress "MACAddress")

     

       93
       93
       +
         ];

     

       94
       94
       +
       

     

       95
       95
       +
         checkVlan = checkUnitConfig "VLAN" [

     

       96
       96
       +
           (assertOnlyFields ["Id"])

     

       97
       97
       +
           (assertRange "Id" 0 4094)

     

       98
       98
       +
         ];

     

       99
       99
       +
       

     

       100
       100
       +
         checkMacvlan = checkUnitConfig "MACVLAN" [

     

       101
       101
       +
           (assertOnlyFields ["Mode"])

     

       102
       102
       +
           (assertValueOneOf "Mode" ["private" "vepa" "bridge" "passthru"])

     

       103
       103
       +
         ];

     

       104
       104
       +
       

     

       105
       105
       +
         checkVxlan = checkUnitConfig "VXLAN" [

     

       106
       106
       +
           (assertOnlyFields ["Id" "Group" "TOS" "TTL" "MacLearning"])

     

       107
       107
       +
           (assertRange "TTL" 0 255)

     

       108
       108
       +
           (assertValueOneOf "MacLearning" boolValues)

     

       109
       109
       +
         ];

     

       110
       110
       +
       

     

       111
       111
       +
         checkTunnel = checkUnitConfig "Tunnel" [

     

       112
       112
       +
           (assertOnlyFields ["Local" "Remote" "TOS" "TTL" "DiscoverPathMTU"])

     

       113
       113
       +
           (assertRange "TTL" 0 255)

     

       114
       114
       +
           (assertValueOneOf "DiscoverPathMTU" boolValues)

     

       115
       115
       +
         ];

     

       116
       116
       +
       

     

       117
       117
       +
         checkPeer = checkUnitConfig "Peer" [

     

       118
       118
       +
           (assertOnlyFields ["Name" "MACAddress"])

     

       119
       119
       +
           (assertMacAddress "MACAddress")

     

       120
       120
       +
         ];

     

       121
       121
       +
       

     

       122
       122
       +
         tunTapChecks = [

     

       123
       123
       +
           (assertOnlyFields ["OneQueue" "MultiQueue" "PacketInfo" "User" "Group"])

     

       124
       124
       +
           (assertValueOneOf "OneQueue" boolValues)

     

       125
       125
       +
           (assertValueOneOf "MultiQueue" boolValues)

     

       126
       126
       +
           (assertValueOneOf "PacketInfo" boolValues)

     

       127
       127
       +
         ];

     

       128
       128
       +
       

     

       129
       129
       +
         checkTun = checkUnitConfig "Tun" tunTapChecks;

     

       130
       130
       +
       

     

       131
       131
       +
         checkTap = checkUnitConfig "Tap" tunTapChecks;

     

       132
       132
       +
       

     

       133
       133
       +
         checkBond = checkUnitConfig "Bond" [

     

       134
       134
       +
           (assertOnlyFields [

     

       135
       135
       +
             "Mode" "TransmitHashPolicy" "LACPTransmitRate" "MIIMonitorSec"

     

       136
       136
       +
             "UpDelaySec" "DownDelaySec"

     

       137
       137
       +
           ])

     

       138
       138
       +
           (assertValueOneOf "Mode" [

     

       139
       139
       +
             "balance-rr" "active-backup" "balance-xor"

     

       140
       140
       +
             "broadcast" "802.3ad" "balance-tlb" "balance-alb"

     

       141
       141
       +
           ])

     

       142
       142
       +
           (assertValueOneOf "TransmitHashPolicy" [

     

       143
       143
       +
             "layer2" "layer3+4" "layer2+3" "encap2+3" "802.3ad" "encap3+4"

     

       144
       144
       +
           ])

     

       145
       145
       +
           (assertValueOneOf "LACPTransmitRate" ["slow" "fast"])

     

       146
       146
       +
         ];

     

       147
       147
       +
       

     

       148
       148
       +
         checkNetwork = checkUnitConfig "Network" [

     

       149
       149
       +
           (assertOnlyFields [

     

       150
       150
       +
             "Description" "DHCP" "DHCPServer" "IPv4LL" "IPv4LLRoute"

     

       151
       151
       +
             "LLMNR" "Domains" "Bridge" "Bond"

     

       152
       152
       +
           ])

     

       153
       153
       +
           (assertValueOneOf "DHCP" ["both" "none" "v4" "v6"])

     

       154
       154
       +
           (assertValueOneOf "DHCPServer" boolValues)

     

       155
       155
       +
           (assertValueOneOf "IPv4LL" boolValues)

     

       156
       156
       +
           (assertValueOneOf "IPv4LLRoute" boolValues)

     

       157
       157
       +
           (assertValueOneOf "LLMNR" boolValues)

     

       158
       158
       +
         ];

     

       159
       159
       +
       

     

       160
       160
       +
         checkAddress = checkUnitConfig "Address" [

     

       161
       161
       +
           (assertOnlyFields ["Address" "Peer" "Broadcast" "Label"])

     

       162
       162
       +
           (assertHasField "Address")

     

       163
       163
       +
         ];

     

       164
       164
       +
       

     

       165
       165
       +
         checkRoute = checkUnitConfig "Route" [

     

       166
       166
       +
           (assertOnlyFields ["Gateway" "Destination" "Metric"])

     

       167
       167
       +
           (assertHasField "Gateway")

     

       168
       168
       +
         ];

     

       169
       169
       +
       

     

       170
       170
       +
         checkDhcp = checkUnitConfig "DHCP" [

     

       171
       171
       +
           (assertOnlyFields [

     

       172
       172
       +
             "UseDNS" "UseMTU" "SendHostname" "UseHostname" "UseDomains" "UseRoutes"

     

       173
       173
       +
             "CriticalConnections" "VendorClassIdentifier" "RequestBroadcast"

     

       174
       174
       +
             "RouteMetric"

     

       175
       175
       +
           ])

     

       176
       176
       +
           (assertValueOneOf "UseDNS" boolValues)

     

       177
       177
       +
           (assertValueOneOf "UseMTU" boolValues)

     

       178
       178
       +
           (assertValueOneOf "SendHostname" boolValues)

     

       179
       179
       +
           (assertValueOneOf "UseHostname" boolValues)

     

       180
       180
       +
           (assertValueOneOf "UseDomains" boolValues)

     

       181
       181
       +
           (assertValueOneOf "UseRoutes" boolValues)

     

       182
       182
       +
           (assertValueOneOf "CriticalConnections" boolValues)

     

       183
       183
       +
           (assertValueOneOf "RequestBroadcast" boolValues)

     

       184
       184
       +
         ];

     

       16
       185
        
       

     

       17
       186
        
         unitOption = mkOptionType {

     

       18
       187
        
           name = "systemd option";

     
···

       137
       306
        
             description = ''

     

       138
       307
        
               If the specified units are started, then this unit is stopped

     

       139
       308
        
               and vice versa.

     

       309
       309
       +
             '';

     

       310
       310
       +
           };

     

       311
       311
       +
       

     

       312
       312
       +
           requisite = mkOption {

     

       313
       313
       +
             default = [];

     

       314
       314
       +
             type = types.listOf types.str;

     

       315
       315
       +
             description = ''

     

       316
       316
       +
               Similar to requires. However if the units listed are not started,

     

       317
       317
       +
               they will not be started and the transaction will fail.

     

       140
       318
        
             '';

     

       141
       319
        
           };

     

       142
       320
        
       

     
···

       440
       618
        
         };

     

       441
       619
        
       

     

       442
       620
        
         targetOptions = commonUnitOptions;

     

       621
       621
       +
       

     

       622
       622
       +
         commonNetworkOptions = {

     

       623
       623
       +
       

     

       624
       624
       +
           enable = mkOption {

     

       625
       625
       +
             default = true;

     

       626
       626
       +
             type = types.bool;

     

       627
       627
       +
             description = ''

     

       628
       628
       +
               If set to false, this unit will be a symlink to

     

       629
       629
       +
               /dev/null.

     

       630
       630
       +
             '';

     

       631
       631
       +
           };

     

       632
       632
       +
       

     

       633
       633
       +
           matchConfig = mkOption {

     

       634
       634
       +
             default = {};

     

       635
       635
       +
             example = { Name = "eth0"; };

     

       636
       636
       +
             type = types.attrsOf unitOption;

     

       637
       637
       +
             description = ''

     

       638
       638
       +
               Each attribute in this set specifies an option in the

     

       639
       639
       +
               <literal>[Match]</literal> section of the unit.  See

     

       640
       640
       +
               <citerefentry><refentrytitle>systemd.link</refentrytitle><manvolnum>5</manvolnum></citerefentry>

     

       641
       641
       +
               <citerefentry><refentrytitle>systemd.netdev</refentrytitle><manvolnum>5</manvolnum></citerefentry>

     

       642
       642
       +
               <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>

     

       643
       643
       +
               for details.

     

       644
       644
       +
             '';

     

       645
       645
       +
           };

     

       646
       646
       +
       

     

       647
       647
       +
         };

     

       648
       648
       +
       

     

       649
       649
       +
         linkOptions = commonNetworkOptions // {

     

       650
       650
       +
       

     

       651
       651
       +
           linkConfig = mkOption {

     

       652
       652
       +
             default = {};

     

       653
       653
       +
             example = { MACAddress = "00:ff:ee:aa:cc:dd"; };

     

       654
       654
       +
             type = types.addCheck (types.attrsOf unitOption) checkLink;

     

       655
       655
       +
             description = ''

     

       656
       656
       +
               Each attribute in this set specifies an option in the

     

       657
       657
       +
               <literal>[Link]</literal> section of the unit.  See

     

       658
       658
       +
               <citerefentry><refentrytitle>systemd.link</refentrytitle>

     

       659
       659
       +
               <manvolnum>5</manvolnum></citerefentry> for details.

     

       660
       660
       +
             '';

     

       661
       661
       +
           };

     

       662
       662
       +
       

     

       663
       663
       +
         };

     

       664
       664
       +
       

     

       665
       665
       +
         netdevOptions = commonNetworkOptions // {

     

       666
       666
       +
       

     

       667
       667
       +
           netdevConfig = mkOption {

     

       668
       668
       +
             default = {};

     

       669
       669
       +
             example = { Name = "mybridge"; Kind = "bridge"; };

     

       670
       670
       +
             type = types.addCheck (types.attrsOf unitOption) checkNetdev;

     

       671
       671
       +
             description = ''

     

       672
       672
       +
               Each attribute in this set specifies an option in the

     

       673
       673
       +
               <literal>[Netdev]</literal> section of the unit.  See

     

       674
       674
       +
               <citerefentry><refentrytitle>systemd.netdev</refentrytitle>

     

       675
       675
       +
               <manvolnum>5</manvolnum></citerefentry> for details.

     

       676
       676
       +
             '';

     

       677
       677
       +
           };

     

       678
       678
       +
       

     

       679
       679
       +
           vlanConfig = mkOption {

     

       680
       680
       +
             default = {};

     

       681
       681
       +
             example = { Id = "4"; };

     

       682
       682
       +
             type = types.addCheck (types.attrsOf unitOption) checkVlan;

     

       683
       683
       +
             description = ''

     

       684
       684
       +
               Each attribute in this set specifies an option in the

     

       685
       685
       +
               <literal>[VLAN]</literal> section of the unit.  See

     

       686
       686
       +
               <citerefentry><refentrytitle>systemd.netdev</refentrytitle>

     

       687
       687
       +
               <manvolnum>5</manvolnum></citerefentry> for details.

     

       688
       688
       +
             '';

     

       689
       689
       +
           };

     

       690
       690
       +
       

     

       691
       691
       +
           macvlanConfig = mkOption {

     

       692
       692
       +
             default = {};

     

       693
       693
       +
             example = { Mode = "private"; };

     

       694
       694
       +
             type = types.addCheck (types.attrsOf unitOption) checkMacvlan;

     

       695
       695
       +
             description = ''

     

       696
       696
       +
               Each attribute in this set specifies an option in the

     

       697
       697
       +
               <literal>[MACVLAN]</literal> section of the unit.  See

     

       698
       698
       +
               <citerefentry><refentrytitle>systemd.netdev</refentrytitle>

     

       699
       699
       +
               <manvolnum>5</manvolnum></citerefentry> for details.

     

       700
       700
       +
             '';

     

       701
       701
       +
           };

     

       702
       702
       +
       

     

       703
       703
       +
           vxlanConfig = mkOption {

     

       704
       704
       +
             default = {};

     

       705
       705
       +
             example = { Id = "4"; };

     

       706
       706
       +
             type = types.addCheck (types.attrsOf unitOption) checkVxlan;

     

       707
       707
       +
             description = ''

     

       708
       708
       +
               Each attribute in this set specifies an option in the

     

       709
       709
       +
               <literal>[VXLAN]</literal> section of the unit.  See

     

       710
       710
       +
               <citerefentry><refentrytitle>systemd.netdev</refentrytitle>

     

       711
       711
       +
               <manvolnum>5</manvolnum></citerefentry> for details.

     

       712
       712
       +
             '';

     

       713
       713
       +
           };

     

       714
       714
       +
       

     

       715
       715
       +
           tunnelConfig = mkOption {

     

       716
       716
       +
             default = {};

     

       717
       717
       +
             example = { Remote = "192.168.1.1"; };

     

       718
       718
       +
             type = types.addCheck (types.attrsOf unitOption) checkTunnel;

     

       719
       719
       +
             description = ''

     

       720
       720
       +
               Each attribute in this set specifies an option in the

     

       721
       721
       +
               <literal>[Tunnel]</literal> section of the unit.  See

     

       722
       722
       +
               <citerefentry><refentrytitle>systemd.netdev</refentrytitle>

     

       723
       723
       +
               <manvolnum>5</manvolnum></citerefentry> for details.

     

       724
       724
       +
             '';

     

       725
       725
       +
           };

     

       726
       726
       +
       

     

       727
       727
       +
           peerConfig = mkOption {

     

       728
       728
       +
             default = {};

     

       729
       729
       +
             example = { Name = "veth2"; };

     

       730
       730
       +
             type = types.addCheck (types.attrsOf unitOption) checkPeer;

     

       731
       731
       +
             description = ''

     

       732
       732
       +
               Each attribute in this set specifies an option in the

     

       733
       733
       +
               <literal>[Peer]</literal> section of the unit.  See

     

       734
       734
       +
               <citerefentry><refentrytitle>systemd.netdev</refentrytitle>

     

       735
       735
       +
               <manvolnum>5</manvolnum></citerefentry> for details.

     

       736
       736
       +
             '';

     

       737
       737
       +
           };

     

       738
       738
       +
       

     

       739
       739
       +
           tunConfig = mkOption {

     

       740
       740
       +
             default = {};

     

       741
       741
       +
             example = { User = "openvpn"; };

     

       742
       742
       +
             type = types.addCheck (types.attrsOf unitOption) checkTun;

     

       743
       743
       +
             description = ''

     

       744
       744
       +
               Each attribute in this set specifies an option in the

     

       745
       745
       +
               <literal>[Tun]</literal> section of the unit.  See

     

       746
       746
       +
               <citerefentry><refentrytitle>systemd.netdev</refentrytitle>

     

       747
       747
       +
               <manvolnum>5</manvolnum></citerefentry> for details.

     

       748
       748
       +
             '';

     

       749
       749
       +
           };

     

       750
       750
       +
       

     

       751
       751
       +
           tapConfig = mkOption {

     

       752
       752
       +
             default = {};

     

       753
       753
       +
             example = { User = "openvpn"; };

     

       754
       754
       +
             type = types.addCheck (types.attrsOf unitOption) checkTap;

     

       755
       755
       +
             description = ''

     

       756
       756
       +
               Each attribute in this set specifies an option in the

     

       757
       757
       +
               <literal>[Tap]</literal> section of the unit.  See

     

       758
       758
       +
               <citerefentry><refentrytitle>systemd.netdev</refentrytitle>

     

       759
       759
       +
               <manvolnum>5</manvolnum></citerefentry> for details.

     

       760
       760
       +
             '';

     

       761
       761
       +
           };

     

       762
       762
       +
       

     

       763
       763
       +
           bondConfig = mkOption {

     

       764
       764
       +
             default = {};

     

       765
       765
       +
             example = { Mode = "802.3ad"; };

     

       766
       766
       +
             type = types.addCheck (types.attrsOf unitOption) checkBond;

     

       767
       767
       +
             description = ''

     

       768
       768
       +
               Each attribute in this set specifies an option in the

     

       769
       769
       +
               <literal>[Bond]</literal> section of the unit.  See

     

       770
       770
       +
               <citerefentry><refentrytitle>systemd.netdev</refentrytitle>

     

       771
       771
       +
               <manvolnum>5</manvolnum></citerefentry> for details.

     

       772
       772
       +
             '';

     

       773
       773
       +
           };

     

       774
       774
       +
       

     

       775
       775
       +
         };

     

       776
       776
       +
       

     

       777
       777
       +
         addressOptions = {

     

       778
       778
       +
       

     

       779
       779
       +
           addressConfig = mkOption {

     

       780
       780
       +
             default = {};

     

       781
       781
       +
             example = { Address = "192.168.0.100/24"; };

     

       782
       782
       +
             type = types.addCheck (types.attrsOf unitOption) checkAddress;

     

       783
       783
       +
             description = ''

     

       784
       784
       +
               Each attribute in this set specifies an option in the

     

       785
       785
       +
               <literal>[Address]</literal> section of the unit.  See

     

       786
       786
       +
               <citerefentry><refentrytitle>systemd.network</refentrytitle>

     

       787
       787
       +
               <manvolnum>5</manvolnum></citerefentry> for details.

     

       788
       788
       +
             '';

     

       789
       789
       +
           };

     

       790
       790
       +
       

     

       791
       791
       +
         };

     

       792
       792
       +
       

     

       793
       793
       +
         routeOptions = {

     

       794
       794
       +
       

     

       795
       795
       +
           routeConfig = mkOption {

     

       796
       796
       +
             default = {};

     

       797
       797
       +
             example = { Gateway = "192.168.0.1"; };

     

       798
       798
       +
             type = types.addCheck (types.attrsOf unitOption) checkRoute;

     

       799
       799
       +
             description = ''

     

       800
       800
       +
               Each attribute in this set specifies an option in the

     

       801
       801
       +
               <literal>[Route]</literal> section of the unit.  See

     

       802
       802
       +
               <citerefentry><refentrytitle>systemd.network</refentrytitle>

     

       803
       803
       +
               <manvolnum>5</manvolnum></citerefentry> for details.

     

       804
       804
       +
             '';

     

       805
       805
       +
           };

     

       806
       806
       +
       

     

       807
       807
       +
         };

     

       808
       808
       +
       

     

       809
       809
       +
         networkOptions = commonNetworkOptions // {

     

       810
       810
       +
       

     

       811
       811
       +
           networkConfig = mkOption {

     

       812
       812
       +
             default = {};

     

       813
       813
       +
             example = { Description = "My Network"; };

     

       814
       814
       +
             type = types.addCheck (types.attrsOf unitOption) checkNetwork;

     

       815
       815
       +
             description = ''

     

       816
       816
       +
               Each attribute in this set specifies an option in the

     

       817
       817
       +
               <literal>[Network]</literal> section of the unit.  See

     

       818
       818
       +
               <citerefentry><refentrytitle>systemd.network</refentrytitle>

     

       819
       819
       +
               <manvolnum>5</manvolnum></citerefentry> for details.

     

       820
       820
       +
             '';

     

       821
       821
       +
           };

     

       822
       822
       +
       

     

       823
       823
       +
           dhcpConfig = mkOption {

     

       824
       824
       +
             default = {};

     

       825
       825
       +
             example = { UseDNS = true; UseRoutes = true; };

     

       826
       826
       +
             type = types.addCheck (types.attrsOf unitOption) checkDhcp;

     

       827
       827
       +
             description = ''

     

       828
       828
       +
               Each attribute in this set specifies an option in the

     

       829
       829
       +
               <literal>[DHCP]</literal> section of the unit.  See

     

       830
       830
       +
               <citerefentry><refentrytitle>systemd.network</refentrytitle>

     

       831
       831
       +
               <manvolnum>5</manvolnum></citerefentry> for details.

     

       832
       832
       +
             '';

     

       833
       833
       +
           };

     

       834
       834
       +
       

     

       835
       835
       +
           name = mkOption {

     

       836
       836
       +
             type = types.nullOr types.str;

     

       837
       837
       +
             default = null;

     

       838
       838
       +
             description = ''

     

       839
       839
       +
               The name of the network interface to match against.

     

       840
       840
       +
             '';

     

       841
       841
       +
           };

     

       842
       842
       +
       

     

       843
       843
       +
           DHCP = mkOption {

     

       844
       844
       +
             type = types.nullOr types.str;

     

       845
       845
       +
             default = null;

     

       846
       846
       +
             description = ''

     

       847
       847
       +
               Whether to enable DHCP on the interfaces matched.

     

       848
       848
       +
             '';

     

       849
       849
       +
           };

     

       850
       850
       +
       

     

       851
       851
       +
           domains = mkOption {

     

       852
       852
       +
             type = types.nullOr (types.listOf types.str);

     

       853
       853
       +
             default = null;

     

       854
       854
       +
             description = ''

     

       855
       855
       +
               A list of domains to pass to the network config.

     

       856
       856
       +
             '';

     

       857
       857
       +
           };

     

       858
       858
       +
       

     

       859
       859
       +
           address = mkOption {

     

       860
       860
       +
             default = [ ];

     

       861
       861
       +
             type = types.listOf types.str;

     

       862
       862
       +
             description = ''

     

       863
       863
       +
               A list of addresses to be added to the network section of the

     

       864
       864
       +
               unit.  See <citerefentry><refentrytitle>systemd.network</refentrytitle>

     

       865
       865
       +
               <manvolnum>5</manvolnum></citerefentry> for details.

     

       866
       866
       +
             '';

     

       867
       867
       +
           };

     

       868
       868
       +
       

     

       869
       869
       +
           gateway = mkOption {

     

       870
       870
       +
             default = [ ];

     

       871
       871
       +
             type = types.listOf types.str;

     

       872
       872
       +
             description = ''

     

       873
       873
       +
               A list of gateways to be added to the network section of the

     

       874
       874
       +
               unit.  See <citerefentry><refentrytitle>systemd.network</refentrytitle>

     

       875
       875
       +
               <manvolnum>5</manvolnum></citerefentry> for details.

     

       876
       876
       +
             '';

     

       877
       877
       +
           };

     

       878
       878
       +
       

     

       879
       879
       +
           dns = mkOption {

     

       880
       880
       +
             default = [ ];

     

       881
       881
       +
             type = types.listOf types.str;

     

       882
       882
       +
             description = ''

     

       883
       883
       +
               A list of dns servers to be added to the network section of the

     

       884
       884
       +
               unit.  See <citerefentry><refentrytitle>systemd.network</refentrytitle>

     

       885
       885
       +
               <manvolnum>5</manvolnum></citerefentry> for details.

     

       886
       886
       +
             '';

     

       887
       887
       +
           };

     

       888
       888
       +
       

     

       889
       889
       +
           ntp = mkOption {

     

       890
       890
       +
             default = [ ];

     

       891
       891
       +
             type = types.listOf types.str;

     

       892
       892
       +
             description = ''

     

       893
       893
       +
               A list of ntp servers to be added to the network section of the

     

       894
       894
       +
               unit.  See <citerefentry><refentrytitle>systemd.network</refentrytitle>

     

       895
       895
       +
               <manvolnum>5</manvolnum></citerefentry> for details.

     

       896
       896
       +
             '';

     

       897
       897
       +
           };

     

       898
       898
       +
       

     

       899
       899
       +
           vlan = mkOption {

     

       900
       900
       +
             default = [ ];

     

       901
       901
       +
             type = types.listOf types.str;

     

       902
       902
       +
             description = ''

     

       903
       903
       +
               A list of vlan interfaces to be added to the network section of the

     

       904
       904
       +
               unit.  See <citerefentry><refentrytitle>systemd.network</refentrytitle>

     

       905
       905
       +
               <manvolnum>5</manvolnum></citerefentry> for details.

     

       906
       906
       +
             '';

     

       907
       907
       +
           };

     

       908
       908
       +
       

     

       909
       909
       +
           macvlan = mkOption {

     

       910
       910
       +
             default = [ ];

     

       911
       911
       +
             type = types.listOf types.str;

     

       912
       912
       +
             description = ''

     

       913
       913
       +
               A list of macvlan interfaces to be added to the network section of the

     

       914
       914
       +
               unit.  See <citerefentry><refentrytitle>systemd.network</refentrytitle>

     

       915
       915
       +
               <manvolnum>5</manvolnum></citerefentry> for details.

     

       916
       916
       +
             '';

     

       917
       917
       +
           };

     

       918
       918
       +
       

     

       919
       919
       +
           vxlan = mkOption {

     

       920
       920
       +
             default = [ ];

     

       921
       921
       +
             type = types.listOf types.str;

     

       922
       922
       +
             description = ''

     

       923
       923
       +
               A list of vxlan interfaces to be added to the network section of the

     

       924
       924
       +
               unit.  See <citerefentry><refentrytitle>systemd.network</refentrytitle>

     

       925
       925
       +
               <manvolnum>5</manvolnum></citerefentry> for details.

     

       926
       926
       +
             '';

     

       927
       927
       +
           };

     

       928
       928
       +
       

     

       929
       929
       +
           tunnel = mkOption {

     

       930
       930
       +
             default = [ ];

     

       931
       931
       +
             type = types.listOf types.str;

     

       932
       932
       +
             description = ''

     

       933
       933
       +
               A list of tunnel interfaces to be added to the network section of the

     

       934
       934
       +
               unit.  See <citerefentry><refentrytitle>systemd.network</refentrytitle>

     

       935
       935
       +
               <manvolnum>5</manvolnum></citerefentry> for details.

     

       936
       936
       +
             '';

     

       937
       937
       +
           };

     

       938
       938
       +
       

     

       939
       939
       +
           addresses = mkOption {

     

       940
       940
       +
             default = [ ];

     

       941
       941
       +
             type = types.listOf types.optionSet;

     

       942
       942
       +
             options = [ addressOptions ];

     

       943
       943
       +
             description = ''

     

       944
       944
       +
               A list of address sections to be added to the unit.  See

     

       945
       945
       +
               <citerefentry><refentrytitle>systemd.network</refentrytitle>

     

       946
       946
       +
               <manvolnum>5</manvolnum></citerefentry> for details.

     

       947
       947
       +
             '';

     

       948
       948
       +
           };

     

       949
       949
       +
       

     

       950
       950
       +
           routes = mkOption {

     

       951
       951
       +
             default = [ ];

     

       952
       952
       +
             type = types.listOf types.optionSet;

     

       953
       953
       +
             options = [ routeOptions ];

     

       954
       954
       +
             description = ''

     

       955
       955
       +
               A list of route sections to be added to the unit.  See

     

       956
       956
       +
               <citerefentry><refentrytitle>systemd.network</refentrytitle>

     

       957
       957
       +
               <manvolnum>5</manvolnum></citerefentry> for details.

     

       958
       958
       +
             '';

     

       959
       959
       +
           };

     

       960
       960
       +
       

     

       961
       961
       +
         };

     

       443
       962
        
       

     

       444
       963
        
       }

+250 -4

nixos/modules/system/boot/systemd.nix

···

       96
       96
        
             "systemd-modules-load.service"

     

       97
       97
        
             "kmod-static-nodes.service"

     

       98
       98
        
       

     

       99
       99
       +
             # Networking

     

       100
       100
       +
             "systemd-networkd.service"

     

       101
       101
       +
             "systemd-networkd-wait-online.service"

     

       102
       102
       +
             "systemd-resolved.service"

     

       103
       103
       +
             "systemd-timesyncd.service"

     

       104
       104
       +
       

     

       99
       105
        
             # Filesystems.

     

       100
       106
        
             "systemd-fsck@.service"

     

       101
       107
        
             "systemd-fsck-root.service"

     
···

       212
       218
        
                 { PartOf = toString config.partOf; }

     

       213
       219
        
               // optionalAttrs (config.conflicts != [])

     

       214
       220
        
                 { Conflicts = toString config.conflicts; }

     

       221
       221
       +
               // optionalAttrs (config.requisite != [])

     

       222
       222
       +
                 { Requisite = toString config.requisite; }

     

       215
       223
        
               // optionalAttrs (config.restartTriggers != [])

     

       216
       224
        
                 { X-Restart-Triggers = toString config.restartTriggers; }

     

       217
       225
        
               // optionalAttrs (config.description != "") {

     
···

       292
       300
        
           };

     

       293
       301
        
         };

     

       294
       302
        
       

     

       303
       303
       +
         networkConfig = { name, config, ... }: {

     

       304
       304
       +
           config = {

     

       305
       305
       +
             matchConfig = optionalAttrs (config.name != null) {

     

       306
       306
       +
               Name = config.name;

     

       307
       307
       +
             };

     

       308
       308
       +
             networkConfig = optionalAttrs (config.DHCP != null) {

     

       309
       309
       +
               DHCP = config.DHCP;

     

       310
       310
       +
             } // optionalAttrs (config.domains != null) {

     

       311
       311
       +
               Domains = concatStringsSep " " config.domains;

     

       312
       312
       +
             };

     

       313
       313
       +
           };

     

       314
       314
       +
         };

     

       315
       315
       +
       

     

       295
       316
        
         toOption = x:

     

       296
       317
        
           if x == true then "true"

     

       297
       318
        
           else if x == false then "false"

     
···

       384
       405
        
               '';

     

       385
       406
        
           };

     

       386
       407
        
       

     

       408
       408
       +
         commonMatchText = def: ''

     

       409
       409
       +
             [Match]

     

       410
       410
       +
             ${attrsToSection def.matchConfig}

     

       411
       411
       +
           '';

     

       412
       412
       +
       

     

       413
       413
       +
         linkToUnit = name: def:

     

       414
       414
       +
           { inherit (def) enable;

     

       415
       415
       +
             text = commonMatchText def +

     

       416
       416
       +
               ''

     

       417
       417
       +
                 [Link]

     

       418
       418
       +
                 ${attrsToSection def.linkConfig}

     

       419
       419
       +
               '';

     

       420
       420
       +
           };

     

       421
       421
       +
       

     

       422
       422
       +
         netdevToUnit = name: def:

     

       423
       423
       +
           { inherit (def) enable;

     

       424
       424
       +
             text = commonMatchText def +

     

       425
       425
       +
               ''

     

       426
       426
       +
                 [NetDev]

     

       427
       427
       +
                 ${attrsToSection def.netdevConfig}

     

       428
       428
       +
       

     

       429
       429
       +
                 ${optionalString (def.vlanConfig != { }) ''

     

       430
       430
       +
                   [VLAN]

     

       431
       431
       +
                   ${attrsToSection def.vlanConfig}

     

       432
       432
       +
       

     

       433
       433
       +
                 ''}

     

       434
       434
       +
                 ${optionalString (def.macvlanConfig != { }) ''

     

       435
       435
       +
                   [MACVLAN]

     

       436
       436
       +
                   ${attrsToSection def.macvlanConfig}

     

       437
       437
       +
       

     

       438
       438
       +
                 ''}

     

       439
       439
       +
                 ${optionalString (def.vxlanConfig != { }) ''

     

       440
       440
       +
                   [VXLAN]

     

       441
       441
       +
                   ${attrsToSection def.vxlanConfig}

     

       442
       442
       +
       

     

       443
       443
       +
                 ''}

     

       444
       444
       +
                 ${optionalString (def.tunnelConfig != { }) ''

     

       445
       445
       +
                   [Tunnel]

     

       446
       446
       +
                   ${attrsToSection def.tunnelConfig}

     

       447
       447
       +
       

     

       448
       448
       +
                 ''}

     

       449
       449
       +
                 ${optionalString (def.peerConfig != { }) ''

     

       450
       450
       +
                   [Peer]

     

       451
       451
       +
                   ${attrsToSection def.peerConfig}

     

       452
       452
       +
       

     

       453
       453
       +
                 ''}

     

       454
       454
       +
                 ${optionalString (def.tunConfig != { }) ''

     

       455
       455
       +
                   [Tun]

     

       456
       456
       +
                   ${attrsToSection def.tunConfig}

     

       457
       457
       +
       

     

       458
       458
       +
                 ''}

     

       459
       459
       +
                 ${optionalString (def.tapConfig != { }) ''

     

       460
       460
       +
                   [Tap]

     

       461
       461
       +
                   ${attrsToSection def.tapConfig}

     

       462
       462
       +
       

     

       463
       463
       +
                 ''}

     

       464
       464
       +
                 ${optionalString (def.bondConfig != { }) ''

     

       465
       465
       +
                   [Bond]

     

       466
       466
       +
                   ${attrsToSection def.bondConfig}

     

       467
       467
       +
       

     

       468
       468
       +
                 ''}

     

       469
       469
       +
               '';

     

       470
       470
       +
           };

     

       471
       471
       +
       

     

       472
       472
       +
         networkToUnit = name: def:

     

       473
       473
       +
           { inherit (def) enable;

     

       474
       474
       +
             text = commonMatchText def +

     

       475
       475
       +
               ''

     

       476
       476
       +
                 [Network]

     

       477
       477
       +
                 ${attrsToSection def.networkConfig}

     

       478
       478
       +
                 ${concatStringsSep "\n" (map (s: "Address=${s}") def.address)}

     

       479
       479
       +
                 ${concatStringsSep "\n" (map (s: "Gateway=${s}") def.gateway)}

     

       480
       480
       +
                 ${concatStringsSep "\n" (map (s: "DNS=${s}") def.dns)}

     

       481
       481
       +
                 ${concatStringsSep "\n" (map (s: "NTP=${s}") def.ntp)}

     

       482
       482
       +
                 ${concatStringsSep "\n" (map (s: "VLAN=${s}") def.vlan)}

     

       483
       483
       +
                 ${concatStringsSep "\n" (map (s: "MACVLAN=${s}") def.macvlan)}

     

       484
       484
       +
                 ${concatStringsSep "\n" (map (s: "VXLAN=${s}") def.vxlan)}

     

       485
       485
       +
                 ${concatStringsSep "\n" (map (s: "Tunnel=${s}") def.tunnel)}

     

       486
       486
       +
       

     

       487
       487
       +
                 ${optionalString (def.dhcpConfig != { }) ''

     

       488
       488
       +
                   [DHCP]

     

       489
       489
       +
                   ${attrsToSection def.dhcpConfig}

     

       490
       490
       +
       

     

       491
       491
       +
                 ''}

     

       492
       492
       +
                 ${flip concatMapStrings def.addresses (x: ''

     

       493
       493
       +
                   [Address]

     

       494
       494
       +
                   ${attrsToSection x.addressConfig}

     

       495
       495
       +
       

     

       496
       496
       +
                 '')}

     

       497
       497
       +
                 ${flip concatMapStrings def.routes (x: ''

     

       498
       498
       +
                   [Route]

     

       499
       499
       +
                   ${attrsToSection x.routeConfig}

     

       500
       500
       +
       

     

       501
       501
       +
                 '')}

     

       502
       502
       +
               '';

     

       503
       503
       +
           };

     

       504
       504
       +
       

     

       387
       505
        
         generateUnits = type: units: upstreamUnits: upstreamWants:

     

       388
       506
        
           pkgs.runCommand "${type}-units" { preferLocalBuild = true; } ''

     

       389
       507
        
             mkdir -p $out

     
···

       468
       586
        
               mkdir -p $out/getty.target.wants/

     

       469
       587
        
               ln -s ../autovt@tty1.service $out/getty.target.wants/

     

       470
       588
        
       

     

       471
       471
       -
               ln -s ../local-fs.target ../remote-fs.target ../network.target ../nss-lookup.target \

     

       472
       472
       -
                     ../nss-user-lookup.target ../swap.target $out/multi-user.target.wants/

     

       589
       589
       +
               ln -s ../local-fs.target ../remote-fs.target ../network.target \

     

       590
       590
       +
               ../nss-lookup.target ../nss-user-lookup.target ../swap.target \

     

       591
       591
       +
               $out/multi-user.target.wants/

     

       473
       592
        
             ''}

     

       474
       593
        
           ''; # */

     

       475
       594
        
       

     
···

       562
       681
        
             '';

     

       563
       682
        
           };

     

       564
       683
        
       

     

       684
       684
       +
           systemd.network.enable = mkOption {

     

       685
       685
       +
             default = false;

     

       686
       686
       +
             type = types.bool;

     

       687
       687
       +
             description = ''

     

       688
       688
       +
               Whether to enable networkd or not.

     

       689
       689
       +
             '';

     

       690
       690
       +
           };

     

       691
       691
       +
       

     

       692
       692
       +
           systemd.network.links = mkOption {

     

       693
       693
       +
             default = {};

     

       694
       694
       +
             type = types.attrsOf types.optionSet;

     

       695
       695
       +
             options = [ linkOptions ];

     

       696
       696
       +
             description = "Definiton of systemd network links.";

     

       697
       697
       +
           };

     

       698
       698
       +
       

     

       699
       699
       +
           systemd.network.netdevs = mkOption {

     

       700
       700
       +
             default = {};

     

       701
       701
       +
             type = types.attrsOf types.optionSet;

     

       702
       702
       +
             options = [ netdevOptions ];

     

       703
       703
       +
             description = "Definiton of systemd network devices.";

     

       704
       704
       +
           };

     

       705
       705
       +
       

     

       706
       706
       +
           systemd.network.networks = mkOption {

     

       707
       707
       +
             default = {};

     

       708
       708
       +
             type = types.attrsOf types.optionSet;

     

       709
       709
       +
             options = [ networkOptions networkConfig ];

     

       710
       710
       +
             description = "Definiton of systemd networks.";

     

       711
       711
       +
           };

     

       712
       712
       +
       

     

       713
       713
       +
           systemd.network.units = mkOption {

     

       714
       714
       +
             description = "Definition of networkd units.";

     

       715
       715
       +
             default = {};

     

       716
       716
       +
             type = types.attrsOf types.optionSet;

     

       717
       717
       +
             options = { name, config, ... }:

     

       718
       718
       +
               { options = concreteUnitOptions;

     

       719
       719
       +
                 config = {

     

       720
       720
       +
                   unit = mkDefault (makeUnit name config);

     

       721
       721
       +
                 };

     

       722
       722
       +
               };

     

       723
       723
       +
           };

     

       724
       724
       +
       

     

       565
       725
        
           systemd.defaultUnit = mkOption {

     

       566
       726
        
             default = "multi-user.target";

     

       567
       727
        
             type = types.str;

     
···

       645
       805
        
             '';

     

       646
       806
        
           };

     

       647
       807
        
       

     

       808
       808
       +
           services.resolved.enable = mkOption {

     

       809
       809
       +
             default = false;

     

       810
       810
       +
             type = types.bool;

     

       811
       811
       +
             description = ''

     

       812
       812
       +
               Enables the systemd dns resolver daemon.

     

       813
       813
       +
             '';

     

       814
       814
       +
           };

     

       815
       815
       +
       

     

       816
       816
       +
           services.timesyncd.enable = mkOption {

     

       817
       817
       +
             default = false;

     

       818
       818
       +
             type = types.bool;

     

       819
       819
       +
             description = ''

     

       820
       820
       +
               Enables the systemd ntp client daemon.

     

       821
       821
       +
             '';

     

       822
       822
       +
           };

     

       823
       823
       +
       

     

       648
       824
        
           systemd.tmpfiles.rules = mkOption {

     

       649
       825
        
             type = types.listOf types.str;

     

       650
       826
        
             default = [];

     
···

       701
       877
        
       

     

       702
       878
        
         ###### implementation

     

       703
       879
        
       

     

       704
       704
       -
         config = {

     

       880
       880
       +
         config = mkMerge [ {

     

       705
       881
        
       

     

       706
       882
        
           warnings = concatLists (mapAttrsToList (name: service:

     

       707
       883
        
             optional (service.serviceConfig.Type or "" == "oneshot" && service.serviceConfig.Restart or "no" != "no")

     
···

       714
       890
        
           environment.etc."systemd/system".source =

     

       715
       891
        
             generateUnits "system" cfg.units upstreamSystemUnits upstreamSystemWants;

     

       716
       892
        
       

     

       893
       893
       +
           environment.etc."systemd/network".source =

     

       894
       894
       +
             generateUnits "network" cfg.network.units [] [];

     

       895
       895
       +
       

     

       717
       896
        
           environment.etc."systemd/user".source =

     

       718
       897
        
             generateUnits "user" cfg.user.units upstreamUserUnits [];

     

       719
       898
        
       

     
···

       766
       945
        
               unitConfig.X-StopOnReconfiguration = true;

     

       767
       946
        
             };

     

       768
       947
        
       

     

       948
       948
       +
           systemd.targets.network-online.after = [ "ip-up.target" ];

     

       949
       949
       +
       

     

       769
       950
        
           systemd.units =

     

       770
       951
        
             mapAttrs' (n: v: nameValuePair "${n}.target" (targetToUnit n v)) cfg.targets

     

       771
       952
        
             // mapAttrs' (n: v: nameValuePair "${n}.service" (serviceToUnit n v)) cfg.services

     
···

       779
       960
        
                          (v: let n = escapeSystemdPath v.where;

     

       780
       961
        
                              in nameValuePair "${n}.automount" (automountToUnit n v)) cfg.automounts);

     

       781
       962
        
       

     

       963
       963
       +
           systemd.network.units =

     

       964
       964
       +
             mapAttrs' (n: v: nameValuePair "${n}.link" (linkToUnit n v)) cfg.network.links

     

       965
       965
       +
             // mapAttrs' (n: v: nameValuePair "${n}.netdev" (netdevToUnit n v)) cfg.network.netdevs

     

       966
       966
       +
             // mapAttrs' (n: v: nameValuePair "${n}.network" (networkToUnit n v)) cfg.network.networks;

     

       967
       967
       +
       

     

       782
       968
        
           systemd.user.units =

     

       783
       969
        
             mapAttrs' (n: v: nameValuePair "${n}.service" (serviceToUnit n v)) cfg.user.services

     

       784
       970
        
             // mapAttrs' (n: v: nameValuePair "${n}.socket" (socketToUnit n v)) cfg.user.sockets;

     
···

       833
       1019
        
           systemd.services.systemd-remount-fs.restartIfChanged = false;

     

       834
       1020
        
           systemd.services.systemd-journal-flush.restartIfChanged = false;

     

       835
       1021
        
       

     

       836
       836
       -
         };

     

       1022
       1022
       +
         }

     

       1023
       1023
       +
         (mkIf config.systemd.network.enable {

     

       1024
       1024
       +
           users.extraUsers.systemd-network.uid = config.ids.uids.systemd-network;

     

       1025
       1025
       +
           users.extraGroups.systemd-network.gid = config.ids.gids.systemd-network;

     

       1026
       1026
       +
       

     

       1027
       1027
       +
           systemd.services.systemd-networkd = {

     

       1028
       1028
       +
             wantedBy = [ "multi-user.target" ];

     

       1029
       1029
       +
             restartTriggers = [ config.environment.etc."systemd/network".source ];

     

       1030
       1030
       +
           };

     

       1031
       1031
       +
       

     

       1032
       1032
       +
           systemd.services.systemd-networkd-wait-online = {

     

       1033
       1033
       +
             before = [ "network-online.target" "ip-up.target" ];

     

       1034
       1034
       +
             wantedBy = [ "network-online.target" "ip-up.target" ];

     

       1035
       1035
       +
           };

     

       1036
       1036
       +
       

     

       1037
       1037
       +
           systemd.services."systemd-network-wait-online@" = {

     

       1038
       1038
       +
             description = "Wait for Network Interface %I to be Configured";

     

       1039
       1039
       +
             conflicts = [ "shutdown.target" ];

     

       1040
       1040
       +
             requisite = [ "systemd-networkd.service" ];

     

       1041
       1041
       +
             after = [ "systemd-networkd.service" ];

     

       1042
       1042
       +
             serviceConfig = {

     

       1043
       1043
       +
               Type = "oneshot";

     

       1044
       1044
       +
               RemainAfterExit = true;

     

       1045
       1045
       +
               ExecStart = "${config.systemd.package}/lib/systemd/systemd-networkd-wait-online -i %I";

     

       1046
       1046
       +
             };

     

       1047
       1047
       +
           };

     

       1048
       1048
       +
       

     

       1049
       1049
       +
           services.resolved.enable = mkDefault true;

     

       1050
       1050
       +
           services.timesyncd.enable = mkDefault config.services.ntp.enable;

     

       1051
       1051
       +
         })

     

       1052
       1052
       +
         (mkIf config.services.resolved.enable {

     

       1053
       1053
       +
           users.extraUsers.systemd-resolve.uid = config.ids.uids.systemd-resolve;

     

       1054
       1054
       +
           users.extraGroups.systemd-resolve.gid = config.ids.gids.systemd-resolve;

     

       1055
       1055
       +
       

     

       1056
       1056
       +
           systemd.services.systemd-resolved = {

     

       1057
       1057
       +
             wantedBy = [ "multi-user.target" ];

     

       1058
       1058
       +
             restartTriggers = [ config.environment.etc."systemd/resolved.conf".source ];

     

       1059
       1059
       +
           };

     

       1060
       1060
       +
       

     

       1061
       1061
       +
           environment.etc."systemd/resolved.conf".text = ''

     

       1062
       1062
       +
             [Resolve]

     

       1063
       1063
       +
             DNS=${concatStringsSep " " config.networking.nameservers}

     

       1064
       1064
       +
           '';

     

       1065
       1065
       +
         })

     

       1066
       1066
       +
         (mkIf config.services.timesyncd.enable {

     

       1067
       1067
       +
           users.extraUsers.systemd-timesync.uid = config.ids.uids.systemd-timesync;

     

       1068
       1068
       +
           users.extraGroups.systemd-timesync.gid = config.ids.gids.systemd-timesync;

     

       1069
       1069
       +
       

     

       1070
       1070
       +
           systemd.services.systemd-timesyncd = {

     

       1071
       1071
       +
             wantedBy = [ "sysinit.target" ];

     

       1072
       1072
       +
             restartTriggers = [ config.environment.etc."systemd/timesyncd.conf".source ];

     

       1073
       1073
       +
           };

     

       1074
       1074
       +
       

     

       1075
       1075
       +
           environment.etc."systemd/timesyncd.conf".text = ''

     

       1076
       1076
       +
             [Time]

     

       1077
       1077
       +
             NTP=${concatStringsSep " " config.services.ntp.servers}

     

       1078
       1078
       +
           '';

     

       1079
       1079
       +
       

     

       1080
       1080
       +
           systemd.services.ntpd.enable = false;

     

       1081
       1081
       +
         })

     

       1082
       1082
       +
         ];

     

       837
       1083
        
       }

+2 -4

nixos/modules/tasks/filesystems/nfs.nix

···

       73
       73
        
       

     

       74
       74
        
               path = [ pkgs.nfsUtils pkgs.sysvtools pkgs.utillinux ];

     

       75
       75
        
       

     

       76
       76
       -
               wantedBy = [ "network-online.target" "multi-user.target" ];

     

       77
       77
       -
               before = [ "network-online.target" ];

     

       76
       76
       +
               wantedBy = [ "multi-user.target" ];

     

       78
       77
        
               requires = [ "basic.target" "rpcbind.service" ];

     

       79
       78
        
               after = [ "basic.target" "rpcbind.service" "network.target" ];

     

       80
       79
        
       

     
···

       100
       99
        
       

     

       101
       100
        
               path = [ pkgs.sysvtools pkgs.utillinux ];

     

       102
       101
        
       

     

       103
       103
       -
               wantedBy = [ "network-online.target" "multi-user.target" ];

     

       104
       104
       -
               before = [ "network-online.target" ];

     

       102
       102
       +
               wantedBy = [ "multi-user.target" ];

     

       105
       103
        
               requires = [ "rpcbind.service" ];

     

       106
       104
        
               after = [ "rpcbind.service" ];

     

       107
       105

+340

nixos/modules/tasks/network-interfaces-scripted.nix

···

       1
       1
       +
       { config, lib, pkgs, utils, ... }:

     

       2
       2
       +
       

     

       3
       3
       +
       with lib;

     

       4
       4
       +
       with utils;

     

       5
       5
       +
       

     

       6
       6
       +
       let

     

       7
       7
       +
       

     

       8
       8
       +
         cfg = config.networking;

     

       9
       9
       +
         interfaces = attrValues cfg.interfaces;

     

       10
       10
       +
         hasVirtuals = any (i: i.virtual) interfaces;

     

       11
       11
       +
       

     

       12
       12
       +
         # We must escape interfaces due to the systemd interpretation

     

       13
       13
       +
         subsystemDevice = interface:

     

       14
       14
       +
           "sys-subsystem-net-devices-${escapeSystemdPath interface}.device";

     

       15
       15
       +
       

     

       16
       16
       +
         interfaceIps = i:

     

       17
       17
       +
           i.ip4 ++ optionals cfg.enableIPv6 i.ip6

     

       18
       18
       +
           ++ optional (i.ipAddress != null) {

     

       19
       19
       +
             address = i.ipAddress;

     

       20
       20
       +
             prefixLength = i.prefixLength;

     

       21
       21
       +
           } ++ optional (cfg.enableIPv6 && i.ipv6Address != null) {

     

       22
       22
       +
             address = i.ipv6Address;

     

       23
       23
       +
             prefixLength = i.ipv6PrefixLength;

     

       24
       24
       +
           };

     

       25
       25
       +
       

     

       26
       26
       +
         destroyBond = i: ''

     

       27
       27
       +
           while true; do

     

       28
       28
       +
             UPDATED=1

     

       29
       29
       +
             SLAVES=$(ip link | grep 'master ${i}' | awk -F: '{print $2}')

     

       30
       30
       +
             for I in $SLAVES; do

     

       31
       31
       +
               UPDATED=0

     

       32
       32
       +
               ip link set "$I" nomaster

     

       33
       33
       +
             done

     

       34
       34
       +
             [ "$UPDATED" -eq "1" ] && break

     

       35
       35
       +
           done

     

       36
       36
       +
           ip link set "${i}" down || true

     

       37
       37
       +
           ip link del "${i}" || true

     

       38
       38
       +
         '';

     

       39
       39
       +
       

     

       40
       40
       +
       in

     

       41
       41
       +
       

     

       42
       42
       +
       {

     

       43
       43
       +
       

     

       44
       44
       +
         config = mkIf (!cfg.useNetworkd) {

     

       45
       45
       +
       

     

       46
       46
       +
           systemd.targets."network-interfaces" =

     

       47
       47
       +
             { description = "All Network Interfaces";

     

       48
       48
       +
               wantedBy = [ "network.target" ];

     

       49
       49
       +
               unitConfig.X-StopOnReconfiguration = true;

     

       50
       50
       +
             };

     

       51
       51
       +
       

     

       52
       52
       +
           systemd.services =

     

       53
       53
       +
             let

     

       54
       54
       +
       

     

       55
       55
       +
               networkLocalCommands = {

     

       56
       56
       +
                 after = [ "network-setup.service" ];

     

       57
       57
       +
                 bindsTo = [ "network-setup.service" ];

     

       58
       58
       +
               };

     

       59
       59
       +
       

     

       60
       60
       +
               networkSetup =

     

       61
       61
       +
                 { description = "Networking Setup";

     

       62
       62
       +
       

     

       63
       63
       +
                   after = [ "network-interfaces.target" ];

     

       64
       64
       +
                   before = [ "network.target" ];

     

       65
       65
       +
                   wantedBy = [ "network.target" ];

     

       66
       66
       +
       

     

       67
       67
       +
                   unitConfig.ConditionCapability = "CAP_NET_ADMIN";

     

       68
       68
       +
       

     

       69
       69
       +
                   path = [ pkgs.iproute ];

     

       70
       70
       +
       

     

       71
       71
       +
                   serviceConfig.Type = "oneshot";

     

       72
       72
       +
                   serviceConfig.RemainAfterExit = true;

     

       73
       73
       +
       

     

       74
       74
       +
                   script =

     

       75
       75
       +
                     (optionalString (!config.services.resolved.enable) ''

     

       76
       76
       +
                       # Set the static DNS configuration, if given.

     

       77
       77
       +
                       ${pkgs.openresolv}/sbin/resolvconf -m 1 -a static <<EOF

     

       78
       78
       +
                       ${optionalString (cfg.nameservers != [] && cfg.domain != null) ''

     

       79
       79
       +
                         domain ${cfg.domain}

     

       80
       80
       +
                       ''}

     

       81
       81
       +
                       ${optionalString (cfg.search != []) ("search " + concatStringsSep " " cfg.search)}

     

       82
       82
       +
                       ${flip concatMapStrings cfg.nameservers (ns: ''

     

       83
       83
       +
                         nameserver ${ns}

     

       84
       84
       +
                       '')}

     

       85
       85
       +
                       EOF

     

       86
       86
       +
                     '') + ''

     

       87
       87
       +
                       # Set the default gateway.

     

       88
       88
       +
                       ${optionalString (cfg.defaultGateway != null) ''

     

       89
       89
       +
                         # FIXME: get rid of "|| true" (necessary to make it idempotent).

     

       90
       90
       +
                         ip route add default via "${cfg.defaultGateway}" ${

     

       91
       91
       +
                           optionalString (cfg.defaultGatewayWindowSize != null)

     

       92
       92
       +
                             "window ${cfg.defaultGatewayWindowSize}"} || true

     

       93
       93
       +
                       ''}

     

       94
       94
       +
                     '';

     

       95
       95
       +
                 };

     

       96
       96
       +
       

     

       97
       97
       +
               # For each interface <foo>, create a job ‘network-addresses-<foo>.service"

     

       98
       98
       +
               # that performs static address configuration.  It has a "wants"

     

       99
       99
       +
               # dependency on ‘<foo>.service’, which is supposed to create

     

       100
       100
       +
               # the interface and need not exist (i.e. for hardware

     

       101
       101
       +
               # interfaces).  It has a binds-to dependency on the actual

     

       102
       102
       +
               # network device, so it only gets started after the interface

     

       103
       103
       +
               # has appeared, and it's stopped when the interface

     

       104
       104
       +
               # disappears.

     

       105
       105
       +
               configureAddrs = i:

     

       106
       106
       +
                 let

     

       107
       107
       +
                   ips = interfaceIps i;

     

       108
       108
       +
                 in

     

       109
       109
       +
                 nameValuePair "network-addresses-${i.name}"

     

       110
       110
       +
                 { description = "Addresss configuration of ${i.name}";

     

       111
       111
       +
                   wantedBy = [ "network-interfaces.target" ];

     

       112
       112
       +
                   before = [ "network-interfaces.target" ];

     

       113
       113
       +
                   bindsTo = [ (subsystemDevice i.name) ];

     

       114
       114
       +
                   after = [ (subsystemDevice i.name) ];

     

       115
       115
       +
                   serviceConfig.Type = "oneshot";

     

       116
       116
       +
                   serviceConfig.RemainAfterExit = true;

     

       117
       117
       +
                   path = [ pkgs.iproute ];

     

       118
       118
       +
                   script =

     

       119
       119
       +
                     ''

     

       120
       120
       +
                       echo "bringing up interface..."

     

       121
       121
       +
                       ip link set "${i.name}" up

     

       122
       122
       +
       

     

       123
       123
       +
                       restart_network_interfaces=false

     

       124
       124
       +
                     '' + flip concatMapStrings (ips) (ip:

     

       125
       125
       +
                       let

     

       126
       126
       +
                         address = "${ip.address}/${toString ip.prefixLength}";

     

       127
       127
       +
                       in

     

       128
       128
       +
                       ''

     

       129
       129
       +
                         echo "checking ip ${address}..."

     

       130
       130
       +
                         if out=$(ip addr add "${address}" dev "${i.name}" 2>&1); then

     

       131
       131
       +
                           echo "added ip ${address}..."

     

       132
       132
       +
                           restart_network_setup=true

     

       133
       133
       +
                         elif ! echo "$out" | grep "File exists" >/dev/null 2>&1; then

     

       134
       134
       +
                           echo "failed to add ${address}"

     

       135
       135
       +
                           exit 1

     

       136
       136
       +
                         fi

     

       137
       137
       +
                       '')

     

       138
       138
       +
                     + optionalString (ips != [ ])

     

       139
       139
       +
                       ''

     

       140
       140
       +
                         if [ "$restart_network_setup" = "true" ]; then

     

       141
       141
       +
                           # Ensure that the default gateway remains set.

     

       142
       142
       +
                           # (Flushing this interface may have removed it.)

     

       143
       143
       +
                           ${config.systemd.package}/bin/systemctl try-restart --no-block network-setup.service

     

       144
       144
       +
                         fi

     

       145
       145
       +
                         ${config.systemd.package}/bin/systemctl start ip-up.target

     

       146
       146
       +
                       '';

     

       147
       147
       +
                   preStop =

     

       148
       148
       +
                     ''

     

       149
       149
       +
                       echo "releasing configured ip's..."

     

       150
       150
       +
                     '' + flip concatMapStrings (ips) (ip:

     

       151
       151
       +
                       let

     

       152
       152
       +
                         address = "${ip.address}/${toString ip.prefixLength}";

     

       153
       153
       +
                       in

     

       154
       154
       +
                       ''

     

       155
       155
       +
                         echo -n "Deleting ${address}..."

     

       156
       156
       +
                         ip addr del "${address}" dev "${i.name}" >/dev/null 2>&1 || echo -n " Failed"

     

       157
       157
       +
                         echo ""

     

       158
       158
       +
                       '');

     

       159
       159
       +
                 };

     

       160
       160
       +
       

     

       161
       161
       +
               createTunDevice = i: nameValuePair "${i.name}-netdev"

     

       162
       162
       +
                 { description = "Virtual Network Interface ${i.name}";

     

       163
       163
       +
                   requires = [ "dev-net-tun.device" ];

     

       164
       164
       +
                   after = [ "dev-net-tun.device" ];

     

       165
       165
       +
                   wantedBy = [ "network.target" (subsystemDevice i.name) ];

     

       166
       166
       +
                   path = [ pkgs.iproute ];

     

       167
       167
       +
                   serviceConfig = {

     

       168
       168
       +
                     Type = "oneshot";

     

       169
       169
       +
                     RemainAfterExit = true;

     

       170
       170
       +
                   };

     

       171
       171
       +
                   script = ''

     

       172
       172
       +
                     ip tuntap add dev "${i.name}" \

     

       173
       173
       +
                     ${optionalString (i.virtualType != null) "mode ${i.virtualType}"} \

     

       174
       174
       +
                     user "${i.virtualOwner}"

     

       175
       175
       +
                   '';

     

       176
       176
       +
                   postStop = ''

     

       177
       177
       +
                     ip link del ${i.name}

     

       178
       178
       +
                   '';

     

       179
       179
       +
                 };

     

       180
       180
       +
       

     

       181
       181
       +
               createBridgeDevice = n: v: nameValuePair "${n}-netdev"

     

       182
       182
       +
                 (let

     

       183
       183
       +
                   deps = map subsystemDevice v.interfaces;

     

       184
       184
       +
                 in

     

       185
       185
       +
                 { description = "Bridge Interface ${n}";

     

       186
       186
       +
                   wantedBy = [ "network.target" (subsystemDevice n) ];

     

       187
       187
       +
                   bindsTo = deps;

     

       188
       188
       +
                   after = deps;

     

       189
       189
       +
                   serviceConfig.Type = "oneshot";

     

       190
       190
       +
                   serviceConfig.RemainAfterExit = true;

     

       191
       191
       +
                   path = [ pkgs.iproute ];

     

       192
       192
       +
                   script = ''

     

       193
       193
       +
                     # Remove Dead Interfaces

     

       194
       194
       +
                     echo "Removing old bridge ${n}..."

     

       195
       195
       +
                     ip link show "${n}" >/dev/null 2>&1 && ip link del "${n}"

     

       196
       196
       +
       

     

       197
       197
       +
                     echo "Adding bridge ${n}..."

     

       198
       198
       +
                     ip link add name "${n}" type bridge

     

       199
       199
       +
       

     

       200
       200
       +
                     # Enslave child interfaces

     

       201
       201
       +
                     ${flip concatMapStrings v.interfaces (i: ''

     

       202
       202
       +
                       ip link set "${i}" master "${n}"

     

       203
       203
       +
                       ip link set "${i}" up

     

       204
       204
       +
                     '')}

     

       205
       205
       +
       

     

       206
       206
       +
                     ip link set "${n}" up

     

       207
       207
       +
                   '';

     

       208
       208
       +
                   postStop = ''

     

       209
       209
       +
                     ip link set "${n}" down || true

     

       210
       210
       +
                     ip link del "${n}" || true

     

       211
       211
       +
                   '';

     

       212
       212
       +
                 });

     

       213
       213
       +
       

     

       214
       214
       +
               createBondDevice = n: v: nameValuePair "${n}-netdev"

     

       215
       215
       +
                 (let

     

       216
       216
       +
                   deps = map subsystemDevice v.interfaces;

     

       217
       217
       +
                 in

     

       218
       218
       +
                 { description = "Bond Interface ${n}";

     

       219
       219
       +
                   wantedBy = [ "network.target" (subsystemDevice n) ];

     

       220
       220
       +
                   bindsTo = deps;

     

       221
       221
       +
                   after = deps;

     

       222
       222
       +
                   before = [ "${n}-cfg.service" ];

     

       223
       223
       +
                   serviceConfig.Type = "oneshot";

     

       224
       224
       +
                   serviceConfig.RemainAfterExit = true;

     

       225
       225
       +
                   path = [ pkgs.iproute pkgs.gawk ];

     

       226
       226
       +
                   script = ''

     

       227
       227
       +
                     echo "Destroying old bond ${n}..."

     

       228
       228
       +
                     ${destroyBond n}

     

       229
       229
       +
       

     

       230
       230
       +
                     echo "Creating new bond ${n}..."

     

       231
       231
       +
                     ip link add name "${n}" type bond \

     

       232
       232
       +
                       ${optionalString (v.mode != null) "mode ${toString v.mode}"} \

     

       233
       233
       +
                       ${optionalString (v.miimon != null) "miimon ${toString v.miimon}"} \

     

       234
       234
       +
                       ${optionalString (v.xmit_hash_policy != null) "xmit_hash_policy ${toString v.xmit_hash_policy}"} \

     

       235
       235
       +
                       ${optionalString (v.lacp_rate != null) "lacp_rate ${toString v.lacp_rate}"}

     

       236
       236
       +
       

     

       237
       237
       +
                     # !!! There must be a better way to wait for the interface

     

       238
       238
       +
                     while [ ! -d "/sys/class/net/${n}" ]; do sleep 0.1; done;

     

       239
       239
       +
       

     

       240
       240
       +
                     # Bring up the bond and enslave the specified interfaces

     

       241
       241
       +
                     ip link set "${n}" up

     

       242
       242
       +
                     ${flip concatMapStrings v.interfaces (i: ''

     

       243
       243
       +
                       ip link set "${i}" master "${n}"

     

       244
       244
       +
                     '')}

     

       245
       245
       +
                   '';

     

       246
       246
       +
                   postStop = destroyBond n;

     

       247
       247
       +
                 });

     

       248
       248
       +
       

     

       249
       249
       +
               createMacvlanDevice = n: v: nameValuePair "${n}-netdev"

     

       250
       250
       +
                 (let

     

       251
       251
       +
                   deps = [ (subsystemDevice v.interface) ];

     

       252
       252
       +
                 in

     

       253
       253
       +
                 { description = "Vlan Interface ${n}";

     

       254
       254
       +
                   wantedBy = [ "network.target" (subsystemDevice n) ];

     

       255
       255
       +
                   bindsTo = deps;

     

       256
       256
       +
                   after = deps;

     

       257
       257
       +
                   serviceConfig.Type = "oneshot";

     

       258
       258
       +
                   serviceConfig.RemainAfterExit = true;

     

       259
       259
       +
                   path = [ pkgs.iproute ];

     

       260
       260
       +
                   script = ''

     

       261
       261
       +
                     # Remove Dead Interfaces

     

       262
       262
       +
                     ip link show "${n}" >/dev/null 2>&1 && ip link delete "${n}"

     

       263
       263
       +
                     ip link add link "${v.interface}" name "${n}" type macvlan \

     

       264
       264
       +
                       ${optionalString (v.mode != null) "mode ${v.mode}"}

     

       265
       265
       +
                     ip link set "${n}" up

     

       266
       266
       +
                   '';

     

       267
       267
       +
                   postStop = ''

     

       268
       268
       +
                     ip link delete "${n}"

     

       269
       269
       +
                   '';

     

       270
       270
       +
                 });

     

       271
       271
       +
       

     

       272
       272
       +
               createSitDevice = n: v: nameValuePair "${n}-netdev"

     

       273
       273
       +
                 (let

     

       274
       274
       +
                   deps = optional (v.dev != null) (subsystemDevice v.dev);

     

       275
       275
       +
                 in

     

       276
       276
       +
                 { description = "6-to-4 Tunnel Interface ${n}";

     

       277
       277
       +
                   wantedBy = [ "network.target" (subsystemDevice n) ];

     

       278
       278
       +
                   bindsTo = deps;

     

       279
       279
       +
                   after = deps;

     

       280
       280
       +
                   serviceConfig.Type = "oneshot";

     

       281
       281
       +
                   serviceConfig.RemainAfterExit = true;

     

       282
       282
       +
                   path = [ pkgs.iproute ];

     

       283
       283
       +
                   script = ''

     

       284
       284
       +
                     # Remove Dead Interfaces

     

       285
       285
       +
                     ip link show "${n}" >/dev/null 2>&1 && ip link delete "${n}"

     

       286
       286
       +
                     ip link add name "${n}" type sit \

     

       287
       287
       +
                       ${optionalString (v.remote != null) "remote \"${v.remote}\""} \

     

       288
       288
       +
                       ${optionalString (v.local != null) "local \"${v.local}\""} \

     

       289
       289
       +
                       ${optionalString (v.ttl != null) "ttl ${toString v.ttl}"} \

     

       290
       290
       +
                       ${optionalString (v.dev != null) "dev \"${v.dev}\""}

     

       291
       291
       +
                     ip link set "${n}" up

     

       292
       292
       +
                   '';

     

       293
       293
       +
                   postStop = ''

     

       294
       294
       +
                     ip link delete "${n}"

     

       295
       295
       +
                   '';

     

       296
       296
       +
                 });

     

       297
       297
       +
       

     

       298
       298
       +
               createVlanDevice = n: v: nameValuePair "${n}-netdev"

     

       299
       299
       +
                 (let

     

       300
       300
       +
                   deps = [ (subsystemDevice v.interface) ];

     

       301
       301
       +
                 in

     

       302
       302
       +
                 { description = "Vlan Interface ${n}";

     

       303
       303
       +
                   wantedBy = [ "network.target" (subsystemDevice n) ];

     

       304
       304
       +
                   bindsTo = deps;

     

       305
       305
       +
                   after = deps;

     

       306
       306
       +
                   serviceConfig.Type = "oneshot";

     

       307
       307
       +
                   serviceConfig.RemainAfterExit = true;

     

       308
       308
       +
                   path = [ pkgs.iproute ];

     

       309
       309
       +
                   script = ''

     

       310
       310
       +
                     # Remove Dead Interfaces

     

       311
       311
       +
                     ip link show "${n}" >/dev/null 2>&1 && ip link delete "${n}"

     

       312
       312
       +
                     ip link add link "${v.interface}" name "${n}" type vlan id "${toString v.id}"

     

       313
       313
       +
                     ip link set "${n}" up

     

       314
       314
       +
                   '';

     

       315
       315
       +
                   postStop = ''

     

       316
       316
       +
                     ip link delete "${n}"

     

       317
       317
       +
                   '';

     

       318
       318
       +
                 });

     

       319
       319
       +
       

     

       320
       320
       +
             in listToAttrs (

     

       321
       321
       +
                  map configureAddrs interfaces ++

     

       322
       322
       +
                  map createTunDevice (filter (i: i.virtual) interfaces))

     

       323
       323
       +
                // mapAttrs' createBridgeDevice cfg.bridges

     

       324
       324
       +
                // mapAttrs' createBondDevice cfg.bonds

     

       325
       325
       +
                // mapAttrs' createMacvlanDevice cfg.macvlans

     

       326
       326
       +
                // mapAttrs' createSitDevice cfg.sits

     

       327
       327
       +
                // mapAttrs' createVlanDevice cfg.vlans

     

       328
       328
       +
                // {

     

       329
       329
       +
                  "network-setup" = networkSetup;

     

       330
       330
       +
                  "network-local-commands" = networkLocalCommands;

     

       331
       331
       +
                };

     

       332
       332
       +
       

     

       333
       333
       +
           services.udev.extraRules =

     

       334
       334
       +
             ''

     

       335
       335
       +
               KERNEL=="tun", TAG+="systemd"

     

       336
       336
       +
             '';

     

       337
       337
       +
       

     

       338
       338
       +
         };

     

       339
       339
       +
       

     

       340
       340
       +
       }

+174

nixos/modules/tasks/network-interfaces-systemd.nix

···

       1
       1
       +
       { config, lib, pkgs, utils, ... }:

     

       2
       2
       +
       

     

       3
       3
       +
       with lib;

     

       4
       4
       +
       with utils;

     

       5
       5
       +
       

     

       6
       6
       +
       let

     

       7
       7
       +
       

     

       8
       8
       +
         cfg = config.networking;

     

       9
       9
       +
         interfaces = attrValues cfg.interfaces;

     

       10
       10
       +
       

     

       11
       11
       +
         interfaceIps = i:

     

       12
       12
       +
           i.ip4 ++ optionals cfg.enableIPv6 i.ip6

     

       13
       13
       +
           ++ optional (i.ipAddress != null) {

     

       14
       14
       +
             address = i.ipAddress;

     

       15
       15
       +
             prefixLength = i.prefixLength;

     

       16
       16
       +
           } ++ optional (cfg.enableIPv6 && i.ipv6Address != null) {

     

       17
       17
       +
             address = i.ipv6Address;

     

       18
       18
       +
             prefixLength = i.ipv6PrefixLength;

     

       19
       19
       +
           };

     

       20
       20
       +
       

     

       21
       21
       +
         dhcpStr = useDHCP: if useDHCP then "both" else "none";

     

       22
       22
       +
       

     

       23
       23
       +
         slaves =

     

       24
       24
       +
           concatLists (map (bond: bond.interfaces) (attrValues cfg.bonds))

     

       25
       25
       +
           ++ concatLists (map (bridge: bridge.interfaces) (attrValues cfg.bridges))

     

       26
       26
       +
           ++ map (sit: sit.dev) (attrValues cfg.sits)

     

       27
       27
       +
           ++ map (vlan: vlan.interface) (attrValues cfg.vlans);

     

       28
       28
       +
       

     

       29
       29
       +
       in

     

       30
       30
       +
       

     

       31
       31
       +
       {

     

       32
       32
       +
       

     

       33
       33
       +
         config = mkIf cfg.useNetworkd {

     

       34
       34
       +
       

     

       35
       35
       +
           assertions = [ {

     

       36
       36
       +
             assertion = cfg.defaultGatewayWindowSize == null;

     

       37
       37
       +
             message = "networking.defaultGatewayWindowSize is not supported by networkd.";

     

       38
       38
       +
           } ];

     

       39
       39
       +
       

     

       40
       40
       +
           systemd.services.dhcpcd.enable = mkDefault false;

     

       41
       41
       +
       

     

       42
       42
       +
           systemd.services.network-local-commands = {

     

       43
       43
       +
             after = [ "systemd-networkd.service" ];

     

       44
       44
       +
             bindsTo = [ "systemd-networkd.service" ];

     

       45
       45
       +
           };

     

       46
       46
       +
       

     

       47
       47
       +
           systemd.network =

     

       48
       48
       +
             let

     

       49
       49
       +
               domains = cfg.search ++ (optional (cfg.domain != null) cfg.domain);

     

       50
       50
       +
               genericNetwork = override: {

     

       51
       51
       +
                 DHCP = override (dhcpStr cfg.useDHCP);

     

       52
       52
       +
               } // optionalAttrs (cfg.defaultGateway != null) {

     

       53
       53
       +
                 gateway = override [ cfg.defaultGateway ];

     

       54
       54
       +
               } // optionalAttrs (domains != [ ]) {

     

       55
       55
       +
                 domains = override domains;

     

       56
       56
       +
               };

     

       57
       57
       +
             in mkMerge [ {

     

       58
       58
       +
               enable = true;

     

       59
       59
       +
               networks."99-main" = genericNetwork mkDefault;

     

       60
       60
       +
             }

     

       61
       61
       +
             (mkMerge (flip map interfaces (i: {

     

       62
       62
       +
               netdevs = mkIf i.virtual (

     

       63
       63
       +
                 let

     

       64
       64
       +
                   devType = if i.virtualType != null then i.virtualType

     

       65
       65
       +
                     else (if hasPrefix "tun" i.name then "tun" else "tap");

     

       66
       66
       +
                 in {

     

       67
       67
       +
                   "40-${i.name}" = {

     

       68
       68
       +
                     netdevConfig = {

     

       69
       69
       +
                       Name = i.name;

     

       70
       70
       +
                       Kind = devType;

     

       71
       71
       +
                     };

     

       72
       72
       +
                     "${devType}Config" = optionalAttrs (i.virtualOwner != null) {

     

       73
       73
       +
                       User = i.virtualOwner;

     

       74
       74
       +
                     };

     

       75
       75
       +
                   };

     

       76
       76
       +
                 });

     

       77
       77
       +
               networks."40-${i.name}" = mkMerge [ (genericNetwork mkDefault) {

     

       78
       78
       +
                 name = mkDefault i.name;

     

       79
       79
       +
                 DHCP = mkForce (dhcpStr

     

       80
       80
       +
                   (if i.useDHCP != null then i.useDHCP else interfaceIps i == [ ]));

     

       81
       81
       +
                 address = flip map (interfaceIps i)

     

       82
       82
       +
                   (ip: "${ip.address}/${toString ip.prefixLength}");

     

       83
       83
       +
               } ];

     

       84
       84
       +
             })))

     

       85
       85
       +
             (mkMerge (flip mapAttrsToList cfg.bridges (name: bridge: {

     

       86
       86
       +
               netdevs."40-${name}" = {

     

       87
       87
       +
                 netdevConfig = {

     

       88
       88
       +
                   Name = name;

     

       89
       89
       +
                   Kind = "bridge";

     

       90
       90
       +
                 };

     

       91
       91
       +
               };

     

       92
       92
       +
               networks = listToAttrs (flip map bridge.interfaces (bi:

     

       93
       93
       +
                 nameValuePair "40-${bi}" (mkMerge [ (genericNetwork (mkOverride 999)) {

     

       94
       94
       +
                   DHCP = mkOverride 0 (dhcpStr false);

     

       95
       95
       +
                   networkConfig.Bridge = name;

     

       96
       96
       +
                 } ])));

     

       97
       97
       +
             })))

     

       98
       98
       +
             (mkMerge (flip mapAttrsToList cfg.bonds (name: bond: {

     

       99
       99
       +
               netdevs."40-${name}" = {

     

       100
       100
       +
                 netdevConfig = {

     

       101
       101
       +
                   Name = name;

     

       102
       102
       +
                   Kind = "bond";

     

       103
       103
       +
                 };

     

       104
       104
       +
                 bondConfig =

     

       105
       105
       +
                   (optionalAttrs (bond.lacp_rate != null) {

     

       106
       106
       +
                     LACPTransmitRate = bond.lacp_rate;

     

       107
       107
       +
                   }) // (optionalAttrs (bond.miimon != null) {

     

       108
       108
       +
                     MIIMonitorSec = bond.miimon;

     

       109
       109
       +
                   }) // (optionalAttrs (bond.mode != null) {

     

       110
       110
       +
                     Mode = bond.mode;

     

       111
       111
       +
                   }) // (optionalAttrs (bond.xmit_hash_policy != null) {

     

       112
       112
       +
                     TransmitHashPolicy = bond.xmit_hash_policy;

     

       113
       113
       +
                   });

     

       114
       114
       +
               };

     

       115
       115
       +
               networks = listToAttrs (flip map bond.interfaces (bi:

     

       116
       116
       +
                 nameValuePair "40-${bi}" (mkMerge [ (genericNetwork (mkOverride 999)) {

     

       117
       117
       +
                   DHCP = mkOverride 0 (dhcpStr false);

     

       118
       118
       +
                   networkConfig.Bond = name;

     

       119
       119
       +
                 } ])));

     

       120
       120
       +
             })))

     

       121
       121
       +
             (mkMerge (flip mapAttrsToList cfg.macvlans (name: macvlan: {

     

       122
       122
       +
               netdevs."40-${name}" = {

     

       123
       123
       +
                 netdevConfig = {

     

       124
       124
       +
                   Name = name;

     

       125
       125
       +
                   Kind = "macvlan";

     

       126
       126
       +
                 };

     

       127
       127
       +
                 macvlanConfig.Mode = macvlan.mode;

     

       128
       128
       +
               };

     

       129
       129
       +
               networks."40-${macvlan.interface}" = (mkMerge [ (genericNetwork (mkOverride 999)) {

     

       130
       130
       +
                 macvlan = [ name ];

     

       131
       131
       +
               } ]);

     

       132
       132
       +
             })))

     

       133
       133
       +
             (mkMerge (flip mapAttrsToList cfg.sits (name: sit: {

     

       134
       134
       +
               netdevs."40-${name}" = {

     

       135
       135
       +
                 netdevConfig = {

     

       136
       136
       +
                   Name = name;

     

       137
       137
       +
                   Kind = "sit";

     

       138
       138
       +
                 };

     

       139
       139
       +
                 tunnelConfig =

     

       140
       140
       +
                   (optionalAttrs (sit.remote != null) {

     

       141
       141
       +
                     Remote = sit.remote;

     

       142
       142
       +
                   }) // (optionalAttrs (sit.local != null) {

     

       143
       143
       +
                     Local = sit.local;

     

       144
       144
       +
                   }) // (optionalAttrs (sit.ttl != null) {

     

       145
       145
       +
                     TTL = sit.ttl;

     

       146
       146
       +
                   });

     

       147
       147
       +
               };

     

       148
       148
       +
               networks = mkIf (sit.dev != null) {

     

       149
       149
       +
                 "40-${sit.dev}" = (mkMerge [ (genericNetwork (mkOverride 999)) {

     

       150
       150
       +
                   tunnel = [ name ];

     

       151
       151
       +
                 } ]);

     

       152
       152
       +
               };

     

       153
       153
       +
             })))

     

       154
       154
       +
             (mkMerge (flip mapAttrsToList cfg.vlans (name: vlan: {

     

       155
       155
       +
               netdevs."40-${name}" = {

     

       156
       156
       +
                 netdevConfig = {

     

       157
       157
       +
                   Name = name;

     

       158
       158
       +
                   Kind = "vlan";

     

       159
       159
       +
                 };

     

       160
       160
       +
                 vlanConfig.Id = vlan.id;

     

       161
       161
       +
               };

     

       162
       162
       +
               networks."40-${vlan.interface}" = (mkMerge [ (genericNetwork (mkOverride 999)) {

     

       163
       163
       +
                 vlan = [ name ];

     

       164
       164
       +
               } ]);

     

       165
       165
       +
             })))

     

       166
       166
       +
           ];

     

       167
       167
       +
       

     

       168
       168
       +
           # We need to prefill the slaved devices with networking options

     

       169
       169
       +
           # This forces the network interface creator to initialize slaves.

     

       170
       170
       +
           networking.interfaces = listToAttrs (map (i: nameValuePair i { }) slaves);

     

       171
       171
       +
       

     

       172
       172
       +
         };

     

       173
       173
       +
       

     

       174
       174
       +
       }

+114 -343

nixos/modules/tasks/network-interfaces.nix

···

       45
       45
        
               description = "Name of the interface.";

     

       46
       46
        
             };

     

       47
       47
        
       

     

       48
       48
       +
             useDHCP = mkOption {

     

       49
       49
       +
               type = types.nullOr types.bool;

     

       50
       50
       +
               default = null;

     

       51
       51
       +
               description = ''

     

       52
       52
       +
                 Whether this interface should be configured with dhcp.

     

       53
       53
       +
                 Null implies the old behavior which depends on whether ip addresses

     

       54
       54
       +
                 are specified or not.

     

       55
       55
       +
               '';

     

       56
       56
       +
             };

     

       57
       57
       +
       

     

       48
       58
        
             ip4 = mkOption {

     

       49
       59
        
               default = [ ];

     

       50
       60
        
               example = [

     
···

       203
       213
        
       

     

       204
       214
        
           networking.hostName = mkOption {

     

       205
       215
        
             default = "nixos";

     

       216
       216
       +
             type = types.str;

     

       206
       217
        
             description = ''

     

       207
       218
        
               The name of the machine.  Leave it empty if you want to obtain

     

       208
       219
        
               it from a DHCP server (if using DHCP).

     
···

       225
       236
        
       

     

       226
       237
        
           networking.enableIPv6 = mkOption {

     

       227
       238
        
             default = true;

     

       239
       239
       +
             type = types.bool;

     

       228
       240
        
             description = ''

     

       229
       241
        
               Whether to enable support for IPv6.

     

       230
       242
        
             '';

     

       231
       243
        
           };

     

       232
       244
        
       

     

       233
       245
        
           networking.defaultGateway = mkOption {

     

       234
       234
       -
             default = "";

     

       246
       246
       +
             default = null;

     

       235
       247
        
             example = "131.211.84.1";

     

       248
       248
       +
             type = types.nullOr types.str;

     

       236
       249
        
             description = ''

     

       237
       250
        
               The default gateway.  It can be left empty if it is auto-detected through DHCP.

     

       238
       251
        
             '';

     
···

       266
       279
        
           };

     

       267
       280
        
       

     

       268
       281
        
           networking.domain = mkOption {

     

       269
       269
       -
             default = "";

     

       282
       282
       +
             default = null;

     

       270
       283
        
             example = "home";

     

       284
       284
       +
             type = types.nullOr types.str;

     

       271
       285
        
             description = ''

     

       272
       286
        
               The domain.  It can be left empty if it is auto-detected through DHCP.

     

       273
       287
        
             '';

     
···

       414
       428
        
             };

     

       415
       429
        
           };

     

       416
       430
        
       

     

       431
       431
       +
           networking.macvlans = mkOption {

     

       432
       432
       +
             type = types.attrsOf types.optionSet;

     

       433
       433
       +
             default = { };

     

       434
       434
       +
             example = {

     

       435
       435
       +
               wan = {

     

       436
       436
       +
                 interface = "enp2s0";

     

       437
       437
       +
                 mode = "vepa";

     

       438
       438
       +
               };

     

       439
       439
       +
             };

     

       440
       440
       +
             description = ''

     

       441
       441
       +
               This option allows you to define macvlan interfaces which should

     

       442
       442
       +
               be automatically created.

     

       443
       443
       +
             '';

     

       444
       444
       +
             options = {

     

       445
       445
       +
       

     

       446
       446
       +
               interface = mkOption {

     

       447
       447
       +
                 example = "enp4s0";

     

       448
       448
       +
                 type = types.string;

     

       449
       449
       +
                 description = "The interface the macvlan will transmit packets through.";

     

       450
       450
       +
               };

     

       451
       451
       +
       

     

       452
       452
       +
               mode = mkOption {

     

       453
       453
       +
                 default = null;

     

       454
       454
       +
                 type = types.nullOr types.str;

     

       455
       455
       +
                 example = "vepa";

     

       456
       456
       +
                 description = "The mode of the macvlan device.";

     

       457
       457
       +
               };

     

       458
       458
       +
       

     

       459
       459
       +
             };

     

       460
       460
       +
           };

     

       461
       461
       +
       

     

       417
       462
        
           networking.sits = mkOption {

     

       418
       463
        
             type = types.attrsOf types.optionSet;

     

       419
       464
        
             default = { };

     
···

       523
       568
        
             '';

     

       524
       569
        
           };

     

       525
       570
        
       

     

       571
       571
       +
           networking.useNetworkd = mkOption {

     

       572
       572
       +
             default = false;

     

       573
       573
       +
             type = types.bool;

     

       574
       574
       +
             description = ''

     

       575
       575
       +
               Whether we should use networkd as the network configuration backend or

     

       576
       576
       +
               the legacy script based system. Note that this option is experimental,

     

       577
       577
       +
               enable at your own risk.

     

       578
       578
       +
             '';

     

       579
       579
       +
           };

     

       580
       580
       +
       

     

       526
       581
        
         };

     

       527
       582
        
       

     

       528
       583
        
       

     
···

       552
       607
        
             # from being created.

     

       553
       608
        
             optionalString hasBonds "options bonding max_bonds=0";

     

       554
       609
        
       

     

       555
       555
       -
           environment.systemPackages =

     

       556
       556
       -
             [ pkgs.host

     

       557
       557
       -
               pkgs.iproute

     

       558
       558
       -
               pkgs.iputils

     

       559
       559
       -
               pkgs.nettools

     

       560
       560
       -
               pkgs.wirelesstools

     

       561
       561
       -
               pkgs.iw

     

       562
       562
       -
               pkgs.rfkill

     

       563
       563
       -
               pkgs.openresolv

     

       564
       564
       -
             ]

     

       565
       565
       -
             ++ optional (cfg.bridges != {}) pkgs.bridge_utils

     

       566
       566
       -
             ++ optional hasVirtuals pkgs.tunctl

     

       567
       567
       -
             ++ optional cfg.enableIPv6 pkgs.ndisc6;

     

       610
       610
       +
           boot.kernel.sysctl = {

     

       611
       611
       +
             "net.net.ipv4.conf.all.promote_secondaries" = true;

     

       612
       612
       +
             "net.ipv6.conf.all.disable_ipv6" = mkDefault (!cfg.enableIPv6);

     

       613
       613
       +
             "net.ipv6.conf.default.disable_ipv6" = mkDefault (!cfg.enableIPv6);

     

       614
       614
       +
             "net.ipv4.conf.all_forwarding" = mkDefault (any (i: i.proxyARP) interfaces);

     

       615
       615
       +
             "net.ipv6.conf.all.forwarding" = mkDefault (any (i: i.proxyARP) interfaces);

     

       616
       616
       +
           } // listToAttrs (concatLists (flip map (filter (i: i.proxyARP) interfaces)

     

       617
       617
       +
               (i: flip map [ "4" "6" ] (v: nameValuePair "net.ipv${v}.conf.${i.name}.proxy_arp" true))

     

       618
       618
       +
             ));

     

       568
       619
        
       

     

       569
       620
        
           security.setuidPrograms = [ "ping" "ping6" ];

     

       570
       621
        
       

     

       571
       571
       -
           systemd.targets."network-interfaces" =

     

       572
       572
       -
             { description = "All Network Interfaces";

     

       573
       573
       -
               wantedBy = [ "network.target" ];

     

       574
       574
       -
               unitConfig.X-StopOnReconfiguration = true;

     

       575
       575
       -
             };

     

       576
       576
       -
       

     

       577
       577
       -
           systemd.services =

     

       578
       578
       -
             let

     

       579
       579
       -
       

     

       580
       580
       -
               networkSetup =

     

       581
       581
       -
                 { description = "Networking Setup";

     

       582
       582
       -
       

     

       583
       583
       -
                   after = [ "network-interfaces.target" ];

     

       584
       584
       -
                   before = [ "network.target" ];

     

       585
       585
       -
                   wantedBy = [ "network.target" ];

     

       586
       586
       -
       

     

       587
       587
       -
                   unitConfig.ConditionCapability = "CAP_NET_ADMIN";

     

       588
       588
       -
       

     

       589
       589
       -
                   path = [ pkgs.iproute ];

     

       590
       590
       -
       

     

       591
       591
       -
                   serviceConfig.Type = "oneshot";

     

       592
       592
       -
                   serviceConfig.RemainAfterExit = true;

     

       593
       593
       -
       

     

       594
       594
       -
                   script =

     

       595
       595
       -
                     ''

     

       596
       596
       -
                       # Set the static DNS configuration, if given.

     

       597
       597
       -
                       ${pkgs.openresolv}/sbin/resolvconf -m 1 -a static <<EOF

     

       598
       598
       -
                       ${optionalString (cfg.nameservers != [] && cfg.domain != "") ''

     

       599
       599
       -
                         domain ${cfg.domain}

     

       600
       600
       -
                       ''}

     

       601
       601
       -
                       ${optionalString (cfg.search != []) ("search " + concatStringsSep " " cfg.search)}

     

       602
       602
       -
                       ${flip concatMapStrings cfg.nameservers (ns: ''

     

       603
       603
       -
                         nameserver ${ns}

     

       604
       604
       -
                       '')}

     

       605
       605
       -
                       EOF

     

       606
       606
       -
       

     

       607
       607
       -
                       # Disable or enable IPv6.

     

       608
       608
       -
                       ${optionalString (!config.boot.isContainer) ''

     

       609
       609
       -
                         if [ -e /proc/sys/net/ipv6/conf/all/disable_ipv6 ]; then

     

       610
       610
       -
                           echo ${if cfg.enableIPv6 then "0" else "1"} > /proc/sys/net/ipv6/conf/all/disable_ipv6

     

       611
       611
       -
                         fi

     

       612
       612
       -
                       ''}

     

       613
       613
       -
       

     

       614
       614
       -
                       # Set the default gateway.

     

       615
       615
       -
                       ${optionalString (cfg.defaultGateway != "") ''

     

       616
       616
       -
                         # FIXME: get rid of "|| true" (necessary to make it idempotent).

     

       617
       617
       -
                         ip route add default via "${cfg.defaultGateway}" ${

     

       618
       618
       -
                           optionalString (cfg.defaultGatewayWindowSize != null)

     

       619
       619
       -
                             "window ${cfg.defaultGatewayWindowSize}"} || true

     

       620
       620
       -
                       ''}

     

       621
       621
       -
       

     

       622
       622
       -
                       # Turn on forwarding if any interface has enabled proxy_arp.

     

       623
       623
       -
                       ${optionalString (any (i: i.proxyARP) interfaces) ''

     

       624
       624
       -
                         echo 1 > /proc/sys/net/ipv4/ip_forward

     

       625
       625
       -
                       ''}

     

       626
       626
       -
       

     

       627
       627
       -
                       # Run any user-specified commands.

     

       628
       628
       -
                       ${cfg.localCommands}

     

       629
       629
       -
                     '';

     

       630
       630
       -
                 };

     

       631
       631
       -
       

     

       632
       632
       -
               # For each interface <foo>, create a job ‘<foo>-cfg.service"

     

       633
       633
       -
               # that performs static configuration.  It has a "wants"

     

       634
       634
       -
               # dependency on ‘<foo>.service’, which is supposed to create

     

       635
       635
       -
               # the interface and need not exist (i.e. for hardware

     

       636
       636
       -
               # interfaces).  It has a binds-to dependency on the actual

     

       637
       637
       -
               # network device, so it only gets started after the interface

     

       638
       638
       -
               # has appeared, and it's stopped when the interface

     

       639
       639
       -
               # disappears.

     

       640
       640
       -
               configureInterface = i:

     

       641
       641
       -
                 let

     

       642
       642
       -
                   ips = i.ip4 ++ optionals cfg.enableIPv6 i.ip6

     

       643
       643
       -
                     ++ optional (i.ipAddress != null) {

     

       644
       644
       -
                       address = i.ipAddress;

     

       645
       645
       -
                       prefixLength = i.prefixLength;

     

       646
       646
       -
                     } ++ optional (cfg.enableIPv6 && i.ipv6Address != null) {

     

       647
       647
       -
                       address = i.ipv6Address;

     

       648
       648
       -
                       prefixLength = i.ipv6PrefixLength;

     

       649
       649
       -
                     };

     

       650
       650
       -
                 in

     

       651
       651
       -
                 nameValuePair "${i.name}-cfg"

     

       652
       652
       -
                 { description = "Configuration of ${i.name}";

     

       653
       653
       -
                   wantedBy = [ "network-interfaces.target" ];

     

       654
       654
       -
                   bindsTo = [ (subsystemDevice i.name) ];

     

       655
       655
       -
                   after = [ (subsystemDevice i.name) ];

     

       656
       656
       -
                   serviceConfig.Type = "oneshot";

     

       657
       657
       -
                   serviceConfig.RemainAfterExit = true;

     

       658
       658
       -
                   path = [ pkgs.iproute pkgs.gawk ];

     

       659
       659
       -
                   script =

     

       660
       660
       -
                     ''

     

       661
       661
       -
                       echo "bringing up interface..."

     

       662
       662
       -
                       ip link set "${i.name}" up

     

       663
       663
       -
                     ''

     

       664
       664
       -
                     + optionalString (i.macAddress != null)

     

       665
       665
       -
                       ''

     

       666
       666
       -
                         echo "setting MAC address to ${i.macAddress}..."

     

       667
       667
       -
                         ip link set "${i.name}" address "${i.macAddress}"

     

       668
       668
       -
                       ''

     

       669
       669
       -
                     + optionalString (i.mtu != null)

     

       670
       670
       -
                       ''

     

       671
       671
       -
                         echo "setting MTU to ${toString i.mtu}..."

     

       672
       672
       -
                         ip link set "${i.name}" mtu "${toString i.mtu}"

     

       673
       673
       -
                       ''

     

       674
       674
       -
       

     

       675
       675
       -
                     # Ip Setup

     

       676
       676
       -
                     +

     

       677
       677
       -
                       ''

     

       678
       678
       -
                         curIps=$(ip -o a show dev "${i.name}" | awk '{print $4}')

     

       679
       679
       -
                         # Only do an add if it's necessary.  This is

     

       680
       680
       -
                         # useful when the Nix store is accessed via this

     

       681
       681
       -
                         # interface (e.g. in a QEMU VM test).

     

       682
       682
       -
                       ''

     

       683
       683
       -
                     + flip concatMapStrings (ips) (ip:

     

       684
       684
       -
                       let

     

       685
       685
       -
                         address = "${ip.address}/${toString ip.prefixLength}";

     

       686
       686
       -
                       in

     

       687
       687
       -
                       ''

     

       688
       688
       -
                         echo "checking ip ${address}..."

     

       689
       689
       -
                         if ! echo "$curIps" | grep "${address}" >/dev/null 2>&1; then

     

       690
       690
       -
                           if out=$(ip addr add "${address}" dev "${i.name}" 2>&1); then

     

       691
       691
       -
                             echo "added ip ${address}..."

     

       692
       692
       -
                             restart_network_setup=true

     

       693
       693
       -
                           elif ! echo "$out" | grep "File exists" >/dev/null 2>&1; then

     

       694
       694
       -
                             echo "failed to add ${address}"

     

       695
       695
       -
                             exit 1

     

       696
       696
       -
                           fi

     

       697
       697
       -
                         fi

     

       698
       698
       -
                       '')

     

       699
       699
       -
                     + optionalString (ips != [ ])

     

       700
       700
       -
                       ''

     

       701
       701
       -
                         if [ restart_network_setup = true ]; then

     

       702
       702
       -
                           # Ensure that the default gateway remains set.

     

       703
       703
       -
                           # (Flushing this interface may have removed it.)

     

       704
       704
       -
                           ${config.systemd.package}/bin/systemctl try-restart --no-block network-setup.service

     

       705
       705
       -
                         fi

     

       706
       706
       -
                         ${config.systemd.package}/bin/systemctl start ip-up.target

     

       707
       707
       -
                       ''

     

       708
       708
       -
                     + optionalString i.proxyARP

     

       709
       709
       -
                       ''

     

       710
       710
       -
                         echo 1 > /proc/sys/net/ipv4/conf/${i.name}/proxy_arp

     

       711
       711
       -
                       ''

     

       712
       712
       -
                     + optionalString (i.proxyARP && cfg.enableIPv6)

     

       713
       713
       -
                       ''

     

       714
       714
       -
                         echo 1 > /proc/sys/net/ipv6/conf/${i.name}/proxy_ndp

     

       715
       715
       -
                       '';

     

       716
       716
       -
                   preStop =

     

       717
       717
       -
                     ''

     

       718
       718
       -
                       echo "releasing configured ip's..."

     

       719
       719
       -
                     ''

     

       720
       720
       -
                     + flip concatMapStrings (ips) (ip:

     

       721
       721
       -
                       let

     

       722
       722
       -
                         address = "${ip.address}/${toString ip.prefixLength}";

     

       723
       723
       -
                       in

     

       724
       724
       -
                       ''

     

       725
       725
       -
                         echo -n "Deleting ${address}..."

     

       726
       726
       -
                         ip addr del "${address}" dev "${i.name}" >/dev/null 2>&1 || echo -n " Failed"

     

       727
       727
       -
                         echo ""

     

       728
       728
       -
                       '');

     

       729
       729
       -
                 };

     

       730
       730
       -
       

     

       731
       731
       -
               createTunDevice = i: nameValuePair "${i.name}-netdev"

     

       732
       732
       -
                 { description = "Virtual Network Interface ${i.name}";

     

       733
       733
       -
                   requires = [ "dev-net-tun.device" ];

     

       734
       734
       -
                   after = [ "dev-net-tun.device" ];

     

       735
       735
       -
                   wantedBy = [ "network.target" (subsystemDevice i.name) ];

     

       736
       736
       -
                   path = [ pkgs.iproute ];

     

       737
       737
       -
                   serviceConfig = {

     

       738
       738
       -
                     Type = "oneshot";

     

       739
       739
       -
                     RemainAfterExit = true;

     

       740
       740
       -
                   };

     

       741
       741
       -
                   script = ''

     

       742
       742
       -
                     ip tuntap add dev "${i.name}" \

     

       743
       743
       -
                     ${optionalString (i.virtualType != null) "mode ${i.virtualType}"} \

     

       744
       744
       -
                     user "${i.virtualOwner}"

     

       745
       745
       -
                   '';

     

       746
       746
       -
                   postStop = ''

     

       747
       747
       -
                     ip link del ${i.name}

     

       748
       748
       -
                   '';

     

       749
       749
       -
                 };

     

       750
       750
       -
       

     

       751
       751
       -
               createBridgeDevice = n: v: nameValuePair "${n}-netdev"

     

       752
       752
       -
                 (let

     

       753
       753
       -
                   deps = map subsystemDevice v.interfaces;

     

       754
       754
       -
                 in

     

       755
       755
       -
                 { description = "Bridge Interface ${n}";

     

       756
       756
       -
                   wantedBy = [ "network.target" (subsystemDevice n) ];

     

       757
       757
       -
                   bindsTo = deps;

     

       758
       758
       -
                   after = deps;

     

       759
       759
       -
                   serviceConfig.Type = "oneshot";

     

       760
       760
       -
                   serviceConfig.RemainAfterExit = true;

     

       761
       761
       -
                   path = [ pkgs.bridge_utils pkgs.iproute ];

     

       762
       762
       -
                   script =

     

       763
       763
       -
                     ''

     

       764
       764
       -
                       # Remove Dead Interfaces

     

       765
       765
       -
                       ip link show "${n}" >/dev/null 2>&1 && ip link delete "${n}"

     

       766
       766
       -
       

     

       767
       767
       -
                       brctl addbr "${n}"

     

       768
       768
       -
       

     

       769
       769
       -
                       # Set bridge's hello time to 0 to avoid startup delays.

     

       770
       770
       -
                       brctl setfd "${n}" 0

     

       771
       771
       -
       

     

       772
       772
       -
                       ${flip concatMapStrings v.interfaces (i: ''

     

       773
       773
       -
                         brctl addif "${n}" "${i}"

     

       774
       774
       -
                         ip link set "${i}" up

     

       775
       775
       -
                         ip addr flush dev "${i}"

     

       776
       776
       -
       

     

       777
       777
       -
                         echo "bringing up network device ${n}..."

     

       778
       778
       -
                         ip link set "${n}" up

     

       779
       779
       -
                       '')}

     

       780
       780
       -
       

     

       781
       781
       -
                       # !!! Should delete (brctl delif) any interfaces that

     

       782
       782
       -
                       # no longer belong to the bridge.

     

       783
       783
       -
                     '';

     

       784
       784
       -
                   postStop =

     

       785
       785
       -
                     ''

     

       786
       786
       -
                       ip link set "${n}" down

     

       787
       787
       -
                       brctl delbr "${n}"

     

       788
       788
       -
                     '';

     

       789
       789
       -
                 });

     

       790
       790
       -
       

     

       791
       791
       -
               createBondDevice = n: v: nameValuePair "${n}-netdev"

     

       792
       792
       -
                 (let

     

       793
       793
       -
                   deps = map subsystemDevice v.interfaces;

     

       794
       794
       -
                 in

     

       795
       795
       -
                 { description = "Bond Interface ${n}";

     

       796
       796
       -
                   wantedBy = [ "network.target" (subsystemDevice n) ];

     

       797
       797
       -
                   bindsTo = deps;

     

       798
       798
       -
                   after = deps;

     

       799
       799
       -
                   before = [ "${n}-cfg.service" ];

     

       800
       800
       -
                   serviceConfig.Type = "oneshot";

     

       801
       801
       -
                   serviceConfig.RemainAfterExit = true;

     

       802
       802
       -
                   path = [ pkgs.ifenslave pkgs.iproute ];

     

       803
       803
       -
                   script = ''

     

       804
       804
       -
                     ip link add name "${n}" type bond

     

       805
       805
       -
       

     

       806
       806
       -
                     # !!! There must be a better way to wait for the interface

     

       807
       807
       -
                     while [ ! -d /sys/class/net/${n} ]; do sleep 0.1; done;

     

       808
       808
       -
       

     

       809
       809
       -
                     # Ensure the link is down so that we can set options

     

       810
       810
       -
                     ip link set "${n}" down

     

       811
       811
       -
       

     

       812
       812
       -
                     # Set the miimon and mode options

     

       813
       813
       -
                     ${optionalString (v.miimon != null)

     

       814
       814
       -
                       "echo \"${toString v.miimon}\" >/sys/class/net/${n}/bonding/miimon"}

     

       815
       815
       -
                     ${optionalString (v.mode != null)

     

       816
       816
       -
                       "echo \"${v.mode}\" >/sys/class/net/${n}/bonding/mode"}

     

       817
       817
       -
                     ${optionalString (v.lacp_rate != null)

     

       818
       818
       -
                       "echo \"${v.lacp_rate}\" >/sys/class/net/${n}/bonding/lacp_rate"}

     

       819
       819
       -
                     ${optionalString (v.xmit_hash_policy != null)

     

       820
       820
       -
                       "echo \"${v.xmit_hash_policy}\" >/sys/class/net/${n}/bonding/xmit_hash_policy"}

     

       821
       821
       -
       

     

       822
       822
       -
                     # Bring up the bond and enslave the specified interfaces

     

       823
       823
       -
                     ip link set "${n}" up

     

       824
       824
       -
                     ${flip concatMapStrings v.interfaces (i: ''

     

       825
       825
       -
                       ifenslave "${n}" "${i}"

     

       826
       826
       -
                     '')}

     

       827
       827
       -
                   '';

     

       828
       828
       -
                   postStop = ''

     

       829
       829
       -
                     ${flip concatMapStrings v.interfaces (i: ''

     

       830
       830
       -
                       ifenslave -d "${n}" "${i}" >/dev/null 2>&1 || true

     

       831
       831
       -
                     '')}

     

       832
       832
       -
                     ip link set "${n}" down >/dev/null 2>&1 || true

     

       833
       833
       -
                     ip link del "${n}" >/dev/null 2>&1 || true

     

       834
       834
       -
                   '';

     

       835
       835
       -
                 });

     

       836
       836
       -
       

     

       837
       837
       -
               createSitDevice = n: v: nameValuePair "${n}-netdev"

     

       838
       838
       -
                 (let

     

       839
       839
       -
                   deps = optional (v.dev != null) (subsystemDevice v.dev);

     

       840
       840
       -
                 in

     

       841
       841
       -
                 { description = "6-to-4 Tunnel Interface ${n}";

     

       842
       842
       -
                   wantedBy = [ "network.target" (subsystemDevice n) ];

     

       843
       843
       -
                   bindsTo = deps;

     

       844
       844
       -
                   after = deps;

     

       845
       845
       -
                   serviceConfig.Type = "oneshot";

     

       846
       846
       -
                   serviceConfig.RemainAfterExit = true;

     

       847
       847
       -
                   path = [ pkgs.iproute ];

     

       848
       848
       -
                   script = ''

     

       849
       849
       -
                     # Remove Dead Interfaces

     

       850
       850
       -
                     ip link show "${n}" >/dev/null 2>&1 && ip link delete "${n}"

     

       851
       851
       -
                     ip link add name "${n}" type sit \

     

       852
       852
       -
                       ${optionalString (v.remote != null) "remote \"${v.remote}\""} \

     

       853
       853
       -
                       ${optionalString (v.local != null) "local \"${v.local}\""} \

     

       854
       854
       -
                       ${optionalString (v.ttl != null) "ttl ${toString v.ttl}"} \

     

       855
       855
       -
                       ${optionalString (v.dev != null) "dev \"${v.dev}\""}

     

       856
       856
       -
                     ip link set "${n}" up

     

       857
       857
       -
                   '';

     

       858
       858
       -
                   postStop = ''

     

       859
       859
       -
                     ip link delete "${n}"

     

       860
       860
       -
                   '';

     

       861
       861
       -
                 });

     

       862
       862
       -
       

     

       863
       863
       -
               createVlanDevice = n: v: nameValuePair "${n}-netdev"

     

       864
       864
       -
                 (let

     

       865
       865
       -
                   deps = [ (subsystemDevice v.interface) ];

     

       866
       866
       -
                 in

     

       867
       867
       -
                 { description = "Vlan Interface ${n}";

     

       868
       868
       -
                   wantedBy = [ "network.target" (subsystemDevice n) ];

     

       869
       869
       -
                   bindsTo = deps;

     

       870
       870
       -
                   after = deps;

     

       871
       871
       -
                   serviceConfig.Type = "oneshot";

     

       872
       872
       -
                   serviceConfig.RemainAfterExit = true;

     

       873
       873
       -
                   path = [ pkgs.iproute ];

     

       874
       874
       -
                   script = ''

     

       875
       875
       -
                     # Remove Dead Interfaces

     

       876
       876
       -
                     ip link show "${n}" >/dev/null 2>&1 && ip link delete "${n}"

     

       877
       877
       -
                     ip link add link "${v.interface}" name "${n}" type vlan id "${toString v.id}"

     

       878
       878
       -
                     ip link set "${n}" up

     

       879
       879
       -
                   '';

     

       880
       880
       -
                   postStop = ''

     

       881
       881
       -
                     ip link delete "${n}"

     

       882
       882
       -
                   '';

     

       883
       883
       -
                 });

     

       884
       884
       -
       

     

       885
       885
       -
             in listToAttrs (

     

       886
       886
       -
                  map configureInterface interfaces ++

     

       887
       887
       -
                  map createTunDevice (filter (i: i.virtual) interfaces))

     

       888
       888
       -
                // mapAttrs' createBridgeDevice cfg.bridges

     

       889
       889
       -
                // mapAttrs' createBondDevice cfg.bonds

     

       890
       890
       -
                // mapAttrs' createSitDevice cfg.sits

     

       891
       891
       -
                // mapAttrs' createVlanDevice cfg.vlans

     

       892
       892
       -
                // { "network-setup" = networkSetup; };

     

       893
       893
       -
       

     

       894
       622
        
           # Set the host and domain names in the activation script.  Don't

     

       895
       623
        
           # clear it if it's not configured in the NixOS configuration,

     

       896
       624
        
           # since it may have been set by dhcpcd in the meantime.

     
···

       899
       627
        
               hostname "${cfg.hostName}"

     

       900
       628
        
             '';

     

       901
       629
        
           system.activationScripts.domain =

     

       902
       902
       -
             optionalString (cfg.domain != "") ''

     

       630
       630
       +
             optionalString (cfg.domain != null) ''

     

       903
       631
        
               domainname "${cfg.domain}"

     

       904
       632
        
             '';

     

       905
       633
        
       

     
···

       918
       646
        
               }

     

       919
       647
        
             ];

     

       920
       648
        
       

     

       921
       921
       -
           services.udev.extraRules =

     

       922
       922
       -
             ''

     

       923
       923
       -
               KERNEL=="tun", TAG+="systemd"

     

       924
       924
       -
             '';

     

       649
       649
       +
           environment.systemPackages =

     

       650
       650
       +
             [ pkgs.host

     

       651
       651
       +
               pkgs.iproute

     

       652
       652
       +
               pkgs.iputils

     

       653
       653
       +
               pkgs.nettools

     

       654
       654
       +
               pkgs.wirelesstools

     

       655
       655
       +
               pkgs.iw

     

       656
       656
       +
               pkgs.rfkill

     

       657
       657
       +
               pkgs.openresolv

     

       658
       658
       +
             ];

     

       925
       659
        
       

     

       660
       660
       +
           systemd.services = {

     

       661
       661
       +
             network-local-commands = {

     

       662
       662
       +
               description = "Extra networking commands.";

     

       663
       663
       +
               before = [ "network.target" ];

     

       664
       664
       +
               wantedBy = [ "network.target" ];

     

       665
       665
       +
               unitConfig.ConditionCapability = "CAP_NET_ADMIN";

     

       666
       666
       +
               path = [ pkgs.iproute ];

     

       667
       667
       +
               serviceConfig.Type = "oneshot";

     

       668
       668
       +
               serviceConfig.RemainAfterExit = true;

     

       669
       669
       +
               script = ''

     

       670
       670
       +
                 # Run any user-specified commands.

     

       671
       671
       +
                 ${cfg.localCommands}

     

       672
       672
       +
               '';

     

       673
       673
       +
             };

     

       674
       674
       +
           } // (listToAttrs (flip map interfaces (i:

     

       675
       675
       +
             nameValuePair "network-link-${i.name}"

     

       676
       676
       +
             { description = "Link configuration of ${i.name}";

     

       677
       677
       +
               wantedBy = [ "network-interfaces.target" ];

     

       678
       678
       +
               before = [ "network-interfaces.target" ];

     

       679
       679
       +
               bindsTo = [ (subsystemDevice i.name) ];

     

       680
       680
       +
               after = [ (subsystemDevice i.name) ];

     

       681
       681
       +
               path = [ pkgs.iproute ];

     

       682
       682
       +
               serviceConfig = {

     

       683
       683
       +
                 Type = "oneshot";

     

       684
       684
       +
                 RemainAfterExit = true;

     

       685
       685
       +
               };

     

       686
       686
       +
               script =

     

       687
       687
       +
                 ''

     

       688
       688
       +
                   echo "Configuring link..."

     

       689
       689
       +
                 '' + optionalString (i.macAddress != null) ''

     

       690
       690
       +
                   echo "setting MAC address to ${i.macAddress}..."

     

       691
       691
       +
                   ip link set "${i.name}" address "${i.macAddress}"

     

       692
       692
       +
                 '' + optionalString (i.mtu != null) ''

     

       693
       693
       +
                   echo "setting MTU to ${toString i.mtu}..."

     

       694
       694
       +
                   ip link set "${i.name}" mtu "${toString i.mtu}"

     

       695
       695
       +
                 '';

     

       696
       696
       +
             })));

     

       926
       697
        
         };

     

       927
       698
        
       

     

       928
       699
        
       }

nixos/release-combined.nix

···

       66
       66
        
               (all nixos.tests.misc)

     

       67
       67
        
               (all nixos.tests.nat.firewall)

     

       68
       68
        
               (all nixos.tests.nat.standalone)

     

       69
       69
       +
               (all nixos.tests.networking.scripted.static)

     

       70
       70
       +
               (all nixos.tests.networking.scripted.dhcpSimple)

     

       71
       71
       +
               (all nixos.tests.networking.scripted.dhcpOneIf)

     

       72
       72
       +
               (all nixos.tests.networking.scripted.bond)

     

       73
       73
       +
               (all nixos.tests.networking.scripted.bridge)

     

       74
       74
       +
               (all nixos.tests.networking.scripted.macvlan)

     

       75
       75
       +
               (all nixos.tests.networking.scripted.sit)

     

       76
       76
       +
               (all nixos.tests.networking.scripted.vlan)

     

       69
       77
        
               (all nixos.tests.nfs3)

     

       70
       78
        
               (all nixos.tests.openssh)

     

       71
       79
        
               (all nixos.tests.printing)

+16

nixos/release.nix

···

       269
       269
        
         tests.mysqlReplication = callTest tests/mysql-replication.nix {};

     

       270
       270
        
         tests.nat.firewall = callTest tests/nat.nix { withFirewall = true; };

     

       271
       271
        
         tests.nat.standalone = callTest tests/nat.nix { withFirewall = false; };

     

       272
       272
       +
         tests.networking.networkd.static = callTest tests/networking.nix { networkd = true; test = "static"; };

     

       273
       273
       +
         tests.networking.networkd.dhcpSimple = callTest tests/networking.nix { networkd = true; test = "dhcpSimple"; };

     

       274
       274
       +
         tests.networking.networkd.dhcpOneIf = callTest tests/networking.nix { networkd = true; test = "dhcpOneIf"; };

     

       275
       275
       +
         tests.networking.networkd.bond = callTest tests/networking.nix { networkd = true; test = "bond"; };

     

       276
       276
       +
         tests.networking.networkd.bridge = callTest tests/networking.nix { networkd = true; test = "bridge"; };

     

       277
       277
       +
         tests.networking.networkd.macvlan = callTest tests/networking.nix { networkd = true; test = "macvlan"; };

     

       278
       278
       +
         tests.networking.networkd.sit = callTest tests/networking.nix { networkd = true; test = "sit"; };

     

       279
       279
       +
         tests.networking.networkd.vlan = callTest tests/networking.nix { networkd = true; test = "vlan"; };

     

       280
       280
       +
         tests.networking.scripted.static = callTest tests/networking.nix { networkd = false; test = "static"; };

     

       281
       281
       +
         tests.networking.scripted.dhcpSimple = callTest tests/networking.nix { networkd = false; test = "dhcpSimple"; };

     

       282
       282
       +
         tests.networking.scripted.dhcpOneIf = callTest tests/networking.nix { networkd = false; test = "dhcpOneIf"; };

     

       283
       283
       +
         tests.networking.scripted.bond = callTest tests/networking.nix { networkd = false; test = "bond"; };

     

       284
       284
       +
         tests.networking.scripted.bridge = callTest tests/networking.nix { networkd = false; test = "bridge"; };

     

       285
       285
       +
         tests.networking.scripted.macvlan = callTest tests/networking.nix { networkd = false; test = "macvlan"; };

     

       286
       286
       +
         tests.networking.scripted.sit = callTest tests/networking.nix { networkd = false; test = "sit"; };

     

       287
       287
       +
         tests.networking.scripted.vlan = callTest tests/networking.nix { networkd = false; test = "vlan"; };

     

       272
       288
        
         tests.nfs3 = callTest tests/nfs.nix { version = 3; };

     

       273
       289
        
         tests.nsd = callTest tests/nsd.nix {};

     

       274
       290
        
         tests.openssh = callTest tests/openssh.nix {};

+365

nixos/tests/networking.nix

···

       1
       1
       +
       import ./make-test.nix ({ networkd, test, ... }:

     

       2
       2
       +
         let

     

       3
       3
       +
           router = { config, pkgs, ... }:

     

       4
       4
       +
             with pkgs.lib;

     

       5
       5
       +
             let

     

       6
       6
       +
               vlanIfs = range 1 (length config.virtualisation.vlans);

     

       7
       7
       +
             in {

     

       8
       8
       +
               virtualisation.vlans = [ 1 2 3 ];

     

       9
       9
       +
               networking = {

     

       10
       10
       +
                 useDHCP = false;

     

       11
       11
       +
                 useNetworkd = networkd;

     

       12
       12
       +
                 firewall.allowPing = true;

     

       13
       13
       +
                 interfaces = mkOverride 0 (listToAttrs (flip map vlanIfs (n:

     

       14
       14
       +
                   nameValuePair "eth${toString n}" {

     

       15
       15
       +
                     ipAddress = "192.168.${toString n}.1";

     

       16
       16
       +
                     prefixLength = 24;

     

       17
       17
       +
                   })));

     

       18
       18
       +
               };

     

       19
       19
       +
               services.dhcpd = {

     

       20
       20
       +
                 enable = true;

     

       21
       21
       +
                 interfaces = map (n: "eth${toString n}") vlanIfs;

     

       22
       22
       +
                 extraConfig = ''

     

       23
       23
       +
                   option subnet-mask 255.255.255.0;

     

       24
       24
       +
                 '' + flip concatMapStrings vlanIfs (n: ''

     

       25
       25
       +
                   subnet 192.168.${toString n}.0 netmask 255.255.255.0 {

     

       26
       26
       +
                     option broadcast-address 192.168.${toString n}.255;

     

       27
       27
       +
                     option routers 192.168.${toString n}.1;

     

       28
       28
       +
                     range 192.168.${toString n}.2 192.168.${toString n}.254;

     

       29
       29
       +
                   }

     

       30
       30
       +
                 '');

     

       31
       31
       +
               };

     

       32
       32
       +
             };

     

       33
       33
       +
           testCases = {

     

       34
       34
       +
             static = {

     

       35
       35
       +
               name = "Static";

     

       36
       36
       +
               nodes.router = router;

     

       37
       37
       +
               nodes.client = { config, pkgs, ... }: with pkgs.lib; {

     

       38
       38
       +
                 virtualisation.vlans = [ 1 2 ];

     

       39
       39
       +
                 networking = {

     

       40
       40
       +
                   useNetworkd = networkd;

     

       41
       41
       +
                   firewall.allowPing = true;

     

       42
       42
       +
                   useDHCP = false;

     

       43
       43
       +
                   defaultGateway = "192.168.1.1";

     

       44
       44
       +
                   interfaces.eth1.ip4 = mkOverride 0 [

     

       45
       45
       +
                     { address = "192.168.1.2"; prefixLength = 24; }

     

       46
       46
       +
                     { address = "192.168.1.3"; prefixLength = 32; }

     

       47
       47
       +
                     { address = "192.168.1.10"; prefixLength = 32; }

     

       48
       48
       +
                   ];

     

       49
       49
       +
                   interfaces.eth2.ip4 = mkOverride 0 [

     

       50
       50
       +
                     { address = "192.168.2.2"; prefixLength = 24; }

     

       51
       51
       +
                   ];

     

       52
       52
       +
                 };

     

       53
       53
       +
               };

     

       54
       54
       +
               testScript = { nodes, ... }:

     

       55
       55
       +
                 ''

     

       56
       56
       +
                   startAll;

     

       57
       57
       +
       

     

       58
       58
       +
                   $client->waitForUnit("network.target");

     

       59
       59
       +
                   $router->waitForUnit("network.target");

     

       60
       60
       +
       

     

       61
       61
       +
                   # Make sure dhcpcd is not started

     

       62
       62
       +
                   $client->fail("systemctl status dhcpcd.service");

     

       63
       63
       +
       

     

       64
       64
       +
                   # Test vlan 1

     

       65
       65
       +
                   $client->succeed("ping -c 1 192.168.1.1");

     

       66
       66
       +
                   $client->succeed("ping -c 1 192.168.1.2");

     

       67
       67
       +
                   $client->succeed("ping -c 1 192.168.1.3");

     

       68
       68
       +
                   $client->succeed("ping -c 1 192.168.1.10");

     

       69
       69
       +
       

     

       70
       70
       +
                   $router->succeed("ping -c 1 192.168.1.1");

     

       71
       71
       +
                   $router->succeed("ping -c 1 192.168.1.2");

     

       72
       72
       +
                   $router->succeed("ping -c 1 192.168.1.3");

     

       73
       73
       +
                   $router->succeed("ping -c 1 192.168.1.10");

     

       74
       74
       +
       

     

       75
       75
       +
                   # Test vlan 2

     

       76
       76
       +
                   $client->succeed("ping -c 1 192.168.2.1");

     

       77
       77
       +
                   $client->succeed("ping -c 1 192.168.2.2");

     

       78
       78
       +
       

     

       79
       79
       +
                   $router->succeed("ping -c 1 192.168.2.1");

     

       80
       80
       +
                   $router->succeed("ping -c 1 192.168.2.2");

     

       81
       81
       +
       

     

       82
       82
       +
                   # Test default gateway

     

       83
       83
       +
                   $router->succeed("ping -c 1 192.168.3.1");

     

       84
       84
       +
                   $client->succeed("ping -c 1 192.168.3.1");

     

       85
       85
       +
                 '';

     

       86
       86
       +
             };

     

       87
       87
       +
             dhcpSimple = {

     

       88
       88
       +
               name = "SimpleDHCP";

     

       89
       89
       +
               nodes.router = router;

     

       90
       90
       +
               nodes.client = { config, pkgs, ... }: with pkgs.lib; {

     

       91
       91
       +
                 virtualisation.vlans = [ 1 2 ];

     

       92
       92
       +
                 networking = {

     

       93
       93
       +
                   useNetworkd = networkd;

     

       94
       94
       +
                   firewall.allowPing = true;

     

       95
       95
       +
                   useDHCP = true;

     

       96
       96
       +
                   interfaces.eth1.ip4 = mkOverride 0 [ ];

     

       97
       97
       +
                   interfaces.eth2.ip4 = mkOverride 0 [ ];

     

       98
       98
       +
                 };

     

       99
       99
       +
               };

     

       100
       100
       +
               testScript = { nodes, ... }:

     

       101
       101
       +
                 ''

     

       102
       102
       +
                   startAll;

     

       103
       103
       +
       

     

       104
       104
       +
                   $client->waitForUnit("network.target");

     

       105
       105
       +
                   $router->waitForUnit("network.target");

     

       106
       106
       +
                   $client->waitForUnit("dhcpcd.service");

     

       107
       107
       +
       

     

       108
       108
       +
                   # Wait until we have an ip address on each interface

     

       109
       109
       +
                   $client->succeed("while ! ip addr show dev eth1 | grep '192.168.1'; do true; done");

     

       110
       110
       +
                   $client->succeed("while ! ip addr show dev eth2 | grep '192.168.2'; do true; done");

     

       111
       111
       +
       

     

       112
       112
       +
                   # Test vlan 1

     

       113
       113
       +
                   $client->succeed("ping -c 1 192.168.1.1");

     

       114
       114
       +
                   $client->succeed("ping -c 1 192.168.1.2");

     

       115
       115
       +
       

     

       116
       116
       +
                   $router->succeed("ping -c 1 192.168.1.1");

     

       117
       117
       +
                   $router->succeed("ping -c 1 192.168.1.2");

     

       118
       118
       +
       

     

       119
       119
       +
                   # Test vlan 2

     

       120
       120
       +
                   $client->succeed("ping -c 1 192.168.2.1");

     

       121
       121
       +
                   $client->succeed("ping -c 1 192.168.2.2");

     

       122
       122
       +
       

     

       123
       123
       +
                   $router->succeed("ping -c 1 192.168.2.1");

     

       124
       124
       +
                   $router->succeed("ping -c 1 192.168.2.2");

     

       125
       125
       +
                 '';

     

       126
       126
       +
             };

     

       127
       127
       +
             dhcpOneIf = {

     

       128
       128
       +
               name = "OneInterfaceDHCP";

     

       129
       129
       +
               nodes.router = router;

     

       130
       130
       +
               nodes.client = { config, pkgs, ... }: with pkgs.lib; {

     

       131
       131
       +
                 virtualisation.vlans = [ 1 2 ];

     

       132
       132
       +
                 networking = {

     

       133
       133
       +
                   useNetworkd = networkd;

     

       134
       134
       +
                   firewall.allowPing = true;

     

       135
       135
       +
                   useDHCP = false;

     

       136
       136
       +
                   interfaces.eth1 = {

     

       137
       137
       +
                     ip4 = mkOverride 0 [ ];

     

       138
       138
       +
                     useDHCP = true;

     

       139
       139
       +
                   };

     

       140
       140
       +
                   interfaces.eth2.ip4 = mkOverride 0 [ ];

     

       141
       141
       +
                 };

     

       142
       142
       +
               };

     

       143
       143
       +
               testScript = { nodes, ... }:

     

       144
       144
       +
                 ''

     

       145
       145
       +
                   startAll;

     

       146
       146
       +
       

     

       147
       147
       +
                   $client->waitForUnit("network.target");

     

       148
       148
       +
                   $router->waitForUnit("network.target");

     

       149
       149
       +
                   $client->waitForUnit("dhcpcd.service");

     

       150
       150
       +
       

     

       151
       151
       +
                   # Wait until we have an ip address on each interface

     

       152
       152
       +
                   $client->succeed("while ! ip addr show dev eth1 | grep '192.168.1'; do true; done");

     

       153
       153
       +
       

     

       154
       154
       +
                   # Test vlan 1

     

       155
       155
       +
                   $client->succeed("ping -c 1 192.168.1.1");

     

       156
       156
       +
                   $client->succeed("ping -c 1 192.168.1.2");

     

       157
       157
       +
       

     

       158
       158
       +
                   $router->succeed("ping -c 1 192.168.1.1");

     

       159
       159
       +
                   $router->succeed("ping -c 1 192.168.1.2");

     

       160
       160
       +
       

     

       161
       161
       +
                   # Test vlan 2

     

       162
       162
       +
                   $client->succeed("ping -c 1 192.168.2.1");

     

       163
       163
       +
                   $client->fail("ping -c 1 192.168.2.2");

     

       164
       164
       +
       

     

       165
       165
       +
                   $router->succeed("ping -c 1 192.168.2.1");

     

       166
       166
       +
                   $router->fail("ping -c 1 192.168.2.2");

     

       167
       167
       +
                 '';

     

       168
       168
       +
             };

     

       169
       169
       +
             bond = let

     

       170
       170
       +
               node = address: { config, pkgs, ... }: with pkgs.lib; {

     

       171
       171
       +
                 virtualisation.vlans = [ 1 2 ];

     

       172
       172
       +
                 networking = {

     

       173
       173
       +
                   useNetworkd = networkd;

     

       174
       174
       +
                   firewall.allowPing = true;

     

       175
       175
       +
                   useDHCP = false;

     

       176
       176
       +
                   bonds.bond = {

     

       177
       177
       +
                     mode = "balance-rr";

     

       178
       178
       +
                     interfaces = [ "eth1" "eth2" ];

     

       179
       179
       +
                   };

     

       180
       180
       +
                   interfaces.bond.ip4 = mkOverride 0

     

       181
       181
       +
                     [ { inherit address; prefixLength = 30; } ];

     

       182
       182
       +
                 };

     

       183
       183
       +
               };

     

       184
       184
       +
             in {

     

       185
       185
       +
               name = "Bond";

     

       186
       186
       +
               nodes.client1 = node "192.168.1.1";

     

       187
       187
       +
               nodes.client2 = node "192.168.1.2";

     

       188
       188
       +
               testScript = { nodes, ... }:

     

       189
       189
       +
                 ''

     

       190
       190
       +
                   startAll;

     

       191
       191
       +
       

     

       192
       192
       +
                   $client1->waitForUnit("network.target");

     

       193
       193
       +
                   $client2->waitForUnit("network.target");

     

       194
       194
       +
       

     

       195
       195
       +
                   # Test bonding

     

       196
       196
       +
                   $client1->succeed("ping -c 2 192.168.1.1");

     

       197
       197
       +
                   $client1->succeed("ping -c 2 192.168.1.2");

     

       198
       198
       +
       

     

       199
       199
       +
                   $client2->succeed("ping -c 2 192.168.1.1");

     

       200
       200
       +
                   $client2->succeed("ping -c 2 192.168.1.2");

     

       201
       201
       +
                 '';

     

       202
       202
       +
             };

     

       203
       203
       +
             bridge = let

     

       204
       204
       +
               node = { address, vlan }: { config, pkgs, ... }: with pkgs.lib; {

     

       205
       205
       +
                 virtualisation.vlans = [ vlan ];

     

       206
       206
       +
                 networking = {

     

       207
       207
       +
                   useNetworkd = networkd;

     

       208
       208
       +
                   firewall.allowPing = true;

     

       209
       209
       +
                   useDHCP = false;

     

       210
       210
       +
                   interfaces.eth1.ip4 = mkOverride 0

     

       211
       211
       +
                     [ { inherit address; prefixLength = 24; } ];

     

       212
       212
       +
                 };

     

       213
       213
       +
               };

     

       214
       214
       +
             in {

     

       215
       215
       +
               name = "Bridge";

     

       216
       216
       +
               nodes.client1 = node { address = "192.168.1.2"; vlan = 1; };

     

       217
       217
       +
               nodes.client2 = node { address = "192.168.1.3"; vlan = 2; };

     

       218
       218
       +
               nodes.router = { config, pkgs, ... }: with pkgs.lib; {

     

       219
       219
       +
                 virtualisation.vlans = [ 1 2 ];

     

       220
       220
       +
                 networking = {

     

       221
       221
       +
                   useNetworkd = networkd;

     

       222
       222
       +
                   firewall.allowPing = true;

     

       223
       223
       +
                   useDHCP = false;

     

       224
       224
       +
                   bridges.bridge.interfaces = [ "eth1" "eth2" ];

     

       225
       225
       +
                   interfaces.eth1.ip4 = mkOverride 0 [ ];

     

       226
       226
       +
                   interfaces.eth2.ip4 = mkOverride 0 [ ];

     

       227
       227
       +
                   interfaces.bridge.ip4 = mkOverride 0

     

       228
       228
       +
                     [ { address = "192.168.1.1"; prefixLength = 24; } ];

     

       229
       229
       +
                 };

     

       230
       230
       +
               };

     

       231
       231
       +
               testScript = { nodes, ... }:

     

       232
       232
       +
                 ''

     

       233
       233
       +
                   startAll;

     

       234
       234
       +
       

     

       235
       235
       +
                   $client1->waitForUnit("network.target");

     

       236
       236
       +
                   $client2->waitForUnit("network.target");

     

       237
       237
       +
                   $router->waitForUnit("network.target");

     

       238
       238
       +
       

     

       239
       239
       +
                   # Test bridging

     

       240
       240
       +
                   $client1->succeed("ping -c 1 192.168.1.1");

     

       241
       241
       +
                   $client1->succeed("ping -c 1 192.168.1.2");

     

       242
       242
       +
                   $client1->succeed("ping -c 1 192.168.1.3");

     

       243
       243
       +
       

     

       244
       244
       +
                   $client2->succeed("ping -c 1 192.168.1.1");

     

       245
       245
       +
                   $client2->succeed("ping -c 1 192.168.1.2");

     

       246
       246
       +
                   $client2->succeed("ping -c 1 192.168.1.3");

     

       247
       247
       +
       

     

       248
       248
       +
                   $router->succeed("ping -c 1 192.168.1.1");

     

       249
       249
       +
                   $router->succeed("ping -c 1 192.168.1.2");

     

       250
       250
       +
                   $router->succeed("ping -c 1 192.168.1.3");

     

       251
       251
       +
                 '';

     

       252
       252
       +
             };

     

       253
       253
       +
             macvlan = {

     

       254
       254
       +
               name = "MACVLAN";

     

       255
       255
       +
               nodes.router = router;

     

       256
       256
       +
               nodes.client = { config, pkgs, ... }: with pkgs.lib; {

     

       257
       257
       +
                 virtualisation.vlans = [ 1 ];

     

       258
       258
       +
                 networking = {

     

       259
       259
       +
                   useNetworkd = networkd;

     

       260
       260
       +
                   firewall.allowPing = true;

     

       261
       261
       +
                   useDHCP = true;

     

       262
       262
       +
                   macvlans.macvlan.interface = "eth1";

     

       263
       263
       +
                   interfaces.eth1.ip4 = mkOverride 0 [ ];

     

       264
       264
       +
                 };

     

       265
       265
       +
               };

     

       266
       266
       +
               testScript = { nodes, ... }:

     

       267
       267
       +
                 ''

     

       268
       268
       +
                   startAll;

     

       269
       269
       +
       

     

       270
       270
       +
                   $client->waitForUnit("network.target");

     

       271
       271
       +
                   $router->waitForUnit("network.target");

     

       272
       272
       +
                   $client->waitForUnit("dhcpcd.service");

     

       273
       273
       +
       

     

       274
       274
       +
                   # Wait until we have an ip address on each interface

     

       275
       275
       +
                   $client->succeed("while ! ip addr show dev eth1 | grep '192.168.1'; do true; done");

     

       276
       276
       +
                   $client->succeed("while ! ip addr show dev macvlan | grep '192.168.1'; do true; done");

     

       277
       277
       +
       

     

       278
       278
       +
                   # Test macvlan

     

       279
       279
       +
                   $client->succeed("ping -c 1 192.168.1.1");

     

       280
       280
       +
                   $client->succeed("ping -c 1 192.168.1.2");

     

       281
       281
       +
                   $client->succeed("ping -c 1 192.168.1.3");

     

       282
       282
       +
       

     

       283
       283
       +
                   $router->succeed("ping -c 1 192.168.1.1");

     

       284
       284
       +
                   $router->succeed("ping -c 1 192.168.1.2");

     

       285
       285
       +
                   $router->succeed("ping -c 1 192.168.1.3");

     

       286
       286
       +
                 '';

     

       287
       287
       +
             };

     

       288
       288
       +
             sit = let

     

       289
       289
       +
               node = { address4, remote, address6 }: { config, pkgs, ... }: with pkgs.lib; {

     

       290
       290
       +
                 virtualisation.vlans = [ 1 ];

     

       291
       291
       +
                 networking = {

     

       292
       292
       +
                   useNetworkd = networkd;

     

       293
       293
       +
                   firewall.enable = false;

     

       294
       294
       +
                   useDHCP = false;

     

       295
       295
       +
                   sits.sit = {

     

       296
       296
       +
                     inherit remote;

     

       297
       297
       +
                     local = address4;

     

       298
       298
       +
                     dev = "eth1";

     

       299
       299
       +
                   };

     

       300
       300
       +
                   interfaces.eth1.ip4 = mkOverride 0

     

       301
       301
       +
                     [ { address = address4; prefixLength = 24; } ];

     

       302
       302
       +
                   interfaces.sit.ip6 = mkOverride 0

     

       303
       303
       +
                     [ { address = address6; prefixLength = 64; } ];

     

       304
       304
       +
                 };

     

       305
       305
       +
               };

     

       306
       306
       +
             in {

     

       307
       307
       +
               name = "Sit";

     

       308
       308
       +
               nodes.client1 = node { address4 = "192.168.1.1"; remote = "192.168.1.2"; address6 = "fc00::1"; };

     

       309
       309
       +
               nodes.client2 = node { address4 = "192.168.1.2"; remote = "192.168.1.1"; address6 = "fc00::2"; };

     

       310
       310
       +
               testScript = { nodes, ... }:

     

       311
       311
       +
                 ''

     

       312
       312
       +
                   startAll;

     

       313
       313
       +
       

     

       314
       314
       +
                   $client1->waitForUnit("network.target");

     

       315
       315
       +
                   $client2->waitForUnit("network.target");

     

       316
       316
       +
       

     

       317
       317
       +
                   $client1->succeed("ip addr >&2");

     

       318
       318
       +
                   $client2->succeed("ip addr >&2");

     

       319
       319
       +
       

     

       320
       320
       +
                   # Test ipv6

     

       321
       321
       +
                   $client1->succeed("ping6 -c 1 fc00::1");

     

       322
       322
       +
                   $client1->succeed("ping6 -c 1 fc00::2");

     

       323
       323
       +
       

     

       324
       324
       +
                   $client2->succeed("ping6 -c 1 fc00::1");

     

       325
       325
       +
                   $client2->succeed("ping6 -c 1 fc00::2");

     

       326
       326
       +
                 '';

     

       327
       327
       +
             };

     

       328
       328
       +
             vlan = let

     

       329
       329
       +
               node = address: { config, pkgs, ... }: with pkgs.lib; {

     

       330
       330
       +
                 #virtualisation.vlans = [ 1 ];

     

       331
       331
       +
                 networking = {

     

       332
       332
       +
                   useNetworkd = networkd;

     

       333
       333
       +
                   firewall.allowPing = true;

     

       334
       334
       +
                   useDHCP = false;

     

       335
       335
       +
                   vlans.vlan = {

     

       336
       336
       +
                     id = 1;

     

       337
       337
       +
                     interface = "eth0";

     

       338
       338
       +
                   };

     

       339
       339
       +
                   interfaces.eth0.ip4 = mkOverride 0 [ ];

     

       340
       340
       +
                   interfaces.eth1.ip4 = mkOverride 0 [ ];

     

       341
       341
       +
                   interfaces.vlan.ip4 = mkOverride 0

     

       342
       342
       +
                     [ { inherit address; prefixLength = 24; } ];

     

       343
       343
       +
                 };

     

       344
       344
       +
               };

     

       345
       345
       +
             in {

     

       346
       346
       +
               name = "vlan";

     

       347
       347
       +
               nodes.client1 = node "192.168.1.1";

     

       348
       348
       +
               nodes.client2 = node "192.168.1.2";

     

       349
       349
       +
               testScript = { nodes, ... }:

     

       350
       350
       +
                 ''

     

       351
       351
       +
                   startAll;

     

       352
       352
       +
       

     

       353
       353
       +
                   $client1->waitForUnit("network.target");

     

       354
       354
       +
                   $client2->waitForUnit("network.target");

     

       355
       355
       +
       

     

       356
       356
       +
                   # Test vlan is setup

     

       357
       357
       +
                   $client1->succeed("ip addr show dev vlan >&2");

     

       358
       358
       +
                   $client2->succeed("ip addr show dev vlan >&2");

     

       359
       359
       +
                 '';

     

       360
       360
       +
             };

     

       361
       361
       +
           };

     

       362
       362
       +
           case = testCases.${test};

     

       363
       363
       +
         in case // {

     

       364
       364
       +
           name = "${case.name}-Networking-${if networkd then "Networkd" else "Scripted"}";

     

       365
       365
       +
         })