2015-04-19 21:05:12 +02:00
|
|
|
{ config, lib, pkgs, ... }:
|
|
|
|
|
|
|
|
|
|
with lib;
|
|
|
|
|
with import ./systemd-unit-options.nix { inherit config lib; };
|
2015-04-20 11:31:17 +02:00
|
|
|
with import ./systemd-lib.nix { inherit config lib pkgs; };
|
2015-04-19 21:05:12 +02:00
|
|
|
|
|
|
|
|
let
|
|
|
|
|
|
|
|
|
|
cfg = config.systemd.network;
|
|
|
|
|
|
|
|
|
|
checkLink = checkUnitConfig "Link" [
|
|
|
|
|
(assertOnlyFields [
|
2019-08-15 21:57:52 -04:00
|
|
|
"Description" "Alias" "MACAddressPolicy" "MACAddress" "NamePolicy" "OriginalName"
|
2018-07-30 09:22:33 +02:00
|
|
|
"MTUBytes" "BitsPerSecond" "Duplex" "AutoNegotiation" "WakeOnLan" "Port"
|
|
|
|
|
"TCPSegmentationOffload" "TCP6SegmentationOffload" "GenericSegmentationOffload"
|
|
|
|
|
"GenericReceiveOffload" "LargeReceiveOffload" "RxChannels" "TxChannels"
|
|
|
|
|
"OtherChannels" "CombinedChannels"
|
2015-04-19 21:05:12 +02:00
|
|
|
])
|
2018-07-30 09:22:33 +02:00
|
|
|
(assertValueOneOf "MACAddressPolicy" ["persistent" "random" "none"])
|
2015-04-19 21:05:12 +02:00
|
|
|
(assertMacAddress "MACAddress")
|
|
|
|
|
(assertByteFormat "MTUBytes")
|
|
|
|
|
(assertByteFormat "BitsPerSecond")
|
|
|
|
|
(assertValueOneOf "Duplex" ["half" "full"])
|
2018-07-30 09:22:33 +02:00
|
|
|
(assertValueOneOf "AutoNegotiation" boolValues)
|
|
|
|
|
(assertValueOneOf "WakeOnLan" ["phy" "unicast" "multicast" "broadcast" "arp" "magic" "secureon" "off"])
|
|
|
|
|
(assertValueOneOf "Port" ["tp" "aui" "bnc" "mii" "fibre"])
|
|
|
|
|
(assertValueOneOf "TCPSegmentationOffload" boolValues)
|
|
|
|
|
(assertValueOneOf "TCP6SegmentationOffload" boolValues)
|
|
|
|
|
(assertValueOneOf "GenericSegmentationOffload" boolValues)
|
|
|
|
|
(assertValueOneOf "UDPSegmentationOffload" boolValues)
|
|
|
|
|
(assertValueOneOf "GenericReceiveOffload" boolValues)
|
|
|
|
|
(assertValueOneOf "LargeReceiveOffload" boolValues)
|
2018-08-28 18:31:45 -04:00
|
|
|
(assertInt "RxChannels")
|
|
|
|
|
(assertMinimum "RxChannels" 1)
|
|
|
|
|
(assertInt "TxChannels")
|
|
|
|
|
(assertMinimum "TxChannels" 1)
|
|
|
|
|
(assertInt "OtherChannels")
|
|
|
|
|
(assertMinimum "OtherChannels" 1)
|
|
|
|
|
(assertInt "CombinedChannels")
|
|
|
|
|
(assertMinimum "CombinedChannels" 1)
|
2015-04-19 21:05:12 +02:00
|
|
|
];
|
|
|
|
|
|
|
|
|
|
checkNetdev = checkUnitConfig "Netdev" [
|
|
|
|
|
(assertOnlyFields [
|
|
|
|
|
"Description" "Name" "Kind" "MTUBytes" "MACAddress"
|
|
|
|
|
])
|
|
|
|
|
(assertHasField "Name")
|
|
|
|
|
(assertHasField "Kind")
|
|
|
|
|
(assertValueOneOf "Kind" [
|
2018-07-30 09:22:33 +02:00
|
|
|
"bond" "bridge" "dummy" "gre" "gretap" "ip6gre" "ip6tnl" "ip6gretap" "ipip"
|
|
|
|
|
"ipvlan" "macvlan" "macvtap" "sit" "tap" "tun" "veth" "vlan" "vti" "vti6"
|
|
|
|
|
"vxlan" "geneve" "vrf" "vcan" "vxcan" "wireguard" "netdevsim"
|
2015-04-19 21:05:12 +02:00
|
|
|
])
|
|
|
|
|
(assertByteFormat "MTUBytes")
|
|
|
|
|
(assertMacAddress "MACAddress")
|
|
|
|
|
];
|
|
|
|
|
|
2019-06-24 17:36:08 +02:00
|
|
|
# NOTE The PrivateKey directive is missing on purpose here, please
|
|
|
|
|
# do not add it to this list. The nix store is world-readable let's
|
|
|
|
|
# refrain ourselves from providing a footgun.
|
2018-08-16 13:44:39 +02:00
|
|
|
checkWireGuard = checkUnitConfig "WireGuard" [
|
|
|
|
|
(assertOnlyFields [
|
2019-06-24 17:36:08 +02:00
|
|
|
"PrivateKeyFile" "ListenPort" "FwMark"
|
2018-08-16 13:44:39 +02:00
|
|
|
])
|
2019-06-24 17:36:08 +02:00
|
|
|
(assertRange "FwMark" 1 4294967295)
|
2018-08-16 13:44:39 +02:00
|
|
|
];
|
|
|
|
|
|
2019-06-24 17:36:08 +02:00
|
|
|
# NOTE The PresharedKey directive is missing on purpose here, please
|
|
|
|
|
# do not add it to this list. The nix store is world-readable,let's
|
|
|
|
|
# refrain ourselves from providing a footgun.
|
2018-08-16 13:44:39 +02:00
|
|
|
checkWireGuardPeer = checkUnitConfig "WireGuardPeer" [
|
|
|
|
|
(assertOnlyFields [
|
2019-06-24 17:36:08 +02:00
|
|
|
"PublicKey" "PresharedKeyFile" "AllowedIPs"
|
|
|
|
|
"Endpoint" "PersistentKeepalive"
|
2018-08-16 13:44:39 +02:00
|
|
|
])
|
2019-06-24 17:36:08 +02:00
|
|
|
(assertRange "PersistentKeepalive" 1 65535)
|
2018-08-16 13:44:39 +02:00
|
|
|
];
|
|
|
|
|
|
2015-04-19 21:05:12 +02:00
|
|
|
checkVlan = checkUnitConfig "VLAN" [
|
2018-07-30 09:22:33 +02:00
|
|
|
(assertOnlyFields ["Id" "GVRP" "MVRP" "LooseBinding" "ReorderHeader"])
|
2015-04-19 21:05:12 +02:00
|
|
|
(assertRange "Id" 0 4094)
|
2018-07-30 09:22:33 +02:00
|
|
|
(assertValueOneOf "GVRP" boolValues)
|
|
|
|
|
(assertValueOneOf "MVRP" boolValues)
|
|
|
|
|
(assertValueOneOf "LooseBinding" boolValues)
|
|
|
|
|
(assertValueOneOf "ReorderHeader" boolValues)
|
2015-04-19 21:05:12 +02:00
|
|
|
];
|
|
|
|
|
|
|
|
|
|
checkMacvlan = checkUnitConfig "MACVLAN" [
|
|
|
|
|
(assertOnlyFields ["Mode"])
|
|
|
|
|
(assertValueOneOf "Mode" ["private" "vepa" "bridge" "passthru"])
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
checkVxlan = checkUnitConfig "VXLAN" [
|
2018-07-30 09:22:33 +02:00
|
|
|
(assertOnlyFields [
|
|
|
|
|
"Id" "Remote" "Local" "TOS" "TTL" "MacLearning" "FDBAgeingSec"
|
|
|
|
|
"MaximumFDBEntries" "ReduceARPProxy" "L2MissNotification"
|
|
|
|
|
"L3MissNotification" "RouteShortCircuit" "UDPChecksum"
|
|
|
|
|
"UDP6ZeroChecksumTx" "UDP6ZeroChecksumRx" "RemoteChecksumTx"
|
|
|
|
|
"RemoteChecksumRx" "GroupPolicyExtension" "DestinationPort" "PortRange"
|
|
|
|
|
"FlowLabel"
|
|
|
|
|
])
|
2015-04-19 21:05:12 +02:00
|
|
|
(assertRange "TTL" 0 255)
|
|
|
|
|
(assertValueOneOf "MacLearning" boolValues)
|
2018-07-30 09:22:33 +02:00
|
|
|
(assertValueOneOf "ReduceARPProxy" boolValues)
|
|
|
|
|
(assertValueOneOf "L2MissNotification" boolValues)
|
|
|
|
|
(assertValueOneOf "L3MissNotification" boolValues)
|
|
|
|
|
(assertValueOneOf "RouteShortCircuit" boolValues)
|
|
|
|
|
(assertValueOneOf "UDPChecksum" boolValues)
|
|
|
|
|
(assertValueOneOf "UDP6ZeroChecksumTx" boolValues)
|
|
|
|
|
(assertValueOneOf "UDP6ZeroChecksumRx" boolValues)
|
|
|
|
|
(assertValueOneOf "RemoteChecksumTx" boolValues)
|
|
|
|
|
(assertValueOneOf "RemoteChecksumRx" boolValues)
|
|
|
|
|
(assertValueOneOf "GroupPolicyExtension" boolValues)
|
|
|
|
|
(assertRange "FlowLabel" 0 1048575)
|
2015-04-19 21:05:12 +02:00
|
|
|
];
|
|
|
|
|
|
|
|
|
|
checkTunnel = checkUnitConfig "Tunnel" [
|
2018-07-30 09:22:33 +02:00
|
|
|
(assertOnlyFields [
|
|
|
|
|
"Local" "Remote" "TOS" "TTL" "DiscoverPathMTU" "IPv6FlowLabel" "CopyDSCP"
|
|
|
|
|
"EncapsulationLimit" "Key" "InputKey" "OutputKey" "Mode" "Independent"
|
|
|
|
|
"AllowLocalRemote"
|
|
|
|
|
])
|
2015-04-19 21:05:12 +02:00
|
|
|
(assertRange "TTL" 0 255)
|
|
|
|
|
(assertValueOneOf "DiscoverPathMTU" boolValues)
|
2018-07-30 09:22:33 +02:00
|
|
|
(assertValueOneOf "CopyDSCP" boolValues)
|
|
|
|
|
(assertValueOneOf "Mode" ["ip6ip6" "ipip6" "any"])
|
|
|
|
|
(assertValueOneOf "Independent" boolValues)
|
|
|
|
|
(assertValueOneOf "AllowLocalRemote" boolValues)
|
2015-04-19 21:05:12 +02:00
|
|
|
];
|
|
|
|
|
|
|
|
|
|
checkPeer = checkUnitConfig "Peer" [
|
|
|
|
|
(assertOnlyFields ["Name" "MACAddress"])
|
|
|
|
|
(assertMacAddress "MACAddress")
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
tunTapChecks = [
|
2018-07-30 09:22:33 +02:00
|
|
|
(assertOnlyFields ["OneQueue" "MultiQueue" "PacketInfo" "VNetHeader" "User" "Group"])
|
2015-04-19 21:05:12 +02:00
|
|
|
(assertValueOneOf "OneQueue" boolValues)
|
|
|
|
|
(assertValueOneOf "MultiQueue" boolValues)
|
|
|
|
|
(assertValueOneOf "PacketInfo" boolValues)
|
2018-07-30 09:22:33 +02:00
|
|
|
(assertValueOneOf "VNetHeader" boolValues)
|
2015-04-19 21:05:12 +02:00
|
|
|
];
|
|
|
|
|
|
|
|
|
|
checkTun = checkUnitConfig "Tun" tunTapChecks;
|
|
|
|
|
|
|
|
|
|
checkTap = checkUnitConfig "Tap" tunTapChecks;
|
|
|
|
|
|
|
|
|
|
checkBond = checkUnitConfig "Bond" [
|
|
|
|
|
(assertOnlyFields [
|
|
|
|
|
"Mode" "TransmitHashPolicy" "LACPTransmitRate" "MIIMonitorSec"
|
2018-07-30 09:22:33 +02:00
|
|
|
"UpDelaySec" "DownDelaySec" "LearnPacketIntervalSec" "AdSelect"
|
|
|
|
|
"FailOverMACPolicy" "ARPValidate" "ARPIntervalSec" "ARPIPTargets"
|
|
|
|
|
"ARPAllTargets" "PrimaryReselectPolicy" "ResendIGMP" "PacketsPerSlave"
|
|
|
|
|
"GratuitousARP" "AllSlavesActive" "MinLinks"
|
2015-04-19 21:05:12 +02:00
|
|
|
])
|
|
|
|
|
(assertValueOneOf "Mode" [
|
|
|
|
|
"balance-rr" "active-backup" "balance-xor"
|
|
|
|
|
"broadcast" "802.3ad" "balance-tlb" "balance-alb"
|
|
|
|
|
])
|
|
|
|
|
(assertValueOneOf "TransmitHashPolicy" [
|
2018-07-30 09:22:33 +02:00
|
|
|
"layer2" "layer3+4" "layer2+3" "encap2+3" "encap3+4"
|
2015-04-19 21:05:12 +02:00
|
|
|
])
|
|
|
|
|
(assertValueOneOf "LACPTransmitRate" ["slow" "fast"])
|
2018-07-30 09:22:33 +02:00
|
|
|
(assertValueOneOf "AdSelect" ["stable" "bandwidth" "count"])
|
|
|
|
|
(assertValueOneOf "FailOverMACPolicy" ["none" "active" "follow"])
|
|
|
|
|
(assertValueOneOf "ARPValidate" ["none" "active" "backup" "all"])
|
|
|
|
|
(assertValueOneOf "ARPAllTargets" ["any" "all"])
|
|
|
|
|
(assertValueOneOf "PrimaryReselectPolicy" ["always" "better" "failure"])
|
|
|
|
|
(assertRange "ResendIGMP" 0 255)
|
|
|
|
|
(assertRange "PacketsPerSlave" 0 65535)
|
|
|
|
|
(assertRange "GratuitousARP" 0 255)
|
|
|
|
|
(assertValueOneOf "AllSlavesActive" boolValues)
|
2015-04-19 21:05:12 +02:00
|
|
|
];
|
|
|
|
|
|
|
|
|
|
checkNetwork = checkUnitConfig "Network" [
|
|
|
|
|
(assertOnlyFields [
|
2018-07-30 09:22:33 +02:00
|
|
|
"Description" "DHCP" "DHCPServer" "LinkLocalAddressing" "IPv4LLRoute"
|
|
|
|
|
"IPv6Token" "LLMNR" "MulticastDNS" "DNSOverTLS" "DNSSEC"
|
|
|
|
|
"DNSSECNegativeTrustAnchors" "LLDP" "EmitLLDP" "BindCarrier" "Address"
|
|
|
|
|
"Gateway" "DNS" "Domains" "NTP" "IPForward" "IPMasquerade"
|
|
|
|
|
"IPv6PrivacyExtensions" "IPv6AcceptRA" "IPv6DuplicateAddressDetection"
|
|
|
|
|
"IPv6HopLimit" "IPv4ProxyARP" "IPv6ProxyNDP" "IPv6ProxyNDPAddress"
|
|
|
|
|
"IPv6PrefixDelegation" "IPv6MTUBytes" "Bridge" "Bond" "VRF" "VLAN"
|
|
|
|
|
"IPVLAN" "MACVLAN" "VXLAN" "Tunnel" "ActiveSlave" "PrimarySlave"
|
|
|
|
|
"ConfigureWithoutCarrier"
|
2015-04-19 21:05:12 +02:00
|
|
|
])
|
2018-07-30 09:22:33 +02:00
|
|
|
# Note: For DHCP the values both, none, v4, v6 are deprecated
|
|
|
|
|
(assertValueOneOf "DHCP" ["yes" "no" "ipv4" "ipv6" "both" "none" "v4" "v6"])
|
2015-04-19 21:05:12 +02:00
|
|
|
(assertValueOneOf "DHCPServer" boolValues)
|
2018-07-30 09:22:33 +02:00
|
|
|
(assertValueOneOf "LinkLocalAddressing" ["yes" "no" "ipv4" "ipv6"])
|
|
|
|
|
(assertValueOneOf "IPv4LLRoute" boolValues)
|
|
|
|
|
(assertValueOneOf "LLMNR" ["yes" "resolve" "no"])
|
|
|
|
|
(assertValueOneOf "MulticastDNS" ["yes" "resolve" "no"])
|
|
|
|
|
(assertValueOneOf "DNSOverTLS" ["opportunistic" "no"])
|
|
|
|
|
(assertValueOneOf "DNSSEC" ["yes" "allow-downgrade" "no"])
|
|
|
|
|
(assertValueOneOf "LLDP" ["yes" "routers-only" "no"])
|
|
|
|
|
(assertValueOneOf "EmitLLDP" ["yes" "no" "nearest-bridge" "non-tpmr-bridge" "customer-bridge"])
|
2015-12-23 06:02:59 +01:00
|
|
|
(assertValueOneOf "IPForward" ["yes" "no" "ipv4" "ipv6"])
|
|
|
|
|
(assertValueOneOf "IPMasquerade" boolValues)
|
2018-02-01 12:13:17 +01:00
|
|
|
(assertValueOneOf "IPv6PrivacyExtensions" ["yes" "no" "prefer-public" "kernel"])
|
2018-07-30 09:22:33 +02:00
|
|
|
(assertValueOneOf "IPv6AcceptRA" boolValues)
|
|
|
|
|
(assertValueOneOf "IPv4ProxyARP" boolValues)
|
|
|
|
|
(assertValueOneOf "IPv6ProxyNDP" boolValues)
|
|
|
|
|
(assertValueOneOf "IPv6PrefixDelegation" boolValues)
|
|
|
|
|
(assertValueOneOf "ActiveSlave" boolValues)
|
|
|
|
|
(assertValueOneOf "PrimarySlave" boolValues)
|
|
|
|
|
(assertValueOneOf "ConfigureWithoutCarrier" boolValues)
|
2015-04-19 21:05:12 +02:00
|
|
|
];
|
|
|
|
|
|
|
|
|
|
checkAddress = checkUnitConfig "Address" [
|
2018-07-30 09:22:33 +02:00
|
|
|
(assertOnlyFields [
|
|
|
|
|
"Address" "Peer" "Broadcast" "Label" "PreferredLifetime" "Scope"
|
|
|
|
|
"HomeAddress" "DuplicateAddressDetection" "ManageTemporaryAddress"
|
|
|
|
|
"PrefixRoute" "AutoJoin"
|
|
|
|
|
])
|
2015-04-19 21:05:12 +02:00
|
|
|
(assertHasField "Address")
|
2018-07-30 09:22:33 +02:00
|
|
|
(assertValueOneOf "PreferredLifetime" ["forever" "infinity" "0" 0])
|
|
|
|
|
(assertValueOneOf "HomeAddress" boolValues)
|
|
|
|
|
(assertValueOneOf "DuplicateAddressDetection" boolValues)
|
|
|
|
|
(assertValueOneOf "ManageTemporaryAddress" boolValues)
|
|
|
|
|
(assertValueOneOf "PrefixRoute" boolValues)
|
|
|
|
|
(assertValueOneOf "AutoJoin" boolValues)
|
2015-04-19 21:05:12 +02:00
|
|
|
];
|
|
|
|
|
|
|
|
|
|
checkRoute = checkUnitConfig "Route" [
|
2018-07-30 09:22:33 +02:00
|
|
|
(assertOnlyFields [
|
2019-05-11 13:48:48 +02:00
|
|
|
"Gateway" "GatewayOnLink" "Destination" "Source" "Metric"
|
2018-07-30 09:22:33 +02:00
|
|
|
"IPv6Preference" "Scope" "PreferredSource" "Table" "Protocol" "Type"
|
|
|
|
|
"InitialCongestionWindow" "InitialAdvertisedReceiveWindow" "QuickAck"
|
|
|
|
|
"MTUBytes"
|
|
|
|
|
])
|
2015-04-19 21:05:12 +02:00
|
|
|
];
|
|
|
|
|
|
|
|
|
|
checkDhcp = checkUnitConfig "DHCP" [
|
|
|
|
|
(assertOnlyFields [
|
2018-07-30 09:22:33 +02:00
|
|
|
"UseDNS" "UseNTP" "UseMTU" "Anonymize" "SendHostname" "UseHostname"
|
|
|
|
|
"Hostname" "UseDomains" "UseRoutes" "UseTimezone" "CriticalConnection"
|
|
|
|
|
"ClientIdentifier" "VendorClassIdentifier" "UserClass" "DUIDType"
|
|
|
|
|
"DUIDRawData" "IAID" "RequestBroadcast" "RouteMetric" "RouteTable"
|
|
|
|
|
"ListenPort" "RapidCommit"
|
2015-04-19 21:05:12 +02:00
|
|
|
])
|
|
|
|
|
(assertValueOneOf "UseDNS" boolValues)
|
2018-07-30 09:22:33 +02:00
|
|
|
(assertValueOneOf "UseNTP" boolValues)
|
2015-04-19 21:05:12 +02:00
|
|
|
(assertValueOneOf "UseMTU" boolValues)
|
2018-07-30 09:22:33 +02:00
|
|
|
(assertValueOneOf "Anonymize" boolValues)
|
2015-04-19 21:05:12 +02:00
|
|
|
(assertValueOneOf "SendHostname" boolValues)
|
|
|
|
|
(assertValueOneOf "UseHostname" boolValues)
|
2018-07-30 09:22:33 +02:00
|
|
|
(assertValueOneOf "UseDomains" ["yes" "no" "route"])
|
2015-04-19 21:05:12 +02:00
|
|
|
(assertValueOneOf "UseRoutes" boolValues)
|
2018-07-30 09:22:33 +02:00
|
|
|
(assertValueOneOf "UseTimezone" boolValues)
|
|
|
|
|
(assertValueOneOf "CriticalConnection" boolValues)
|
2015-04-19 21:05:12 +02:00
|
|
|
(assertValueOneOf "RequestBroadcast" boolValues)
|
2018-08-28 18:31:45 -04:00
|
|
|
(assertInt "RouteTable")
|
|
|
|
|
(assertMinimum "RouteTable" 0)
|
2018-07-30 09:22:33 +02:00
|
|
|
(assertValueOneOf "RapidCommit" boolValues)
|
2015-04-19 21:05:12 +02:00
|
|
|
];
|
|
|
|
|
|
2015-12-23 06:04:39 +01:00
|
|
|
checkDhcpServer = checkUnitConfig "DHCPServer" [
|
|
|
|
|
(assertOnlyFields [
|
|
|
|
|
"PoolOffset" "PoolSize" "DefaultLeaseTimeSec" "MaxLeaseTimeSec"
|
2018-07-30 09:22:33 +02:00
|
|
|
"EmitDNS" "DNS" "EmitNTP" "NTP" "EmitRouter" "EmitTimezone" "Timezone"
|
2015-12-23 06:04:39 +01:00
|
|
|
])
|
|
|
|
|
(assertValueOneOf "EmitDNS" boolValues)
|
|
|
|
|
(assertValueOneOf "EmitNTP" boolValues)
|
2018-07-30 09:22:33 +02:00
|
|
|
(assertValueOneOf "EmitRouter" boolValues)
|
2015-12-23 06:04:39 +01:00
|
|
|
(assertValueOneOf "EmitTimezone" boolValues)
|
|
|
|
|
];
|
|
|
|
|
|
2017-07-27 19:49:56 +02:00
|
|
|
# .network files have a [Link] section with different options than in .netlink files
|
|
|
|
|
checkNetworkLink = checkUnitConfig "Link" [
|
|
|
|
|
(assertOnlyFields [
|
2018-09-07 01:56:46 +03:00
|
|
|
"MACAddress" "MTUBytes" "ARP" "Multicast" "Unmanaged" "RequiredForOnline"
|
2017-07-27 19:49:56 +02:00
|
|
|
])
|
|
|
|
|
(assertMacAddress "MACAddress")
|
|
|
|
|
(assertByteFormat "MTUBytes")
|
|
|
|
|
(assertValueOneOf "ARP" boolValues)
|
2018-09-07 01:56:46 +03:00
|
|
|
(assertValueOneOf "Multicast" boolValues)
|
2017-07-27 19:49:56 +02:00
|
|
|
(assertValueOneOf "Unmanaged" boolValues)
|
2018-09-07 02:01:21 +03:00
|
|
|
(assertValueOneOf "RequiredForOnline" boolValues)
|
2017-07-27 19:49:56 +02:00
|
|
|
];
|
|
|
|
|
|
|
|
|
|
|
2015-04-19 21:05:12 +02:00
|
|
|
commonNetworkOptions = {
|
|
|
|
|
|
|
|
|
|
enable = mkOption {
|
2015-04-30 06:20:54 +02:00
|
|
|
default = true;
|
2015-04-19 21:05:12 +02:00
|
|
|
type = types.bool;
|
|
|
|
|
description = ''
|
|
|
|
|
Whether to manage network configuration using <command>systemd-network</command>.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
matchConfig = mkOption {
|
|
|
|
|
default = {};
|
|
|
|
|
example = { Name = "eth0"; };
|
|
|
|
|
type = types.attrsOf unitOption;
|
|
|
|
|
description = ''
|
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
|
<literal>[Match]</literal> section of the unit. See
|
|
|
|
|
<citerefentry><refentrytitle>systemd.link</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
|
|
|
|
<citerefentry><refentrytitle>systemd.netdev</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
|
|
|
|
<citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
|
|
|
|
for details.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2016-12-17 12:03:40 +01:00
|
|
|
extraConfig = mkOption {
|
|
|
|
|
default = "";
|
|
|
|
|
type = types.lines;
|
|
|
|
|
description = "Extra configuration append to unit";
|
|
|
|
|
};
|
2015-04-19 21:05:12 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
linkOptions = commonNetworkOptions // {
|
|
|
|
|
|
|
|
|
|
linkConfig = mkOption {
|
|
|
|
|
default = {};
|
|
|
|
|
example = { MACAddress = "00:ff:ee:aa:cc:dd"; };
|
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) checkLink;
|
|
|
|
|
description = ''
|
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
|
<literal>[Link]</literal> section of the unit. See
|
|
|
|
|
<citerefentry><refentrytitle>systemd.link</refentrytitle>
|
|
|
|
|
<manvolnum>5</manvolnum></citerefentry> for details.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
netdevOptions = commonNetworkOptions // {
|
|
|
|
|
|
|
|
|
|
netdevConfig = mkOption {
|
|
|
|
|
default = {};
|
|
|
|
|
example = { Name = "mybridge"; Kind = "bridge"; };
|
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) checkNetdev;
|
|
|
|
|
description = ''
|
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
|
<literal>[Netdev]</literal> section of the unit. See
|
|
|
|
|
<citerefentry><refentrytitle>systemd.netdev</refentrytitle>
|
|
|
|
|
<manvolnum>5</manvolnum></citerefentry> for details.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2018-08-16 13:44:39 +02:00
|
|
|
wireguardConfig = mkOption {
|
|
|
|
|
default = {};
|
2019-06-24 17:36:08 +02:00
|
|
|
example = {
|
|
|
|
|
PrivateKeyFile = "/etc/wireguard/secret.key";
|
|
|
|
|
ListenPort = 51820;
|
|
|
|
|
FwMark = 42;
|
|
|
|
|
};
|
2018-08-16 13:44:39 +02:00
|
|
|
type = types.addCheck (types.attrsOf unitOption) checkWireGuard;
|
|
|
|
|
description = ''
|
|
|
|
|
Each attribute in this set specifies an option in the
|
2019-06-24 17:36:08 +02:00
|
|
|
<literal>[WireGuard]</literal> section of the unit. See
|
2018-08-16 13:44:39 +02:00
|
|
|
<citerefentry><refentrytitle>systemd.netdev</refentrytitle>
|
|
|
|
|
<manvolnum>5</manvolnum></citerefentry> for details.
|
2019-06-24 17:36:08 +02:00
|
|
|
Use <literal>PrivateKeyFile</literal> instead of
|
|
|
|
|
<literal>PrivateKey</literal>: the nix store is
|
|
|
|
|
world-readable.
|
2018-08-16 13:44:39 +02:00
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
wireguardPeers = mkOption {
|
2019-06-24 17:36:08 +02:00
|
|
|
default = [];
|
|
|
|
|
example = [ { wireguardPeerConfig={
|
|
|
|
|
Endpoint = "192.168.1.1:51820";
|
|
|
|
|
PublicKey = "27s0OvaBBdHoJYkH9osZpjpgSOVNw+RaKfboT/Sfq0g=";
|
|
|
|
|
PresharedKeyFile = "/etc/wireguard/psk.key";
|
|
|
|
|
AllowedIPs = [ "10.0.0.1/32" ];
|
|
|
|
|
PersistentKeepalive = 15;
|
|
|
|
|
};}];
|
2018-08-16 13:44:39 +02:00
|
|
|
type = with types; listOf (submodule wireguardPeerOptions);
|
|
|
|
|
description = ''
|
2019-06-24 17:36:08 +02:00
|
|
|
Each item in this array specifies an option in the
|
|
|
|
|
<literal>[WireGuardPeer]</literal> section of the unit. See
|
2018-08-16 13:44:39 +02:00
|
|
|
<citerefentry><refentrytitle>systemd.netdev</refentrytitle>
|
|
|
|
|
<manvolnum>5</manvolnum></citerefentry> for details.
|
2019-06-24 17:36:08 +02:00
|
|
|
Use <literal>PresharedKeyFile</literal> instead of
|
|
|
|
|
<literal>PresharedKey</literal>: the nix store is
|
|
|
|
|
world-readable.
|
2018-08-16 13:44:39 +02:00
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2015-04-19 21:05:12 +02:00
|
|
|
vlanConfig = mkOption {
|
|
|
|
|
default = {};
|
|
|
|
|
example = { Id = "4"; };
|
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) checkVlan;
|
|
|
|
|
description = ''
|
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
|
<literal>[VLAN]</literal> section of the unit. See
|
|
|
|
|
<citerefentry><refentrytitle>systemd.netdev</refentrytitle>
|
|
|
|
|
<manvolnum>5</manvolnum></citerefentry> for details.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
macvlanConfig = mkOption {
|
|
|
|
|
default = {};
|
|
|
|
|
example = { Mode = "private"; };
|
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) checkMacvlan;
|
|
|
|
|
description = ''
|
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
|
<literal>[MACVLAN]</literal> section of the unit. See
|
|
|
|
|
<citerefentry><refentrytitle>systemd.netdev</refentrytitle>
|
|
|
|
|
<manvolnum>5</manvolnum></citerefentry> for details.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
vxlanConfig = mkOption {
|
|
|
|
|
default = {};
|
|
|
|
|
example = { Id = "4"; };
|
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) checkVxlan;
|
|
|
|
|
description = ''
|
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
|
<literal>[VXLAN]</literal> section of the unit. See
|
|
|
|
|
<citerefentry><refentrytitle>systemd.netdev</refentrytitle>
|
|
|
|
|
<manvolnum>5</manvolnum></citerefentry> for details.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
tunnelConfig = mkOption {
|
|
|
|
|
default = {};
|
|
|
|
|
example = { Remote = "192.168.1.1"; };
|
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) checkTunnel;
|
|
|
|
|
description = ''
|
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
|
<literal>[Tunnel]</literal> section of the unit. See
|
|
|
|
|
<citerefentry><refentrytitle>systemd.netdev</refentrytitle>
|
|
|
|
|
<manvolnum>5</manvolnum></citerefentry> for details.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
peerConfig = mkOption {
|
|
|
|
|
default = {};
|
|
|
|
|
example = { Name = "veth2"; };
|
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) checkPeer;
|
|
|
|
|
description = ''
|
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
|
<literal>[Peer]</literal> section of the unit. See
|
|
|
|
|
<citerefentry><refentrytitle>systemd.netdev</refentrytitle>
|
|
|
|
|
<manvolnum>5</manvolnum></citerefentry> for details.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
tunConfig = mkOption {
|
|
|
|
|
default = {};
|
|
|
|
|
example = { User = "openvpn"; };
|
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) checkTun;
|
|
|
|
|
description = ''
|
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
|
<literal>[Tun]</literal> section of the unit. See
|
|
|
|
|
<citerefentry><refentrytitle>systemd.netdev</refentrytitle>
|
|
|
|
|
<manvolnum>5</manvolnum></citerefentry> for details.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
tapConfig = mkOption {
|
|
|
|
|
default = {};
|
|
|
|
|
example = { User = "openvpn"; };
|
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) checkTap;
|
|
|
|
|
description = ''
|
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
|
<literal>[Tap]</literal> section of the unit. See
|
|
|
|
|
<citerefentry><refentrytitle>systemd.netdev</refentrytitle>
|
|
|
|
|
<manvolnum>5</manvolnum></citerefentry> for details.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
bondConfig = mkOption {
|
|
|
|
|
default = {};
|
|
|
|
|
example = { Mode = "802.3ad"; };
|
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) checkBond;
|
|
|
|
|
description = ''
|
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
|
<literal>[Bond]</literal> section of the unit. See
|
|
|
|
|
<citerefentry><refentrytitle>systemd.netdev</refentrytitle>
|
|
|
|
|
<manvolnum>5</manvolnum></citerefentry> for details.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
addressOptions = {
|
2016-10-03 13:02:42 +09:00
|
|
|
options = {
|
|
|
|
|
addressConfig = mkOption {
|
|
|
|
|
default = {};
|
|
|
|
|
example = { Address = "192.168.0.100/24"; };
|
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) checkAddress;
|
|
|
|
|
description = ''
|
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
|
<literal>[Address]</literal> section of the unit. See
|
|
|
|
|
<citerefentry><refentrytitle>systemd.network</refentrytitle>
|
|
|
|
|
<manvolnum>5</manvolnum></citerefentry> for details.
|
|
|
|
|
'';
|
|
|
|
|
};
|
2015-04-19 21:05:12 +02:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
routeOptions = {
|
2016-10-03 13:02:42 +09:00
|
|
|
options = {
|
|
|
|
|
routeConfig = mkOption {
|
|
|
|
|
default = {};
|
|
|
|
|
example = { Gateway = "192.168.0.1"; };
|
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) checkRoute;
|
|
|
|
|
description = ''
|
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
|
<literal>[Route]</literal> section of the unit. See
|
|
|
|
|
<citerefentry><refentrytitle>systemd.network</refentrytitle>
|
|
|
|
|
<manvolnum>5</manvolnum></citerefentry> for details.
|
|
|
|
|
'';
|
|
|
|
|
};
|
2015-04-19 21:05:12 +02:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2018-08-16 13:44:39 +02:00
|
|
|
wireguardPeerOptions = {
|
|
|
|
|
options = {
|
|
|
|
|
wireguardPeerConfig = mkOption {
|
|
|
|
|
default = {};
|
|
|
|
|
example = { };
|
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) checkWireGuardPeer;
|
|
|
|
|
description = ''
|
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
|
<literal>[WireGuardPeer]</literal> section of the unit. See
|
|
|
|
|
<citerefentry><refentrytitle>systemd.network</refentrytitle>
|
|
|
|
|
<manvolnum>5</manvolnum></citerefentry> for details.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
2015-04-19 21:05:12 +02:00
|
|
|
networkOptions = commonNetworkOptions // {
|
|
|
|
|
|
|
|
|
|
networkConfig = mkOption {
|
|
|
|
|
default = {};
|
|
|
|
|
example = { Description = "My Network"; };
|
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) checkNetwork;
|
|
|
|
|
description = ''
|
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
|
<literal>[Network]</literal> section of the unit. See
|
|
|
|
|
<citerefentry><refentrytitle>systemd.network</refentrytitle>
|
|
|
|
|
<manvolnum>5</manvolnum></citerefentry> for details.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
dhcpConfig = mkOption {
|
|
|
|
|
default = {};
|
|
|
|
|
example = { UseDNS = true; UseRoutes = true; };
|
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) checkDhcp;
|
|
|
|
|
description = ''
|
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
|
<literal>[DHCP]</literal> section of the unit. See
|
|
|
|
|
<citerefentry><refentrytitle>systemd.network</refentrytitle>
|
|
|
|
|
<manvolnum>5</manvolnum></citerefentry> for details.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2015-12-23 06:04:39 +01:00
|
|
|
dhcpServerConfig = mkOption {
|
|
|
|
|
default = {};
|
|
|
|
|
example = { PoolOffset = 50; EmitDNS = false; };
|
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) checkDhcpServer;
|
|
|
|
|
description = ''
|
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
|
<literal>[DHCPServer]</literal> section of the unit. See
|
|
|
|
|
<citerefentry><refentrytitle>systemd.network</refentrytitle>
|
|
|
|
|
<manvolnum>5</manvolnum></citerefentry> for details.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2017-07-27 19:49:56 +02:00
|
|
|
linkConfig = mkOption {
|
|
|
|
|
default = {};
|
|
|
|
|
example = { Unmanaged = true; };
|
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) checkNetworkLink;
|
|
|
|
|
description = ''
|
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
|
<literal>[Link]</literal> section of the unit. See
|
|
|
|
|
<citerefentry><refentrytitle>systemd.network</refentrytitle>
|
|
|
|
|
<manvolnum>5</manvolnum></citerefentry> for details.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2015-04-19 21:05:12 +02:00
|
|
|
name = mkOption {
|
|
|
|
|
type = types.nullOr types.str;
|
|
|
|
|
default = null;
|
|
|
|
|
description = ''
|
|
|
|
|
The name of the network interface to match against.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
DHCP = mkOption {
|
|
|
|
|
type = types.nullOr types.str;
|
|
|
|
|
default = null;
|
|
|
|
|
description = ''
|
|
|
|
|
Whether to enable DHCP on the interfaces matched.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
domains = mkOption {
|
|
|
|
|
type = types.nullOr (types.listOf types.str);
|
|
|
|
|
default = null;
|
|
|
|
|
description = ''
|
|
|
|
|
A list of domains to pass to the network config.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
address = mkOption {
|
|
|
|
|
default = [ ];
|
|
|
|
|
type = types.listOf types.str;
|
|
|
|
|
description = ''
|
|
|
|
|
A list of addresses to be added to the network section of the
|
|
|
|
|
unit. See <citerefentry><refentrytitle>systemd.network</refentrytitle>
|
|
|
|
|
<manvolnum>5</manvolnum></citerefentry> for details.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
gateway = mkOption {
|
|
|
|
|
default = [ ];
|
|
|
|
|
type = types.listOf types.str;
|
|
|
|
|
description = ''
|
|
|
|
|
A list of gateways to be added to the network section of the
|
|
|
|
|
unit. See <citerefentry><refentrytitle>systemd.network</refentrytitle>
|
|
|
|
|
<manvolnum>5</manvolnum></citerefentry> for details.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
dns = mkOption {
|
|
|
|
|
default = [ ];
|
|
|
|
|
type = types.listOf types.str;
|
|
|
|
|
description = ''
|
|
|
|
|
A list of dns servers to be added to the network section of the
|
|
|
|
|
unit. See <citerefentry><refentrytitle>systemd.network</refentrytitle>
|
|
|
|
|
<manvolnum>5</manvolnum></citerefentry> for details.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
ntp = mkOption {
|
|
|
|
|
default = [ ];
|
|
|
|
|
type = types.listOf types.str;
|
|
|
|
|
description = ''
|
|
|
|
|
A list of ntp servers to be added to the network section of the
|
|
|
|
|
unit. See <citerefentry><refentrytitle>systemd.network</refentrytitle>
|
|
|
|
|
<manvolnum>5</manvolnum></citerefentry> for details.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2018-07-30 09:22:33 +02:00
|
|
|
bridge = mkOption {
|
|
|
|
|
default = [ ];
|
|
|
|
|
type = types.listOf types.str;
|
|
|
|
|
description = ''
|
|
|
|
|
A list of bridge interfaces to be added to the network section of the
|
|
|
|
|
unit. See <citerefentry><refentrytitle>systemd.network</refentrytitle>
|
|
|
|
|
<manvolnum>5</manvolnum></citerefentry> for details.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
bond = mkOption {
|
|
|
|
|
default = [ ];
|
|
|
|
|
type = types.listOf types.str;
|
|
|
|
|
description = ''
|
|
|
|
|
A list of bond interfaces to be added to the network section of the
|
|
|
|
|
unit. See <citerefentry><refentrytitle>systemd.network</refentrytitle>
|
|
|
|
|
<manvolnum>5</manvolnum></citerefentry> for details.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
vrf = mkOption {
|
|
|
|
|
default = [ ];
|
|
|
|
|
type = types.listOf types.str;
|
|
|
|
|
description = ''
|
|
|
|
|
A list of vrf interfaces to be added to the network section of the
|
|
|
|
|
unit. See <citerefentry><refentrytitle>systemd.network</refentrytitle>
|
|
|
|
|
<manvolnum>5</manvolnum></citerefentry> for details.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2015-04-19 21:05:12 +02:00
|
|
|
vlan = mkOption {
|
|
|
|
|
default = [ ];
|
|
|
|
|
type = types.listOf types.str;
|
|
|
|
|
description = ''
|
|
|
|
|
A list of vlan interfaces to be added to the network section of the
|
|
|
|
|
unit. See <citerefentry><refentrytitle>systemd.network</refentrytitle>
|
|
|
|
|
<manvolnum>5</manvolnum></citerefentry> for details.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
macvlan = mkOption {
|
|
|
|
|
default = [ ];
|
|
|
|
|
type = types.listOf types.str;
|
|
|
|
|
description = ''
|
|
|
|
|
A list of macvlan interfaces to be added to the network section of the
|
|
|
|
|
unit. See <citerefentry><refentrytitle>systemd.network</refentrytitle>
|
|
|
|
|
<manvolnum>5</manvolnum></citerefentry> for details.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
vxlan = mkOption {
|
|
|
|
|
default = [ ];
|
|
|
|
|
type = types.listOf types.str;
|
|
|
|
|
description = ''
|
|
|
|
|
A list of vxlan interfaces to be added to the network section of the
|
|
|
|
|
unit. See <citerefentry><refentrytitle>systemd.network</refentrytitle>
|
|
|
|
|
<manvolnum>5</manvolnum></citerefentry> for details.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
tunnel = mkOption {
|
|
|
|
|
default = [ ];
|
|
|
|
|
type = types.listOf types.str;
|
|
|
|
|
description = ''
|
|
|
|
|
A list of tunnel interfaces to be added to the network section of the
|
|
|
|
|
unit. See <citerefentry><refentrytitle>systemd.network</refentrytitle>
|
|
|
|
|
<manvolnum>5</manvolnum></citerefentry> for details.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
addresses = mkOption {
|
|
|
|
|
default = [ ];
|
2016-10-03 13:02:42 +09:00
|
|
|
type = with types; listOf (submodule addressOptions);
|
2015-04-19 21:05:12 +02:00
|
|
|
description = ''
|
|
|
|
|
A list of address sections to be added to the unit. See
|
|
|
|
|
<citerefentry><refentrytitle>systemd.network</refentrytitle>
|
|
|
|
|
<manvolnum>5</manvolnum></citerefentry> for details.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
routes = mkOption {
|
|
|
|
|
default = [ ];
|
2016-10-03 13:02:42 +09:00
|
|
|
type = with types; listOf (submodule routeOptions);
|
2015-04-19 21:05:12 +02:00
|
|
|
description = ''
|
|
|
|
|
A list of route sections to be added to the unit. See
|
|
|
|
|
<citerefentry><refentrytitle>systemd.network</refentrytitle>
|
|
|
|
|
<manvolnum>5</manvolnum></citerefentry> for details.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
};
|
|
|
|
|
|
2018-07-20 20:56:59 +00:00
|
|
|
networkConfig = { config, ... }: {
|
2015-04-19 21:05:12 +02:00
|
|
|
config = {
|
|
|
|
|
matchConfig = optionalAttrs (config.name != null) {
|
|
|
|
|
Name = config.name;
|
|
|
|
|
};
|
|
|
|
|
networkConfig = optionalAttrs (config.DHCP != null) {
|
|
|
|
|
DHCP = config.DHCP;
|
|
|
|
|
} // optionalAttrs (config.domains != null) {
|
|
|
|
|
Domains = concatStringsSep " " config.domains;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2019-06-09 19:06:07 +02:00
|
|
|
commonMatchText = def: optionalString (def.matchConfig != {}) ''
|
2015-04-30 06:44:25 +02:00
|
|
|
[Match]
|
|
|
|
|
${attrsToSection def.matchConfig}
|
|
|
|
|
'';
|
|
|
|
|
|
2015-04-19 21:05:12 +02:00
|
|
|
linkToUnit = name: def:
|
|
|
|
|
{ inherit (def) enable;
|
|
|
|
|
text = commonMatchText def +
|
|
|
|
|
''
|
|
|
|
|
[Link]
|
|
|
|
|
${attrsToSection def.linkConfig}
|
2016-12-17 12:03:40 +01:00
|
|
|
|
|
|
|
|
${def.extraConfig}
|
2015-04-19 21:05:12 +02:00
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
netdevToUnit = name: def:
|
|
|
|
|
{ inherit (def) enable;
|
|
|
|
|
text = commonMatchText def +
|
|
|
|
|
''
|
|
|
|
|
[NetDev]
|
|
|
|
|
${attrsToSection def.netdevConfig}
|
|
|
|
|
|
|
|
|
|
${optionalString (def.vlanConfig != { }) ''
|
|
|
|
|
[VLAN]
|
|
|
|
|
${attrsToSection def.vlanConfig}
|
|
|
|
|
|
|
|
|
|
''}
|
|
|
|
|
${optionalString (def.macvlanConfig != { }) ''
|
|
|
|
|
[MACVLAN]
|
|
|
|
|
${attrsToSection def.macvlanConfig}
|
|
|
|
|
|
|
|
|
|
''}
|
|
|
|
|
${optionalString (def.vxlanConfig != { }) ''
|
|
|
|
|
[VXLAN]
|
|
|
|
|
${attrsToSection def.vxlanConfig}
|
|
|
|
|
|
|
|
|
|
''}
|
|
|
|
|
${optionalString (def.tunnelConfig != { }) ''
|
|
|
|
|
[Tunnel]
|
|
|
|
|
${attrsToSection def.tunnelConfig}
|
|
|
|
|
|
|
|
|
|
''}
|
|
|
|
|
${optionalString (def.peerConfig != { }) ''
|
|
|
|
|
[Peer]
|
|
|
|
|
${attrsToSection def.peerConfig}
|
|
|
|
|
|
|
|
|
|
''}
|
|
|
|
|
${optionalString (def.tunConfig != { }) ''
|
|
|
|
|
[Tun]
|
|
|
|
|
${attrsToSection def.tunConfig}
|
|
|
|
|
|
|
|
|
|
''}
|
|
|
|
|
${optionalString (def.tapConfig != { }) ''
|
|
|
|
|
[Tap]
|
|
|
|
|
${attrsToSection def.tapConfig}
|
|
|
|
|
|
|
|
|
|
''}
|
|
|
|
|
${optionalString (def.bondConfig != { }) ''
|
|
|
|
|
[Bond]
|
|
|
|
|
${attrsToSection def.bondConfig}
|
|
|
|
|
|
|
|
|
|
''}
|
2018-08-16 13:44:39 +02:00
|
|
|
${optionalString (def.wireguardConfig != { }) ''
|
|
|
|
|
[WireGuard]
|
|
|
|
|
${attrsToSection def.wireguardConfig}
|
|
|
|
|
|
|
|
|
|
''}
|
|
|
|
|
${flip concatMapStrings def.wireguardPeers (x: ''
|
|
|
|
|
[WireGuardPeer]
|
|
|
|
|
${attrsToSection x.wireguardPeerConfig}
|
|
|
|
|
|
|
|
|
|
'')}
|
2016-12-17 12:03:40 +01:00
|
|
|
${def.extraConfig}
|
2015-04-19 21:05:12 +02:00
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
networkToUnit = name: def:
|
|
|
|
|
{ inherit (def) enable;
|
|
|
|
|
text = commonMatchText def +
|
|
|
|
|
''
|
2017-07-27 19:49:56 +02:00
|
|
|
${optionalString (def.linkConfig != { }) ''
|
|
|
|
|
[Link]
|
|
|
|
|
${attrsToSection def.linkConfig}
|
|
|
|
|
|
|
|
|
|
''}
|
|
|
|
|
|
2015-04-19 21:05:12 +02:00
|
|
|
[Network]
|
|
|
|
|
${attrsToSection def.networkConfig}
|
|
|
|
|
${concatStringsSep "\n" (map (s: "Address=${s}") def.address)}
|
|
|
|
|
${concatStringsSep "\n" (map (s: "Gateway=${s}") def.gateway)}
|
|
|
|
|
${concatStringsSep "\n" (map (s: "DNS=${s}") def.dns)}
|
|
|
|
|
${concatStringsSep "\n" (map (s: "NTP=${s}") def.ntp)}
|
2018-07-30 09:22:33 +02:00
|
|
|
${concatStringsSep "\n" (map (s: "Bridge=${s}") def.bridge)}
|
|
|
|
|
${concatStringsSep "\n" (map (s: "Bond=${s}") def.bond)}
|
|
|
|
|
${concatStringsSep "\n" (map (s: "VRF=${s}") def.vrf)}
|
2015-04-19 21:05:12 +02:00
|
|
|
${concatStringsSep "\n" (map (s: "VLAN=${s}") def.vlan)}
|
|
|
|
|
${concatStringsSep "\n" (map (s: "MACVLAN=${s}") def.macvlan)}
|
|
|
|
|
${concatStringsSep "\n" (map (s: "VXLAN=${s}") def.vxlan)}
|
|
|
|
|
${concatStringsSep "\n" (map (s: "Tunnel=${s}") def.tunnel)}
|
|
|
|
|
|
|
|
|
|
${optionalString (def.dhcpConfig != { }) ''
|
|
|
|
|
[DHCP]
|
|
|
|
|
${attrsToSection def.dhcpConfig}
|
|
|
|
|
|
2015-12-23 06:04:39 +01:00
|
|
|
''}
|
|
|
|
|
${optionalString (def.dhcpServerConfig != { }) ''
|
|
|
|
|
[DHCPServer]
|
|
|
|
|
${attrsToSection def.dhcpServerConfig}
|
|
|
|
|
|
2015-04-19 21:05:12 +02:00
|
|
|
''}
|
|
|
|
|
${flip concatMapStrings def.addresses (x: ''
|
|
|
|
|
[Address]
|
|
|
|
|
${attrsToSection x.addressConfig}
|
|
|
|
|
|
|
|
|
|
'')}
|
|
|
|
|
${flip concatMapStrings def.routes (x: ''
|
|
|
|
|
[Route]
|
|
|
|
|
${attrsToSection x.routeConfig}
|
|
|
|
|
|
|
|
|
|
'')}
|
2016-12-17 12:03:40 +01:00
|
|
|
${def.extraConfig}
|
2015-04-19 21:05:12 +02:00
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2016-11-16 21:47:11 +00:00
|
|
|
unitFiles = map (name: {
|
|
|
|
|
target = "systemd/network/${name}";
|
|
|
|
|
source = "${cfg.units.${name}.unit}/${name}";
|
2018-03-04 06:29:08 +00:00
|
|
|
}) (attrNames cfg.units);
|
2015-04-19 21:05:12 +02:00
|
|
|
in
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
options = {
|
|
|
|
|
|
|
|
|
|
systemd.network.enable = mkOption {
|
|
|
|
|
default = false;
|
|
|
|
|
type = types.bool;
|
|
|
|
|
description = ''
|
|
|
|
|
Whether to enable networkd or not.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
systemd.network.links = mkOption {
|
|
|
|
|
default = {};
|
2016-10-03 13:02:42 +09:00
|
|
|
type = with types; attrsOf (submodule [ { options = linkOptions; } ]);
|
2015-04-19 21:05:12 +02:00
|
|
|
description = "Definition of systemd network links.";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
systemd.network.netdevs = mkOption {
|
|
|
|
|
default = {};
|
2016-10-03 13:02:42 +09:00
|
|
|
type = with types; attrsOf (submodule [ { options = netdevOptions; } ]);
|
2015-04-19 21:05:12 +02:00
|
|
|
description = "Definition of systemd network devices.";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
systemd.network.networks = mkOption {
|
|
|
|
|
default = {};
|
2016-10-03 13:02:42 +09:00
|
|
|
type = with types; attrsOf (submodule [ { options = networkOptions; } networkConfig ]);
|
2015-04-19 21:05:12 +02:00
|
|
|
description = "Definition of systemd networks.";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
systemd.network.units = mkOption {
|
|
|
|
|
description = "Definition of networkd units.";
|
|
|
|
|
default = {};
|
2016-09-13 12:56:05 +09:00
|
|
|
type = with types; attrsOf (submodule (
|
|
|
|
|
{ name, config, ... }:
|
2015-04-19 21:05:12 +02:00
|
|
|
{ options = concreteUnitOptions;
|
|
|
|
|
config = {
|
|
|
|
|
unit = mkDefault (makeUnit name config);
|
|
|
|
|
};
|
2016-09-13 12:56:05 +09:00
|
|
|
}));
|
2015-04-19 21:05:12 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
config = mkIf config.systemd.network.enable {
|
|
|
|
|
|
2017-01-26 01:52:38 +01:00
|
|
|
systemd.additionalUpstreamSystemUnits = [
|
2017-10-14 14:42:01 +08:00
|
|
|
"systemd-networkd.service" "systemd-networkd-wait-online.service"
|
|
|
|
|
];
|
2015-04-19 21:11:14 +02:00
|
|
|
|
2016-11-16 21:47:11 +00:00
|
|
|
systemd.network.units = mapAttrs' (n: v: nameValuePair "${n}.link" (linkToUnit n v)) cfg.links
|
2015-04-19 21:05:12 +02:00
|
|
|
// mapAttrs' (n: v: nameValuePair "${n}.netdev" (netdevToUnit n v)) cfg.netdevs
|
|
|
|
|
// mapAttrs' (n: v: nameValuePair "${n}.network" (networkToUnit n v)) cfg.networks;
|
|
|
|
|
|
2016-11-16 21:47:11 +00:00
|
|
|
environment.etc = unitFiles;
|
2015-04-20 11:31:17 +02:00
|
|
|
|
2015-04-19 21:05:12 +02:00
|
|
|
systemd.services.systemd-networkd = {
|
|
|
|
|
wantedBy = [ "multi-user.target" ];
|
2016-11-16 21:47:11 +00:00
|
|
|
restartTriggers = map (f: f.source) (unitFiles);
|
2018-04-22 20:10:15 +02:00
|
|
|
# prevent race condition with interface renaming (#39069)
|
|
|
|
|
requires = [ "systemd-udev-settle.service" ];
|
|
|
|
|
after = [ "systemd-udev-settle.service" ];
|
2015-04-19 21:05:12 +02:00
|
|
|
};
|
|
|
|
|
|
2017-10-14 14:42:01 +08:00
|
|
|
systemd.services.systemd-networkd-wait-online = {
|
2016-09-10 18:03:59 +02:00
|
|
|
wantedBy = [ "network-online.target" ];
|
2015-04-19 21:05:12 +02:00
|
|
|
};
|
|
|
|
|
|
2017-10-14 14:42:01 +08:00
|
|
|
systemd.services."systemd-network-wait-online@" = {
|
2015-04-19 21:05:12 +02:00
|
|
|
description = "Wait for Network Interface %I to be Configured";
|
|
|
|
|
conflicts = [ "shutdown.target" ];
|
|
|
|
|
requisite = [ "systemd-networkd.service" ];
|
|
|
|
|
after = [ "systemd-networkd.service" ];
|
|
|
|
|
serviceConfig = {
|
|
|
|
|
Type = "oneshot";
|
|
|
|
|
RemainAfterExit = true;
|
|
|
|
|
ExecStart = "${config.systemd.package}/lib/systemd/systemd-networkd-wait-online -i %I";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
services.resolved.enable = mkDefault true;
|
|
|
|
|
};
|
|
|
|
|
}
|
