diff --git a/nixos/modules/services/networking/dhcpcd.nix b/nixos/modules/services/networking/dhcpcd.nix
index 89aa9bdb6b6..65b4319b50a 100644
--- a/nixos/modules/services/networking/dhcpcd.nix
+++ b/nixos/modules/services/networking/dhcpcd.nix
@@ -11,7 +11,7 @@ let
# Don't start dhcpcd on explicitly configured interfaces or on
# interfaces that are part of a bridge, bond or sit device.
ignoredInterfaces =
- map (i: i.name) (filter (i: i.ipAddress != null) (attrValues config.networking.interfaces))
+ map (i: i.name) (filter (i: i.ip4 != [ ]) (attrValues config.networking.interfaces))
++ mapAttrsToList (i: _: i) config.networking.sits
++ concatLists (attrValues (mapAttrs (n: v: v.interfaces) config.networking.bridges))
++ concatLists (attrValues (mapAttrs (n: v: v.interfaces) config.networking.bonds))
diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix
index 7dabe70f00c..30e2a143419 100644
--- a/nixos/modules/tasks/network-interfaces.nix
+++ b/nixos/modules/tasks/network-interfaces.nix
@@ -10,6 +10,26 @@ let
hasSits = cfg.sits != { };
hasBonds = cfg.bonds != { };
+ addrOpts = v:
+ assert v == 4 || v == 6;
+ {
+ address = mkOption {
+ type = types.str;
+ description = ''
+ IPv${toString v} address of the interface. Leave empty to configure the
+ interface using DHCP.
+ '';
+ };
+
+ prefixLength = mkOption {
+ type = types.addCheck types.int (n: n >= 0 && n <= (if v == 4 then 32 else 128));
+ description = ''
+ Subnet mask of the interface, specified as the number of
+ bits in the prefix (${if v == 4 then "24" else "64"}).
+ '';
+ };
+ };
+
interfaceOpts = { name, ... }: {
options = {
@@ -20,54 +40,64 @@ let
description = "Name of the interface.";
};
+ ip4 = mkOption {
+ default = [ ];
+ example = [
+ { address = "10.0.0.1"; prefixLength = 16; }
+ { address = "192.168.1.1"; prefixLength = 24; }
+ ];
+ type = types.listOf types.optionSet;
+ options = addrOpts 4;
+ description = ''
+ List of IPv4 addresses that will be statically assigned to the interface.
+ '';
+ };
+
+ ip6 = mkOption {
+ default = [ ];
+ example = [
+ { address = "fdfd:b3f0:482::1"; prefixLength = 48; }
+ { address = "2001:1470:fffd:2098::e006"; prefixLength = 64; }
+ ];
+ type = types.listOf types.optionSet;
+ options = addrOpts 6;
+ description = ''
+ List of IPv6 addresses that will be statically assigned to the interface.
+ '';
+ };
+
ipAddress = mkOption {
default = null;
- example = "10.0.0.1";
- type = types.nullOr (types.str);
description = ''
- IP address of the interface. Leave empty to configure the
- interface using DHCP.
+ Defunct, create an address in the ip4 list instead.
'';
};
prefixLength = mkOption {
default = null;
- example = 24;
- type = types.nullOr types.int;
description = ''
- Subnet mask of the interface, specified as the number of
- bits in the prefix (24).
+ Defunct, supply the prefix length in the ip4 list instead.
'';
};
subnetMask = mkOption {
- default = "";
- example = "255.255.255.0";
- type = types.str;
+ default = null;
description = ''
- Subnet mask of the interface, specified as a bitmask.
- This is deprecated; use
- instead.
+ Defunct, supply the prefix length in the ip4 list instead.
'';
};
ipv6Address = mkOption {
default = null;
- example = "2001:1470:fffd:2098::e006";
- type = types.nullOr types.string;
description = ''
- IPv6 address of the interface. Leave empty to configure the
- interface using NDP.
+ Defunct, create an address in the ip6 list instead.
'';
};
ipv6prefixLength = mkOption {
- default = 64;
- example = 64;
- type = types.int;
+ default = null;
description = ''
- Subnet mask of the interface, specified as the number of
- bits in the prefix (64).
+ Defunct, supply the prefix length in the ip6 list instead.
'';
};
@@ -438,6 +468,16 @@ in
config = {
+ assertions =
+ flip map interfaces (i: {
+ assertion = i.ipAddress == null && i.prefixLength == null && i.subnetMask == null;
+ message = "The networking.interfaces.${i.name}.ipAddress option is defunct. Use networking.ip4 instead.";
+ })
+ ++ flip map interfaces (i: {
+ assertion = i.ipv6Address == null && i.ipv6prefixLength == null;
+ message = "The networking.interfaces.${i.name}.ipv6Address option is defunct. Use networking.ip6 instead.";
+ });
+
boot.kernelModules = [ ]
++ optional cfg.enableIPv6 "ipv6"
++ optional hasVirtuals "tun"
@@ -535,11 +575,6 @@ in
# has appeared, and it's stopped when the interface
# disappears.
configureInterface = i: nameValuePair "${i.name}-cfg"
- (let mask =
- if i.prefixLength != null then toString i.prefixLength else
- if i.subnetMask != "" then i.subnetMask else "32";
- staticIPv6 = cfg.enableIPv6 && i.ipv6Address != null;
- in
{ description = "Configuration of ${i.name}";
wantedBy = [ "network-interfaces.target" ];
bindsTo = [ "sys-subsystem-net-devices-${i.name}.device" ];
@@ -562,36 +597,32 @@ in
echo "setting MTU to ${toString i.mtu}..."
ip link set "${i.name}" mtu "${toString i.mtu}"
''
- + optionalString (i.ipAddress != null)
+
+ # Ip Setup
+ +
''
- cur=$(ip -4 -o a show dev "${i.name}" | awk '{print $4}')
- # Only do a flush/add if it's necessary. This is
+ curIps=$(ip -o a show dev "${i.name}" | awk '{print $4}')
+ # Only do an add if it's necessary. This is
# useful when the Nix store is accessed via this
# interface (e.g. in a QEMU VM test).
- if [ "$cur" != "${i.ipAddress}/${mask}" ]; then
- echo "configuring interface..."
- ip -4 addr flush dev "${i.name}"
- ip -4 addr add "${i.ipAddress}/${mask}" dev "${i.name}"
- restart_network_setup=true
- else
- echo "skipping configuring interface"
+ ''
+ + flip concatMapStrings (i.ip4 ++ optionals cfg.enableIPv6 i.ip6) (ip:
+ let
+ address = "${ip.address}/${toString ip.prefixLength}";
+ in
+ ''
+ echo "checking ip ${address}..."
+ if ! echo "$curIps" | grep "${address}" >/dev/null 2>&1; then
+ if out=$(ip addr add "${address}" dev "${i.name}" 2>&1); then
+ echo "added ip ${address}..."
+ restart_network_setup=true
+ elif ! echo "$out" | grep "File exists" >/dev/null 2>&1; then
+ echo "failed to add ${address}"
+ exit 1
+ fi
fi
- ''
- + optionalString (staticIPv6)
- ''
- # Only do a flush/add if it's necessary. This is
- # useful when the Nix store is accessed via this
- # interface (e.g. in a QEMU VM test).
- if ! ip -6 -o a show dev "${i.name}" | grep "${i.ipv6Address}/${toString i.ipv6prefixLength}"; then
- echo "configuring interface..."
- ip -6 addr flush dev "${i.name}"
- ip -6 addr add "${i.ipv6Address}/${toString i.ipv6prefixLength}" dev "${i.name}"
- restart_network_setup=true
- else
- echo "skipping configuring interface"
- fi
- ''
- + optionalString (i.ipAddress != null || staticIPv6)
+ '')
+ + optionalString (i.ip4 != [ ] || (cfg.enableIPv6 && i.ip6 != [ ]))
''
if [ restart_network_setup = true ]; then
# Ensure that the default gateway remains set.
@@ -608,7 +639,7 @@ in
''
echo 1 > /proc/sys/net/ipv6/conf/${i.name}/proxy_ndp
'';
- });
+ };
createTunDevice = i: nameValuePair "${i.name}"
{ description = "Virtual Network Interface ${i.name}";