networking: add options for configuring virtual devices (tun/tap)
These are mainly useful for network tunnels (vpn/ipv6) and creating bridges for virtual machines
This commit is contained in:
Mathijs Kwik
parent
d106a8a296
commit
0dd46d1335
|
|
@ -5,6 +5,7 @@ with pkgs.lib;
|
||||||
let
|
let
|
||||||
|
|
||||||
cfg = config.networking;
|
cfg = config.networking;
|
||||||
|
hasVirtuals = any (i: i.virtual) cfg.interfaces;
|
||||||
|
|
||||||
in
|
in
|
||||||
|
|
||||||
|
|
@ -119,6 +120,26 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
virtual = mkOption {
|
||||||
|
default = false;
|
||||||
|
type = types.bool;
|
||||||
|
description = ''
|
||||||
|
Whether this interface is virtual and should be created by tunctl.
|
||||||
|
This is mainly useful for creating bridges between a host a virtual
|
||||||
|
network such as VPN or a virtual machine.
|
||||||
|
|
||||||
|
Defaults to tap device, unless interface contains "tun" in its name.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
virtualOwner = mkOption {
|
||||||
|
default = "root";
|
||||||
|
type = types.uniq types.string;
|
||||||
|
description = ''
|
||||||
|
In case of a virtual device, the user who owns it.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
@ -179,7 +200,7 @@ in
|
||||||
|
|
||||||
config = {
|
config = {
|
||||||
|
|
||||||
boot.kernelModules = optional cfg.enableIPv6 "ipv6";
|
boot.kernelModules = optional cfg.enableIPv6 "ipv6" ++ optional hasVirtuals "tun";
|
||||||
|
|
||||||
environment.systemPackages =
|
environment.systemPackages =
|
||||||
[ pkgs.host
|
[ pkgs.host
|
||||||
|
|
@ -191,6 +212,7 @@ in
|
||||||
pkgs.openresolv
|
pkgs.openresolv
|
||||||
]
|
]
|
||||||
++ optional (cfg.bridges != {}) pkgs.bridge_utils
|
++ optional (cfg.bridges != {}) pkgs.bridge_utils
|
||||||
|
++ optional hasVirtuals pkgs.tunctl
|
||||||
++ optional cfg.enableIPv6 pkgs.ndisc6;
|
++ optional cfg.enableIPv6 pkgs.ndisc6;
|
||||||
|
|
||||||
security.setuidPrograms = [ "ping" "ping6" ];
|
security.setuidPrograms = [ "ping" "ping6" ];
|
||||||
|
|
@ -206,6 +228,15 @@ in
|
||||||
''
|
''
|
||||||
set +e # continue in case of errors
|
set +e # continue in case of errors
|
||||||
|
|
||||||
|
# Create virtual network interfaces
|
||||||
|
${flip concatMapStrings cfg.interfaces (i:
|
||||||
|
optionalString i.virtual
|
||||||
|
''
|
||||||
|
echo "Creating virtual network interface ${i.name}..."
|
||||||
|
${pkgs.tunctl}/bin/tunctl -t "${i.name}" -u "${i.virtualOwner}"
|
||||||
|
'')
|
||||||
|
}
|
||||||
|
|
||||||
# Set MAC addresses of interfaces, if desired.
|
# Set MAC addresses of interfaces, if desired.
|
||||||
${flip concatMapStrings cfg.interfaces (i:
|
${flip concatMapStrings cfg.interfaces (i:
|
||||||
optionalString (i.macAddress != "")
|
optionalString (i.macAddress != "")
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue