public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #27688 from rnhmjoj/routes

Browse Source 
nixos/networking-interfaces: make static routes configurable
This commit is contained in:
Michael Raskin 2018-02-19 14:12:58 +00:00 committed by GitHub
commit 10b3f7d356
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
25 changed files with 340 additions and 192 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nixos/doc/manual/configuration/ipv4-config.xml
View File

@ -12,7 +12,7 @@ interfaces. However, you can configure an interface manually as
follows: follows:
<programlisting> <programlisting>
networking.interfaces.eth0.ip4 = [ { address = "192.168.1.2"; prefixLength = 24; } ]; networking.interfaces.eth0.ipv4.addresses = [ { address = "192.168.1.2"; prefixLength = 24; } ];
</programlisting> </programlisting>
Typically youll also want to set a default gateway and set of name Typically youll also want to set a default gateway and set of name

2
nixos/doc/manual/configuration/ipv6-config.xml
View File

@ -26,7 +26,7 @@ boot.kernel.sysctl."net.ipv6.conf.eth0.disable_ipv6" = true;
DHCPv6. You can configure an interface manually: DHCPv6. You can configure an interface manually:
<programlisting> <programlisting>
networking.interfaces.eth0.ip6 = [ { address = "fe00:aa:bb:cc::2"; prefixLength = 64; } ]; networking.interfaces.eth0.ipv6.addresses = [ { address = "fe00:aa:bb:cc::2"; prefixLength = 64; } ];
</programlisting> </programlisting>
</para> </para>

40
nixos/doc/manual/release-notes/rl-1803.xml
View File

@ -261,10 +261,42 @@ following incompatible changes:</para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
The option <option>services.xserver.desktopManager.default</option> is now <literal>none</literal> by default. In the module <option>networking.interfaces.&lt;name&gt;</option> the
An assertion failure is thrown if WM's and DM's default are <literal>none</literal>. following options have been removed:
To explicitly run a plain X session without and DM or WM, the newly introduced option <option>services.xserver.plainX</option> <itemizedlist>
must be set to true. <listitem>
<para><option>ipAddress</option></para>
</listitem>
<listitem>
<para><option>ipv6Address</option></para>
</listitem>
<listitem>
<para><option>prefixLength</option></para>
</listitem>
<listitem>
<para><option>ipv6PrefixLength</option></para>
</listitem>
<listitem>
<para><option>subnetMask</option></para>
</listitem>
</itemizedlist>
To assign static addresses to an interface the options
<option>ipv4.addresses</option> and <option>ipv6.addresses</option>
should be used instead.
The options <option>ip4</option> and <option>ip6</option> have been
renamed to <option>ipv4.addresses</option> <option>ipv6.addresses</option>
respectively.
The new options <option>ipv4.routes</option> and <option>ipv6.routes</option>
have been added to set up static routing.
</para>
</listitem>
<listitem>
<para>
The option <option>services.xserver.desktopManager.default</option> is now
<literal>none</literal> by default. An assertion failure is thrown if WM's
and DM's default are <literal>none</literal>.
To explicitly run a plain X session without and DM or WM, the newly
introduced option <option>services.xserver.plainX</option> must be set to true.
</para> </para>
</listitem> </listitem>
<listitem> <listitem>

4
nixos/lib/build-vms.nix
View File

@ -51,7 +51,7 @@ rec {
let let
interfacesNumbered = zipLists config.virtualisation.vlans (range 1 255); interfacesNumbered = zipLists config.virtualisation.vlans (range 1 255);
interfaces = flip map interfacesNumbered ({ fst, snd }: interfaces = flip map interfacesNumbered ({ fst, snd }:
nameValuePair "eth${toString snd}" { ip4 = nameValuePair "eth${toString snd}" { ipv4.addresses =
[ { address = "192.168.${toString fst}.${toString m.snd}"; [ { address = "192.168.${toString fst}.${toString m.snd}";
prefixLength = 24; prefixLength = 24;
} ]; } ];
@ -64,7 +64,7 @@ rec {
networking.interfaces = listToAttrs interfaces; networking.interfaces = listToAttrs interfaces;
networking.primaryIPAddress = networking.primaryIPAddress =
optionalString (interfaces != []) (head (head interfaces).value.ip4).address; optionalString (interfaces != []) (head (head interfaces).value.ipv4.addresses).address;
# Put the IP addresses of all VMs in this machine's # Put the IP addresses of all VMs in this machine's
# /etc/hosts file. If a machine has multiple # /etc/hosts file. If a machine has multiple

2
nixos/modules/services/networking/dhcpcd.nix
View File

@ -16,7 +16,7 @@ let
# Don't start dhcpcd on explicitly configured interfaces or on # Don't start dhcpcd on explicitly configured interfaces or on
# interfaces that are part of a bridge, bond or sit device. # interfaces that are part of a bridge, bond or sit device.
ignoredInterfaces = ignoredInterfaces =
map (i: i.name) (filter (i: if i.useDHCP != null then !i.useDHCP else i.ip4 != [ ] || i.ipAddress != null) interfaces) map (i: i.name) (filter (i: if i.useDHCP != null then !i.useDHCP else i.ipv4.addresses != [ ]) interfaces)
++ mapAttrsToList (i: _: i) config.networking.sits ++ mapAttrsToList (i: _: i) config.networking.sits
++ concatLists (attrValues (mapAttrs (n: v: v.interfaces) config.networking.bridges)) ++ concatLists (attrValues (mapAttrs (n: v: v.interfaces) config.networking.bridges))
++ concatLists (attrValues (mapAttrs (n: v: v.interfaces) config.networking.vswitches)) ++ concatLists (attrValues (mapAttrs (n: v: v.interfaces) config.networking.vswitches))

7
nixos/modules/services/security/hologram-agent.nix
View File

@ -35,10 +35,9 @@ in {
config = mkIf cfg.enable { config = mkIf cfg.enable {
boot.kernelModules = [ "dummy" ]; boot.kernelModules = [ "dummy" ];
networking.interfaces.dummy0 = { networking.interfaces.dummy0.ipv4.addresses = [
ipAddress = "169.254.169.254"; { address = "169.254.169.254"; prefixLength = 32; }
prefixLength = 32; ];
};
systemd.services.hologram-agent = { systemd.services.hologram-agent = {
description = "Provide EC2 instance credentials to machines outside of EC2"; description = "Provide EC2 instance credentials to machines outside of EC2";

79
nixos/modules/tasks/network-interfaces-scripted.nix
View File

@ -20,14 +20,8 @@ let
"sys-subsystem-net-devices-${escapeSystemdPath interface}.device"; "sys-subsystem-net-devices-${escapeSystemdPath interface}.device";
interfaceIps = i: interfaceIps = i:
i.ip4 ++ optionals cfg.enableIPv6 i.ip6 i.ipv4.addresses
++ optional (i.ipAddress != null) { ++ optionals cfg.enableIPv6 i.ipv6.addresses;
address = i.ipAddress;
prefixLength = i.prefixLength;
} ++ optional (cfg.enableIPv6 && i.ipv6Address != null) {
address = i.ipv6Address;
prefixLength = i.ipv6PrefixLength;
};
destroyBond = i: '' destroyBond = i: ''
while true; do while true; do
@ -185,33 +179,58 @@ let
path = [ pkgs.iproute ]; path = [ pkgs.iproute ];
script = script =
'' ''
# FIXME: shouldn't this be done in network-link?
echo "bringing up interface..."
ip link set "${i.name}" up
state="/run/nixos/network/addresses/${i.name}" state="/run/nixos/network/addresses/${i.name}"
mkdir -p $(dirname "$state") mkdir -p $(dirname "$state")
'' + flip concatMapStrings (ips) (ip: ${flip concatMapStrings ips (ip:
let let
address = "${ip.address}/${toString ip.prefixLength}"; cidr = "${ip.address}/${toString ip.prefixLength}";
in in
'' ''
echo "${address}" >> $state echo "${cidr}" >> $state
if out=$(ip addr add "${address}" dev "${i.name}" 2>&1); then echo -n "adding address ${cidr}... "
echo "added ip ${address}" if out=$(ip addr add "${cidr}" dev "${i.name}" 2>&1); then
elif ! echo "$out" | grep "File exists" >/dev/null 2>&1; then echo "done"
echo "failed to add ${address}" elif ! echo "$out" | grep "File exists" >/dev/null 2>&1; then
exit 1 echo "failed"
fi exit 1
''); fi
''
)}
state="/run/nixos/network/routes/${i.name}"
mkdir -p $(dirname "$state")
${flip concatMapStrings (i.ipv4.routes ++ i.ipv6.routes) (route:
let
cidr = "${route.address}/${toString route.prefixLength}";
via = optionalString (route.via != null) ''via "${route.via}"'';
options = concatStrings (mapAttrsToList (name: val: "${name} ${val} ") route.options);
in
''
echo "${cidr}" >> $state
echo -n "adding route ${cidr}... "
if out=$(ip route add "${cidr}" ${options} ${via} dev "${i.name}" 2>&1); then
echo "done"
elif ! echo "$out" | grep "File exists" >/dev/null 2>&1; then
echo "failed"
exit 1
fi
''
)}
'';
preStop = '' preStop = ''
state="/run/nixos/network/routes/${i.name}"
while read cidr; do
echo -n "deleting route $cidr... "
ip route del "$cidr" dev "${i.name}" >/dev/null 2>&1 && echo "done" || echo "failed"
done < "$state"
rm -f "$state"
state="/run/nixos/network/addresses/${i.name}" state="/run/nixos/network/addresses/${i.name}"
while read address; do while read cidr; do
echo -n "deleting $address..." echo -n "deleting address $cidr... "
ip addr del "$address" dev "${i.name}" >/dev/null 2>&1 || echo -n " Failed" ip addr del "$cidr" dev "${i.name}" >/dev/null 2>&1 && echo "done" || echo "failed"
echo ""
done < "$state" done < "$state"
rm -f "$state" rm -f "$state"
''; '';

10
nixos/modules/tasks/network-interfaces-systemd.nix
View File

@ -9,14 +9,8 @@ let
interfaces = attrValues cfg.interfaces; interfaces = attrValues cfg.interfaces;
interfaceIps = i: interfaceIps = i:
i.ip4 ++ optionals cfg.enableIPv6 i.ip6 i.ipv4.addresses
++ optional (i.ipAddress != null) { ++ optionals cfg.enableIPv6 i.ipv6.addresses;
address = i.ipAddress;
prefixLength = i.prefixLength;
} ++ optional (cfg.enableIPv6 && i.ipv6Address != null) {
address = i.ipv6Address;
prefixLength = i.ipv6PrefixLength;
};
dhcpStr = useDHCP: if useDHCP == true || useDHCP == null then "both" else "none"; dhcpStr = useDHCP: if useDHCP == true || useDHCP == null then "both" else "none";

138
nixos/modules/tasks/network-interfaces.nix
View File

@ -1,4 +1,4 @@
{ config, lib, pkgs, utils, stdenv, ... }: { config, options, lib, pkgs, utils, stdenv, ... }:
with lib; with lib;
with utils; with utils;
@ -101,7 +101,7 @@ let
address = mkOption { address = mkOption {
type = types.str; type = types.str;
description = '' description = ''
IPv${toString v} address of the interface. Leave empty to configure the IPv${toString v} address of the interface. Leave empty to configure the
interface using DHCP. interface using DHCP.
''; '';
}; };
@ -116,6 +116,40 @@ let
}; };
}; };
routeOpts = v:
{ options = {
address = mkOption {
type = types.str;
description = "IPv${toString v} address of the network.";
};
prefixLength = mkOption {
type = types.addCheck types.int (n: n >= 0 && n <= (if v == 4 then 32 else 128));
description = ''
Subnet mask of the network, specified as the number of
bits in the prefix (<literal>${if v == 4 then "24" else "64"}</literal>).
'';
};
via = mkOption {
type = types.nullOr types.str;
default = null;
description = "IPv${toString v} address of the next hop.";
};
options = mkOption {
type = types.attrsOf types.str;
default = { };
example = { mtu = "1492"; window = "524288"; };
description = ''
Other route options. See the symbol <literal>OPTION</literal>
in the <literal>ip-route(8)</literal> manual page for the details.
'';
};
};
};
gatewayCoerce = address: { inherit address; }; gatewayCoerce = address: { inherit address; };
gatewayOpts = { ... }: { gatewayOpts = { ... }: {
@ -148,7 +182,6 @@ let
interfaceOpts = { name, ... }: { interfaceOpts = { name, ... }: {
options = { options = {
name = mkOption { name = mkOption {
example = "eth0"; example = "eth0";
type = types.str; type = types.str;
@ -175,7 +208,7 @@ let
''; '';
}; };
ip4 = mkOption { ipv4.addresses = mkOption {
default = [ ]; default = [ ];
example = [ example = [
{ address = "10.0.0.1"; prefixLength = 16; } { address = "10.0.0.1"; prefixLength = 16; }
@ -187,7 +220,7 @@ let
''; '';
}; };
ip6 = mkOption { ipv6.addresses = mkOption {
default = [ ]; default = [ ];
example = [ example = [
{ address = "fdfd:b3f0:482::1"; prefixLength = 48; } { address = "fdfd:b3f0:482::1"; prefixLength = 48; }
@ -199,50 +232,27 @@ let
''; '';
}; };
ipAddress = mkOption { ipv4.routes = mkOption {
default = null; default = [];
example = "10.0.0.1"; example = [
type = types.nullOr types.str; { address = "10.0.0.0"; prefixLength = 16; }
{ address = "192.168.2.0"; prefixLength = 24; via = "192.168.1.1"; }
];
type = with types; listOf (submodule (routeOpts 4));
description = '' description = ''
IP address of the interface. Leave empty to configure the List of extra IPv4 static routes that will be assigned to the interface.
interface using DHCP.
''; '';
}; };
prefixLength = mkOption { ipv6.routes = mkOption {
default = null; default = [];
example = 24; example = [
type = types.nullOr types.int; { address = "fdfd:b3f0::"; prefixLength = 48; }
{ address = "2001:1470:fffd:2098::"; prefixLength = 64; via = "fdfd:b3f0::1"; }
];
type = with types; listOf (submodule (routeOpts 6));
description = '' description = ''
Subnet mask of the interface, specified as the number of List of extra IPv6 static routes that will be assigned to the interface.
bits in the prefix (<literal>24</literal>).
'';
};
subnetMask = mkOption {
default = null;
description = ''
Defunct, supply the prefix length instead.
'';
};
ipv6Address = mkOption {
default = null;
example = "2001:1470:fffd:2098::e006";
type = types.nullOr types.str;
description = ''
IPv6 address of the interface. Leave empty to configure the
interface using NDP.
'';
};
ipv6PrefixLength = mkOption {
default = 64;
example = 64;
type = types.int;
description = ''
Subnet mask of the interface, specified as the number of
bits in the prefix (<literal>64</literal>).
''; '';
}; };
@ -317,6 +327,32 @@ let
name = mkDefault name; name = mkDefault name;
}; };
# Renamed or removed options
imports =
let
defined = x: x != "_mkMergedOptionModule";
in [
(mkRenamedOptionModule [ "ip4" ] [ "ipv4" "addresses"])
(mkRenamedOptionModule [ "ip6" ] [ "ipv6" "addresses"])
(mkRemovedOptionModule [ "subnetMask" ] ''
Supply a prefix length instead; use option
networking.interfaces.<name>.ipv{4,6}.addresses'')
(mkMergedOptionModule
[ [ "ipAddress" ] [ "prefixLength" ] ]
[ "ipv4" "addresses" ]
(cfg: with cfg;
optional (defined ipAddress && defined prefixLength)
{ address = ipAddress; prefixLength = prefixLength; }))
(mkMergedOptionModule
[ [ "ipv6Address" ] [ "ipv6PrefixLength" ] ]
[ "ipv6" "addresses" ]
(cfg: with cfg;
optional (defined ipv6Address && defined ipv6PrefixLength)
{ address = ipv6Address; prefixLength = ipv6PrefixLength; }))
({ options.warnings = options.warnings; })
];
}; };
hexChars = stringToCharacters "0123456789abcdef"; hexChars = stringToCharacters "0123456789abcdef";
@ -453,7 +489,7 @@ in
networking.interfaces = mkOption { networking.interfaces = mkOption {
default = {}; default = {};
example = example =
{ eth0.ip4 = [ { { eth0.ipv4 = [ {
address = "131.211.84.78"; address = "131.211.84.78";
prefixLength = 25; prefixLength = 25;
} ]; } ];
@ -932,13 +968,10 @@ in
config = { config = {
warnings = concatMap (i: i.warnings) interfaces;
assertions = assertions =
(flip map interfaces (i: { (flip map interfaces (i: {
assertion = i.subnetMask == null;
message = ''
The networking.interfaces."${i.name}".subnetMask option is defunct. Use prefixLength instead.
'';
})) ++ (flip map interfaces (i: {
# With the linux kernel, interface name length is limited by IFNAMSIZ # With the linux kernel, interface name length is limited by IFNAMSIZ
# to 16 bytes, including the trailing null byte. # to 16 bytes, including the trailing null byte.
# See include/linux/if.h in the kernel sources # See include/linux/if.h in the kernel sources
@ -947,7 +980,7 @@ in
The name of networking.interfaces."${i.name}" is too long, it needs to be less than 16 characters. The name of networking.interfaces."${i.name}" is too long, it needs to be less than 16 characters.
''; '';
})) ++ (flip map slaveIfs (i: { })) ++ (flip map slaveIfs (i: {
assertion = i.ip4 == [ ] && i.ipAddress == null && i.ip6 == [ ] && i.ipv6Address == null; assertion = i.ipv4.addresses == [ ] && i.ipv6.addresses == [ ];
message = '' message = ''
The networking.interfaces."${i.name}" must not have any defined ips when it is a slave. The networking.interfaces."${i.name}" must not have any defined ips when it is a slave.
''; '';
@ -1089,6 +1122,9 @@ in
'' + optionalString (i.mtu != null) '' '' + optionalString (i.mtu != null) ''
echo "setting MTU to ${toString i.mtu}..." echo "setting MTU to ${toString i.mtu}..."
ip link set "${i.name}" mtu "${toString i.mtu}" ip link set "${i.name}" mtu "${toString i.mtu}"
'' + ''
echo -n "bringing up interface... "
ip link set "${i.name}" up && echo "done" || (echo "failed"; exit 1)
''; '';
}))); })));

2
nixos/modules/virtualisation/virtualbox-host.nix
View File

@ -124,7 +124,7 @@ in
''; '';
}; };
networking.interfaces.vboxnet0.ip4 = [ { address = "192.168.56.1"; prefixLength = 24; } ]; networking.interfaces.vboxnet0.ipv4.addresses = { address = "192.168.56.1"; prefixLength = 24; };
# Make sure NetworkManager won't assume this interface being up # Make sure NetworkManager won't assume this interface being up
# means we have internet access. # means we have internet access.
networking.networkmanager.unmanaged = ["vboxnet0"]; networking.networkmanager.unmanaged = ["vboxnet0"];

6
nixos/tests/bittorrent.nix
View File

@ -16,7 +16,7 @@ let
miniupnpdConf = nodes: pkgs.writeText "miniupnpd.conf" miniupnpdConf = nodes: pkgs.writeText "miniupnpd.conf"
'' ''
ext_ifname=eth1 ext_ifname=eth1
listening_ip=${(pkgs.lib.head nodes.router.config.networking.interfaces.eth2.ip4).address}/24 listening_ip=${(pkgs.lib.head nodes.router.config.networking.interfaces.eth2.ipv4.addresses).address}/24
allow 1024-65535 192.168.2.0/24 1024-65535 allow 1024-65535 192.168.2.0/24 1024-65535
''; '';
@ -56,7 +56,7 @@ in
{ environment.systemPackages = [ pkgs.transmission ]; { environment.systemPackages = [ pkgs.transmission ];
virtualisation.vlans = [ 2 ]; virtualisation.vlans = [ 2 ];
networking.defaultGateway = networking.defaultGateway =
(pkgs.lib.head nodes.router.config.networking.interfaces.eth2.ip4).address; (pkgs.lib.head nodes.router.config.networking.interfaces.eth2.ipv4.addresses).address;
networking.firewall.enable = false; networking.firewall.enable = false;
}; };
@ -84,7 +84,7 @@ in
# Create the torrent. # Create the torrent.
$tracker->succeed("mkdir /tmp/data"); $tracker->succeed("mkdir /tmp/data");
$tracker->succeed("cp ${file} /tmp/data/test.tar.bz2"); $tracker->succeed("cp ${file} /tmp/data/test.tar.bz2");
$tracker->succeed("transmission-create /tmp/data/test.tar.bz2 -p -t http://${(pkgs.lib.head nodes.tracker.config.networking.interfaces.eth1.ip4).address}:6969/announce -o /tmp/test.torrent"); $tracker->succeed("transmission-create /tmp/data/test.tar.bz2 -p -t http://${(pkgs.lib.head nodes.tracker.config.networking.interfaces.eth1.ipv4.addresses).address}:6969/announce -o /tmp/test.torrent");
$tracker->succeed("chmod 644 /tmp/test.torrent"); $tracker->succeed("chmod 644 /tmp/test.torrent");
# Start the tracker. !!! use a less crappy tracker # Start the tracker. !!! use a less crappy tracker

9
nixos/tests/cjdns.nix
View File

@ -12,7 +12,6 @@ let
# the sequence of address assignment less stochastic. # the sequence of address assignment less stochastic.
networking.useDHCP = false; networking.useDHCP = false;
networking.interfaces.eth1.prefixLength = 24;
# CJDNS output is incompatible with the XML log. # CJDNS output is incompatible with the XML log.
systemd.services.cjdns.serviceConfig.StandardOutput = "null"; systemd.services.cjdns.serviceConfig.StandardOutput = "null";
#networking.firewall.enable = true; #networking.firewall.enable = true;
@ -49,7 +48,9 @@ import ./make-test.nix ({ pkgs, ...} : {
{ imports = [ basicConfig ]; { imports = [ basicConfig ];
networking.interfaces.eth1.ipAddress = "192.168.0.2"; networking.interfaces.eth1.ipv4.addresses = [
{ address = "192.168.0.2"; prefixLength = 24; }
];
services.cjdns = services.cjdns =
{ UDPInterface = { UDPInterface =
@ -76,7 +77,9 @@ import ./make-test.nix ({ pkgs, ...} : {
CJDNS_ADMIN_PASSWORD=FOOBAR CJDNS_ADMIN_PASSWORD=FOOBAR
''; '';
networking.interfaces.eth1.ipAddress = "192.168.0.1"; networking.interfaces.eth1.ipv4.addresses = [
{ address = "192.168.0.1"; prefixLength = 24; }
];
services.cjdns = services.cjdns =
{ authorizedPasswords = [ carolPassword ]; { authorizedPasswords = [ carolPassword ];

4
nixos/tests/containers-bridge.nix
View File

@ -26,8 +26,8 @@ import ./make-test.nix ({ pkgs, ...} : {
}; };
networking.interfaces = { networking.interfaces = {
br0 = { br0 = {
ip4 = [{ address = hostIp; prefixLength = 24; }]; ipv4.addresses = [{ address = hostIp; prefixLength = 24; }];
ip6 = [{ address = hostIp6; prefixLength = 7; }]; ipv6.addresses = [{ address = hostIp6; prefixLength = 7; }];
}; };
}; };

6
nixos/tests/containers-extra_veth.nix
View File

@ -21,11 +21,11 @@ import ./make-test.nix ({ pkgs, ...} : {
}; };
networking.interfaces = { networking.interfaces = {
br0 = { br0 = {
ip4 = [{ address = "192.168.0.1"; prefixLength = 24; }]; ipv4.addresses = [{ address = "192.168.0.1"; prefixLength = 24; }];
ip6 = [{ address = "fc00::1"; prefixLength = 7; }]; ipv6.addresses = [{ address = "fc00::1"; prefixLength = 7; }];
}; };
br1 = { br1 = {
ip4 = [{ address = "192.168.1.1"; prefixLength = 24; }]; ipv4.addresses = [{ address = "192.168.1.1"; prefixLength = 24; }];
}; };
}; };

6
nixos/tests/containers-hosts.nix
View File

@ -13,9 +13,9 @@ import ./make-test.nix ({ pkgs, ...} : {
virtualisation.vlans = []; virtualisation.vlans = [];
networking.bridges.br0.interfaces = []; networking.bridges.br0.interfaces = [];
networking.interfaces.br0 = { networking.interfaces.br0.ipv4.addresses = [
ip4 = [ { address = "10.11.0.254"; prefixLength = 24; } ]; { address = "10.11.0.254"; prefixLength = 24; }
}; ];
# Force /etc/hosts to be the only source for host name resolution # Force /etc/hosts to be the only source for host name resolution
environment.etc."nsswitch.conf".text = lib.mkForce '' environment.etc."nsswitch.conf".text = lib.mkForce ''

8
nixos/tests/containers-macvlans.nix
View File

@ -26,9 +26,9 @@ import ./make-test.nix ({ pkgs, ...} : {
interface = "eth1"; interface = "eth1";
mode = "bridge"; mode = "bridge";
}; };
networking.interfaces.eth1.ip4 = lib.mkForce []; networking.interfaces.eth1.ipv4.addresses = lib.mkForce [];
networking.interfaces.mv-eth1-host = { networking.interfaces.mv-eth1-host = {
ip4 = [ { address = "192.168.1.1"; prefixLength = 24; } ]; ipv4.addresses = [ { address = "192.168.1.1"; prefixLength = 24; } ];
}; };
containers.test1 = { containers.test1 = {
@ -37,7 +37,7 @@ import ./make-test.nix ({ pkgs, ...} : {
config = { config = {
networking.interfaces.mv-eth1 = { networking.interfaces.mv-eth1 = {
ip4 = [ { address = containerIp1; prefixLength = 24; } ]; ipv4.addresses = [ { address = containerIp1; prefixLength = 24; } ];
}; };
}; };
}; };
@ -48,7 +48,7 @@ import ./make-test.nix ({ pkgs, ...} : {
config = { config = {
networking.interfaces.mv-eth1 = { networking.interfaces.mv-eth1 = {
ip4 = [ { address = containerIp2; prefixLength = 24; } ]; ipv4.addresses = [ { address = containerIp2; prefixLength = 24; } ];
}; };
}; };
}; };

24
nixos/tests/containers-physical_interfaces.nix
View File

@ -16,9 +16,9 @@ import ./make-test.nix ({ pkgs, ...} : {
interfaces = [ "eth1" ]; interfaces = [ "eth1" ];
config = { config = {
networking.interfaces.eth1 = { networking.interfaces.eth1.ipv4.addresses = [
ip4 = [ { address = "10.10.0.1"; prefixLength = 24; } ]; { address = "10.10.0.1"; prefixLength = 24; }
}; ];
networking.firewall.enable = false; networking.firewall.enable = false;
}; };
}; };
@ -33,9 +33,9 @@ import ./make-test.nix ({ pkgs, ...} : {
config = { config = {
networking.bridges.br0.interfaces = [ "eth1" ]; networking.bridges.br0.interfaces = [ "eth1" ];
networking.interfaces.br0 = { networking.interfaces.br0.ipv4.addresses = [
ip4 = [ { address = "10.10.0.2"; prefixLength = 24; } ]; { address = "10.10.0.2"; prefixLength = 24; }
}; ];
networking.firewall.enable = false; networking.firewall.enable = false;
}; };
}; };
@ -54,9 +54,9 @@ import ./make-test.nix ({ pkgs, ...} : {
interfaces = [ "eth1" ]; interfaces = [ "eth1" ];
mode = "active-backup"; mode = "active-backup";
}; };
networking.interfaces.bond0 = { networking.interfaces.bond0.ipv4.addresses = [
ip4 = [ { address = "10.10.0.3"; prefixLength = 24; } ]; { address = "10.10.0.3"; prefixLength = 24; }
}; ];
networking.firewall.enable = false; networking.firewall.enable = false;
}; };
}; };
@ -76,9 +76,9 @@ import ./make-test.nix ({ pkgs, ...} : {
mode = "active-backup"; mode = "active-backup";
}; };
networking.bridges.br0.interfaces = [ "bond0" ]; networking.bridges.br0.interfaces = [ "bond0" ];
networking.interfaces.br0 = { networking.interfaces.br0.ipv4.addresses = [
ip4 = [ { address = "10.10.0.4"; prefixLength = 24; } ]; { address = "10.10.0.4"; prefixLength = 24; }
}; ];
networking.firewall.enable = false; networking.firewall.enable = false;
}; };
}; };

2
nixos/tests/containers-reloadable.nix
View File

@ -11,7 +11,7 @@ let
# prevent make-test.nix to change IP # prevent make-test.nix to change IP
networking.interfaces = { networking.interfaces = {
eth1.ip4 = lib.mkOverride 0 [ ]; eth1.ipv4.addresses = lib.mkOverride 0 [ ];
}; };
}; };
in { in {

14
nixos/tests/containers-restart_networking.nix
View File

@ -11,7 +11,7 @@ let
config = { config = {
networking.firewall.enable = false; networking.firewall.enable = false;
networking.firewall.allowPing = true; networking.firewall.allowPing = true;
networking.interfaces.eth0.ip4 = [ networking.interfaces.eth0.ipv4.addresses = [
{ address = "192.168.1.122"; prefixLength = 24; } { address = "192.168.1.122"; prefixLength = 24; }
]; ];
}; };
@ -33,8 +33,8 @@ in import ./make-test.nix ({ pkgs, lib, ...} :
rstp = false; rstp = false;
}; };
networking.interfaces = { networking.interfaces = {
eth1.ip4 = lib.mkOverride 0 [ ]; eth1.ipv4.addresses = lib.mkOverride 0 [ ];
br0.ip4 = [{ address = "192.168.1.1"; prefixLength = 24; }]; br0.ipv4.addresses = [ { address = "192.168.1.1"; prefixLength = 24; } ];
}; };
}; };
@ -44,8 +44,8 @@ in import ./make-test.nix ({ pkgs, lib, ...} :
rstp = false; rstp = false;
}; };
networking.interfaces = { networking.interfaces = {
eth1.ip4 = lib.mkOverride 0 [ ]; eth1.ipv4.addresses = lib.mkOverride 0 [ ];
br0.ip4 = [{ address = "192.168.1.2"; prefixLength = 24; }]; br0.ipv4.addresses = [ { address = "192.168.1.2"; prefixLength = 24; } ];
}; };
}; };
client_eth1_rstp = { lib, pkgs, ... }: client_base // { client_eth1_rstp = { lib, pkgs, ... }: client_base // {
@ -54,8 +54,8 @@ in import ./make-test.nix ({ pkgs, lib, ...} :
rstp = true; rstp = true;
}; };
networking.interfaces = { networking.interfaces = {
eth1.ip4 = lib.mkOverride 0 [ ]; eth1.ipv4.addresses = lib.mkOverride 0 [ ];
br0.ip4 = [{ address = "192.168.1.2"; prefixLength = 24; }]; br0.ipv4.addresses = [ { address = "192.168.1.2"; prefixLength = 24; } ];
}; };
}; };
}; };

8
nixos/tests/ferm.nix
View File

@ -11,8 +11,8 @@ import ./make-test.nix ({ pkgs, ...} : {
with pkgs.lib; with pkgs.lib;
{ {
networking = { networking = {
interfaces.eth1.ip6 = mkOverride 0 [ { address = "fd00::2"; prefixLength = 64; } ]; interfaces.eth1.ipv6.addresses = mkOverride 0 [ { address = "fd00::2"; prefixLength = 64; } ];
interfaces.eth1.ip4 = mkOverride 0 [ { address = "192.168.1.2"; prefixLength = 24; } ]; interfaces.eth1.ipv4.addresses = mkOverride 0 [ { address = "192.168.1.2"; prefixLength = 24; } ];
}; };
}; };
server = server =
@ -20,8 +20,8 @@ import ./make-test.nix ({ pkgs, ...} : {
with pkgs.lib; with pkgs.lib;
{ {
networking = { networking = {
interfaces.eth1.ip6 = mkOverride 0 [ { address = "fd00::1"; prefixLength = 64; } ]; interfaces.eth1.ipv6.addresses = mkOverride 0 [ { address = "fd00::1"; prefixLength = 64; } ];
interfaces.eth1.ip4 = mkOverride 0 [ { address = "192.168.1.1"; prefixLength = 24; } ]; interfaces.eth1.ipv4.addresses = mkOverride 0 [ { address = "192.168.1.1"; prefixLength = 24; } ];
}; };
services = { services = {

4
nixos/tests/initrd-network-ssh/default.nix
View File

@ -11,9 +11,7 @@ import ../make-test.nix ({ pkgs, lib, ... }:
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
boot.kernelParams = [ boot.kernelParams = [
"ip=${ "ip=${config.networking.primaryIPAddress}:::255.255.255.0::eth1:none"
(head config.networking.interfaces.eth1.ip4).address
}:::255.255.255.0::eth1:none"
]; ];
boot.initrd.network = { boot.initrd.network = {
enable = true; enable = true;

2
nixos/tests/nat.nix
View File

@ -35,7 +35,7 @@ import ./make-test.nix ({ pkgs, lib, withFirewall, withConntrackHelpers ? false,
{ virtualisation.vlans = [ 1 ]; { virtualisation.vlans = [ 1 ];
networking.firewall.allowPing = true; networking.firewall.allowPing = true;
networking.defaultGateway = networking.defaultGateway =
(pkgs.lib.head nodes.router.config.networking.interfaces.eth2.ip4).address; (pkgs.lib.head nodes.router.config.networking.interfaces.eth2.ipv4.addresses).address;
} }
(lib.optionalAttrs withConntrackHelpers { (lib.optionalAttrs withConntrackHelpers {
networking.firewall.connectionTrackingModules = [ "ftp" ]; networking.firewall.connectionTrackingModules = [ "ftp" ];

129
nixos/tests/networking.nix
View File

@ -21,10 +21,8 @@ let
firewall.allowedUDPPorts = [ 547 ]; firewall.allowedUDPPorts = [ 547 ];
interfaces = mkOverride 0 (listToAttrs (flip map vlanIfs (n: interfaces = mkOverride 0 (listToAttrs (flip map vlanIfs (n:
nameValuePair "eth${toString n}" { nameValuePair "eth${toString n}" {
ipAddress = "192.168.${toString n}.1"; ipv4.addresses = [ { address = "192.168.${toString n}.1"; prefixLength = 24; } ];
prefixLength = 24; ipv6.addresses = [ { address = "fd00:1234:5678:${toString n}::1"; prefixLength = 64; } ];
ipv6Address = "fd00:1234:5678:${toString n}::1";
ipv6PrefixLength = 64;
}))); })));
}; };
services.dhcpd4 = { services.dhcpd4 = {
@ -90,12 +88,12 @@ let
firewall.allowPing = true; firewall.allowPing = true;
useDHCP = false; useDHCP = false;
defaultGateway = "192.168.1.1"; defaultGateway = "192.168.1.1";
interfaces.eth1.ip4 = mkOverride 0 [ interfaces.eth1.ipv4.addresses = mkOverride 0 [
{ address = "192.168.1.2"; prefixLength = 24; } { address = "192.168.1.2"; prefixLength = 24; }
{ address = "192.168.1.3"; prefixLength = 32; } { address = "192.168.1.3"; prefixLength = 32; }
{ address = "192.168.1.10"; prefixLength = 32; } { address = "192.168.1.10"; prefixLength = 32; }
]; ];
interfaces.eth2.ip4 = mkOverride 0 [ interfaces.eth2.ipv4.addresses = mkOverride 0 [
{ address = "192.168.2.2"; prefixLength = 24; } { address = "192.168.2.2"; prefixLength = 24; }
]; ];
}; };
@ -143,12 +141,12 @@ let
firewall.allowPing = true; firewall.allowPing = true;
useDHCP = true; useDHCP = true;
interfaces.eth1 = { interfaces.eth1 = {
ip4 = mkOverride 0 [ ]; ipv4.addresses = mkOverride 0 [ ];
ip6 = mkOverride 0 [ ]; ipv6.addresses = mkOverride 0 [ ];
}; };
interfaces.eth2 = { interfaces.eth2 = {
ip4 = mkOverride 0 [ ]; ipv4.addresses = mkOverride 0 [ ];
ip6 = mkOverride 0 [ ]; ipv6.addresses = mkOverride 0 [ ];
}; };
}; };
}; };
@ -198,10 +196,10 @@ let
firewall.allowPing = true; firewall.allowPing = true;
useDHCP = false; useDHCP = false;
interfaces.eth1 = { interfaces.eth1 = {
ip4 = mkOverride 0 [ ]; ipv4.addresses = mkOverride 0 [ ];
useDHCP = true; useDHCP = true;
}; };
interfaces.eth2.ip4 = mkOverride 0 [ ]; interfaces.eth2.ipv4.addresses = mkOverride 0 [ ];
}; };
}; };
testScript = { nodes, ... }: testScript = { nodes, ... }:
@ -241,9 +239,9 @@ let
interfaces = [ "eth1" "eth2" ]; interfaces = [ "eth1" "eth2" ];
driverOptions.mode = "balance-rr"; driverOptions.mode = "balance-rr";
}; };
interfaces.eth1.ip4 = mkOverride 0 [ ]; interfaces.eth1.ipv4.addresses = mkOverride 0 [ ];
interfaces.eth2.ip4 = mkOverride 0 [ ]; interfaces.eth2.ipv4.addresses = mkOverride 0 [ ];
interfaces.bond.ip4 = mkOverride 0 interfaces.bond.ipv4.addresses = mkOverride 0
[ { inherit address; prefixLength = 30; } ]; [ { inherit address; prefixLength = 30; } ];
}; };
}; };
@ -274,7 +272,7 @@ let
useNetworkd = networkd; useNetworkd = networkd;
firewall.allowPing = true; firewall.allowPing = true;
useDHCP = false; useDHCP = false;
interfaces.eth1.ip4 = mkOverride 0 interfaces.eth1.ipv4.addresses = mkOverride 0
[ { inherit address; prefixLength = 24; } ]; [ { inherit address; prefixLength = 24; } ];
}; };
}; };
@ -289,9 +287,9 @@ let
firewall.allowPing = true; firewall.allowPing = true;
useDHCP = false; useDHCP = false;
bridges.bridge.interfaces = [ "eth1" "eth2" ]; bridges.bridge.interfaces = [ "eth1" "eth2" ];
interfaces.eth1.ip4 = mkOverride 0 [ ]; interfaces.eth1.ipv4.addresses = mkOverride 0 [ ];
interfaces.eth2.ip4 = mkOverride 0 [ ]; interfaces.eth2.ipv4.addresses = mkOverride 0 [ ];
interfaces.bridge.ip4 = mkOverride 0 interfaces.bridge.ipv4.addresses = mkOverride 0
[ { address = "192.168.1.1"; prefixLength = 24; } ]; [ { address = "192.168.1.1"; prefixLength = 24; } ];
}; };
}; };
@ -328,7 +326,7 @@ let
firewall.allowPing = true; firewall.allowPing = true;
useDHCP = true; useDHCP = true;
macvlans.macvlan.interface = "eth1"; macvlans.macvlan.interface = "eth1";
interfaces.eth1.ip4 = mkOverride 0 [ ]; interfaces.eth1.ipv4.addresses = mkOverride 0 [ ];
}; };
}; };
testScript = { nodes, ... }: testScript = { nodes, ... }:
@ -369,9 +367,9 @@ let
local = address4; local = address4;
dev = "eth1"; dev = "eth1";
}; };
interfaces.eth1.ip4 = mkOverride 0 interfaces.eth1.ipv4.addresses = mkOverride 0
[ { address = address4; prefixLength = 24; } ]; [ { address = address4; prefixLength = 24; } ];
interfaces.sit.ip6 = mkOverride 0 interfaces.sit.ipv6.addresses = mkOverride 0
[ { address = address6; prefixLength = 64; } ]; [ { address = address6; prefixLength = 64; } ];
}; };
}; };
@ -410,9 +408,9 @@ let
id = 1; id = 1;
interface = "eth0"; interface = "eth0";
}; };
interfaces.eth0.ip4 = mkOverride 0 [ ]; interfaces.eth0.ipv4.addresses = mkOverride 0 [ ];
interfaces.eth1.ip4 = mkOverride 0 [ ]; interfaces.eth1.ipv4.addresses = mkOverride 0 [ ];
interfaces.vlan.ip4 = mkOverride 0 interfaces.vlan.ipv4.addresses = mkOverride 0
[ { inherit address; prefixLength = 24; } ]; [ { inherit address; prefixLength = 24; } ];
}; };
}; };
@ -437,13 +435,13 @@ let
name = "Virtual"; name = "Virtual";
machine = { machine = {
networking.interfaces."tap0" = { networking.interfaces."tap0" = {
ip4 = [ { address = "192.168.1.1"; prefixLength = 24; } ]; ipv4.addresses = [ { address = "192.168.1.1"; prefixLength = 24; } ];
ip6 = [ { address = "2001:1470:fffd:2096::"; prefixLength = 64; } ]; ipv6.addresses = [ { address = "2001:1470:fffd:2096::"; prefixLength = 64; } ];
virtual = true; virtual = true;
}; };
networking.interfaces."tun0" = { networking.interfaces."tun0" = {
ip4 = [ { address = "192.168.1.2"; prefixLength = 24; } ]; ipv4.addresses = [ { address = "192.168.1.2"; prefixLength = 24; } ];
ip6 = [ { address = "2001:1470:fffd:2097::"; prefixLength = 64; } ]; ipv6.addresses = [ { address = "2001:1470:fffd:2097::"; prefixLength = 64; } ];
virtual = true; virtual = true;
}; };
}; };
@ -483,9 +481,9 @@ let
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = true; boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = true;
networking = { networking = {
useNetworkd = networkd; useNetworkd = networkd;
interfaces.eth1 = { interfaces.eth1.ipv6.addresses = singleton {
ipv6Address = "fd00:1234:5678:1::1"; address = "fd00:1234:5678:1::1";
ipv6PrefixLength = 64; prefixLength = 64;
}; };
}; };
services.radvd = { services.radvd = {
@ -511,8 +509,8 @@ let
useDHCP = true; useDHCP = true;
interfaces.eth1 = { interfaces.eth1 = {
preferTempAddress = true; preferTempAddress = true;
ip4 = mkOverride 0 [ ]; ipv4.addresses = mkOverride 0 [ ];
ip6 = mkOverride 0 [ ]; ipv6.addresses = mkOverride 0 [ ];
}; };
}; };
}; };
@ -533,6 +531,69 @@ let
$client->waitUntilSucceeds("! ip route get fd00:1234:5678:1::1 | grep -q ':[a-f0-9]*ff:fe[a-f0-9]*:'"); $client->waitUntilSucceeds("! ip route get fd00:1234:5678:1::1 | grep -q ':[a-f0-9]*ff:fe[a-f0-9]*:'");
''; '';
}; };
routes = {
name = "routes";
machine = {
networking.useDHCP = false;
networking.interfaces."eth0" = {
ipv4.addresses = [ { address = "192.168.1.2"; prefixLength = 24; } ];
ipv6.addresses = [ { address = "2001:1470:fffd:2097::"; prefixLength = 64; } ];
ipv6.routes = [
{ address = "fdfd:b3f0::"; prefixLength = 48; }
{ address = "2001:1470:fffd:2098::"; prefixLength = 64; via = "fdfd:b3f0::1"; }
];
ipv4.routes = [
{ address = "10.0.0.0"; prefixLength = 16; options = { mtu = "1500"; }; }
{ address = "192.168.2.0"; prefixLength = 24; via = "192.168.1.1"; }
];
};
virtualisation.vlans = [ ];
};
testScript = ''
my $targetIPv4Table = <<'END';
10.0.0.0/16 scope link mtu 1500
192.168.1.0/24 proto kernel scope link src 192.168.1.2
192.168.2.0/24 via 192.168.1.1
END
my $targetIPv6Table = <<'END';
2001:1470:fffd:2097::/64 proto kernel metric 256 pref medium
2001:1470:fffd:2098::/64 via fdfd:b3f0::1 metric 1024 pref medium
fdfd:b3f0::/48 metric 1024 pref medium
END
$machine->start;
$machine->waitForUnit("network.target");
# test routing tables
my $ipv4Table = $machine->succeed("ip -4 route list dev eth0 | head -n3");
my $ipv6Table = $machine->succeed("ip -6 route list dev eth0 | head -n3");
"$ipv4Table" eq "$targetIPv4Table" or die(
"The IPv4 routing table does not match the expected one:\n",
"Result:\n", "$ipv4Table\n",
"Expected:\n", "$targetIPv4Table\n"
);
"$ipv6Table" eq "$targetIPv6Table" or die(
"The IPv6 routing table does not match the expected one:\n",
"Result:\n", "$ipv6Table\n",
"Expected:\n", "$targetIPv6Table\n"
);
# test clean-up of the tables
$machine->succeed("systemctl stop network-addresses-eth0");
my $ipv4Residue = $machine->succeed("ip -4 route list dev eth0 | head -n-3");
my $ipv6Residue = $machine->succeed("ip -6 route list dev eth0 | head -n-3");
$ipv4Residue eq "" or die(
"The IPv4 routing table has not been properly cleaned:\n",
"$ipv4Residue\n"
);
$ipv6Residue eq "" or die(
"The IPv6 routing table has not been properly cleaned:\n",
"$ipv6Residue\n"
);
'';
};
}; };
in mapAttrs (const (attrs: makeTest (attrs // { in mapAttrs (const (attrs: makeTest (attrs // {

22
nixos/tests/nsd.nix
View File

@ -15,25 +15,31 @@ in import ./make-test.nix ({ pkgs, ...} : {
clientv4 = { lib, nodes, ... }: { clientv4 = { lib, nodes, ... }: {
imports = [ common ]; imports = [ common ];
networking.nameservers = lib.mkForce [ networking.nameservers = lib.mkForce [
nodes.server.config.networking.interfaces.eth1.ipAddress (lib.head nodes.server.config.networking.interfaces.eth1.ipv4.addresses).address
];
networking.interfaces.eth1.ipv4.addresses = [
{ address = "192.168.0.2"; prefixLength = 24; }
]; ];
networking.interfaces.eth1.ipAddress = "192.168.0.2";
networking.interfaces.eth1.prefixLength = 24;
}; };
clientv6 = { lib, nodes, ... }: { clientv6 = { lib, nodes, ... }: {
imports = [ common ]; imports = [ common ];
networking.nameservers = lib.mkForce [ networking.nameservers = lib.mkForce [
nodes.server.config.networking.interfaces.eth1.ipv6Address (lib.head nodes.server.config.networking.interfaces.eth1.ipv6.addresses).address
];
networking.interfaces.eth1.ipv4.addresses = [
{ address = "dead:beef::2"; prefixLength = 24; }
]; ];
networking.interfaces.eth1.ipv6Address = "dead:beef::2";
}; };
server = { lib, ... }: { server = { lib, ... }: {
imports = [ common ]; imports = [ common ];
networking.interfaces.eth1.ipAddress = "192.168.0.1"; networking.interfaces.eth1.ipv4.addresses = [
networking.interfaces.eth1.prefixLength = 24; { address = "192.168.0.1"; prefixLength = 24; }
networking.interfaces.eth1.ipv6Address = "dead:beef::1"; ];
networking.interfaces.eth1.ipv6.addresses = [
{ address = "dead:beef::1"; prefixLength = 64; }
];
services.nsd.enable = true; services.nsd.enable = true;
services.nsd.interfaces = lib.mkForce []; services.nsd.interfaces = lib.mkForce [];
services.nsd.zones."example.com.".data = '' services.nsd.zones."example.com.".data = ''

2
nixos/tests/quagga.nix
View File

@ -8,7 +8,7 @@
import ./make-test.nix ({ pkgs, ... }: import ./make-test.nix ({ pkgs, ... }:
let let
ifAddr = node: iface: (pkgs.lib.head node.config.networking.interfaces.${iface}.ip4).address; ifAddr = node: iface: (pkgs.lib.head node.config.networking.interfaces.${iface}.ipv4.addresses).address;
ospfConf = '' ospfConf = ''
interface eth2 interface eth2