Merge pull request #111342 from veehaitch/systemd-networkd-options

nixos/networkd: add missing IPv6 options
This commit is contained in:
Florian Klink 2021-02-27 00:16:20 +01:00 committed by GitHub
commit aed9171b1a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 104 additions and 23 deletions

View File

@ -436,7 +436,8 @@ let
"IPv4ProxyARP"
"IPv6ProxyNDP"
"IPv6ProxyNDPAddress"
"IPv6PrefixDelegation"
"IPv6SendRA"
"DHCPv6PrefixDelegation"
"IPv6MTUBytes"
"Bridge"
"Bond"
@ -477,7 +478,8 @@ let
(assertMinimum "IPv6HopLimit" 0)
(assertValueOneOf "IPv4ProxyARP" boolValues)
(assertValueOneOf "IPv6ProxyNDP" boolValues)
(assertValueOneOf "IPv6PrefixDelegation" ["static" "dhcpv6" "yes" "false"])
(assertValueOneOf "IPv6SendRA" boolValues)
(assertValueOneOf "DHCPv6PrefixDelegation" boolValues)
(assertByteFormat "IPv6MTUBytes")
(assertValueOneOf "ActiveSlave" boolValues)
(assertValueOneOf "PrimarySlave" boolValues)
@ -643,18 +645,63 @@ let
sectionDHCPv6 = checkUnitConfig "DHCPv6" [
(assertOnlyFields [
"UseAddress"
"UseDNS"
"UseNTP"
"RouteMetric"
"RapidCommit"
"MUDURL"
"RequestOptions"
"SendVendorOption"
"ForceDHCPv6PDOtherInformation"
"PrefixDelegationHint"
"RouteMetric"
"WithoutRA"
"SendOption"
"UserClass"
"VendorClass"
])
(assertValueOneOf "UseAddress" boolValues)
(assertValueOneOf "UseDNS" boolValues)
(assertValueOneOf "UseNTP" boolValues)
(assertInt "RouteMetric")
(assertValueOneOf "RapidCommit" boolValues)
(assertValueOneOf "ForceDHCPv6PDOtherInformation" boolValues)
(assertInt "RouteMetric")
(assertValueOneOf "WithoutRA" ["solicit" "information-request"])
(assertRange "SendOption" 1 65536)
];
sectionDHCPv6PrefixDelegation = checkUnitConfig "DHCPv6PrefixDelegation" [
(assertOnlyFields [
"SubnetId"
"Announce"
"Assign"
"Token"
])
(assertValueOneOf "Announce" boolValues)
(assertValueOneOf "Assign" boolValues)
];
sectionIPv6AcceptRA = checkUnitConfig "IPv6AcceptRA" [
(assertOnlyFields [
"UseDNS"
"UseDomains"
"RouteTable"
"UseAutonomousPrefix"
"UseOnLinkPrefix"
"RouterDenyList"
"RouterAllowList"
"PrefixDenyList"
"PrefixAllowList"
"RouteDenyList"
"RouteAllowList"
"DHCPv6Client"
])
(assertValueOneOf "UseDNS" boolValues)
(assertValueOneOf "UseDomains" (boolValues ++ ["route"]))
(assertRange "RouteTable" 0 4294967295)
(assertValueOneOf "UseAutonomousPrefix" boolValues)
(assertValueOneOf "UseOnLinkPrefix" boolValues)
(assertValueOneOf "DHCPv6Client" (boolValues ++ ["always"]))
];
sectionDHCPServer = checkUnitConfig "DHCPServer" [
@ -685,7 +732,7 @@ let
(assertValueOneOf "EmitTimezone" boolValues)
];
sectionIPv6PrefixDelegation = checkUnitConfig "IPv6PrefixDelegation" [
sectionIPv6SendRA = checkUnitConfig "IPv6SendRA" [
(assertOnlyFields [
"Managed"
"OtherInformation"
@ -1090,6 +1137,30 @@ let
'';
};
dhcpV6PrefixDelegationConfig = mkOption {
default = {};
example = { SubnetId = "auto"; Announce = true; };
type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPv6PrefixDelegation;
description = ''
Each attribute in this set specifies an option in the
<literal>[DHCPv6PrefixDelegation]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.network</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
ipv6AcceptRAConfig = mkOption {
default = {};
example = { UseDNS = true; DHCPv6Client = "always"; };
type = types.addCheck (types.attrsOf unitOption) check.network.sectionIPv6AcceptRA;
description = ''
Each attribute in this set specifies an option in the
<literal>[IPv6AcceptRA]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.network</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
dhcpServerConfig = mkOption {
default = {};
example = { PoolOffset = 50; EmitDNS = false; };
@ -1102,13 +1173,20 @@ let
'';
};
# systemd.network.networks.*.ipv6PrefixDelegationConfig has been deprecated
# in 247 in favor of systemd.network.networks.*.ipv6SendRAConfig.
ipv6PrefixDelegationConfig = mkOption {
visible = false;
apply = _: throw "The option `systemd.network.networks.*.ipv6PrefixDelegationConfig` has been replaced by `systemd.network.networks.*.ipv6SendRAConfig`.";
};
ipv6SendRAConfig = mkOption {
default = {};
example = { EmitDNS = true; Managed = true; OtherInformation = true; };
type = types.addCheck (types.attrsOf unitOption) check.network.sectionIPv6PrefixDelegation;
type = types.addCheck (types.attrsOf unitOption) check.network.sectionIPv6SendRA;
description = ''
Each attribute in this set specifies an option in the
<literal>[IPv6PrefixDelegation]</literal> section of the unit. See
<literal>[IPv6SendRA]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.network</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
@ -1457,13 +1535,21 @@ let
[DHCPv6]
${attrsToSection def.dhcpV6Config}
''
+ optionalString (def.dhcpV6PrefixDelegationConfig != { }) ''
[DHCPv6PrefixDelegation]
${attrsToSection def.dhcpV6PrefixDelegationConfig}
''
+ optionalString (def.ipv6AcceptRAConfig != { }) ''
[IPv6AcceptRA]
${attrsToSection def.ipv6AcceptRAConfig}
''
+ optionalString (def.dhcpServerConfig != { }) ''
[DHCPServer]
${attrsToSection def.dhcpServerConfig}
''
+ optionalString (def.ipv6PrefixDelegationConfig != { }) ''
[IPv6PrefixDelegation]
${attrsToSection def.ipv6PrefixDelegationConfig}
+ optionalString (def.ipv6SendRAConfig != { }) ''
[IPv6SendRA]
${attrsToSection def.ipv6SendRAConfig}
''
+ flip concatMapStrings def.ipv6Prefixes (x: ''
[IPv6Prefix]
@ -1479,7 +1565,6 @@ let
in
{
options = {
systemd.network.enable = mkOption {

View File

@ -165,7 +165,7 @@ import ./make-test-python.nix ({pkgs, ...}: {
# accept the delegated prefix.
PrefixDelegationHint = "::/48";
};
ipv6PrefixDelegationConfig = {
ipv6SendRAConfig = {
# Let networkd know that we would very much like to use DHCPv6
# to obtain the "managed" information. Not sure why they can't
# just take that from the upstream RAs.
@ -179,24 +179,20 @@ import ./make-test-python.nix ({pkgs, ...}: {
name = "eth2";
networkConfig = {
Description = "Client interface";
# the client shouldn't be allowed to send us RAs, that would be weird.
# The client shouldn't be allowed to send us RAs, that would be weird.
IPv6AcceptRA = false;
# Just delegate prefixes from the DHCPv6 PD pool.
# If you also want to distribute a local ULA prefix you want to
# set this to `yes` as that includes both static prefixes as well
# as PD prefixes.
IPv6PrefixDelegation = "dhcpv6";
# Delegate prefixes from the DHCPv6 PD pool.
DHCPv6PrefixDelegation = true;
IPv6SendRA = true;
};
# finally "act as router" (according to systemd.network(5))
ipv6PrefixDelegationConfig = {
RouterLifetimeSec = 300; # required as otherwise no RA's are being emitted
# In a production environment you should consider setting these as well:
# In a production environment you should consider setting these as well:
# ipv6SendRAConfig = {
#EmitDNS = true;
#EmitDomains = true;
#DNS= = "fe80::1"; # or whatever "well known" IP your router will have on the inside.
};
# };
# This adds a "random" ULA prefix to the interface that is being
# advertised to the clients.