public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #111342 from veehaitch/systemd-networkd-options

Browse Source 
nixos/networkd: add missing IPv6 options
This commit is contained in:
Florian Klink 2021-02-27 00:16:20 +01:00 committed by GitHub
commit aed9171b1a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 104 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

107
nixos/modules/system/boot/networkd.nix
View File

@ -436,7 +436,8 @@ let
"IPv4ProxyARP" "IPv4ProxyARP"
"IPv6ProxyNDP" "IPv6ProxyNDP"
"IPv6ProxyNDPAddress" "IPv6ProxyNDPAddress"
"IPv6PrefixDelegation" "IPv6SendRA"
"DHCPv6PrefixDelegation"
"IPv6MTUBytes" "IPv6MTUBytes"
"Bridge" "Bridge"
"Bond" "Bond"
@ -477,7 +478,8 @@ let
(assertMinimum "IPv6HopLimit" 0) (assertMinimum "IPv6HopLimit" 0)
(assertValueOneOf "IPv4ProxyARP" boolValues) (assertValueOneOf "IPv4ProxyARP" boolValues)
(assertValueOneOf "IPv6ProxyNDP" boolValues) (assertValueOneOf "IPv6ProxyNDP" boolValues)
(assertValueOneOf "IPv6PrefixDelegation" ["static" "dhcpv6" "yes" "false"]) (assertValueOneOf "IPv6SendRA" boolValues)
(assertValueOneOf "DHCPv6PrefixDelegation" boolValues)
(assertByteFormat "IPv6MTUBytes") (assertByteFormat "IPv6MTUBytes")
(assertValueOneOf "ActiveSlave" boolValues) (assertValueOneOf "ActiveSlave" boolValues)
(assertValueOneOf "PrimarySlave" boolValues) (assertValueOneOf "PrimarySlave" boolValues)
@ -643,18 +645,63 @@ let
sectionDHCPv6 = checkUnitConfig "DHCPv6" [ sectionDHCPv6 = checkUnitConfig "DHCPv6" [
(assertOnlyFields [ (assertOnlyFields [
"UseAddress"
"UseDNS" "UseDNS"
"UseNTP" "UseNTP"
"RouteMetric"
"RapidCommit" "RapidCommit"
"MUDURL"
"RequestOptions"
"SendVendorOption"
"ForceDHCPv6PDOtherInformation" "ForceDHCPv6PDOtherInformation"
"PrefixDelegationHint" "PrefixDelegationHint"
"RouteMetric" "WithoutRA"
"SendOption"
"UserClass"
"VendorClass"
]) ])
(assertValueOneOf "UseAddress" boolValues)
(assertValueOneOf "UseDNS" boolValues) (assertValueOneOf "UseDNS" boolValues)
(assertValueOneOf "UseNTP" boolValues) (assertValueOneOf "UseNTP" boolValues)
(assertInt "RouteMetric")
(assertValueOneOf "RapidCommit" boolValues) (assertValueOneOf "RapidCommit" boolValues)
(assertValueOneOf "ForceDHCPv6PDOtherInformation" boolValues) (assertValueOneOf "ForceDHCPv6PDOtherInformation" boolValues)
(assertInt "RouteMetric") (assertValueOneOf "WithoutRA" ["solicit" "information-request"])
(assertRange "SendOption" 1 65536)
];
sectionDHCPv6PrefixDelegation = checkUnitConfig "DHCPv6PrefixDelegation" [
(assertOnlyFields [
"SubnetId"
"Announce"
"Assign"
"Token"
])
(assertValueOneOf "Announce" boolValues)
(assertValueOneOf "Assign" boolValues)
];
sectionIPv6AcceptRA = checkUnitConfig "IPv6AcceptRA" [
(assertOnlyFields [
"UseDNS"
"UseDomains"
"RouteTable"
"UseAutonomousPrefix"
"UseOnLinkPrefix"
"RouterDenyList"
"RouterAllowList"
"PrefixDenyList"
"PrefixAllowList"
"RouteDenyList"
"RouteAllowList"
"DHCPv6Client"
])
(assertValueOneOf "UseDNS" boolValues)
(assertValueOneOf "UseDomains" (boolValues ++ ["route"]))
(assertRange "RouteTable" 0 4294967295)
(assertValueOneOf "UseAutonomousPrefix" boolValues)
(assertValueOneOf "UseOnLinkPrefix" boolValues)
(assertValueOneOf "DHCPv6Client" (boolValues ++ ["always"]))
]; ];
sectionDHCPServer = checkUnitConfig "DHCPServer" [ sectionDHCPServer = checkUnitConfig "DHCPServer" [
@ -685,7 +732,7 @@ let
(assertValueOneOf "EmitTimezone" boolValues) (assertValueOneOf "EmitTimezone" boolValues)
]; ];
sectionIPv6PrefixDelegation = checkUnitConfig "IPv6PrefixDelegation" [ sectionIPv6SendRA = checkUnitConfig "IPv6SendRA" [
(assertOnlyFields [ (assertOnlyFields [
"Managed" "Managed"
"OtherInformation" "OtherInformation"
@ -1090,6 +1137,30 @@ let
''; '';
}; };
dhcpV6PrefixDelegationConfig = mkOption {
default = {};
example = { SubnetId = "auto"; Announce = true; };
type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPv6PrefixDelegation;
description = ''
Each attribute in this set specifies an option in the
<literal>[DHCPv6PrefixDelegation]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.network</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
ipv6AcceptRAConfig = mkOption {
default = {};
example = { UseDNS = true; DHCPv6Client = "always"; };
type = types.addCheck (types.attrsOf unitOption) check.network.sectionIPv6AcceptRA;
description = ''
Each attribute in this set specifies an option in the
<literal>[IPv6AcceptRA]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.network</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
dhcpServerConfig = mkOption { dhcpServerConfig = mkOption {
default = {}; default = {};
example = { PoolOffset = 50; EmitDNS = false; }; example = { PoolOffset = 50; EmitDNS = false; };
@ -1102,13 +1173,20 @@ let
''; '';
}; };
# systemd.network.networks.*.ipv6PrefixDelegationConfig has been deprecated
# in 247 in favor of systemd.network.networks.*.ipv6SendRAConfig.
ipv6PrefixDelegationConfig = mkOption { ipv6PrefixDelegationConfig = mkOption {
visible = false;
apply = _: throw "The option `systemd.network.networks.*.ipv6PrefixDelegationConfig` has been replaced by `systemd.network.networks.*.ipv6SendRAConfig`.";
};
ipv6SendRAConfig = mkOption {
default = {}; default = {};
example = { EmitDNS = true; Managed = true; OtherInformation = true; }; example = { EmitDNS = true; Managed = true; OtherInformation = true; };
type = types.addCheck (types.attrsOf unitOption) check.network.sectionIPv6PrefixDelegation; type = types.addCheck (types.attrsOf unitOption) check.network.sectionIPv6SendRA;
description = '' description = ''
Each attribute in this set specifies an option in the Each attribute in this set specifies an option in the
<literal>[IPv6PrefixDelegation]</literal> section of the unit. See <literal>[IPv6SendRA]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.network</refentrytitle> <citerefentry><refentrytitle>systemd.network</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details. <manvolnum>5</manvolnum></citerefentry> for details.
''; '';
@ -1457,13 +1535,21 @@ let
[DHCPv6] [DHCPv6]
${attrsToSection def.dhcpV6Config} ${attrsToSection def.dhcpV6Config}
'' ''
+ optionalString (def.dhcpV6PrefixDelegationConfig != { }) ''
[DHCPv6PrefixDelegation]
${attrsToSection def.dhcpV6PrefixDelegationConfig}
''
+ optionalString (def.ipv6AcceptRAConfig != { }) ''
[IPv6AcceptRA]
${attrsToSection def.ipv6AcceptRAConfig}
''
+ optionalString (def.dhcpServerConfig != { }) '' + optionalString (def.dhcpServerConfig != { }) ''
[DHCPServer] [DHCPServer]
${attrsToSection def.dhcpServerConfig} ${attrsToSection def.dhcpServerConfig}
'' ''
+ optionalString (def.ipv6PrefixDelegationConfig != { }) '' + optionalString (def.ipv6SendRAConfig != { }) ''
[IPv6PrefixDelegation] [IPv6SendRA]
${attrsToSection def.ipv6PrefixDelegationConfig} ${attrsToSection def.ipv6SendRAConfig}
'' ''
+ flip concatMapStrings def.ipv6Prefixes (x: '' + flip concatMapStrings def.ipv6Prefixes (x: ''
[IPv6Prefix] [IPv6Prefix]
@ -1479,7 +1565,6 @@ let
in in
{ {
options = { options = {
systemd.network.enable = mkOption { systemd.network.enable = mkOption {

18
nixos/tests/systemd-networkd-ipv6-prefix-delegation.nix
View File

@ -165,7 +165,7 @@ import ./make-test-python.nix ({pkgs, ...}: {
# accept the delegated prefix. # accept the delegated prefix.
PrefixDelegationHint = "::/48"; PrefixDelegationHint = "::/48";
}; };
ipv6PrefixDelegationConfig = { ipv6SendRAConfig = {
# Let networkd know that we would very much like to use DHCPv6 # Let networkd know that we would very much like to use DHCPv6
# to obtain the "managed" information. Not sure why they can't # to obtain the "managed" information. Not sure why they can't
# just take that from the upstream RAs. # just take that from the upstream RAs.
@ -179,24 +179,20 @@ import ./make-test-python.nix ({pkgs, ...}: {
name = "eth2"; name = "eth2";
networkConfig = { networkConfig = {
Description = "Client interface"; Description = "Client interface";
# the client shouldn't be allowed to send us RAs, that would be weird. # The client shouldn't be allowed to send us RAs, that would be weird.
IPv6AcceptRA = false; IPv6AcceptRA = false;
# Just delegate prefixes from the DHCPv6 PD pool. # Delegate prefixes from the DHCPv6 PD pool.
# If you also want to distribute a local ULA prefix you want to DHCPv6PrefixDelegation = true;
# set this to `yes` as that includes both static prefixes as well IPv6SendRA = true;
# as PD prefixes.
IPv6PrefixDelegation = "dhcpv6";
}; };
# finally "act as router" (according to systemd.network(5))
ipv6PrefixDelegationConfig = {
RouterLifetimeSec = 300; # required as otherwise no RA's are being emitted
# In a production environment you should consider setting these as well: # In a production environment you should consider setting these as well:
# ipv6SendRAConfig = {
#EmitDNS = true; #EmitDNS = true;
#EmitDomains = true; #EmitDomains = true;
#DNS= = "fe80::1"; # or whatever "well known" IP your router will have on the inside. #DNS= = "fe80::1"; # or whatever "well known" IP your router will have on the inside.
}; # };
# This adds a "random" ULA prefix to the interface that is being # This adds a "random" ULA prefix to the interface that is being
# advertised to the clients. # advertised to the clients.