From 098c8f4c77b1ed9ea28b5aabadde24b17df8d568 Mon Sep 17 00:00:00 2001 From: "William A. Kennington III" Date: Fri, 4 Jul 2014 14:57:19 -0500 Subject: [PATCH 1/4] nixos/network-interfaces: Add support for multiple ipv4 / ipv6 addresses --- nixos/modules/services/networking/dhcpcd.nix | 2 +- nixos/modules/tasks/network-interfaces.nix | 141 +++++++++++-------- 2 files changed, 87 insertions(+), 56 deletions(-) diff --git a/nixos/modules/services/networking/dhcpcd.nix b/nixos/modules/services/networking/dhcpcd.nix index 89aa9bdb6b6..65b4319b50a 100644 --- a/nixos/modules/services/networking/dhcpcd.nix +++ b/nixos/modules/services/networking/dhcpcd.nix @@ -11,7 +11,7 @@ let # Don't start dhcpcd on explicitly configured interfaces or on # interfaces that are part of a bridge, bond or sit device. ignoredInterfaces = - map (i: i.name) (filter (i: i.ipAddress != null) (attrValues config.networking.interfaces)) + map (i: i.name) (filter (i: i.ip4 != [ ]) (attrValues config.networking.interfaces)) ++ mapAttrsToList (i: _: i) config.networking.sits ++ concatLists (attrValues (mapAttrs (n: v: v.interfaces) config.networking.bridges)) ++ concatLists (attrValues (mapAttrs (n: v: v.interfaces) config.networking.bonds)) diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix index 7dabe70f00c..30e2a143419 100644 --- a/nixos/modules/tasks/network-interfaces.nix +++ b/nixos/modules/tasks/network-interfaces.nix @@ -10,6 +10,26 @@ let hasSits = cfg.sits != { }; hasBonds = cfg.bonds != { }; + addrOpts = v: + assert v == 4 || v == 6; + { + address = mkOption { + type = types.str; + description = '' + IPv${toString v} address of the interface. Leave empty to configure the + interface using DHCP. + ''; + }; + + prefixLength = mkOption { + type = types.addCheck types.int (n: n >= 0 && n <= (if v == 4 then 32 else 128)); + description = '' + Subnet mask of the interface, specified as the number of + bits in the prefix (${if v == 4 then "24" else "64"}). + ''; + }; + }; + interfaceOpts = { name, ... }: { options = { @@ -20,54 +40,64 @@ let description = "Name of the interface."; }; + ip4 = mkOption { + default = [ ]; + example = [ + { address = "10.0.0.1"; prefixLength = 16; } + { address = "192.168.1.1"; prefixLength = 24; } + ]; + type = types.listOf types.optionSet; + options = addrOpts 4; + description = '' + List of IPv4 addresses that will be statically assigned to the interface. + ''; + }; + + ip6 = mkOption { + default = [ ]; + example = [ + { address = "fdfd:b3f0:482::1"; prefixLength = 48; } + { address = "2001:1470:fffd:2098::e006"; prefixLength = 64; } + ]; + type = types.listOf types.optionSet; + options = addrOpts 6; + description = '' + List of IPv6 addresses that will be statically assigned to the interface. + ''; + }; + ipAddress = mkOption { default = null; - example = "10.0.0.1"; - type = types.nullOr (types.str); description = '' - IP address of the interface. Leave empty to configure the - interface using DHCP. + Defunct, create an address in the ip4 list instead. ''; }; prefixLength = mkOption { default = null; - example = 24; - type = types.nullOr types.int; description = '' - Subnet mask of the interface, specified as the number of - bits in the prefix (24). + Defunct, supply the prefix length in the ip4 list instead. ''; }; subnetMask = mkOption { - default = ""; - example = "255.255.255.0"; - type = types.str; + default = null; description = '' - Subnet mask of the interface, specified as a bitmask. - This is deprecated; use - instead. + Defunct, supply the prefix length in the ip4 list instead. ''; }; ipv6Address = mkOption { default = null; - example = "2001:1470:fffd:2098::e006"; - type = types.nullOr types.string; description = '' - IPv6 address of the interface. Leave empty to configure the - interface using NDP. + Defunct, create an address in the ip6 list instead. ''; }; ipv6prefixLength = mkOption { - default = 64; - example = 64; - type = types.int; + default = null; description = '' - Subnet mask of the interface, specified as the number of - bits in the prefix (64). + Defunct, supply the prefix length in the ip6 list instead. ''; }; @@ -438,6 +468,16 @@ in config = { + assertions = + flip map interfaces (i: { + assertion = i.ipAddress == null && i.prefixLength == null && i.subnetMask == null; + message = "The networking.interfaces.${i.name}.ipAddress option is defunct. Use networking.ip4 instead."; + }) + ++ flip map interfaces (i: { + assertion = i.ipv6Address == null && i.ipv6prefixLength == null; + message = "The networking.interfaces.${i.name}.ipv6Address option is defunct. Use networking.ip6 instead."; + }); + boot.kernelModules = [ ] ++ optional cfg.enableIPv6 "ipv6" ++ optional hasVirtuals "tun" @@ -535,11 +575,6 @@ in # has appeared, and it's stopped when the interface # disappears. configureInterface = i: nameValuePair "${i.name}-cfg" - (let mask = - if i.prefixLength != null then toString i.prefixLength else - if i.subnetMask != "" then i.subnetMask else "32"; - staticIPv6 = cfg.enableIPv6 && i.ipv6Address != null; - in { description = "Configuration of ${i.name}"; wantedBy = [ "network-interfaces.target" ]; bindsTo = [ "sys-subsystem-net-devices-${i.name}.device" ]; @@ -562,36 +597,32 @@ in echo "setting MTU to ${toString i.mtu}..." ip link set "${i.name}" mtu "${toString i.mtu}" '' - + optionalString (i.ipAddress != null) + + # Ip Setup + + '' - cur=$(ip -4 -o a show dev "${i.name}" | awk '{print $4}') - # Only do a flush/add if it's necessary. This is + curIps=$(ip -o a show dev "${i.name}" | awk '{print $4}') + # Only do an add if it's necessary. This is # useful when the Nix store is accessed via this # interface (e.g. in a QEMU VM test). - if [ "$cur" != "${i.ipAddress}/${mask}" ]; then - echo "configuring interface..." - ip -4 addr flush dev "${i.name}" - ip -4 addr add "${i.ipAddress}/${mask}" dev "${i.name}" - restart_network_setup=true - else - echo "skipping configuring interface" + '' + + flip concatMapStrings (i.ip4 ++ optionals cfg.enableIPv6 i.ip6) (ip: + let + address = "${ip.address}/${toString ip.prefixLength}"; + in + '' + echo "checking ip ${address}..." + if ! echo "$curIps" | grep "${address}" >/dev/null 2>&1; then + if out=$(ip addr add "${address}" dev "${i.name}" 2>&1); then + echo "added ip ${address}..." + restart_network_setup=true + elif ! echo "$out" | grep "File exists" >/dev/null 2>&1; then + echo "failed to add ${address}" + exit 1 + fi fi - '' - + optionalString (staticIPv6) - '' - # Only do a flush/add if it's necessary. This is - # useful when the Nix store is accessed via this - # interface (e.g. in a QEMU VM test). - if ! ip -6 -o a show dev "${i.name}" | grep "${i.ipv6Address}/${toString i.ipv6prefixLength}"; then - echo "configuring interface..." - ip -6 addr flush dev "${i.name}" - ip -6 addr add "${i.ipv6Address}/${toString i.ipv6prefixLength}" dev "${i.name}" - restart_network_setup=true - else - echo "skipping configuring interface" - fi - '' - + optionalString (i.ipAddress != null || staticIPv6) + '') + + optionalString (i.ip4 != [ ] || (cfg.enableIPv6 && i.ip6 != [ ])) '' if [ restart_network_setup = true ]; then # Ensure that the default gateway remains set. @@ -608,7 +639,7 @@ in '' echo 1 > /proc/sys/net/ipv6/conf/${i.name}/proxy_ndp ''; - }); + }; createTunDevice = i: nameValuePair "${i.name}" { description = "Virtual Network Interface ${i.name}"; From 1ff4b838758f36dc8c54995e104dd17ba08a65a4 Mon Sep 17 00:00:00 2001 From: "William A. Kennington III" Date: Sun, 13 Jul 2014 10:39:59 -0500 Subject: [PATCH 2/4] nixos/network-interfaces: Add flush upon interface going down --- nixos/modules/tasks/network-interfaces.nix | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix index 30e2a143419..e8c770d077c 100644 --- a/nixos/modules/tasks/network-interfaces.nix +++ b/nixos/modules/tasks/network-interfaces.nix @@ -639,6 +639,19 @@ in '' echo 1 > /proc/sys/net/ipv6/conf/${i.name}/proxy_ndp ''; + preStop = + '' + echo "releasing configured ip's..." + '' + + flip concatMapStrings (i.ip4 ++ optionals cfg.enableIPv6 i.ip6) (ip: + let + address = "${ip.address}/${toString ip.prefixLength}"; + in + '' + echo -n "Deleting ${address}..." + ip addr del "${address}" dev "${i.name}" >/dev/null 2>&1 || echo -n " Failed" + echo "" + ''); }; createTunDevice = i: nameValuePair "${i.name}" From 86c0f8c549c2ad728e06f8bc11d805fe760e7df8 Mon Sep 17 00:00:00 2001 From: "William A. Kennington III" Date: Wed, 16 Jul 2014 17:29:50 -0500 Subject: [PATCH 3/4] Refactor nixos files relying on the old ipAddress / prefixLength / subnetMask attributes --- nixos/doc/manual/configuration/ipv4-config.xml | 5 +---- nixos/lib/build-vms.nix | 11 ++++++----- nixos/modules/programs/virtualbox.nix | 2 +- nixos/modules/tasks/network-interfaces.nix | 8 ++++---- nixos/tests/bittorrent.nix | 6 +++--- nixos/tests/nat.nix | 2 +- 6 files changed, 16 insertions(+), 18 deletions(-) diff --git a/nixos/doc/manual/configuration/ipv4-config.xml b/nixos/doc/manual/configuration/ipv4-config.xml index e2c51518349..053501b1736 100644 --- a/nixos/doc/manual/configuration/ipv4-config.xml +++ b/nixos/doc/manual/configuration/ipv4-config.xml @@ -12,12 +12,9 @@ interfaces. However, you can configure an interface manually as follows: -networking.interfaces.eth0 = { ipAddress = "192.168.1.2"; prefixLength = 24; }; +networking.interfaces.eth0.ip4 = [ { address = "192.168.1.2"; prefixLength = 24; } ]; -(The network prefix can also be specified using the option -subnetMask, -e.g. "255.255.255.0", but this is deprecated.) Typically you’ll also want to set a default gateway and set of name servers: diff --git a/nixos/lib/build-vms.nix b/nixos/lib/build-vms.nix index 498c0a37783..ba189555409 100644 --- a/nixos/lib/build-vms.nix +++ b/nixos/lib/build-vms.nix @@ -48,10 +48,11 @@ rec { let interfacesNumbered = zipTwoLists config.virtualisation.vlans (range 1 255); interfaces = flip map interfacesNumbered ({ first, second }: - nameValuePair "eth${toString second}" - { ipAddress = "192.168.${toString first}.${toString m.second}"; - subnetMask = "255.255.255.0"; - }); + nameValuePair "eth${toString second}" { ip4 = + [ { address = "192.168.${toString first}.${toString m.second}"; + prefixLength = 24; + } ]; + } in { key = "ip-address"; config = @@ -60,7 +61,7 @@ rec { networking.interfaces = listToAttrs interfaces; networking.primaryIPAddress = - optionalString (interfaces != []) (head interfaces).value.ipAddress; + optionalString (interfaces != []) (head (head interfaces).value.ip4).address; # Put the IP addresses of all VMs in this machine's # /etc/hosts file. If a machine has multiple diff --git a/nixos/modules/programs/virtualbox.nix b/nixos/modules/programs/virtualbox.nix index e2dd76219eb..fec1a7b61f3 100644 --- a/nixos/modules/programs/virtualbox.nix +++ b/nixos/modules/programs/virtualbox.nix @@ -44,5 +44,5 @@ let virtualbox = config.boot.kernelPackages.virtualbox; in ''; }; - networking.interfaces.vboxnet0 = { ipAddress = "192.168.56.1"; prefixLength = 24; }; + networking.interfaces.vboxnet0.ip4 = [ { address = "192.168.56.1"; prefixLength = 24; } ]; } diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix index e8c770d077c..054784502eb 100644 --- a/nixos/modules/tasks/network-interfaces.nix +++ b/nixos/modules/tasks/network-interfaces.nix @@ -254,10 +254,10 @@ in networking.interfaces = mkOption { default = {}; example = - { eth0 = { - ipAddress = "131.211.84.78"; - subnetMask = "255.255.255.128"; - }; + { eth0.ip4 = [ { + address = "131.211.84.78"; + prefixLength = 25; + } ]; }; description = '' The configuration for each network interface. If diff --git a/nixos/tests/bittorrent.nix b/nixos/tests/bittorrent.nix index 002e012f65f..7eb9c215ee1 100644 --- a/nixos/tests/bittorrent.nix +++ b/nixos/tests/bittorrent.nix @@ -16,7 +16,7 @@ let miniupnpdConf = nodes: pkgs.writeText "miniupnpd.conf" '' ext_ifname=eth1 - listening_ip=${nodes.router.config.networking.interfaces.eth2.ipAddress}/24 + listening_ip=${(head nodes.router.config.networking.interfaces.eth2.ip4).address}/24 allow 1024-65535 192.168.2.0/24 1024-65535 ''; @@ -53,7 +53,7 @@ in { environment.systemPackages = [ pkgs.transmission ]; virtualisation.vlans = [ 2 ]; networking.defaultGateway = - nodes.router.config.networking.interfaces.eth2.ipAddress; + (head nodes.router.config.networking.interfaces.eth2.ip4).address; networking.firewall.enable = false; }; @@ -81,7 +81,7 @@ in # Create the torrent. $tracker->succeed("mkdir /tmp/data"); $tracker->succeed("cp ${file} /tmp/data/test.tar.bz2"); - $tracker->succeed("transmission-create /tmp/data/test.tar.bz2 -t http://${nodes.tracker.config.networking.interfaces.eth1.ipAddress}:6969/announce -o /tmp/test.torrent"); + $tracker->succeed("transmission-create /tmp/data/test.tar.bz2 -t http://${(head nodes.tracker.config.networking.interfaces.eth1.ip4).address}:6969/announce -o /tmp/test.torrent"); $tracker->succeed("chmod 644 /tmp/test.torrent"); # Start the tracker. !!! use a less crappy tracker diff --git a/nixos/tests/nat.nix b/nixos/tests/nat.nix index 5fdcc0e97ca..5a57cce6b67 100644 --- a/nixos/tests/nat.nix +++ b/nixos/tests/nat.nix @@ -13,7 +13,7 @@ import ./make-test.nix { { virtualisation.vlans = [ 1 ]; networking.firewall.allowPing = true; networking.defaultGateway = - nodes.router.config.networking.interfaces.eth2.ipAddress; + (head nodes.router.config.networking.interfaces.eth2.ip4).address; }; router = From 4d8390be608ed047ef99d96b0a3f58516bad4419 Mon Sep 17 00:00:00 2001 From: "William A. Kennington III" Date: Sat, 30 Aug 2014 08:00:10 -0700 Subject: [PATCH 4/4] nixos/network-interfaces: Support the old ip configuration convention --- nixos/modules/services/networking/dhcpcd.nix | 2 +- nixos/modules/tasks/network-interfaces.nix | 51 ++++++++++++++------ 2 files changed, 36 insertions(+), 17 deletions(-) diff --git a/nixos/modules/services/networking/dhcpcd.nix b/nixos/modules/services/networking/dhcpcd.nix index 65b4319b50a..7e0b00a3d7b 100644 --- a/nixos/modules/services/networking/dhcpcd.nix +++ b/nixos/modules/services/networking/dhcpcd.nix @@ -11,7 +11,7 @@ let # Don't start dhcpcd on explicitly configured interfaces or on # interfaces that are part of a bridge, bond or sit device. ignoredInterfaces = - map (i: i.name) (filter (i: i.ip4 != [ ]) (attrValues config.networking.interfaces)) + map (i: i.name) (filter (i: i.ip4 != [ ] || i.ipAddress != null) (attrValues config.networking.interfaces)) ++ mapAttrsToList (i: _: i) config.networking.sits ++ concatLists (attrValues (mapAttrs (n: v: v.interfaces) config.networking.bridges)) ++ concatLists (attrValues (mapAttrs (n: v: v.interfaces) config.networking.bonds)) diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix index 054784502eb..ac3a55332e4 100644 --- a/nixos/modules/tasks/network-interfaces.nix +++ b/nixos/modules/tasks/network-interfaces.nix @@ -68,36 +68,48 @@ let ipAddress = mkOption { default = null; + example = "10.0.0.1"; + type = types.nullOr types.str; description = '' - Defunct, create an address in the ip4 list instead. + IP address of the interface. Leave empty to configure the + interface using DHCP. ''; }; prefixLength = mkOption { default = null; + example = 24; + type = types.nullOr types.int; description = '' - Defunct, supply the prefix length in the ip4 list instead. + Subnet mask of the interface, specified as the number of + bits in the prefix (24). ''; }; subnetMask = mkOption { default = null; description = '' - Defunct, supply the prefix length in the ip4 list instead. + Defunct, supply the prefix length instead. ''; }; ipv6Address = mkOption { default = null; + example = "2001:1470:fffd:2098::e006"; + type = types.nullOr types.str; description = '' - Defunct, create an address in the ip6 list instead. + IPv6 address of the interface. Leave empty to configure the + interface using NDP. ''; }; ipv6prefixLength = mkOption { - default = null; + default = 64; + example = 64; + type = types.int; description = '' - Defunct, supply the prefix length in the ip6 list instead. + Subnet mask of the interface, specified as the number of + bits in the prefix (64). ''; }; @@ -470,12 +482,8 @@ in assertions = flip map interfaces (i: { - assertion = i.ipAddress == null && i.prefixLength == null && i.subnetMask == null; - message = "The networking.interfaces.${i.name}.ipAddress option is defunct. Use networking.ip4 instead."; - }) - ++ flip map interfaces (i: { - assertion = i.ipv6Address == null && i.ipv6prefixLength == null; - message = "The networking.interfaces.${i.name}.ipv6Address option is defunct. Use networking.ip6 instead."; + assertion = i.subnetMask == null; + message = "The networking.interfaces.${i.name}.subnetMask option is defunct. Use prefixLength instead."; }); boot.kernelModules = [ ] @@ -574,7 +582,18 @@ in # network device, so it only gets started after the interface # has appeared, and it's stopped when the interface # disappears. - configureInterface = i: nameValuePair "${i.name}-cfg" + configureInterface = i: + let + ips = i.ip4 ++ optionals cfg.enableIPv6 i.ip6 + ++ optional (i.ipAddress != null) { + ipAddress = i.ipAddress; + prefixLength = i.prefixLength; + } ++ optional (cfg.enableIPv6 && i.ipv6Address != null) { + ipAddress = i.ipv6Address; + prefixLength = i.ipv6PrefixLength; + }; + in + nameValuePair "${i.name}-cfg" { description = "Configuration of ${i.name}"; wantedBy = [ "network-interfaces.target" ]; bindsTo = [ "sys-subsystem-net-devices-${i.name}.device" ]; @@ -606,7 +625,7 @@ in # useful when the Nix store is accessed via this # interface (e.g. in a QEMU VM test). '' - + flip concatMapStrings (i.ip4 ++ optionals cfg.enableIPv6 i.ip6) (ip: + + flip concatMapStrings (ips) (ip: let address = "${ip.address}/${toString ip.prefixLength}"; in @@ -622,7 +641,7 @@ in fi fi '') - + optionalString (i.ip4 != [ ] || (cfg.enableIPv6 && i.ip6 != [ ])) + + optionalString (ips != [ ]) '' if [ restart_network_setup = true ]; then # Ensure that the default gateway remains set. @@ -643,7 +662,7 @@ in '' echo "releasing configured ip's..." '' - + flip concatMapStrings (i.ip4 ++ optionals cfg.enableIPv6 i.ip6) (ip: + + flip concatMapStrings (ips) (ip: let address = "${ip.address}/${toString ip.prefixLength}"; in