public
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/networkd: reoder code to match networkd documentation

This commit is contained in:
datafoo 2020-07-01 18:05:32 +02:00
parent e9d13d3751
commit bb3ba3e515
1 changed files with 874 additions and 862 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

610
nixos/modules/system/boot/networkd.nix
View File

@ -8,7 +8,11 @@ let
cfg = config.systemd.network; cfg = config.systemd.network;
checkLink = checkUnitConfig "Link" [ check = {
link = {
sectionLink = checkUnitConfig "Link" [
(assertOnlyFields [ (assertOnlyFields [
"Description" "Description"
"Alias" "Alias"
@ -74,8 +78,25 @@ let
(assertInt "RxBufferSize") (assertInt "RxBufferSize")
(assertInt "TxBufferSize") (assertInt "TxBufferSize")
]; ];
};
checkNetdev = checkUnitConfig "Netdev" [ netdev = let
tunChecks = [
(assertOnlyFields [
"MultiQueue"
"PacketInfo"
"VNetHeader"
"User"
"Group"
])
(assertValueOneOf "MultiQueue" boolValues)
(assertValueOneOf "PacketInfo" boolValues)
(assertValueOneOf "VNetHeader" boolValues)
];
in {
sectionNetdev = checkUnitConfig "Netdev" [
(assertOnlyFields [ (assertOnlyFields [
"Description" "Description"
"Name" "Name"
@ -124,46 +145,7 @@ let
(assertMacAddress "MACAddress") (assertMacAddress "MACAddress")
]; ];
checkVRF = checkUnitConfig "VRF" [ sectionVLAN = checkUnitConfig "VLAN" [
(assertOnlyFields [
"Table"
])
(assertInt "Table")
(assertMinimum "Table" 0)
];
# NOTE The PrivateKey directive is missing on purpose here, please
# do not add it to this list. The nix store is world-readable let's
# refrain ourselves from providing a footgun.
checkWireGuard = checkUnitConfig "WireGuard" [
(assertOnlyFields [
"PrivateKeyFile"
"ListenPort"
"FirewallMark"
])
# The following check won't work on nix <= 2.2
# see https://github.com/NixOS/nix/pull/2378
#
# Add this again when we'll have drop the
# nix < 2.2 support.
# (assertRange "FirewallMark" 1 4294967295)
];
# NOTE The PresharedKey directive is missing on purpose here, please
# do not add it to this list. The nix store is world-readable,let's
# refrain ourselves from providing a footgun.
checkWireGuardPeer = checkUnitConfig "WireGuardPeer" [
(assertOnlyFields [
"PublicKey"
"PresharedKeyFile"
"AllowedIPs"
"Endpoint"
"PersistentKeepalive"
])
(assertRange "PersistentKeepalive" 0 65535)
];
checkVlan = checkUnitConfig "VLAN" [
(assertOnlyFields [ (assertOnlyFields [
"Id" "Id"
"GVRP" "GVRP"
@ -178,14 +160,14 @@ let
(assertValueOneOf "ReorderHeader" boolValues) (assertValueOneOf "ReorderHeader" boolValues)
]; ];
checkMacvlan = checkUnitConfig "MACVLAN" [ sectionMACVLAN = checkUnitConfig "MACVLAN" [
(assertOnlyFields [ (assertOnlyFields [
"Mode" "Mode"
]) ])
(assertValueOneOf "Mode" ["private" "vepa" "bridge" "passthru"]) (assertValueOneOf "Mode" ["private" "vepa" "bridge" "passthru"])
]; ];
checkVxlan = checkUnitConfig "VXLAN" [ sectionVXLAN = checkUnitConfig "VXLAN" [
(assertOnlyFields [ (assertOnlyFields [
"VNI" "VNI"
"Remote" "Remote"
@ -230,7 +212,7 @@ let
(assertValueOneOf "IPDoNotFragment" (boolValues + ["inherit"])) (assertValueOneOf "IPDoNotFragment" (boolValues + ["inherit"]))
]; ];
checkTunnel = checkUnitConfig "Tunnel" [ sectionTunnel = checkUnitConfig "Tunnel" [
(assertOnlyFields [ (assertOnlyFields [
"Local" "Local"
"Remote" "Remote"
@ -272,7 +254,7 @@ let
(assertRange "ERSPANIndex" 1 1048575) (assertRange "ERSPANIndex" 1 1048575)
]; ];
checkPeer = checkUnitConfig "Peer" [ sectionPeer = checkUnitConfig "Peer" [
(assertOnlyFields [ (assertOnlyFields [
"Name" "Name"
"MACAddress" "MACAddress"
@ -280,24 +262,42 @@ let
(assertMacAddress "MACAddress") (assertMacAddress "MACAddress")
]; ];
tunTapChecks = [ sectionTun = checkUnitConfig "Tun" tunChecks;
sectionTap = checkUnitConfig "Tap" tunChecks;
# NOTE The PrivateKey directive is missing on purpose here, please
# do not add it to this list. The nix store is world-readable let's
# refrain ourselves from providing a footgun.
sectionWireGuard = checkUnitConfig "WireGuard" [
(assertOnlyFields [ (assertOnlyFields [
"MultiQueue" "PrivateKeyFile"
"PacketInfo" "ListenPort"
"VNetHeader" "FirewallMark"
"User"
"Group"
]) ])
(assertValueOneOf "MultiQueue" boolValues) # The following check won't work on nix <= 2.2
(assertValueOneOf "PacketInfo" boolValues) # see https://github.com/NixOS/nix/pull/2378
(assertValueOneOf "VNetHeader" boolValues) #
# Add this again when we'll have drop the
# nix < 2.2 support.
# (assertRange "FirewallMark" 1 4294967295)
]; ];
checkTun = checkUnitConfig "Tun" tunTapChecks; # NOTE The PresharedKey directive is missing on purpose here, please
# do not add it to this list. The nix store is world-readable,let's
# refrain ourselves from providing a footgun.
sectionWireGuardPeer = checkUnitConfig "WireGuardPeer" [
(assertOnlyFields [
"PublicKey"
"PresharedKeyFile"
"AllowedIPs"
"Endpoint"
"PersistentKeepalive"
])
(assertRange "PersistentKeepalive" 0 65535)
];
checkTap = checkUnitConfig "Tap" tunTapChecks; sectionBond = checkUnitConfig "Bond" [
checkBond = checkUnitConfig "Bond" [
(assertOnlyFields [ (assertOnlyFields [
"Mode" "Mode"
"TransmitHashPolicy" "TransmitHashPolicy"
@ -356,7 +356,7 @@ let
(assertMinimum "MinLinks" 0) (assertMinimum "MinLinks" 0)
]; ];
checkXfrm = checkUnitConfig "Xfrm" [ sectionXfrm = checkUnitConfig "Xfrm" [
(assertOnlyFields [ (assertOnlyFields [
"InterfaceId" "InterfaceId"
"Independent" "Independent"
@ -370,7 +370,47 @@ let
(assertValueOneOf "Independent" boolValues) (assertValueOneOf "Independent" boolValues)
]; ];
checkNetwork = checkUnitConfig "Network" [ sectionVRF = checkUnitConfig "VRF" [
(assertOnlyFields [
"Table"
])
(assertInt "Table")
(assertMinimum "Table" 0)
];
};
network = {
sectionLink = checkUnitConfig "Link" [
(assertOnlyFields [
"MACAddress"
"MTUBytes"
"ARP"
"Multicast"
"AllMulticast"
"Unmanaged"
"RequiredForOnline"
])
(assertMacAddress "MACAddress")
(assertByteFormat "MTUBytes")
(assertValueOneOf "ARP" boolValues)
(assertValueOneOf "Multicast" boolValues)
(assertValueOneOf "AllMulticast" boolValues)
(assertValueOneOf "Unmanaged" boolValues)
(assertValueOneOf "RequiredForOnline" (boolValues ++ [
"missing"
"off"
"no-carrier"
"dormant"
"degraded-carrier"
"carrier"
"degraded"
"enslaved"
"routable"
]))
];
sectionNetwork = checkUnitConfig "Network" [
(assertOnlyFields [ (assertOnlyFields [
"Description" "Description"
"DHCP" "DHCP"
@ -452,7 +492,7 @@ let
(assertValueOneOf "KeepConfiguration" (boolValues ++ ["static" "dhcp-on-stop" "dhcp"])) (assertValueOneOf "KeepConfiguration" (boolValues ++ ["static" "dhcp-on-stop" "dhcp"]))
]; ];
checkAddress = checkUnitConfig "Address" [ sectionAddress = checkUnitConfig "Address" [
(assertOnlyFields [ (assertOnlyFields [
"Address" "Address"
"Peer" "Peer"
@ -475,7 +515,7 @@ let
(assertValueOneOf "AutoJoin" boolValues) (assertValueOneOf "AutoJoin" boolValues)
]; ];
checkRoutingPolicyRule = checkUnitConfig "RoutingPolicyRule" [ sectionRoutingPolicyRule = checkUnitConfig "RoutingPolicyRule" [
(assertOnlyFields [ (assertOnlyFields [
"TypeOfService" "TypeOfService"
"From" "From"
@ -510,7 +550,7 @@ let
(assertRange "SuppressPrefixLength" 0 128) (assertRange "SuppressPrefixLength" 0 128)
]; ];
checkRoute = checkUnitConfig "Route" [ sectionRoute = checkUnitConfig "Route" [
(assertOnlyFields [ (assertOnlyFields [
"Gateway" "Gateway"
"GatewayOnLink" "GatewayOnLink"
@ -556,7 +596,7 @@ let
(assertValueOneOf "IPServiceType" ["CS6" "CS4"]) (assertValueOneOf "IPServiceType" ["CS6" "CS4"])
]; ];
checkDhcpV4 = checkUnitConfig "DHCPv4" [ sectionDHCPv4 = checkUnitConfig "DHCPv4" [
(assertOnlyFields [ (assertOnlyFields [
"UseDNS" "UseDNS"
"RoutesToDNS" "RoutesToDNS"
@ -617,7 +657,7 @@ let
(assertValueOneOf "SendDecline" boolValues) (assertValueOneOf "SendDecline" boolValues)
]; ];
checkDhcpV6 = checkUnitConfig "DHCPv6" [ sectionDHCPv6 = checkUnitConfig "DHCPv6" [
(assertOnlyFields [ (assertOnlyFields [
"UseDNS" "UseDNS"
"UseNTP" "UseNTP"
@ -631,38 +671,7 @@ let
(assertValueOneOf "ForceDHCPv6PDOtherInformation" boolValues) (assertValueOneOf "ForceDHCPv6PDOtherInformation" boolValues)
]; ];
checkIpv6PrefixDelegation = checkUnitConfig "IPv6PrefixDelegation" [ sectionDHCPServer = checkUnitConfig "DHCPServer" [
(assertOnlyFields [
"Managed"
"OtherInformation"
"RouterLifetimeSec"
"RouterPreference"
"EmitDNS"
"DNS"
"EmitDomains"
"Domains"
"DNSLifetimeSec"
])
(assertValueOneOf "Managed" boolValues)
(assertValueOneOf "OtherInformation" boolValues)
(assertValueOneOf "RouterPreference" ["high" "medium" "low" "normal" "default"])
(assertValueOneOf "EmitDNS" boolValues)
(assertValueOneOf "EmitDomains" boolValues)
];
checkIpv6Prefix = checkUnitConfig "IPv6Prefix" [
(assertOnlyFields [
"AddressAutoconfiguration"
"OnLink"
"Prefix"
"PreferredLifetimeSec"
"ValidLifetimeSec"
])
(assertValueOneOf "AddressAutoconfiguration" boolValues)
(assertValueOneOf "OnLink" boolValues)
];
checkDhcpServer = checkUnitConfig "DHCPServer" [
(assertOnlyFields [ (assertOnlyFields [
"PoolOffset" "PoolOffset"
"PoolSize" "PoolSize"
@ -690,36 +699,40 @@ let
(assertValueOneOf "EmitTimezone" boolValues) (assertValueOneOf "EmitTimezone" boolValues)
]; ];
# .network files have a [Link] section with different options than in .link files sectionIPv6PrefixDelegation = checkUnitConfig "IPv6PrefixDelegation" [
checkNetworkLink = checkUnitConfig "Link" [
(assertOnlyFields [ (assertOnlyFields [
"MACAddress" "Managed"
"MTUBytes" "OtherInformation"
"ARP" "RouterLifetimeSec"
"Multicast" "RouterPreference"
"AllMulticast" "EmitDNS"
"Unmanaged" "DNS"
"RequiredForOnline" "EmitDomains"
"Domains"
"DNSLifetimeSec"
]) ])
(assertMacAddress "MACAddress") (assertValueOneOf "Managed" boolValues)
(assertByteFormat "MTUBytes") (assertValueOneOf "OtherInformation" boolValues)
(assertValueOneOf "ARP" boolValues) (assertValueOneOf "RouterPreference" ["high" "medium" "low" "normal" "default"])
(assertValueOneOf "Multicast" boolValues) (assertValueOneOf "EmitDNS" boolValues)
(assertValueOneOf "AllMulticast" boolValues) (assertValueOneOf "EmitDomains" boolValues)
(assertValueOneOf "Unmanaged" boolValues)
(assertValueOneOf "RequiredForOnline" (boolValues ++ [
"missing"
"off"
"no-carrier"
"dormant"
"degraded-carrier"
"carrier"
"degraded"
"enslaved"
"routable"
]))
]; ];
sectionIPv6Prefix = checkUnitConfig "IPv6Prefix" [
(assertOnlyFields [
"AddressAutoconfiguration"
"OnLink"
"Prefix"
"PreferredLifetimeSec"
"ValidLifetimeSec"
])
(assertValueOneOf "AddressAutoconfiguration" boolValues)
(assertValueOneOf "OnLink" boolValues)
];
};
};
commonNetworkOptions = { commonNetworkOptions = {
enable = mkOption { enable = mkOption {
@ -764,7 +777,7 @@ let
linkConfig = mkOption { linkConfig = mkOption {
default = {}; default = {};
example = { MACAddress = "00:ff:ee:aa:cc:dd"; }; example = { MACAddress = "00:ff:ee:aa:cc:dd"; };
type = types.addCheck (types.attrsOf unitOption) checkLink; type = types.addCheck (types.attrsOf unitOption) check.link.sectionLink;
description = '' description = ''
Each attribute in this set specifies an option in the Each attribute in this set specifies an option in the
<literal>[Link]</literal> section of the unit. See <literal>[Link]</literal> section of the unit. See
@ -775,12 +788,28 @@ let
}; };
wireguardPeerOptions = {
options = {
wireguardPeerConfig = mkOption {
default = {};
example = { };
type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionWireGuardPeer;
description = ''
Each attribute in this set specifies an option in the
<literal>[WireGuardPeer]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.network</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
};
};
netdevOptions = commonNetworkOptions // { netdevOptions = commonNetworkOptions // {
netdevConfig = mkOption { netdevConfig = mkOption {
default = {}; default = {};
example = { Name = "mybridge"; Kind = "bridge"; }; example = { Name = "mybridge"; Kind = "bridge"; };
type = types.addCheck (types.attrsOf unitOption) checkNetdev; type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionNetdev;
description = '' description = ''
Each attribute in this set specifies an option in the Each attribute in this set specifies an option in the
<literal>[Netdev]</literal> section of the unit. See <literal>[Netdev]</literal> section of the unit. See
@ -789,18 +818,87 @@ let
''; '';
}; };
vrfConfig = mkOption { vlanConfig = mkOption {
default = {}; default = {};
example = { Table = 2342; }; example = { Id = 4; };
type = types.addCheck (types.attrsOf unitOption) checkVRF; type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionVLAN;
description = '' description = ''
Each attribute in this set specifies an option in the Each attribute in this set specifies an option in the
<literal>[VRF]</literal> section of the unit. See <literal>[VLAN]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.netdev</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
macvlanConfig = mkOption {
default = {};
example = { Mode = "private"; };
type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionMACVLAN;
description = ''
Each attribute in this set specifies an option in the
<literal>[MACVLAN]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.netdev</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
vxlanConfig = mkOption {
default = {};
example = { Id = "4"; };
type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionVXLAN;
description = ''
Each attribute in this set specifies an option in the
<literal>[VXLAN]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.netdev</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
tunnelConfig = mkOption {
default = {};
example = { Remote = "192.168.1.1"; };
type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionTunnel;
description = ''
Each attribute in this set specifies an option in the
<literal>[Tunnel]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.netdev</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
peerConfig = mkOption {
default = {};
example = { Name = "veth2"; };
type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionPeer;
description = ''
Each attribute in this set specifies an option in the
<literal>[Peer]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.netdev</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
tunConfig = mkOption {
default = {};
example = { User = "openvpn"; };
type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionTun;
description = ''
Each attribute in this set specifies an option in the
<literal>[Tun]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.netdev</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
tapConfig = mkOption {
default = {};
example = { User = "openvpn"; };
type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionTap;
description = ''
Each attribute in this set specifies an option in the
<literal>[Tap]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.netdev</refentrytitle> <citerefentry><refentrytitle>systemd.netdev</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details. <manvolnum>5</manvolnum></citerefentry> for details.
A detailed explanation about how VRFs work can be found in the
<link xlink:href="https://www.kernel.org/doc/Documentation/networking/vrf.txt">kernel
docs</link>.
''; '';
}; };
@ -811,7 +909,7 @@ let
ListenPort = 51820; ListenPort = 51820;
FwMark = 42; FwMark = 42;
}; };
type = types.addCheck (types.attrsOf unitOption) checkWireGuard; type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionWireGuard;
description = '' description = ''
Each attribute in this set specifies an option in the Each attribute in this set specifies an option in the
<literal>[WireGuard]</literal> section of the unit. See <literal>[WireGuard]</literal> section of the unit. See
@ -844,94 +942,10 @@ let
''; '';
}; };
vlanConfig = mkOption {
default = {};
example = { Id = 4; };
type = types.addCheck (types.attrsOf unitOption) checkVlan;
description = ''
Each attribute in this set specifies an option in the
<literal>[VLAN]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.netdev</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
macvlanConfig = mkOption {
default = {};
example = { Mode = "private"; };
type = types.addCheck (types.attrsOf unitOption) checkMacvlan;
description = ''
Each attribute in this set specifies an option in the
<literal>[MACVLAN]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.netdev</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
vxlanConfig = mkOption {
default = {};
example = { Id = "4"; };
type = types.addCheck (types.attrsOf unitOption) checkVxlan;
description = ''
Each attribute in this set specifies an option in the
<literal>[VXLAN]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.netdev</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
tunnelConfig = mkOption {
default = {};
example = { Remote = "192.168.1.1"; };
type = types.addCheck (types.attrsOf unitOption) checkTunnel;
description = ''
Each attribute in this set specifies an option in the
<literal>[Tunnel]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.netdev</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
peerConfig = mkOption {
default = {};
example = { Name = "veth2"; };
type = types.addCheck (types.attrsOf unitOption) checkPeer;
description = ''
Each attribute in this set specifies an option in the
<literal>[Peer]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.netdev</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
tunConfig = mkOption {
default = {};
example = { User = "openvpn"; };
type = types.addCheck (types.attrsOf unitOption) checkTun;
description = ''
Each attribute in this set specifies an option in the
<literal>[Tun]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.netdev</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
tapConfig = mkOption {
default = {};
example = { User = "openvpn"; };
type = types.addCheck (types.attrsOf unitOption) checkTap;
description = ''
Each attribute in this set specifies an option in the
<literal>[Tap]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.netdev</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
bondConfig = mkOption { bondConfig = mkOption {
default = {}; default = {};
example = { Mode = "802.3ad"; }; example = { Mode = "802.3ad"; };
type = types.addCheck (types.attrsOf unitOption) checkBond; type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionBond;
description = '' description = ''
Each attribute in this set specifies an option in the Each attribute in this set specifies an option in the
<literal>[Bond]</literal> section of the unit. See <literal>[Bond]</literal> section of the unit. See
@ -943,7 +957,7 @@ let
xfrmConfig = mkOption { xfrmConfig = mkOption {
default = {}; default = {};
example = { InterfaceId = 1; }; example = { InterfaceId = 1; };
type = types.addCheck (types.attrsOf unitOption) checkXfrm; type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionXfrm;
description = '' description = ''
Each attribute in this set specifies an option in the Each attribute in this set specifies an option in the
<literal>[Xfrm]</literal> section of the unit. See <literal>[Xfrm]</literal> section of the unit. See
@ -952,6 +966,21 @@ let
''; '';
}; };
vrfConfig = mkOption {
default = {};
example = { Table = 2342; };
type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionVRF;
description = ''
Each attribute in this set specifies an option in the
<literal>[VRF]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.netdev</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
A detailed explanation about how VRFs work can be found in the
<link xlink:href="https://www.kernel.org/doc/Documentation/networking/vrf.txt">kernel
docs</link>.
'';
};
}; };
addressOptions = { addressOptions = {
@ -959,7 +988,7 @@ let
addressConfig = mkOption { addressConfig = mkOption {
default = {}; default = {};
example = { Address = "192.168.0.100/24"; }; example = { Address = "192.168.0.100/24"; };
type = types.addCheck (types.attrsOf unitOption) checkAddress; type = types.addCheck (types.attrsOf unitOption) check.network.sectionAddress;
description = '' description = ''
Each attribute in this set specifies an option in the Each attribute in this set specifies an option in the
<literal>[Address]</literal> section of the unit. See <literal>[Address]</literal> section of the unit. See
@ -975,7 +1004,7 @@ let
routingPolicyRuleConfig = mkOption { routingPolicyRuleConfig = mkOption {
default = { }; default = { };
example = { routingPolicyRuleConfig = { Table = 10; IncomingInterface = "eth1"; Family = "both"; } ;}; example = { routingPolicyRuleConfig = { Table = 10; IncomingInterface = "eth1"; Family = "both"; } ;};
type = types.addCheck (types.attrsOf unitOption) checkRoutingPolicyRule; type = types.addCheck (types.attrsOf unitOption) check.network.sectionRoutingPolicyRule;
description = '' description = ''
Each attribute in this set specifies an option in the Each attribute in this set specifies an option in the
<literal>[RoutingPolicyRule]</literal> section of the unit. See <literal>[RoutingPolicyRule]</literal> section of the unit. See
@ -991,7 +1020,7 @@ let
routeConfig = mkOption { routeConfig = mkOption {
default = {}; default = {};
example = { Gateway = "192.168.0.1"; }; example = { Gateway = "192.168.0.1"; };
type = types.addCheck (types.attrsOf unitOption) checkRoute; type = types.addCheck (types.attrsOf unitOption) check.network.sectionRoute;
description = '' description = ''
Each attribute in this set specifies an option in the Each attribute in this set specifies an option in the
<literal>[Route]</literal> section of the unit. See <literal>[Route]</literal> section of the unit. See
@ -1002,28 +1031,12 @@ let
}; };
}; };
wireguardPeerOptions = {
options = {
wireguardPeerConfig = mkOption {
default = {};
example = { };
type = types.addCheck (types.attrsOf unitOption) checkWireGuardPeer;
description = ''
Each attribute in this set specifies an option in the
<literal>[WireGuardPeer]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.network</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
};
};
ipv6PrefixOptions = { ipv6PrefixOptions = {
options = { options = {
ipv6PrefixConfig = mkOption { ipv6PrefixConfig = mkOption {
default = {}; default = {};
example = { Prefix = "fd00::/64"; }; example = { Prefix = "fd00::/64"; };
type = types.addCheck (types.attrsOf unitOption) checkIpv6Prefix; type = types.addCheck (types.attrsOf unitOption) check.network.sectionIPv6Prefix;
description = '' description = ''
Each attribute in this set specifies an option in the Each attribute in this set specifies an option in the
<literal>[IPv6Prefix]</literal> section of the unit. See <literal>[IPv6Prefix]</literal> section of the unit. See
@ -1034,13 +1047,24 @@ let
}; };
}; };
networkOptions = commonNetworkOptions // { networkOptions = commonNetworkOptions // {
linkConfig = mkOption {
default = {};
example = { Unmanaged = true; };
type = types.addCheck (types.attrsOf unitOption) check.network.sectionLink;
description = ''
Each attribute in this set specifies an option in the
<literal>[Link]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.network</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
networkConfig = mkOption { networkConfig = mkOption {
default = {}; default = {};
example = { Description = "My Network"; }; example = { Description = "My Network"; };
type = types.addCheck (types.attrsOf unitOption) checkNetwork; type = types.addCheck (types.attrsOf unitOption) check.network.sectionNetwork;
description = '' description = ''
Each attribute in this set specifies an option in the Each attribute in this set specifies an option in the
<literal>[Network]</literal> section of the unit. See <literal>[Network]</literal> section of the unit. See
@ -1059,7 +1083,7 @@ let
dhcpV4Config = mkOption { dhcpV4Config = mkOption {
default = {}; default = {};
example = { UseDNS = true; UseRoutes = true; }; example = { UseDNS = true; UseRoutes = true; };
type = types.addCheck (types.attrsOf unitOption) checkDhcpV4; type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPv4;
description = '' description = ''
Each attribute in this set specifies an option in the Each attribute in this set specifies an option in the
<literal>[DHCPv4]</literal> section of the unit. See <literal>[DHCPv4]</literal> section of the unit. See
@ -1071,7 +1095,7 @@ let
dhcpV6Config = mkOption { dhcpV6Config = mkOption {
default = {}; default = {};
example = { UseDNS = true; UseRoutes = true; }; example = { UseDNS = true; UseRoutes = true; };
type = types.addCheck (types.attrsOf unitOption) checkDhcpV6; type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPv6;
description = '' description = ''
Each attribute in this set specifies an option in the Each attribute in this set specifies an option in the
<literal>[DHCPv6]</literal> section of the unit. See <literal>[DHCPv6]</literal> section of the unit. See
@ -1080,10 +1104,22 @@ let
''; '';
}; };
dhcpServerConfig = mkOption {
default = {};
example = { PoolOffset = 50; EmitDNS = false; };
type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPServer;
description = ''
Each attribute in this set specifies an option in the
<literal>[DHCPServer]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.network</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
ipv6PrefixDelegationConfig = mkOption { ipv6PrefixDelegationConfig = mkOption {
default = {}; default = {};
example = { EmitDNS = true; Managed = true; OtherInformation = true; }; example = { EmitDNS = true; Managed = true; OtherInformation = true; };
type = types.addCheck (types.attrsOf unitOption) checkIpv6PrefixDelegation; type = types.addCheck (types.attrsOf unitOption) check.network.sectionIPv6PrefixDelegation;
description = '' description = ''
Each attribute in this set specifies an option in the Each attribute in this set specifies an option in the
<literal>[IPv6PrefixDelegation]</literal> section of the unit. See <literal>[IPv6PrefixDelegation]</literal> section of the unit. See
@ -1103,30 +1139,6 @@ let
''; '';
}; };
dhcpServerConfig = mkOption {
default = {};
example = { PoolOffset = 50; EmitDNS = false; };
type = types.addCheck (types.attrsOf unitOption) checkDhcpServer;
description = ''
Each attribute in this set specifies an option in the
<literal>[DHCPServer]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.network</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
linkConfig = mkOption {
default = {};
example = { Unmanaged = true; };
type = types.addCheck (types.attrsOf unitOption) checkNetworkLink;
description = ''
Each attribute in this set specifies an option in the
<literal>[Link]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.network</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
name = mkOption { name = mkOption {
type = types.nullOr types.str; type = types.nullOr types.str;
default = null; default = null;
@ -1374,6 +1386,16 @@ let
${attrsToSection def.tapConfig} ${attrsToSection def.tapConfig}
''} ''}
${optionalString (def.wireguardConfig != { }) ''
[WireGuard]
${attrsToSection def.wireguardConfig}
''}
${flip concatMapStrings def.wireguardPeers (x: ''
[WireGuardPeer]
${attrsToSection x.wireguardPeerConfig}
'')}
${optionalString (def.bondConfig != { }) '' ${optionalString (def.bondConfig != { }) ''
[Bond] [Bond]
${attrsToSection def.bondConfig} ${attrsToSection def.bondConfig}
@ -1389,16 +1411,6 @@ let
${attrsToSection def.vrfConfig} ${attrsToSection def.vrfConfig}
''} ''}
${optionalString (def.wireguardConfig != { }) ''
[WireGuard]
${attrsToSection def.wireguardConfig}
''}
${flip concatMapStrings def.wireguardPeers (x: ''
[WireGuardPeer]
${attrsToSection x.wireguardPeerConfig}
'')}
${def.extraConfig} ${def.extraConfig}
''; '';
}; };
@ -1428,6 +1440,21 @@ let
${concatStringsSep "\n" (map (s: "Tunnel=${s}") def.tunnel)} ${concatStringsSep "\n" (map (s: "Tunnel=${s}") def.tunnel)}
${concatStringsSep "\n" (map (s: "Xfrm=${s}") def.xfrm)} ${concatStringsSep "\n" (map (s: "Xfrm=${s}") def.xfrm)}
${flip concatMapStrings def.addresses (x: ''
[Address]
${attrsToSection x.addressConfig}
'')}
${flip concatMapStrings def.routingPolicyRules (x: ''
[RoutingPolicyRule]
${attrsToSection x.routingPolicyRuleConfig}
'')}
${flip concatMapStrings def.routes (x: ''
[Route]
${attrsToSection x.routeConfig}
'')}
${optionalString (def.dhcpV4Config != { }) '' ${optionalString (def.dhcpV4Config != { }) ''
[DHCPv4] [DHCPv4]
${attrsToSection def.dhcpV4Config} ${attrsToSection def.dhcpV4Config}
@ -1437,6 +1464,11 @@ let
[DHCPv6] [DHCPv6]
${attrsToSection def.dhcpV6Config} ${attrsToSection def.dhcpV6Config}
''}
${optionalString (def.dhcpServerConfig != { }) ''
[DHCPServer]
${attrsToSection def.dhcpServerConfig}
''} ''}
${optionalString (def.ipv6PrefixDelegationConfig != {}) '' ${optionalString (def.ipv6PrefixDelegationConfig != {}) ''
[IPv6PrefixDelegation] [IPv6PrefixDelegation]
@ -1447,26 +1479,6 @@ let
[IPv6Prefix] [IPv6Prefix]
${attrsToSection x.ipv6PrefixConfig} ${attrsToSection x.ipv6PrefixConfig}
'')}
${optionalString (def.dhcpServerConfig != { }) ''
[DHCPServer]
${attrsToSection def.dhcpServerConfig}
''}
${flip concatMapStrings def.addresses (x: ''
[Address]
${attrsToSection x.addressConfig}
'')}
${flip concatMapStrings def.routes (x: ''
[Route]
${attrsToSection x.routeConfig}
'')}
${flip concatMapStrings def.routingPolicyRules (x: ''
[RoutingPolicyRule]
${attrsToSection x.routingPolicyRuleConfig}
'')} '')}
${def.extraConfig} ${def.extraConfig}
''; '';