2014-11-26 11:22:03 -08:00

321 lines
12 KiB
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{ config, lib, pkgs, utils, ... }:
with lib;
with utils;
cfg = config.networking;
interfaces = attrValues cfg.interfaces;
hasVirtuals = any (i: i.virtual) interfaces;
# We must escape interfaces due to the systemd interpretation
subsystemDevice = interface:
"sys-subsystem-net-devices-${escapeSystemdPath interface}.device";
interfaceIps = i:
i.ip4 ++ optionals cfg.enableIPv6 i.ip6
++ optional (i.ipAddress != null) {
address = i.ipAddress;
prefixLength = i.prefixLength;
} ++ optional (cfg.enableIPv6 && i.ipv6Address != null) {
address = i.ipv6Address;
prefixLength = i.ipv6PrefixLength;
config = mkIf (!cfg.useNetworkd) {
systemd.targets."network-interfaces" =
{ description = "All Network Interfaces";
wantedBy = [ "" ];
unitConfig.X-StopOnReconfiguration = true;
}; =
networkLocalCommands = {
after = [ "network-setup.service" ];
bindsTo = [ "network-setup.service" ];
networkSetup =
{ description = "Networking Setup";
after = [ "" ];
before = [ "" ];
wantedBy = [ "" ];
unitConfig.ConditionCapability = "CAP_NET_ADMIN";
path = [ pkgs.iproute ];
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
script =
(optionalString (! ''
# Set the static DNS configuration, if given.
${pkgs.openresolv}/sbin/resolvconf -m 1 -a static <<EOF
${optionalString (cfg.nameservers != [] && cfg.domain != null) ''
domain ${cfg.domain}
${optionalString ( != []) ("search " + concatStringsSep " "}
${flip concatMapStrings cfg.nameservers (ns: ''
nameserver ${ns}
'') + ''
# Set the default gateway.
${optionalString (cfg.defaultGateway != null) ''
# FIXME: get rid of "|| true" (necessary to make it idempotent).
ip route add default via "${cfg.defaultGateway}" ${
optionalString (cfg.defaultGatewayWindowSize != null)
"window ${cfg.defaultGatewayWindowSize}"} || true
# For each interface <foo>, create a job network-addresses-<foo>.service"
# that performs static address configuration. It has a "wants"
# dependency on <foo>.service, which is supposed to create
# the interface and need not exist (i.e. for hardware
# interfaces). It has a binds-to dependency on the actual
# network device, so it only gets started after the interface
# has appeared, and it's stopped when the interface
# disappears.
configureAddrs = i:
ips = interfaceIps i;
nameValuePair "network-addresses-${}"
{ description = "Addresss configuration of ${}";
wantedBy = [ "" ];
before = [ "" ];
bindsTo = [ (subsystemDevice ];
after = [ (subsystemDevice ];
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
script =
echo "bringing up interface..."
ip link set "${}" up
'' + flip concatMapStrings (ips) (ip:
address = "${ip.address}/${toString ip.prefixLength}";
echo "checking ip ${address}..."
if out=$(ip addr add "${address}" dev "${}" 2>&1); then
echo "added ip ${address}..."
elif ! echo "$out" | grep "File exists" >/dev/null 2>&1; then
echo "failed to add ${address}"
exit 1
+ optionalString (ips != [ ])
if [ "$restart_network_setup" = "true" ]; then
# Ensure that the default gateway remains set.
# (Flushing this interface may have removed it.)
${config.systemd.package}/bin/systemctl try-restart --no-block network-setup.service
${config.systemd.package}/bin/systemctl start
${config.systemd.package}/bin/systemctl start
preStop =
echo "releasing configured ip's..."
'' + flip concatMapStrings (ips) (ip:
address = "${ip.address}/${toString ip.prefixLength}";
echo -n "Deleting ${address}..."
ip addr del "${address}" dev "${}" >/dev/null 2>&1 || echo -n " Failed"
echo ""
createTunDevice = i: nameValuePair "${}-netdev"
{ description = "Virtual Network Interface ${}";
requires = [ "dev-net-tun.device" ];
after = [ "dev-net-tun.device" ];
wantedBy = [ "" (subsystemDevice ];
path = [ pkgs.iproute ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
script = ''
ip tuntap add dev "${}" \
${optionalString (i.virtualType != null) "mode ${i.virtualType}"} \
user "${i.virtualOwner}"
postStop = ''
ip link del ${}
createBridgeDevice = n: v: nameValuePair "${n}-netdev"
deps = map subsystemDevice v.interfaces;
{ description = "Bridge Interface ${n}";
wantedBy = [ "" (subsystemDevice n) ];
bindsTo = deps;
after = deps;
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
path = [ pkgs.bridge_utils pkgs.iproute ];
script =
# Remove Dead Interfaces
ip link show "${n}" >/dev/null 2>&1 && ip link delete "${n}"
brctl addbr "${n}"
# Set bridge's hello time to 0 to avoid startup delays.
brctl setfd "${n}" 0
${flip concatMapStrings v.interfaces (i: ''
brctl addif "${n}" "${i}"
ip link set "${i}" up
ip addr flush dev "${i}"
echo "bringing up network device ${n}..."
ip link set "${n}" up
# !!! Should delete (brctl delif) any interfaces that
# no longer belong to the bridge.
postStop =
ip link set "${n}" down
brctl delbr "${n}"
createBondDevice = n: v: nameValuePair "${n}-netdev"
deps = map subsystemDevice v.interfaces;
{ description = "Bond Interface ${n}";
wantedBy = [ "" (subsystemDevice n) ];
bindsTo = deps;
after = deps;
before = [ "${n}-cfg.service" ];
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
path = [ pkgs.ifenslave pkgs.iproute ];
script = ''
ip link add name "${n}" type bond
# !!! There must be a better way to wait for the interface
while [ ! -d /sys/class/net/${n} ]; do sleep 0.1; done;
# Ensure the link is down so that we can set options
ip link set "${n}" down
# Set the miimon and mode options
${optionalString (v.miimon != null)
"echo \"${toString v.miimon}\" >/sys/class/net/${n}/bonding/miimon"}
${optionalString (v.mode != null)
"echo \"${v.mode}\" >/sys/class/net/${n}/bonding/mode"}
${optionalString (v.lacp_rate != null)
"echo \"${v.lacp_rate}\" >/sys/class/net/${n}/bonding/lacp_rate"}
${optionalString (v.xmit_hash_policy != null)
"echo \"${v.xmit_hash_policy}\" >/sys/class/net/${n}/bonding/xmit_hash_policy"}
# Bring up the bond and enslave the specified interfaces
ip link set "${n}" up
${flip concatMapStrings v.interfaces (i: ''
ifenslave "${n}" "${i}"
postStop = ''
${flip concatMapStrings v.interfaces (i: ''
ifenslave -d "${n}" "${i}" >/dev/null 2>&1 || true
ip link set "${n}" down >/dev/null 2>&1 || true
ip link del "${n}" >/dev/null 2>&1 || true
createSitDevice = n: v: nameValuePair "${n}-netdev"
deps = optional ( != null) (subsystemDevice;
{ description = "6-to-4 Tunnel Interface ${n}";
wantedBy = [ "" (subsystemDevice n) ];
bindsTo = deps;
after = deps;
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
path = [ pkgs.iproute ];
script = ''
# Remove Dead Interfaces
ip link show "${n}" >/dev/null 2>&1 && ip link delete "${n}"
ip link add name "${n}" type sit \
${optionalString (v.remote != null) "remote \"${v.remote}\""} \
${optionalString (v.local != null) "local \"${v.local}\""} \
${optionalString (v.ttl != null) "ttl ${toString v.ttl}"} \
${optionalString ( != null) "dev \"${}\""}
ip link set "${n}" up
postStop = ''
ip link delete "${n}"
createVlanDevice = n: v: nameValuePair "${n}-netdev"
deps = [ (subsystemDevice v.interface) ];
{ description = "Vlan Interface ${n}";
wantedBy = [ "" (subsystemDevice n) ];
bindsTo = deps;
after = deps;
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
path = [ pkgs.iproute ];
script = ''
# Remove Dead Interfaces
ip link show "${n}" >/dev/null 2>&1 && ip link delete "${n}"
ip link add link "${v.interface}" name "${n}" type vlan id "${toString}"
ip link set "${n}" up
postStop = ''
ip link delete "${n}"
in listToAttrs (
map configureAddrs interfaces ++
map createTunDevice (filter (i: i.virtual) interfaces))
// mapAttrs' createBridgeDevice cfg.bridges
// mapAttrs' createBondDevice cfg.bonds
// mapAttrs' createSitDevice cfg.sits
// mapAttrs' createVlanDevice cfg.vlans
// {
"network-setup" = networkSetup;
"network-local-commands" = networkLocalCommands;
services.udev.extraRules =
KERNEL=="tun", TAG+="systemd"