diff options
Diffstat (limited to 'nixos/modules/system/boot/networkd.nix')
| -rw-r--r-- | nixos/modules/system/boot/networkd.nix | 28 |
1 files changed, 27 insertions, 1 deletions
diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index 56a9d6b11380b..a77dbc609f462 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -55,6 +55,11 @@ let (assertMacAddress "MACAddress") ]; + checkVRF = checkUnitConfig "VRF" [ + (assertOnlyFields [ "Table" ]) + (assertMinimum "Table" 0) + ]; + # NOTE The PrivateKey directive is missing on purpose here, please # do not add it to this list. The nix store is world-readable let's # refrain ourselves from providing a footgun. @@ -349,6 +354,21 @@ let ''; }; + vrfConfig = mkOption { + default = {}; + example = { Table = 2342; }; + type = types.addCheck (types.attrsOf unitOption) checkVRF; + description = '' + Each attribute in this set specifies an option in the + <literal>[VRF]</literal> section of the unit. See + <citerefentry><refentrytitle>systemd.netdev</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> for details. + A detailed explanation about how VRFs work can be found in the + <link xlink:href="https://www.kernel.org/doc/Documentation/networking/vrf.txt">kernel + docs</link>. + ''; + }; + wireguardConfig = mkOption { default = {}; example = { @@ -845,6 +865,11 @@ let ${attrsToSection def.xfrmConfig} ''} + ${optionalString (def.vrfConfig != { }) '' + [VRF] + ${attrsToSection def.vrfConfig} + + ''} ${optionalString (def.wireguardConfig != { }) '' [WireGuard] ${attrsToSection def.wireguardConfig} @@ -947,9 +972,10 @@ in systemd.network.units = mkOption { description = "Definition of networkd units."; default = {}; + internal = true; type = with types; attrsOf (submodule ( { name, config, ... }: - { options = concreteUnitOptions; + { options = mapAttrs (_: x: x // { internal = true; }) concreteUnitOptions; config = { unit = mkDefault (makeUnit name config); }; |