diff options
Diffstat (limited to 'nixos/modules/system/boot/networkd.nix')
| -rw-r--r-- | nixos/modules/system/boot/networkd.nix | 247 |
1 files changed, 51 insertions, 196 deletions
diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index bb899c8d89994..79d76a8caa94b 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -17,11 +17,13 @@ let "ManageForeignRoutingPolicyRules" "ManageForeignRoutes" "RouteTable" + "IPv6PrivacyExtensions" ]) (assertValueOneOf "SpeedMeter" boolValues) (assertInt "SpeedMeterIntervalSec") (assertValueOneOf "ManageForeignRoutingPolicyRules" boolValues) (assertValueOneOf "ManageForeignRoutes" boolValues) + (assertValueOneOf "IPv6PrivacyExtensions" (boolValues ++ ["prefer-public" "kernel"])) ]; sectionDHCPv4 = checkUnitConfig "DHCPv4" [ @@ -384,7 +386,7 @@ let (assertValueOneOf "UDP6ZeroChecksumRx" boolValues) ]; - sectionL2TPSession = checkUnitConfig "L2TPSession" [ + sectionL2TPSession = checkUnitConfigWithLegacyKey "l2tpSessionConfig" "L2TPSession" [ (assertOnlyFields [ "Name" "SessionId" @@ -419,7 +421,7 @@ let # NOTE The PresharedKey directive is missing on purpose here, please # do not add it to this list. The nix store is world-readable,let's # refrain ourselves from providing a footgun. - sectionWireGuardPeer = checkUnitConfig "WireGuardPeer" [ + sectionWireGuardPeer = checkUnitConfigWithLegacyKey "wireguardPeerConfig" "WireGuardPeer" [ (assertOnlyFields [ "PublicKey" "PresharedKeyFile" @@ -710,7 +712,7 @@ let (assertValueOneOf "KeepConfiguration" (boolValues ++ ["static" "dhcp-on-stop" "dhcp"])) ]; - sectionAddress = checkUnitConfig "Address" [ + sectionAddress = checkUnitConfigWithLegacyKey "addressConfig" "Address" [ (assertOnlyFields [ "Address" "Peer" @@ -735,7 +737,7 @@ let (assertValueOneOf "AutoJoin" boolValues) ]; - sectionRoutingPolicyRule = checkUnitConfig "RoutingPolicyRule" [ + sectionRoutingPolicyRule = checkUnitConfigWithLegacyKey "routingPolicyRuleConfig" "RoutingPolicyRule" [ (assertOnlyFields [ "TypeOfService" "From" @@ -770,7 +772,7 @@ let (assertRange "SuppressInterfaceGroup" 0 2147483647) ]; - sectionRoute = checkUnitConfig "Route" [ + sectionRoute = checkUnitConfigWithLegacyKey "routeConfig" "Route" [ (assertOnlyFields [ "Gateway" "GatewayOnLink" @@ -1031,7 +1033,7 @@ let (assertValueOneOf "EmitDomains" boolValues) ]; - sectionIPv6Prefix = checkUnitConfig "IPv6Prefix" [ + sectionIPv6Prefix = checkUnitConfigWithLegacyKey "ipv6PrefixConfig" "IPv6Prefix" [ (assertOnlyFields [ "AddressAutoconfiguration" "OnLink" @@ -1046,7 +1048,7 @@ let (assertValueOneOf "Assign" boolValues) ]; - sectionIPv6RoutePrefix = checkUnitConfig "IPv6RoutePrefix" [ + sectionIPv6RoutePrefix = checkUnitConfigWithLegacyKey "ipv6RoutePrefixConfig" "IPv6RoutePrefix" [ (assertOnlyFields [ "Route" "LifetimeSec" @@ -1055,7 +1057,7 @@ let (assertInt "LifetimeSec") ]; - sectionDHCPServerStaticLease = checkUnitConfig "DHCPServerStaticLease" [ + sectionDHCPServerStaticLease = checkUnitConfigWithLegacyKey "dhcpServerStaticLeaseConfig" "DHCPServerStaticLease" [ (assertOnlyFields [ "MACAddress" "Address" @@ -1102,7 +1104,7 @@ let (assertRange "Priority" 0 63) ]; - sectionBridgeFDB = checkUnitConfig "BridgeFDB" [ + sectionBridgeFDB = checkUnitConfigWithLegacyKey "bridgeFDBConfig" "BridgeFDB" [ (assertOnlyFields [ "MACAddress" "Destination" @@ -1119,7 +1121,7 @@ let (assertValueOneOf "AssociatedWith" [ "use" "self" "master" "router" ]) ]; - sectionBridgeMDB = checkUnitConfig "BridgeMDB" [ + sectionBridgeMDB = checkUnitConfigWithLegacyKey "bridgeMDBConfig" "BridgeMDB" [ (assertOnlyFields [ "MulticastGroupAddress" "VLANId" @@ -1522,7 +1524,7 @@ let (assertRange "Weight" 1 1023) ]; - sectionBridgeVLAN = checkUnitConfig "BridgeVLAN" [ + sectionBridgeVLAN = checkUnitConfigWithLegacyKey "bridgeVLANConfig" "BridgeVLAN" [ (assertOnlyFields [ "VLAN" "EgressUntagged" @@ -1625,34 +1627,21 @@ let }; - - l2tpSessionOptions = { - options = { - l2tpSessionConfig = mkOption { - default = {}; - type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionL2TPSession; - description = '' - Each attribute in this set specifies an option in the - `[L2TPSession]` section of the unit. See - {manpage}`systemd.netdev(5)` for details. - ''; - }; + mkSubsectionType = oldKey: checkF: + let + type = types.addCheck (types.attrsOf unitOption) checkF; + in type // { + merge = loc: defs: + let + final = type.merge loc defs; + in + if final?${oldKey} + then warn + "Using '${oldKey}' is deprecated! Move all attributes inside one level up and remove it." + final.${oldKey} + else + final; }; - }; - - wireguardPeerOptions = { - options = { - wireguardPeerConfig = mkOption { - default = {}; - type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionWireGuardPeer; - description = '' - Each attribute in this set specifies an option in the - `[WireGuardPeer]` section of the unit. See - {manpage}`systemd.netdev(5)` for details. - ''; - }; - }; - }; netdevOptions = commonNetworkOptions // { @@ -1803,12 +1792,12 @@ let l2tpSessions = mkOption { default = []; - example = [ { l2tpSessionConfig={ + example = [ { SessionId = 25; PeerSessionId = 26; Name = "l2tp-sess"; - };}]; - type = with types; listOf (submodule l2tpSessionOptions); + }]; + type = types.listOf (mkSubsectionType "l2tpSessionConfig" check.netdev.sectionL2TPSession); description = '' Each item in this array specifies an option in the `[L2TPSession]` section of the unit. See @@ -1836,14 +1825,14 @@ let wireguardPeers = mkOption { default = []; - example = [ { wireguardPeerConfig={ + example = [ { Endpoint = "192.168.1.1:51820"; PublicKey = "27s0OvaBBdHoJYkH9osZpjpgSOVNw+RaKfboT/Sfq0g="; PresharedKeyFile = "/etc/wireguard/psk.key"; AllowedIPs = [ "10.0.0.1/32" ]; PersistentKeepalive = 15; - };}]; - type = with types; listOf (submodule wireguardPeerOptions); + } ]; + type = types.listOf (mkSubsectionType "wireguardPeerConfig" check.netdev.sectionWireGuardPeer); description = '' Each item in this array specifies an option in the `[WireGuardPeer]` section of the unit. See @@ -1915,143 +1904,6 @@ let }; - addressOptions = { - options = { - addressConfig = mkOption { - example = { Address = "192.168.0.100/24"; }; - type = types.addCheck (types.attrsOf unitOption) check.network.sectionAddress; - description = '' - Each attribute in this set specifies an option in the - `[Address]` section of the unit. See - {manpage}`systemd.network(5)` for details. - ''; - }; - }; - }; - - routingPolicyRulesOptions = { - options = { - routingPolicyRuleConfig = mkOption { - default = { }; - example = { Table = 10; IncomingInterface = "eth1"; Family = "both"; }; - type = types.addCheck (types.attrsOf unitOption) check.network.sectionRoutingPolicyRule; - description = '' - Each attribute in this set specifies an option in the - `[RoutingPolicyRule]` section of the unit. See - {manpage}`systemd.network(5)` for details. - ''; - }; - }; - }; - - routeOptions = { - options = { - routeConfig = mkOption { - default = {}; - example = { Gateway = "192.168.0.1"; }; - type = types.addCheck (types.attrsOf unitOption) check.network.sectionRoute; - description = '' - Each attribute in this set specifies an option in the - `[Route]` section of the unit. See - {manpage}`systemd.network(5)` for details. - ''; - }; - }; - }; - - ipv6PrefixOptions = { - options = { - ipv6PrefixConfig = mkOption { - default = {}; - example = { Prefix = "fd00::/64"; }; - type = types.addCheck (types.attrsOf unitOption) check.network.sectionIPv6Prefix; - description = '' - Each attribute in this set specifies an option in the - `[IPv6Prefix]` section of the unit. See - {manpage}`systemd.network(5)` for details. - ''; - }; - }; - }; - - ipv6RoutePrefixOptions = { - options = { - ipv6RoutePrefixConfig = mkOption { - default = {}; - example = { Route = "fd00::/64"; }; - type = types.addCheck (types.attrsOf unitOption) check.network.sectionIPv6RoutePrefix; - description = '' - Each attribute in this set specifies an option in the - `[IPv6RoutePrefix]` section of the unit. See - {manpage}`systemd.network(5)` for details. - ''; - }; - }; - }; - - dhcpServerStaticLeaseOptions = { - options = { - dhcpServerStaticLeaseConfig = mkOption { - default = {}; - example = { MACAddress = "65:43:4a:5b:d8:5f"; Address = "192.168.1.42"; }; - type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPServerStaticLease; - description = '' - Each attribute in this set specifies an option in the - `[DHCPServerStaticLease]` section of the unit. See - {manpage}`systemd.network(5)` for details. - - Make sure to configure the corresponding client interface to use - `ClientIdentifier=mac`. - ''; - }; - }; - }; - - bridgeFDBOptions = { - options = { - bridgeFDBConfig = mkOption { - default = {}; - example = { MACAddress = "65:43:4a:5b:d8:5f"; Destination = "192.168.1.42"; VNI = 20; }; - type = types.addCheck (types.attrsOf unitOption) check.network.sectionBridgeFDB; - description = '' - Each attribute in this set specifies an option in the - `[BridgeFDB]` section of the unit. See - {manpage}`systemd.network(5)` for details. - ''; - }; - }; - }; - - bridgeMDBOptions = { - options = { - bridgeMDBConfig = mkOption { - default = {}; - example = { MulticastGroupAddress = "ff02::1:2:3:4"; VLANId = 10; }; - type = types.addCheck (types.attrsOf unitOption) check.network.sectionBridgeMDB; - description = '' - Each attribute in this set specifies an option in the - `[BridgeMDB]` section of the unit. See - {manpage}`systemd.network(5)` for details. - ''; - }; - }; - }; - - bridgeVLANOptions = { - options = { - bridgeVLANConfig = mkOption { - default = {}; - example = { VLAN = 20; }; - type = types.addCheck (types.attrsOf unitOption) check.network.sectionBridgeVLAN; - description = '' - Each attribute in this set specifies an option in the - `[BridgeVLAN]` section of the unit. See - {manpage}`systemd.network(5)` for details. - ''; - }; - }; - }; - networkOptions = commonNetworkOptions // { linkConfig = mkOption { @@ -2163,8 +2015,8 @@ let dhcpServerStaticLeases = mkOption { default = []; - example = [ { dhcpServerStaticLeaseConfig = { MACAddress = "65:43:4a:5b:d8:5f"; Address = "192.168.1.42"; }; } ]; - type = with types; listOf (submodule dhcpServerStaticLeaseOptions); + example = [ { MACAddress = "65:43:4a:5b:d8:5f"; Address = "192.168.1.42"; } ]; + type = types.listOf (mkSubsectionType "dhcpServerStaticLeaseConfig" check.network.sectionDHCPServerStaticLease); description = '' A list of DHCPServerStaticLease sections to be added to the unit. See {manpage}`systemd.network(5)` for details. @@ -2173,8 +2025,8 @@ let ipv6Prefixes = mkOption { default = []; - example = [ { ipv6PrefixConfig = { AddressAutoconfiguration = true; OnLink = true; }; } ]; - type = with types; listOf (submodule ipv6PrefixOptions); + example = [ { AddressAutoconfiguration = true; OnLink = true; } ]; + type = types.listOf (mkSubsectionType "ipv6PrefixConfig" check.network.sectionIPv6Prefix); description = '' A list of ipv6Prefix sections to be added to the unit. See {manpage}`systemd.network(5)` for details. @@ -2183,8 +2035,8 @@ let ipv6RoutePrefixes = mkOption { default = []; - example = [ { ipv6RoutePrefixConfig = { Route = "fd00::/64"; LifetimeSec = 3600; }; } ]; - type = with types; listOf (submodule ipv6RoutePrefixOptions); + example = [ { Route = "fd00::/64"; LifetimeSec = 3600; } ]; + type = types.listOf (mkSubsectionType "ipv6RoutePrefixConfig" check.network.sectionIPv6RoutePrefix); description = '' A list of ipv6RoutePrefix sections to be added to the unit. See {manpage}`systemd.network(5)` for details. @@ -2204,8 +2056,8 @@ let bridgeFDBs = mkOption { default = []; - example = [ { bridgeFDBConfig = { MACAddress = "90:e2:ba:43:fc:71"; Destination = "192.168.100.4"; VNI = 3600; }; } ]; - type = with types; listOf (submodule bridgeFDBOptions); + example = [ { MACAddress = "90:e2:ba:43:fc:71"; Destination = "192.168.100.4"; VNI = 3600; } ]; + type = types.listOf (mkSubsectionType "bridgeFDBConfig" check.network.sectionBridgeFDB); description = '' A list of BridgeFDB sections to be added to the unit. See {manpage}`systemd.network(5)` for details. @@ -2214,8 +2066,8 @@ let bridgeMDBs = mkOption { default = []; - example = [ { bridgeMDBConfig = { MulticastGroupAddress = "ff02::1:2:3:4"; VLANId = 10; } ; } ]; - type = with types; listOf (submodule bridgeMDBOptions); + example = [ { MulticastGroupAddress = "ff02::1:2:3:4"; VLANId = 10; } ]; + type = types.listOf (mkSubsectionType "bridgeMDBConfig" check.network.sectionBridgeMDB); description = '' A list of BridgeMDB sections to be added to the unit. See {manpage}`systemd.network(5)` for details. @@ -2532,8 +2384,8 @@ let bridgeVLANs = mkOption { default = []; - example = [ { bridgeVLANConfig = { VLAN = "10-20"; }; } ]; - type = with types; listOf (submodule bridgeVLANOptions); + example = [ { VLAN = "10-20"; } ]; + type = types.listOf (mkSubsectionType "bridgeVLANConfig" check.network.sectionBridgeVLAN); description = '' A list of BridgeVLAN sections to be added to the unit. See {manpage}`systemd.network(5)` for details. @@ -2683,7 +2535,8 @@ let addresses = mkOption { default = [ ]; - type = with types; listOf (submodule addressOptions); + example = [ { Address = "192.168.0.100/24"; } ]; + type = types.listOf (mkSubsectionType "addressConfig" check.network.sectionAddress); description = '' A list of address sections to be added to the unit. See {manpage}`systemd.network(5)` for details. @@ -2692,7 +2545,8 @@ let routingPolicyRules = mkOption { default = [ ]; - type = with types; listOf (submodule routingPolicyRulesOptions); + example = [ { Table = 10; IncomingInterface = "eth1"; Family = "both"; } ]; + type = types.listOf (mkSubsectionType "routingPolicyRuleConfig" check.network.sectionRoutingPolicyRule); description = '' A list of routing policy rules sections to be added to the unit. See {manpage}`systemd.network(5)` for details. @@ -2701,7 +2555,8 @@ let routes = mkOption { default = [ ]; - type = with types; listOf (submodule routeOptions); + example = [ { Gateway = "192.168.0.1"; } ]; + type = types.listOf (mkSubsectionType "routeConfig" check.network.sectionRoute); description = '' A list of route sections to be added to the unit. See {manpage}`systemd.network(5)` for details. |