2014-11-20 11:37:48 +01:00
|
|
|
|
{ config, lib, pkgs, utils, ... }:
|
|
|
|
|
|
|
|
|
|
with utils;
|
2014-12-11 01:28:45 +01:00
|
|
|
|
with lib;
|
2014-11-20 11:37:48 +01:00
|
|
|
|
|
|
|
|
|
let
|
|
|
|
|
|
|
|
|
|
cfg = config.networking;
|
|
|
|
|
interfaces = attrValues cfg.interfaces;
|
|
|
|
|
hasVirtuals = any (i: i.virtual) interfaces;
|
|
|
|
|
|
|
|
|
|
# We must escape interfaces due to the systemd interpretation
|
|
|
|
|
subsystemDevice = interface:
|
|
|
|
|
"sys-subsystem-net-devices-${escapeSystemdPath interface}.device";
|
|
|
|
|
|
|
|
|
|
interfaceIps = i:
|
|
|
|
|
i.ip4 ++ optionals cfg.enableIPv6 i.ip6
|
|
|
|
|
++ optional (i.ipAddress != null) {
|
|
|
|
|
address = i.ipAddress;
|
|
|
|
|
prefixLength = i.prefixLength;
|
|
|
|
|
} ++ optional (cfg.enableIPv6 && i.ipv6Address != null) {
|
|
|
|
|
address = i.ipv6Address;
|
|
|
|
|
prefixLength = i.ipv6PrefixLength;
|
|
|
|
|
};
|
|
|
|
|
|
2014-11-25 10:53:37 +01:00
|
|
|
|
destroyBond = i: ''
|
|
|
|
|
while true; do
|
|
|
|
|
UPDATED=1
|
|
|
|
|
SLAVES=$(ip link | grep 'master ${i}' | awk -F: '{print $2}')
|
|
|
|
|
for I in $SLAVES; do
|
|
|
|
|
UPDATED=0
|
|
|
|
|
ip link set "$I" nomaster
|
|
|
|
|
done
|
|
|
|
|
[ "$UPDATED" -eq "1" ] && break
|
|
|
|
|
done
|
2014-11-30 07:34:50 +01:00
|
|
|
|
ip link set "${i}" down 2>/dev/null || true
|
|
|
|
|
ip link del "${i}" 2>/dev/null || true
|
2014-11-25 10:53:37 +01:00
|
|
|
|
'';
|
|
|
|
|
|
2014-11-20 11:37:48 +01:00
|
|
|
|
in
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
config = mkIf (!cfg.useNetworkd) {
|
|
|
|
|
|
|
|
|
|
systemd.services =
|
|
|
|
|
let
|
|
|
|
|
|
|
|
|
|
networkLocalCommands = {
|
|
|
|
|
after = [ "network-setup.service" ];
|
|
|
|
|
bindsTo = [ "network-setup.service" ];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
networkSetup =
|
|
|
|
|
{ description = "Networking Setup";
|
|
|
|
|
|
2014-12-02 02:19:06 +01:00
|
|
|
|
after = [ "network-interfaces.target" "network-pre.target" ];
|
2014-11-24 20:57:50 +01:00
|
|
|
|
before = [ "network.target" ];
|
|
|
|
|
wantedBy = [ "network.target" ];
|
2014-11-20 11:37:48 +01:00
|
|
|
|
|
|
|
|
|
unitConfig.ConditionCapability = "CAP_NET_ADMIN";
|
|
|
|
|
|
|
|
|
|
path = [ pkgs.iproute ];
|
|
|
|
|
|
|
|
|
|
serviceConfig.Type = "oneshot";
|
|
|
|
|
serviceConfig.RemainAfterExit = true;
|
|
|
|
|
|
|
|
|
|
script =
|
2014-12-01 10:18:26 +01:00
|
|
|
|
''
|
2014-11-20 11:37:48 +01:00
|
|
|
|
# Set the static DNS configuration, if given.
|
|
|
|
|
${pkgs.openresolv}/sbin/resolvconf -m 1 -a static <<EOF
|
|
|
|
|
${optionalString (cfg.nameservers != [] && cfg.domain != null) ''
|
|
|
|
|
domain ${cfg.domain}
|
|
|
|
|
''}
|
|
|
|
|
${optionalString (cfg.search != []) ("search " + concatStringsSep " " cfg.search)}
|
|
|
|
|
${flip concatMapStrings cfg.nameservers (ns: ''
|
|
|
|
|
nameserver ${ns}
|
|
|
|
|
'')}
|
|
|
|
|
EOF
|
2014-12-01 10:18:26 +01:00
|
|
|
|
|
2014-11-20 11:37:48 +01:00
|
|
|
|
# Set the default gateway.
|
2014-12-01 10:18:26 +01:00
|
|
|
|
${optionalString (cfg.defaultGateway != null && cfg.defaultGateway != "") ''
|
2014-11-20 11:37:48 +01:00
|
|
|
|
# FIXME: get rid of "|| true" (necessary to make it idempotent).
|
|
|
|
|
ip route add default via "${cfg.defaultGateway}" ${
|
|
|
|
|
optionalString (cfg.defaultGatewayWindowSize != null)
|
|
|
|
|
"window ${cfg.defaultGatewayWindowSize}"} || true
|
|
|
|
|
''}
|
2014-12-18 02:54:06 +01:00
|
|
|
|
${optionalString (cfg.defaultGateway6 != null && cfg.defaultGateway6 != "") ''
|
|
|
|
|
# FIXME: get rid of "|| true" (necessary to make it idempotent).
|
|
|
|
|
ip -6 route add ::/0 via "${cfg.defaultGateway6}" ${
|
|
|
|
|
optionalString (cfg.defaultGatewayWindowSize != null)
|
|
|
|
|
"window ${cfg.defaultGatewayWindowSize}"} || true
|
|
|
|
|
''}
|
2014-11-20 11:37:48 +01:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2014-11-24 21:06:07 +01:00
|
|
|
|
# For each interface <foo>, create a job ‘network-addresses-<foo>.service"
|
|
|
|
|
# that performs static address configuration. It has a "wants"
|
2014-11-20 11:37:48 +01:00
|
|
|
|
# dependency on ‘<foo>.service’, which is supposed to create
|
|
|
|
|
# the interface and need not exist (i.e. for hardware
|
|
|
|
|
# interfaces). It has a binds-to dependency on the actual
|
|
|
|
|
# network device, so it only gets started after the interface
|
|
|
|
|
# has appeared, and it's stopped when the interface
|
|
|
|
|
# disappears.
|
2014-11-24 21:06:07 +01:00
|
|
|
|
configureAddrs = i:
|
2014-11-20 11:37:48 +01:00
|
|
|
|
let
|
|
|
|
|
ips = interfaceIps i;
|
|
|
|
|
in
|
2014-11-24 21:06:07 +01:00
|
|
|
|
nameValuePair "network-addresses-${i.name}"
|
|
|
|
|
{ description = "Addresss configuration of ${i.name}";
|
2014-11-20 11:37:48 +01:00
|
|
|
|
wantedBy = [ "network-interfaces.target" ];
|
2014-11-24 21:06:07 +01:00
|
|
|
|
before = [ "network-interfaces.target" ];
|
2014-11-20 11:37:48 +01:00
|
|
|
|
bindsTo = [ (subsystemDevice i.name) ];
|
2014-12-02 02:19:06 +01:00
|
|
|
|
after = [ (subsystemDevice i.name) "network-pre.target" ];
|
2014-11-20 11:37:48 +01:00
|
|
|
|
serviceConfig.Type = "oneshot";
|
|
|
|
|
serviceConfig.RemainAfterExit = true;
|
2014-11-26 20:19:31 +01:00
|
|
|
|
path = [ pkgs.iproute ];
|
2014-11-20 11:37:48 +01:00
|
|
|
|
script =
|
|
|
|
|
''
|
|
|
|
|
echo "bringing up interface..."
|
|
|
|
|
ip link set "${i.name}" up
|
|
|
|
|
|
2014-11-24 21:06:07 +01:00
|
|
|
|
restart_network_interfaces=false
|
|
|
|
|
'' + flip concatMapStrings (ips) (ip:
|
2014-11-20 11:37:48 +01:00
|
|
|
|
let
|
|
|
|
|
address = "${ip.address}/${toString ip.prefixLength}";
|
|
|
|
|
in
|
|
|
|
|
''
|
|
|
|
|
echo "checking ip ${address}..."
|
2014-11-24 21:06:07 +01:00
|
|
|
|
if out=$(ip addr add "${address}" dev "${i.name}" 2>&1); then
|
|
|
|
|
echo "added ip ${address}..."
|
|
|
|
|
restart_network_setup=true
|
|
|
|
|
elif ! echo "$out" | grep "File exists" >/dev/null 2>&1; then
|
|
|
|
|
echo "failed to add ${address}"
|
|
|
|
|
exit 1
|
2014-11-20 11:37:48 +01:00
|
|
|
|
fi
|
|
|
|
|
'')
|
|
|
|
|
+ optionalString (ips != [ ])
|
|
|
|
|
''
|
2014-11-23 07:22:09 +01:00
|
|
|
|
if [ "$restart_network_setup" = "true" ]; then
|
2014-11-20 11:37:48 +01:00
|
|
|
|
# Ensure that the default gateway remains set.
|
|
|
|
|
# (Flushing this interface may have removed it.)
|
|
|
|
|
${config.systemd.package}/bin/systemctl try-restart --no-block network-setup.service
|
|
|
|
|
fi
|
|
|
|
|
${config.systemd.package}/bin/systemctl start ip-up.target
|
|
|
|
|
'';
|
|
|
|
|
preStop =
|
|
|
|
|
''
|
|
|
|
|
echo "releasing configured ip's..."
|
2014-11-24 21:06:07 +01:00
|
|
|
|
'' + flip concatMapStrings (ips) (ip:
|
2014-11-20 11:37:48 +01:00
|
|
|
|
let
|
|
|
|
|
address = "${ip.address}/${toString ip.prefixLength}";
|
|
|
|
|
in
|
|
|
|
|
''
|
|
|
|
|
echo -n "Deleting ${address}..."
|
|
|
|
|
ip addr del "${address}" dev "${i.name}" >/dev/null 2>&1 || echo -n " Failed"
|
|
|
|
|
echo ""
|
|
|
|
|
'');
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
createTunDevice = i: nameValuePair "${i.name}-netdev"
|
|
|
|
|
{ description = "Virtual Network Interface ${i.name}";
|
|
|
|
|
requires = [ "dev-net-tun.device" ];
|
2014-12-02 02:19:06 +01:00
|
|
|
|
after = [ "dev-net-tun.device" "network-pre.target" ];
|
2014-11-20 11:37:48 +01:00
|
|
|
|
wantedBy = [ "network.target" (subsystemDevice i.name) ];
|
2014-11-30 07:43:54 +01:00
|
|
|
|
before = [ "network-interfaces.target" (subsystemDevice i.name) ];
|
2014-11-20 11:37:48 +01:00
|
|
|
|
path = [ pkgs.iproute ];
|
|
|
|
|
serviceConfig = {
|
|
|
|
|
Type = "oneshot";
|
|
|
|
|
RemainAfterExit = true;
|
|
|
|
|
};
|
|
|
|
|
script = ''
|
|
|
|
|
ip tuntap add dev "${i.name}" \
|
|
|
|
|
${optionalString (i.virtualType != null) "mode ${i.virtualType}"} \
|
|
|
|
|
user "${i.virtualOwner}"
|
|
|
|
|
'';
|
|
|
|
|
postStop = ''
|
|
|
|
|
ip link del ${i.name}
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
createBridgeDevice = n: v: nameValuePair "${n}-netdev"
|
|
|
|
|
(let
|
|
|
|
|
deps = map subsystemDevice v.interfaces;
|
|
|
|
|
in
|
|
|
|
|
{ description = "Bridge Interface ${n}";
|
|
|
|
|
wantedBy = [ "network.target" (subsystemDevice n) ];
|
2015-01-07 23:34:15 +01:00
|
|
|
|
bindsTo = deps ++ optional v.rstp "mstpd.service";
|
|
|
|
|
partOf = optional v.rstp "mstpd.service";
|
|
|
|
|
after = [ "network-pre.target" "mstpd.service" ] ++ deps
|
2014-12-02 02:19:06 +01:00
|
|
|
|
++ concatMap (i: [ "network-addresses-${i}.service" "network-link-${i}.service" ]) v.interfaces;
|
2014-11-30 07:43:54 +01:00
|
|
|
|
before = [ "network-interfaces.target" (subsystemDevice n) ];
|
2014-11-20 11:37:48 +01:00
|
|
|
|
serviceConfig.Type = "oneshot";
|
|
|
|
|
serviceConfig.RemainAfterExit = true;
|
2015-01-14 01:10:39 +01:00
|
|
|
|
path = [ pkgs.iproute ];
|
2014-11-25 10:53:37 +01:00
|
|
|
|
script = ''
|
|
|
|
|
# Remove Dead Interfaces
|
|
|
|
|
echo "Removing old bridge ${n}..."
|
|
|
|
|
ip link show "${n}" >/dev/null 2>&1 && ip link del "${n}"
|
2014-11-20 11:37:48 +01:00
|
|
|
|
|
2014-11-25 10:53:37 +01:00
|
|
|
|
echo "Adding bridge ${n}..."
|
|
|
|
|
ip link add name "${n}" type bridge
|
2014-11-20 11:37:48 +01:00
|
|
|
|
|
2014-11-25 10:53:37 +01:00
|
|
|
|
# Enslave child interfaces
|
|
|
|
|
${flip concatMapStrings v.interfaces (i: ''
|
|
|
|
|
ip link set "${i}" master "${n}"
|
|
|
|
|
ip link set "${i}" up
|
|
|
|
|
'')}
|
2014-11-20 11:37:48 +01:00
|
|
|
|
|
2015-01-14 01:10:39 +01:00
|
|
|
|
# Enable stp on the interface
|
2015-01-07 23:34:15 +01:00
|
|
|
|
${optionalString v.rstp ''
|
2015-01-14 01:10:39 +01:00
|
|
|
|
echo 2 >/sys/class/net/${n}/bridge/stp_state
|
2015-01-07 23:34:15 +01:00
|
|
|
|
''}
|
|
|
|
|
|
2014-11-25 10:53:37 +01:00
|
|
|
|
ip link set "${n}" up
|
|
|
|
|
'';
|
|
|
|
|
postStop = ''
|
|
|
|
|
ip link set "${n}" down || true
|
|
|
|
|
ip link del "${n}" || true
|
|
|
|
|
'';
|
2014-11-20 11:37:48 +01:00
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
createBondDevice = n: v: nameValuePair "${n}-netdev"
|
|
|
|
|
(let
|
|
|
|
|
deps = map subsystemDevice v.interfaces;
|
|
|
|
|
in
|
|
|
|
|
{ description = "Bond Interface ${n}";
|
|
|
|
|
wantedBy = [ "network.target" (subsystemDevice n) ];
|
|
|
|
|
bindsTo = deps;
|
2014-12-02 02:19:06 +01:00
|
|
|
|
after = [ "network-pre.target" ] ++ deps
|
|
|
|
|
++ concatMap (i: [ "network-addresses-${i}.service" "network-link-${i}.service" ]) v.interfaces;
|
2014-11-30 07:43:54 +01:00
|
|
|
|
before = [ "network-interfaces.target" (subsystemDevice n) ];
|
2014-11-20 11:37:48 +01:00
|
|
|
|
serviceConfig.Type = "oneshot";
|
|
|
|
|
serviceConfig.RemainAfterExit = true;
|
2014-11-28 07:53:50 +01:00
|
|
|
|
path = [ pkgs.iproute pkgs.gawk ];
|
2014-11-20 11:37:48 +01:00
|
|
|
|
script = ''
|
2014-11-25 10:53:37 +01:00
|
|
|
|
echo "Destroying old bond ${n}..."
|
|
|
|
|
${destroyBond n}
|
2014-11-20 11:37:48 +01:00
|
|
|
|
|
2014-11-25 10:53:37 +01:00
|
|
|
|
echo "Creating new bond ${n}..."
|
|
|
|
|
ip link add name "${n}" type bond \
|
|
|
|
|
${optionalString (v.mode != null) "mode ${toString v.mode}"} \
|
|
|
|
|
${optionalString (v.miimon != null) "miimon ${toString v.miimon}"} \
|
|
|
|
|
${optionalString (v.xmit_hash_policy != null) "xmit_hash_policy ${toString v.xmit_hash_policy}"} \
|
|
|
|
|
${optionalString (v.lacp_rate != null) "lacp_rate ${toString v.lacp_rate}"}
|
2014-11-20 11:37:48 +01:00
|
|
|
|
|
2014-11-25 10:53:37 +01:00
|
|
|
|
# !!! There must be a better way to wait for the interface
|
|
|
|
|
while [ ! -d "/sys/class/net/${n}" ]; do sleep 0.1; done;
|
2014-11-20 11:37:48 +01:00
|
|
|
|
|
|
|
|
|
# Bring up the bond and enslave the specified interfaces
|
|
|
|
|
ip link set "${n}" up
|
|
|
|
|
${flip concatMapStrings v.interfaces (i: ''
|
2014-11-30 07:34:50 +01:00
|
|
|
|
ip link set "${i}" down
|
2014-11-25 10:53:37 +01:00
|
|
|
|
ip link set "${i}" master "${n}"
|
2014-11-20 11:37:48 +01:00
|
|
|
|
'')}
|
|
|
|
|
'';
|
2014-11-25 10:53:37 +01:00
|
|
|
|
postStop = destroyBond n;
|
2014-11-20 11:37:48 +01:00
|
|
|
|
});
|
|
|
|
|
|
2014-11-27 00:42:32 +01:00
|
|
|
|
createMacvlanDevice = n: v: nameValuePair "${n}-netdev"
|
|
|
|
|
(let
|
|
|
|
|
deps = [ (subsystemDevice v.interface) ];
|
|
|
|
|
in
|
|
|
|
|
{ description = "Vlan Interface ${n}";
|
|
|
|
|
wantedBy = [ "network.target" (subsystemDevice n) ];
|
|
|
|
|
bindsTo = deps;
|
2014-12-02 02:19:06 +01:00
|
|
|
|
after = [ "network-pre.target" ] ++ deps;
|
2014-11-30 07:43:54 +01:00
|
|
|
|
before = [ "network-interfaces.target" (subsystemDevice n) ];
|
2014-11-27 00:42:32 +01:00
|
|
|
|
serviceConfig.Type = "oneshot";
|
|
|
|
|
serviceConfig.RemainAfterExit = true;
|
|
|
|
|
path = [ pkgs.iproute ];
|
|
|
|
|
script = ''
|
|
|
|
|
# Remove Dead Interfaces
|
|
|
|
|
ip link show "${n}" >/dev/null 2>&1 && ip link delete "${n}"
|
|
|
|
|
ip link add link "${v.interface}" name "${n}" type macvlan \
|
|
|
|
|
${optionalString (v.mode != null) "mode ${v.mode}"}
|
|
|
|
|
ip link set "${n}" up
|
|
|
|
|
'';
|
|
|
|
|
postStop = ''
|
|
|
|
|
ip link delete "${n}"
|
|
|
|
|
'';
|
|
|
|
|
});
|
|
|
|
|
|
2014-11-20 11:37:48 +01:00
|
|
|
|
createSitDevice = n: v: nameValuePair "${n}-netdev"
|
|
|
|
|
(let
|
|
|
|
|
deps = optional (v.dev != null) (subsystemDevice v.dev);
|
|
|
|
|
in
|
|
|
|
|
{ description = "6-to-4 Tunnel Interface ${n}";
|
|
|
|
|
wantedBy = [ "network.target" (subsystemDevice n) ];
|
|
|
|
|
bindsTo = deps;
|
2014-12-02 02:19:06 +01:00
|
|
|
|
after = [ "network-pre.target" ] ++ deps;
|
2014-11-30 07:43:54 +01:00
|
|
|
|
before = [ "network-interfaces.target" (subsystemDevice n) ];
|
2014-11-20 11:37:48 +01:00
|
|
|
|
serviceConfig.Type = "oneshot";
|
|
|
|
|
serviceConfig.RemainAfterExit = true;
|
|
|
|
|
path = [ pkgs.iproute ];
|
|
|
|
|
script = ''
|
|
|
|
|
# Remove Dead Interfaces
|
|
|
|
|
ip link show "${n}" >/dev/null 2>&1 && ip link delete "${n}"
|
|
|
|
|
ip link add name "${n}" type sit \
|
|
|
|
|
${optionalString (v.remote != null) "remote \"${v.remote}\""} \
|
|
|
|
|
${optionalString (v.local != null) "local \"${v.local}\""} \
|
|
|
|
|
${optionalString (v.ttl != null) "ttl ${toString v.ttl}"} \
|
|
|
|
|
${optionalString (v.dev != null) "dev \"${v.dev}\""}
|
|
|
|
|
ip link set "${n}" up
|
|
|
|
|
'';
|
|
|
|
|
postStop = ''
|
|
|
|
|
ip link delete "${n}"
|
|
|
|
|
'';
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
createVlanDevice = n: v: nameValuePair "${n}-netdev"
|
|
|
|
|
(let
|
|
|
|
|
deps = [ (subsystemDevice v.interface) ];
|
|
|
|
|
in
|
|
|
|
|
{ description = "Vlan Interface ${n}";
|
|
|
|
|
wantedBy = [ "network.target" (subsystemDevice n) ];
|
|
|
|
|
bindsTo = deps;
|
2014-12-02 02:19:06 +01:00
|
|
|
|
after = [ "network-pre.target" ] ++ deps;
|
2014-11-30 07:43:54 +01:00
|
|
|
|
before = [ "network-interfaces.target" (subsystemDevice n) ];
|
2014-11-20 11:37:48 +01:00
|
|
|
|
serviceConfig.Type = "oneshot";
|
|
|
|
|
serviceConfig.RemainAfterExit = true;
|
|
|
|
|
path = [ pkgs.iproute ];
|
|
|
|
|
script = ''
|
|
|
|
|
# Remove Dead Interfaces
|
|
|
|
|
ip link show "${n}" >/dev/null 2>&1 && ip link delete "${n}"
|
|
|
|
|
ip link add link "${v.interface}" name "${n}" type vlan id "${toString v.id}"
|
|
|
|
|
ip link set "${n}" up
|
|
|
|
|
'';
|
|
|
|
|
postStop = ''
|
|
|
|
|
ip link delete "${n}"
|
|
|
|
|
'';
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
in listToAttrs (
|
2014-11-24 21:06:07 +01:00
|
|
|
|
map configureAddrs interfaces ++
|
2014-11-20 11:37:48 +01:00
|
|
|
|
map createTunDevice (filter (i: i.virtual) interfaces))
|
|
|
|
|
// mapAttrs' createBridgeDevice cfg.bridges
|
|
|
|
|
// mapAttrs' createBondDevice cfg.bonds
|
2014-11-27 00:42:32 +01:00
|
|
|
|
// mapAttrs' createMacvlanDevice cfg.macvlans
|
2014-11-20 11:37:48 +01:00
|
|
|
|
// mapAttrs' createSitDevice cfg.sits
|
|
|
|
|
// mapAttrs' createVlanDevice cfg.vlans
|
|
|
|
|
// {
|
|
|
|
|
"network-setup" = networkSetup;
|
|
|
|
|
"network-local-commands" = networkLocalCommands;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
services.udev.extraRules =
|
|
|
|
|
''
|
|
|
|
|
KERNEL=="tun", TAG+="systemd"
|
|
|
|
|
'';
|
|
|
|
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
}
|