2014-08-29 00:27:20 +02:00
|
|
|
|
{ config, lib, pkgs, utils, ... }:
|
2009-03-06 13:27:38 +01:00
|
|
|
|
|
2014-04-14 16:26:48 +02:00
|
|
|
|
with lib;
|
2014-08-29 00:27:20 +02:00
|
|
|
|
with utils;
|
2007-02-12 17:00:55 +01:00
|
|
|
|
|
2009-10-12 19:27:57 +02:00
|
|
|
|
let
|
2009-05-28 18:03:48 +02:00
|
|
|
|
|
2009-07-16 19:18:54 +02:00
|
|
|
|
cfg = config.networking;
|
2012-11-02 17:08:11 +01:00
|
|
|
|
interfaces = attrValues cfg.interfaces;
|
|
|
|
|
hasVirtuals = any (i: i.virtual) interfaces;
|
2014-06-26 07:13:21 +02:00
|
|
|
|
hasSits = cfg.sits != { };
|
2013-12-30 10:14:41 +01:00
|
|
|
|
hasBonds = cfg.bonds != { };
|
2012-11-02 17:08:11 +01:00
|
|
|
|
|
2014-08-29 00:27:20 +02:00
|
|
|
|
# We must escape interfaces due to the systemd interpretation
|
|
|
|
|
subsystemDevice = interface:
|
|
|
|
|
"sys-subsystem-net-devices-${escapeSystemdPath interface}.device";
|
|
|
|
|
|
2014-08-31 18:46:16 +02:00
|
|
|
|
addrOpts = v:
|
|
|
|
|
assert v == 4 || v == 6;
|
|
|
|
|
{
|
|
|
|
|
address = mkOption {
|
|
|
|
|
type = types.str;
|
|
|
|
|
description = ''
|
|
|
|
|
IPv${toString v} address of the interface. Leave empty to configure the
|
|
|
|
|
interface using DHCP.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
prefixLength = mkOption {
|
|
|
|
|
type = types.addCheck types.int (n: n >= 0 && n <= (if v == 4 then 32 else 128));
|
|
|
|
|
description = ''
|
|
|
|
|
Subnet mask of the interface, specified as the number of
|
|
|
|
|
bits in the prefix (<literal>${if v == 4 then "24" else "64"}</literal>).
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2012-11-02 17:08:11 +01:00
|
|
|
|
interfaceOpts = { name, ... }: {
|
|
|
|
|
|
|
|
|
|
options = {
|
|
|
|
|
|
|
|
|
|
name = mkOption {
|
|
|
|
|
example = "eth0";
|
2013-10-30 11:02:04 +01:00
|
|
|
|
type = types.str;
|
2012-11-02 17:08:11 +01:00
|
|
|
|
description = "Name of the interface.";
|
|
|
|
|
};
|
|
|
|
|
|
2014-08-31 18:46:16 +02:00
|
|
|
|
ip4 = mkOption {
|
|
|
|
|
default = [ ];
|
|
|
|
|
example = [
|
|
|
|
|
{ address = "10.0.0.1"; prefixLength = 16; }
|
|
|
|
|
{ address = "192.168.1.1"; prefixLength = 24; }
|
|
|
|
|
];
|
|
|
|
|
type = types.listOf types.optionSet;
|
|
|
|
|
options = addrOpts 4;
|
|
|
|
|
description = ''
|
|
|
|
|
List of IPv4 addresses that will be statically assigned to the interface.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
ip6 = mkOption {
|
|
|
|
|
default = [ ];
|
|
|
|
|
example = [
|
|
|
|
|
{ address = "fdfd:b3f0:482::1"; prefixLength = 48; }
|
|
|
|
|
{ address = "2001:1470:fffd:2098::e006"; prefixLength = 64; }
|
|
|
|
|
];
|
|
|
|
|
type = types.listOf types.optionSet;
|
|
|
|
|
options = addrOpts 6;
|
|
|
|
|
description = ''
|
|
|
|
|
List of IPv6 addresses that will be statically assigned to the interface.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2012-11-02 17:08:11 +01:00
|
|
|
|
ipAddress = mkOption {
|
|
|
|
|
default = null;
|
2014-08-30 17:00:10 +02:00
|
|
|
|
example = "10.0.0.1";
|
2014-08-31 18:46:16 +02:00
|
|
|
|
type = types.nullOr types.str;
|
2012-11-02 17:08:11 +01:00
|
|
|
|
description = ''
|
2014-08-30 17:00:10 +02:00
|
|
|
|
IP address of the interface. Leave empty to configure the
|
|
|
|
|
interface using DHCP.
|
2012-11-02 17:08:11 +01:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
prefixLength = mkOption {
|
|
|
|
|
default = null;
|
2014-08-30 17:00:10 +02:00
|
|
|
|
example = 24;
|
|
|
|
|
type = types.nullOr types.int;
|
2012-11-02 17:08:11 +01:00
|
|
|
|
description = ''
|
2014-08-30 17:00:10 +02:00
|
|
|
|
Subnet mask of the interface, specified as the number of
|
|
|
|
|
bits in the prefix (<literal>24</literal>).
|
2012-11-02 17:08:11 +01:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
subnetMask = mkOption {
|
2014-08-31 18:46:16 +02:00
|
|
|
|
default = null;
|
2012-11-02 17:08:11 +01:00
|
|
|
|
description = ''
|
2014-08-31 18:46:16 +02:00
|
|
|
|
Defunct, supply the prefix length instead.
|
2012-11-02 17:08:11 +01:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2013-11-07 11:32:15 +01:00
|
|
|
|
ipv6Address = mkOption {
|
|
|
|
|
default = null;
|
2014-08-30 17:00:10 +02:00
|
|
|
|
example = "2001:1470:fffd:2098::e006";
|
2014-08-31 18:46:16 +02:00
|
|
|
|
type = types.nullOr types.str;
|
2013-11-07 11:32:15 +01:00
|
|
|
|
description = ''
|
2014-08-30 17:00:10 +02:00
|
|
|
|
IPv6 address of the interface. Leave empty to configure the
|
|
|
|
|
interface using NDP.
|
2013-11-07 11:32:15 +01:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2014-09-05 02:47:26 +02:00
|
|
|
|
ipv6PrefixLength = mkOption {
|
2014-08-30 17:00:10 +02:00
|
|
|
|
default = 64;
|
|
|
|
|
example = 64;
|
|
|
|
|
type = types.int;
|
2013-11-07 11:32:15 +01:00
|
|
|
|
description = ''
|
2014-08-30 17:00:10 +02:00
|
|
|
|
Subnet mask of the interface, specified as the number of
|
|
|
|
|
bits in the prefix (<literal>64</literal>).
|
2013-11-07 11:32:15 +01:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2012-11-02 17:08:11 +01:00
|
|
|
|
macAddress = mkOption {
|
|
|
|
|
default = null;
|
|
|
|
|
example = "00:11:22:33:44:55";
|
2013-10-30 11:02:04 +01:00
|
|
|
|
type = types.nullOr (types.str);
|
2012-11-02 17:08:11 +01:00
|
|
|
|
description = ''
|
|
|
|
|
MAC address of the interface. Leave empty to use the default.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2013-12-30 03:58:59 +01:00
|
|
|
|
mtu = mkOption {
|
|
|
|
|
default = null;
|
|
|
|
|
example = 9000;
|
|
|
|
|
type = types.nullOr types.int;
|
|
|
|
|
description = ''
|
|
|
|
|
MTU size for packets leaving the interface. Leave empty to use the default.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2012-11-02 17:08:11 +01:00
|
|
|
|
virtual = mkOption {
|
|
|
|
|
default = false;
|
|
|
|
|
type = types.bool;
|
|
|
|
|
description = ''
|
|
|
|
|
Whether this interface is virtual and should be created by tunctl.
|
|
|
|
|
This is mainly useful for creating bridges between a host a virtual
|
|
|
|
|
network such as VPN or a virtual machine.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
virtualOwner = mkOption {
|
|
|
|
|
default = "root";
|
2013-10-30 11:02:04 +01:00
|
|
|
|
type = types.str;
|
2012-11-02 17:08:11 +01:00
|
|
|
|
description = ''
|
|
|
|
|
In case of a virtual device, the user who owns it.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2014-08-24 03:38:29 +02:00
|
|
|
|
virtualType = mkOption {
|
|
|
|
|
default = null;
|
|
|
|
|
type = types.nullOr (types.addCheck types.str (v: v == "tun" || v == "tap"));
|
|
|
|
|
description = ''
|
|
|
|
|
The explicit type of interface to create. Accepts tun or tap strings.
|
|
|
|
|
Also accepts null to implicitly detect the type of device.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2012-11-02 17:08:11 +01:00
|
|
|
|
proxyARP = mkOption {
|
|
|
|
|
default = false;
|
|
|
|
|
type = types.bool;
|
|
|
|
|
description = ''
|
|
|
|
|
Turn on proxy_arp for this device (and proxy_ndp for ipv6).
|
|
|
|
|
This is mainly useful for creating pseudo-bridges between a real
|
|
|
|
|
interface and a virtual network such as VPN or a virtual machine for
|
|
|
|
|
interfaces that don't support real bridging (most wlan interfaces).
|
|
|
|
|
As ARP proxying acts slightly above the link-layer, below-ip traffic
|
|
|
|
|
isn't bridged, so things like DHCP won't work. The advantage above
|
|
|
|
|
using NAT lies in the fact that no IP addresses are shared, so all
|
|
|
|
|
hosts are reachable/routeable.
|
|
|
|
|
|
|
|
|
|
WARNING: turns on ip-routing, so if you have multiple interfaces, you
|
|
|
|
|
should think of the consequence and setup firewall rules to limit this.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
config = {
|
|
|
|
|
name = mkDefault name;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
};
|
2009-07-16 19:18:54 +02:00
|
|
|
|
|
2011-09-14 20:20:50 +02:00
|
|
|
|
in
|
2009-07-16 19:18:54 +02:00
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
###### interface
|
2009-05-28 18:03:48 +02:00
|
|
|
|
|
|
|
|
|
options = {
|
|
|
|
|
|
|
|
|
|
networking.hostName = mkOption {
|
|
|
|
|
default = "nixos";
|
2009-07-16 19:18:54 +02:00
|
|
|
|
description = ''
|
2009-05-28 18:03:48 +02:00
|
|
|
|
The name of the machine. Leave it empty if you want to obtain
|
|
|
|
|
it from a DHCP server (if using DHCP).
|
2009-07-16 19:18:54 +02:00
|
|
|
|
'';
|
2009-05-28 18:03:48 +02:00
|
|
|
|
};
|
|
|
|
|
|
2011-02-19 18:21:29 +01:00
|
|
|
|
networking.enableIPv6 = mkOption {
|
|
|
|
|
default = true;
|
2009-07-16 19:18:54 +02:00
|
|
|
|
description = ''
|
2011-02-19 18:21:29 +01:00
|
|
|
|
Whether to enable support for IPv6.
|
2009-07-16 19:18:54 +02:00
|
|
|
|
'';
|
2009-05-28 18:03:48 +02:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
networking.defaultGateway = mkOption {
|
|
|
|
|
default = "";
|
|
|
|
|
example = "131.211.84.1";
|
2009-07-16 19:18:54 +02:00
|
|
|
|
description = ''
|
2009-05-28 18:03:48 +02:00
|
|
|
|
The default gateway. It can be left empty if it is auto-detected through DHCP.
|
2009-07-16 19:18:54 +02:00
|
|
|
|
'';
|
2009-05-28 18:03:48 +02:00
|
|
|
|
};
|
|
|
|
|
|
2013-01-06 22:31:13 +01:00
|
|
|
|
networking.defaultGatewayWindowSize = mkOption {
|
2013-01-06 23:20:48 +01:00
|
|
|
|
default = null;
|
|
|
|
|
example = 524288;
|
|
|
|
|
type = types.nullOr types.int;
|
2013-01-06 22:31:13 +01:00
|
|
|
|
description = ''
|
|
|
|
|
The window size of the default gateway. It limits maximal data bursts that TCP peers
|
|
|
|
|
are allowed to send to us.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2009-05-28 18:03:48 +02:00
|
|
|
|
networking.nameservers = mkOption {
|
|
|
|
|
default = [];
|
|
|
|
|
example = ["130.161.158.4" "130.161.33.17"];
|
2009-07-16 19:18:54 +02:00
|
|
|
|
description = ''
|
2009-05-28 18:03:48 +02:00
|
|
|
|
The list of nameservers. It can be left empty if it is auto-detected through DHCP.
|
2009-07-16 19:18:54 +02:00
|
|
|
|
'';
|
2009-05-28 18:03:48 +02:00
|
|
|
|
};
|
|
|
|
|
|
2014-04-25 00:46:12 +02:00
|
|
|
|
networking.search = mkOption {
|
|
|
|
|
default = [];
|
|
|
|
|
example = [ "example.com" "local.domain" ];
|
|
|
|
|
type = types.listOf types.str;
|
|
|
|
|
description = ''
|
|
|
|
|
The list of search paths used when resolving domain names.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2009-05-28 18:03:48 +02:00
|
|
|
|
networking.domain = mkOption {
|
|
|
|
|
default = "";
|
|
|
|
|
example = "home";
|
2009-07-16 19:18:54 +02:00
|
|
|
|
description = ''
|
2009-05-28 18:03:48 +02:00
|
|
|
|
The domain. It can be left empty if it is auto-detected through DHCP.
|
2009-07-16 19:18:54 +02:00
|
|
|
|
'';
|
2009-05-28 18:03:48 +02:00
|
|
|
|
};
|
|
|
|
|
|
2014-04-18 16:40:27 +02:00
|
|
|
|
networking.useHostResolvConf = mkOption {
|
|
|
|
|
type = types.bool;
|
|
|
|
|
default = false;
|
|
|
|
|
description = ''
|
|
|
|
|
In containers, whether to use the
|
|
|
|
|
<filename>resolv.conf</filename> supplied by the host.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2009-05-28 18:03:48 +02:00
|
|
|
|
networking.localCommands = mkOption {
|
|
|
|
|
default = "";
|
|
|
|
|
example = "text=anything; echo You can put $text here.";
|
2009-07-16 19:18:54 +02:00
|
|
|
|
description = ''
|
2009-05-28 18:03:48 +02:00
|
|
|
|
Shell commands to be executed at the end of the
|
2013-04-11 14:23:35 +02:00
|
|
|
|
<literal>network-setup</literal> systemd service. Note that if
|
2009-05-28 18:03:48 +02:00
|
|
|
|
you are using DHCP to obtain the network configuration,
|
|
|
|
|
interfaces may not be fully configured yet.
|
2009-07-16 19:18:54 +02:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
networking.interfaces = mkOption {
|
2012-11-02 17:08:11 +01:00
|
|
|
|
default = {};
|
|
|
|
|
example =
|
2014-08-31 18:46:16 +02:00
|
|
|
|
{ eth0.ip4 = [ {
|
|
|
|
|
address = "131.211.84.78";
|
|
|
|
|
prefixLength = 25;
|
|
|
|
|
} ];
|
2012-11-02 17:08:11 +01:00
|
|
|
|
};
|
2009-07-16 19:18:54 +02:00
|
|
|
|
description = ''
|
|
|
|
|
The configuration for each network interface. If
|
|
|
|
|
<option>networking.useDHCP</option> is true, then every
|
|
|
|
|
interface not listed here will be configured using DHCP.
|
|
|
|
|
'';
|
2012-11-02 17:08:11 +01:00
|
|
|
|
type = types.loaOf types.optionSet;
|
|
|
|
|
options = [ interfaceOpts ];
|
2010-05-21 16:12:03 +02:00
|
|
|
|
};
|
2011-09-14 20:20:50 +02:00
|
|
|
|
|
2011-03-15 16:13:48 +01:00
|
|
|
|
networking.bridges = mkOption {
|
|
|
|
|
default = { };
|
|
|
|
|
example =
|
|
|
|
|
{ br0.interfaces = [ "eth0" "eth1" ];
|
|
|
|
|
br1.interfaces = [ "eth2" "wlan0" ];
|
|
|
|
|
};
|
|
|
|
|
description =
|
|
|
|
|
''
|
|
|
|
|
This option allows you to define Ethernet bridge devices
|
|
|
|
|
that connect physical networks together. The value of this
|
|
|
|
|
option is an attribute set. Each attribute specifies a
|
|
|
|
|
bridge, with the attribute name specifying the name of the
|
|
|
|
|
bridge's network interface.
|
|
|
|
|
'';
|
|
|
|
|
|
|
|
|
|
type = types.attrsOf types.optionSet;
|
|
|
|
|
|
|
|
|
|
options = {
|
|
|
|
|
|
|
|
|
|
interfaces = mkOption {
|
|
|
|
|
example = [ "eth0" "eth1" ];
|
|
|
|
|
type = types.listOf types.string;
|
|
|
|
|
description =
|
|
|
|
|
"The physical network interfaces connected by the bridge.";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
};
|
2011-09-14 20:20:50 +02:00
|
|
|
|
|
2011-03-15 16:13:48 +01:00
|
|
|
|
};
|
|
|
|
|
|
2013-12-30 10:14:41 +01:00
|
|
|
|
networking.bonds = mkOption {
|
|
|
|
|
default = { };
|
|
|
|
|
example = {
|
|
|
|
|
bond0 = {
|
|
|
|
|
interfaces = [ "eth0" "wlan0" ];
|
|
|
|
|
miimon = 100;
|
|
|
|
|
mode = "active-backup";
|
|
|
|
|
};
|
|
|
|
|
fatpipe.interfaces = [ "enp4s0f0" "enp4s0f1" "enp5s0f0" "enp5s0f1" ];
|
|
|
|
|
};
|
|
|
|
|
description = ''
|
|
|
|
|
This option allows you to define bond devices that aggregate multiple,
|
|
|
|
|
underlying networking interfaces together. The value of this option is
|
|
|
|
|
an attribute set. Each attribute specifies a bond, with the attribute
|
|
|
|
|
name specifying the name of the bond's network interface
|
|
|
|
|
'';
|
|
|
|
|
|
|
|
|
|
type = types.attrsOf types.optionSet;
|
|
|
|
|
|
|
|
|
|
options = {
|
|
|
|
|
|
|
|
|
|
interfaces = mkOption {
|
|
|
|
|
example = [ "enp4s0f0" "enp4s0f1" "wlan0" ];
|
2014-10-05 02:57:51 +02:00
|
|
|
|
type = types.listOf types.str;
|
2013-12-30 10:14:41 +01:00
|
|
|
|
description = "The interfaces to bond together";
|
|
|
|
|
};
|
|
|
|
|
|
2014-10-05 02:57:51 +02:00
|
|
|
|
lacp_rate = mkOption {
|
|
|
|
|
default = null;
|
|
|
|
|
example = "fast";
|
|
|
|
|
type = types.nullOr types.str;
|
|
|
|
|
description = ''
|
|
|
|
|
Option specifying the rate in which we'll ask our link partner
|
|
|
|
|
to transmit LACPDU packets in 802.3ad mode.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2013-12-30 10:14:41 +01:00
|
|
|
|
miimon = mkOption {
|
|
|
|
|
default = null;
|
|
|
|
|
example = 100;
|
|
|
|
|
type = types.nullOr types.int;
|
|
|
|
|
description = ''
|
|
|
|
|
Miimon is the number of millisecond in between each round of polling
|
|
|
|
|
by the device driver for failed links. By default polling is not
|
|
|
|
|
enabled and the driver is trusted to properly detect and handle
|
|
|
|
|
failure scenarios.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
mode = mkOption {
|
|
|
|
|
default = null;
|
|
|
|
|
example = "active-backup";
|
2014-10-05 02:57:51 +02:00
|
|
|
|
type = types.nullOr types.str;
|
2013-12-30 10:14:41 +01:00
|
|
|
|
description = ''
|
|
|
|
|
The mode which the bond will be running. The default mode for
|
|
|
|
|
the bonding driver is balance-rr, optimizing for throughput.
|
|
|
|
|
More information about valid modes can be found at
|
|
|
|
|
https://www.kernel.org/doc/Documentation/networking/bonding.txt
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2014-10-05 02:57:51 +02:00
|
|
|
|
xmit_hash_policy = mkOption {
|
|
|
|
|
default = null;
|
|
|
|
|
example = "layer2+3";
|
|
|
|
|
type = types.nullOr types.str;
|
|
|
|
|
description = ''
|
|
|
|
|
Selects the transmit hash policy to use for slave selection in
|
|
|
|
|
balance-xor, 802.3ad, and tlb modes.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2013-12-30 10:14:41 +01:00
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2014-06-26 07:13:21 +02:00
|
|
|
|
networking.sits = mkOption {
|
|
|
|
|
type = types.attrsOf types.optionSet;
|
|
|
|
|
default = { };
|
|
|
|
|
example = {
|
|
|
|
|
hurricane = {
|
|
|
|
|
remote = "10.0.0.1";
|
|
|
|
|
local = "10.0.0.22";
|
|
|
|
|
ttl = 255;
|
|
|
|
|
};
|
|
|
|
|
msipv6 = {
|
|
|
|
|
remote = "192.168.0.1";
|
|
|
|
|
dev = "enp3s0";
|
|
|
|
|
ttl = 127;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
description = ''
|
|
|
|
|
This option allows you to define 6-to-4 interfaces which should be automatically created.
|
|
|
|
|
'';
|
|
|
|
|
options = {
|
|
|
|
|
|
|
|
|
|
remote = mkOption {
|
|
|
|
|
type = types.nullOr types.str;
|
|
|
|
|
default = null;
|
|
|
|
|
example = "10.0.0.1";
|
|
|
|
|
description = ''
|
|
|
|
|
The address of the remote endpoint to forward traffic over.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
local = mkOption {
|
|
|
|
|
type = types.nullOr types.str;
|
|
|
|
|
default = null;
|
|
|
|
|
example = "10.0.0.22";
|
|
|
|
|
description = ''
|
|
|
|
|
The address of the local endpoint which the remote
|
|
|
|
|
side should send packets to.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
ttl = mkOption {
|
|
|
|
|
type = types.nullOr types.int;
|
|
|
|
|
default = null;
|
|
|
|
|
example = 255;
|
|
|
|
|
description = ''
|
|
|
|
|
The time-to-live of the connection to the remote tunnel endpoint.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
dev = mkOption {
|
|
|
|
|
type = types.nullOr types.str;
|
|
|
|
|
default = null;
|
|
|
|
|
example = "enp4s0f0";
|
|
|
|
|
description = ''
|
|
|
|
|
The underlying network device on which the tunnel resides.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2013-12-30 04:52:30 +01:00
|
|
|
|
networking.vlans = mkOption {
|
|
|
|
|
default = { };
|
|
|
|
|
example = {
|
|
|
|
|
vlan0 = {
|
|
|
|
|
id = 3;
|
|
|
|
|
interface = "enp3s0";
|
|
|
|
|
};
|
|
|
|
|
vlan1 = {
|
|
|
|
|
id = 1;
|
|
|
|
|
interface = "wlan0";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
description =
|
|
|
|
|
''
|
|
|
|
|
This option allows you to define vlan devices that tag packets
|
|
|
|
|
on top of a physical interface. The value of this option is an
|
|
|
|
|
attribute set. Each attribute specifies a vlan, with the name
|
|
|
|
|
specifying the name of the vlan interface.
|
|
|
|
|
'';
|
|
|
|
|
|
|
|
|
|
type = types.attrsOf types.optionSet;
|
|
|
|
|
|
|
|
|
|
options = {
|
|
|
|
|
|
|
|
|
|
id = mkOption {
|
|
|
|
|
example = 1;
|
|
|
|
|
type = types.int;
|
|
|
|
|
description = "The vlan identifier";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
interface = mkOption {
|
|
|
|
|
example = "enp4s0";
|
|
|
|
|
type = types.string;
|
|
|
|
|
description = "The interface the vlan will transmit packets through.";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2012-02-20 15:29:21 +01:00
|
|
|
|
networking.useDHCP = mkOption {
|
2013-10-28 16:14:15 +01:00
|
|
|
|
type = types.bool;
|
2012-02-20 15:29:21 +01:00
|
|
|
|
default = true;
|
|
|
|
|
description = ''
|
2013-08-10 23:07:13 +02:00
|
|
|
|
Whether to use DHCP to obtain an IP address and other
|
2012-02-20 15:29:21 +01:00
|
|
|
|
configuration for all network interfaces that are not manually
|
|
|
|
|
configured.
|
|
|
|
|
'';
|
|
|
|
|
};
|
2013-02-11 16:01:01 +01:00
|
|
|
|
|
2009-05-28 18:03:48 +02:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
2009-07-16 19:18:54 +02:00
|
|
|
|
###### implementation
|
2009-05-28 18:03:48 +02:00
|
|
|
|
|
2009-07-16 19:18:54 +02:00
|
|
|
|
config = {
|
2009-03-06 13:27:38 +01:00
|
|
|
|
|
2014-08-31 18:46:16 +02:00
|
|
|
|
assertions =
|
|
|
|
|
flip map interfaces (i: {
|
|
|
|
|
assertion = i.subnetMask == null;
|
|
|
|
|
message = "The networking.interfaces.${i.name}.subnetMask option is defunct. Use prefixLength instead.";
|
|
|
|
|
});
|
|
|
|
|
|
2013-12-30 10:14:41 +01:00
|
|
|
|
boot.kernelModules = [ ]
|
|
|
|
|
++ optional cfg.enableIPv6 "ipv6"
|
|
|
|
|
++ optional hasVirtuals "tun"
|
2014-06-26 07:13:21 +02:00
|
|
|
|
++ optional hasSits "sit"
|
2013-12-30 10:14:41 +01:00
|
|
|
|
++ optional hasBonds "bonding";
|
|
|
|
|
|
|
|
|
|
boot.extraModprobeConfig =
|
|
|
|
|
# This setting is intentional as it prevents default bond devices
|
|
|
|
|
# from being created.
|
|
|
|
|
optionalString hasBonds "options bonding max_bonds=0";
|
2011-02-19 18:21:29 +01:00
|
|
|
|
|
2009-09-29 17:43:52 +02:00
|
|
|
|
environment.systemPackages =
|
|
|
|
|
[ pkgs.host
|
|
|
|
|
pkgs.iproute
|
2010-06-04 16:00:56 +02:00
|
|
|
|
pkgs.iputils
|
2009-09-29 17:43:52 +02:00
|
|
|
|
pkgs.nettools
|
|
|
|
|
pkgs.wirelesstools
|
2013-06-02 14:27:39 +02:00
|
|
|
|
pkgs.iw
|
2010-04-21 13:37:52 +02:00
|
|
|
|
pkgs.rfkill
|
2012-02-20 01:00:50 +01:00
|
|
|
|
pkgs.openresolv
|
2011-09-14 20:20:50 +02:00
|
|
|
|
]
|
2011-03-24 17:23:28 +01:00
|
|
|
|
++ optional (cfg.bridges != {}) pkgs.bridge_utils
|
2012-08-29 22:15:04 +02:00
|
|
|
|
++ optional hasVirtuals pkgs.tunctl
|
2011-03-24 17:23:28 +01:00
|
|
|
|
++ optional cfg.enableIPv6 pkgs.ndisc6;
|
2010-06-02 23:10:48 +02:00
|
|
|
|
|
|
|
|
|
security.setuidPrograms = [ "ping" "ping6" ];
|
2011-09-14 20:20:50 +02:00
|
|
|
|
|
2013-01-16 12:33:18 +01:00
|
|
|
|
systemd.targets."network-interfaces" =
|
2012-10-11 22:18:48 +02:00
|
|
|
|
{ description = "All Network Interfaces";
|
2012-08-15 21:38:52 +02:00
|
|
|
|
wantedBy = [ "network.target" ];
|
2013-01-07 16:03:35 +01:00
|
|
|
|
unitConfig.X-StopOnReconfiguration = true;
|
2010-09-13 17:41:38 +02:00
|
|
|
|
};
|
|
|
|
|
|
2013-01-16 12:33:18 +01:00
|
|
|
|
systemd.services =
|
2012-10-10 23:55:42 +02:00
|
|
|
|
let
|
|
|
|
|
|
2012-10-11 22:18:48 +02:00
|
|
|
|
networkSetup =
|
|
|
|
|
{ description = "Networking Setup";
|
|
|
|
|
|
|
|
|
|
after = [ "network-interfaces.target" ];
|
|
|
|
|
before = [ "network.target" ];
|
|
|
|
|
wantedBy = [ "network.target" ];
|
|
|
|
|
|
2013-11-26 18:17:12 +01:00
|
|
|
|
unitConfig.ConditionCapability = "CAP_NET_ADMIN";
|
|
|
|
|
|
2012-10-11 22:18:48 +02:00
|
|
|
|
path = [ pkgs.iproute ];
|
|
|
|
|
|
|
|
|
|
serviceConfig.Type = "oneshot";
|
|
|
|
|
serviceConfig.RemainAfterExit = true;
|
|
|
|
|
|
|
|
|
|
script =
|
|
|
|
|
''
|
|
|
|
|
# Set the static DNS configuration, if given.
|
2013-04-21 20:02:26 +02:00
|
|
|
|
${pkgs.openresolv}/sbin/resolvconf -m 1 -a static <<EOF
|
2012-10-11 22:18:48 +02:00
|
|
|
|
${optionalString (cfg.nameservers != [] && cfg.domain != "") ''
|
|
|
|
|
domain ${cfg.domain}
|
|
|
|
|
''}
|
2014-04-25 00:46:12 +02:00
|
|
|
|
${optionalString (cfg.search != []) ("search " + concatStringsSep " " cfg.search)}
|
2012-10-11 22:18:48 +02:00
|
|
|
|
${flip concatMapStrings cfg.nameservers (ns: ''
|
|
|
|
|
nameserver ${ns}
|
|
|
|
|
'')}
|
|
|
|
|
EOF
|
|
|
|
|
|
2012-10-19 21:41:01 +02:00
|
|
|
|
# Disable or enable IPv6.
|
2013-12-13 10:24:50 +01:00
|
|
|
|
${optionalString (!config.boot.isContainer) ''
|
|
|
|
|
if [ -e /proc/sys/net/ipv6/conf/all/disable_ipv6 ]; then
|
|
|
|
|
echo ${if cfg.enableIPv6 then "0" else "1"} > /proc/sys/net/ipv6/conf/all/disable_ipv6
|
|
|
|
|
fi
|
|
|
|
|
''}
|
2012-10-19 21:41:01 +02:00
|
|
|
|
|
2012-10-11 22:18:48 +02:00
|
|
|
|
# Set the default gateway.
|
|
|
|
|
${optionalString (cfg.defaultGateway != "") ''
|
|
|
|
|
# FIXME: get rid of "|| true" (necessary to make it idempotent).
|
2013-01-06 23:20:48 +01:00
|
|
|
|
ip route add default via "${cfg.defaultGateway}" ${
|
|
|
|
|
optionalString (cfg.defaultGatewayWindowSize != null)
|
|
|
|
|
"window ${cfg.defaultGatewayWindowSize}"} || true
|
2012-10-11 22:18:48 +02:00
|
|
|
|
''}
|
|
|
|
|
|
|
|
|
|
# Turn on forwarding if any interface has enabled proxy_arp.
|
2012-11-02 17:08:11 +01:00
|
|
|
|
${optionalString (any (i: i.proxyARP) interfaces) ''
|
2012-10-11 22:18:48 +02:00
|
|
|
|
echo 1 > /proc/sys/net/ipv4/ip_forward
|
|
|
|
|
''}
|
|
|
|
|
|
|
|
|
|
# Run any user-specified commands.
|
|
|
|
|
${cfg.localCommands}
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2012-10-10 23:55:42 +02:00
|
|
|
|
# For each interface <foo>, create a job ‘<foo>-cfg.service"
|
|
|
|
|
# that performs static configuration. It has a "wants"
|
|
|
|
|
# dependency on ‘<foo>.service’, which is supposed to create
|
|
|
|
|
# the interface and need not exist (i.e. for hardware
|
|
|
|
|
# interfaces). It has a binds-to dependency on the actual
|
|
|
|
|
# network device, so it only gets started after the interface
|
|
|
|
|
# has appeared, and it's stopped when the interface
|
|
|
|
|
# disappears.
|
2014-08-31 18:46:16 +02:00
|
|
|
|
configureInterface = i:
|
|
|
|
|
let
|
|
|
|
|
ips = i.ip4 ++ optionals cfg.enableIPv6 i.ip6
|
|
|
|
|
++ optional (i.ipAddress != null) {
|
2014-08-31 18:47:18 +02:00
|
|
|
|
address = i.ipAddress;
|
2014-08-31 18:46:16 +02:00
|
|
|
|
prefixLength = i.prefixLength;
|
|
|
|
|
} ++ optional (cfg.enableIPv6 && i.ipv6Address != null) {
|
2014-08-31 18:47:18 +02:00
|
|
|
|
address = i.ipv6Address;
|
2014-08-31 18:46:16 +02:00
|
|
|
|
prefixLength = i.ipv6PrefixLength;
|
|
|
|
|
};
|
2014-08-30 17:00:10 +02:00
|
|
|
|
in
|
2014-08-31 18:46:16 +02:00
|
|
|
|
nameValuePair "${i.name}-cfg"
|
2012-10-10 23:55:42 +02:00
|
|
|
|
{ description = "Configuration of ${i.name}";
|
2012-10-11 22:18:48 +02:00
|
|
|
|
wantedBy = [ "network-interfaces.target" ];
|
2014-08-29 00:27:20 +02:00
|
|
|
|
bindsTo = [ (subsystemDevice i.name) ];
|
|
|
|
|
after = [ (subsystemDevice i.name) ];
|
2012-10-10 23:55:42 +02:00
|
|
|
|
serviceConfig.Type = "oneshot";
|
|
|
|
|
serviceConfig.RemainAfterExit = true;
|
2012-10-11 21:36:52 +02:00
|
|
|
|
path = [ pkgs.iproute pkgs.gawk ];
|
2012-10-10 23:55:42 +02:00
|
|
|
|
script =
|
|
|
|
|
''
|
|
|
|
|
echo "bringing up interface..."
|
|
|
|
|
ip link set "${i.name}" up
|
|
|
|
|
''
|
2012-11-02 17:08:11 +01:00
|
|
|
|
+ optionalString (i.macAddress != null)
|
2012-10-10 23:55:42 +02:00
|
|
|
|
''
|
|
|
|
|
echo "setting MAC address to ${i.macAddress}..."
|
|
|
|
|
ip link set "${i.name}" address "${i.macAddress}"
|
|
|
|
|
''
|
2013-12-30 03:58:59 +01:00
|
|
|
|
+ optionalString (i.mtu != null)
|
|
|
|
|
''
|
|
|
|
|
echo "setting MTU to ${toString i.mtu}..."
|
|
|
|
|
ip link set "${i.name}" mtu "${toString i.mtu}"
|
|
|
|
|
''
|
2014-08-31 18:46:16 +02:00
|
|
|
|
|
|
|
|
|
# Ip Setup
|
|
|
|
|
+
|
2012-10-10 23:55:42 +02:00
|
|
|
|
''
|
2014-08-31 18:46:16 +02:00
|
|
|
|
curIps=$(ip -o a show dev "${i.name}" | awk '{print $4}')
|
|
|
|
|
# Only do an add if it's necessary. This is
|
2012-10-11 21:36:52 +02:00
|
|
|
|
# useful when the Nix store is accessed via this
|
|
|
|
|
# interface (e.g. in a QEMU VM test).
|
2013-11-07 11:32:15 +01:00
|
|
|
|
''
|
2014-08-31 18:46:16 +02:00
|
|
|
|
+ flip concatMapStrings (ips) (ip:
|
|
|
|
|
let
|
|
|
|
|
address = "${ip.address}/${toString ip.prefixLength}";
|
|
|
|
|
in
|
2013-11-07 11:32:15 +01:00
|
|
|
|
''
|
2014-08-31 18:46:16 +02:00
|
|
|
|
echo "checking ip ${address}..."
|
|
|
|
|
if ! echo "$curIps" | grep "${address}" >/dev/null 2>&1; then
|
|
|
|
|
if out=$(ip addr add "${address}" dev "${i.name}" 2>&1); then
|
|
|
|
|
echo "added ip ${address}..."
|
|
|
|
|
restart_network_setup=true
|
|
|
|
|
elif ! echo "$out" | grep "File exists" >/dev/null 2>&1; then
|
|
|
|
|
echo "failed to add ${address}"
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
2013-11-07 11:32:15 +01:00
|
|
|
|
fi
|
2014-08-31 18:46:16 +02:00
|
|
|
|
'')
|
|
|
|
|
+ optionalString (ips != [ ])
|
2013-11-07 11:32:15 +01:00
|
|
|
|
''
|
|
|
|
|
if [ restart_network_setup = true ]; then
|
2013-01-07 15:04:19 +01:00
|
|
|
|
# Ensure that the default gateway remains set.
|
|
|
|
|
# (Flushing this interface may have removed it.)
|
2013-01-16 13:17:57 +01:00
|
|
|
|
${config.systemd.package}/bin/systemctl try-restart --no-block network-setup.service
|
2012-10-11 21:36:52 +02:00
|
|
|
|
fi
|
2013-01-16 13:17:57 +01:00
|
|
|
|
${config.systemd.package}/bin/systemctl start ip-up.target
|
2012-10-10 23:55:42 +02:00
|
|
|
|
''
|
|
|
|
|
+ optionalString i.proxyARP
|
|
|
|
|
''
|
|
|
|
|
echo 1 > /proc/sys/net/ipv4/conf/${i.name}/proxy_arp
|
|
|
|
|
''
|
|
|
|
|
+ optionalString (i.proxyARP && cfg.enableIPv6)
|
|
|
|
|
''
|
|
|
|
|
echo 1 > /proc/sys/net/ipv6/conf/${i.name}/proxy_ndp
|
|
|
|
|
'';
|
2014-08-31 18:46:16 +02:00
|
|
|
|
preStop =
|
|
|
|
|
''
|
|
|
|
|
echo "releasing configured ip's..."
|
|
|
|
|
''
|
|
|
|
|
+ flip concatMapStrings (ips) (ip:
|
|
|
|
|
let
|
|
|
|
|
address = "${ip.address}/${toString ip.prefixLength}";
|
|
|
|
|
in
|
|
|
|
|
''
|
|
|
|
|
echo -n "Deleting ${address}..."
|
|
|
|
|
ip addr del "${address}" dev "${i.name}" >/dev/null 2>&1 || echo -n " Failed"
|
|
|
|
|
echo ""
|
|
|
|
|
'');
|
|
|
|
|
};
|
2012-10-10 23:55:42 +02:00
|
|
|
|
|
2014-08-25 00:16:47 +02:00
|
|
|
|
createTunDevice = i: nameValuePair "${i.name}-netdev"
|
2012-10-10 23:55:42 +02:00
|
|
|
|
{ description = "Virtual Network Interface ${i.name}";
|
2012-10-11 23:59:41 +02:00
|
|
|
|
requires = [ "dev-net-tun.device" ];
|
|
|
|
|
after = [ "dev-net-tun.device" ];
|
2014-08-29 00:27:20 +02:00
|
|
|
|
wantedBy = [ "network.target" (subsystemDevice i.name) ];
|
2014-08-24 03:38:29 +02:00
|
|
|
|
path = [ pkgs.iproute ];
|
|
|
|
|
serviceConfig = {
|
|
|
|
|
Type = "oneshot";
|
|
|
|
|
RemainAfterExit = true;
|
|
|
|
|
};
|
|
|
|
|
script = ''
|
|
|
|
|
ip tuntap add dev "${i.name}" \
|
|
|
|
|
${optionalString (i.virtualType != null) "mode ${i.virtualType}"} \
|
|
|
|
|
user "${i.virtualOwner}"
|
|
|
|
|
'';
|
|
|
|
|
postStop = ''
|
|
|
|
|
ip link del ${i.name}
|
|
|
|
|
'';
|
2012-10-10 23:55:42 +02:00
|
|
|
|
};
|
|
|
|
|
|
2014-08-25 00:16:47 +02:00
|
|
|
|
createBridgeDevice = n: v: nameValuePair "${n}-netdev"
|
|
|
|
|
(let
|
2014-08-29 00:27:20 +02:00
|
|
|
|
deps = map subsystemDevice v.interfaces;
|
2012-10-10 23:55:42 +02:00
|
|
|
|
in
|
|
|
|
|
{ description = "Bridge Interface ${n}";
|
2014-08-29 00:27:20 +02:00
|
|
|
|
wantedBy = [ "network.target" (subsystemDevice n) ];
|
2012-10-10 23:55:42 +02:00
|
|
|
|
bindsTo = deps;
|
|
|
|
|
after = deps;
|
|
|
|
|
serviceConfig.Type = "oneshot";
|
|
|
|
|
serviceConfig.RemainAfterExit = true;
|
|
|
|
|
path = [ pkgs.bridge_utils pkgs.iproute ];
|
|
|
|
|
script =
|
|
|
|
|
''
|
2013-12-30 10:14:41 +01:00
|
|
|
|
# Remove Dead Interfaces
|
|
|
|
|
ip link show "${n}" >/dev/null 2>&1 && ip link delete "${n}"
|
|
|
|
|
|
2012-10-10 23:55:42 +02:00
|
|
|
|
brctl addbr "${n}"
|
|
|
|
|
|
|
|
|
|
# Set bridge's hello time to 0 to avoid startup delays.
|
|
|
|
|
brctl setfd "${n}" 0
|
|
|
|
|
|
|
|
|
|
${flip concatMapStrings v.interfaces (i: ''
|
|
|
|
|
brctl addif "${n}" "${i}"
|
2012-10-12 18:14:39 +02:00
|
|
|
|
ip link set "${i}" up
|
2012-10-10 23:55:42 +02:00
|
|
|
|
ip addr flush dev "${i}"
|
2013-03-02 10:24:46 +01:00
|
|
|
|
|
|
|
|
|
echo "bringing up network device ${n}..."
|
|
|
|
|
ip link set "${n}" up
|
2012-10-10 23:55:42 +02:00
|
|
|
|
'')}
|
|
|
|
|
|
|
|
|
|
# !!! Should delete (brctl delif) any interfaces that
|
|
|
|
|
# no longer belong to the bridge.
|
|
|
|
|
'';
|
|
|
|
|
postStop =
|
|
|
|
|
''
|
|
|
|
|
ip link set "${n}" down
|
|
|
|
|
brctl delbr "${n}"
|
|
|
|
|
'';
|
2014-08-25 00:16:47 +02:00
|
|
|
|
});
|
2012-10-10 23:55:42 +02:00
|
|
|
|
|
2014-08-25 00:16:47 +02:00
|
|
|
|
createBondDevice = n: v: nameValuePair "${n}-netdev"
|
|
|
|
|
(let
|
2014-08-29 00:27:20 +02:00
|
|
|
|
deps = map subsystemDevice v.interfaces;
|
2013-12-30 10:14:41 +01:00
|
|
|
|
in
|
|
|
|
|
{ description = "Bond Interface ${n}";
|
2014-08-29 00:27:20 +02:00
|
|
|
|
wantedBy = [ "network.target" (subsystemDevice n) ];
|
2013-12-30 10:14:41 +01:00
|
|
|
|
bindsTo = deps;
|
|
|
|
|
after = deps;
|
2014-10-08 08:06:35 +02:00
|
|
|
|
before = [ "${n}-cfg.service" ];
|
2013-12-30 10:14:41 +01:00
|
|
|
|
serviceConfig.Type = "oneshot";
|
|
|
|
|
serviceConfig.RemainAfterExit = true;
|
|
|
|
|
path = [ pkgs.ifenslave pkgs.iproute ];
|
|
|
|
|
script = ''
|
2014-09-26 09:43:12 +02:00
|
|
|
|
ip link add name "${n}" type bond
|
2013-12-30 10:14:41 +01:00
|
|
|
|
|
|
|
|
|
# !!! There must be a better way to wait for the interface
|
|
|
|
|
while [ ! -d /sys/class/net/${n} ]; do sleep 0.1; done;
|
|
|
|
|
|
2014-10-08 08:06:35 +02:00
|
|
|
|
# Ensure the link is down so that we can set options
|
|
|
|
|
ip link set "${n}" down
|
|
|
|
|
|
2013-12-30 10:14:41 +01:00
|
|
|
|
# Set the miimon and mode options
|
|
|
|
|
${optionalString (v.miimon != null)
|
2014-10-08 08:06:35 +02:00
|
|
|
|
"echo \"${toString v.miimon}\" >/sys/class/net/${n}/bonding/miimon"}
|
2013-12-30 10:14:41 +01:00
|
|
|
|
${optionalString (v.mode != null)
|
2014-10-08 08:06:35 +02:00
|
|
|
|
"echo \"${v.mode}\" >/sys/class/net/${n}/bonding/mode"}
|
2014-10-05 03:37:00 +02:00
|
|
|
|
${optionalString (v.lacp_rate != null)
|
2014-10-08 08:06:35 +02:00
|
|
|
|
"echo \"${v.lacp_rate}\" >/sys/class/net/${n}/bonding/lacp_rate"}
|
2014-10-05 02:57:51 +02:00
|
|
|
|
${optionalString (v.xmit_hash_policy != null)
|
2014-10-08 08:06:35 +02:00
|
|
|
|
"echo \"${v.xmit_hash_policy}\" >/sys/class/net/${n}/bonding/xmit_hash_policy"}
|
2013-12-30 10:14:41 +01:00
|
|
|
|
|
2014-10-05 03:37:00 +02:00
|
|
|
|
# Bring up the bond and enslave the specified interfaces
|
2013-12-30 10:14:41 +01:00
|
|
|
|
ip link set "${n}" up
|
|
|
|
|
${flip concatMapStrings v.interfaces (i: ''
|
|
|
|
|
ifenslave "${n}" "${i}"
|
|
|
|
|
'')}
|
|
|
|
|
'';
|
|
|
|
|
postStop = ''
|
2014-10-08 08:06:35 +02:00
|
|
|
|
${flip concatMapStrings v.interfaces (i: ''
|
|
|
|
|
ifenslave -d "${n}" "${i}" >/dev/null 2>&1 || true
|
|
|
|
|
'')}
|
|
|
|
|
ip link set "${n}" down >/dev/null 2>&1 || true
|
2014-10-05 03:37:00 +02:00
|
|
|
|
ip link del "${n}" >/dev/null 2>&1 || true
|
2013-12-30 10:14:41 +01:00
|
|
|
|
'';
|
2014-08-25 00:16:47 +02:00
|
|
|
|
});
|
2013-12-30 10:14:41 +01:00
|
|
|
|
|
2014-08-25 00:16:47 +02:00
|
|
|
|
createSitDevice = n: v: nameValuePair "${n}-netdev"
|
|
|
|
|
(let
|
2014-08-29 00:27:20 +02:00
|
|
|
|
deps = optional (v.dev != null) (subsystemDevice v.dev);
|
2014-06-26 07:13:21 +02:00
|
|
|
|
in
|
|
|
|
|
{ description = "6-to-4 Tunnel Interface ${n}";
|
2014-08-29 00:27:20 +02:00
|
|
|
|
wantedBy = [ "network.target" (subsystemDevice n) ];
|
2014-06-26 07:13:21 +02:00
|
|
|
|
bindsTo = deps;
|
|
|
|
|
after = deps;
|
|
|
|
|
serviceConfig.Type = "oneshot";
|
|
|
|
|
serviceConfig.RemainAfterExit = true;
|
|
|
|
|
path = [ pkgs.iproute ];
|
|
|
|
|
script = ''
|
|
|
|
|
# Remove Dead Interfaces
|
|
|
|
|
ip link show "${n}" >/dev/null 2>&1 && ip link delete "${n}"
|
2014-09-26 09:43:12 +02:00
|
|
|
|
ip link add name "${n}" type sit \
|
2014-06-26 07:13:21 +02:00
|
|
|
|
${optionalString (v.remote != null) "remote \"${v.remote}\""} \
|
|
|
|
|
${optionalString (v.local != null) "local \"${v.local}\""} \
|
|
|
|
|
${optionalString (v.ttl != null) "ttl ${toString v.ttl}"} \
|
|
|
|
|
${optionalString (v.dev != null) "dev \"${v.dev}\""}
|
|
|
|
|
ip link set "${n}" up
|
|
|
|
|
'';
|
|
|
|
|
postStop = ''
|
|
|
|
|
ip link delete "${n}"
|
|
|
|
|
'';
|
2014-08-25 00:16:47 +02:00
|
|
|
|
});
|
2014-06-26 07:13:21 +02:00
|
|
|
|
|
2014-08-25 00:16:47 +02:00
|
|
|
|
createVlanDevice = n: v: nameValuePair "${n}-netdev"
|
|
|
|
|
(let
|
2014-08-29 00:27:20 +02:00
|
|
|
|
deps = [ (subsystemDevice v.interface) ];
|
2013-12-30 04:52:30 +01:00
|
|
|
|
in
|
2013-12-30 10:14:41 +01:00
|
|
|
|
{ description = "Vlan Interface ${n}";
|
2014-08-29 00:27:20 +02:00
|
|
|
|
wantedBy = [ "network.target" (subsystemDevice n) ];
|
2013-12-30 04:52:30 +01:00
|
|
|
|
bindsTo = deps;
|
|
|
|
|
after = deps;
|
|
|
|
|
serviceConfig.Type = "oneshot";
|
|
|
|
|
serviceConfig.RemainAfterExit = true;
|
|
|
|
|
path = [ pkgs.iproute ];
|
|
|
|
|
script = ''
|
2013-12-30 10:14:41 +01:00
|
|
|
|
# Remove Dead Interfaces
|
|
|
|
|
ip link show "${n}" >/dev/null 2>&1 && ip link delete "${n}"
|
2014-09-26 09:43:12 +02:00
|
|
|
|
ip link add link "${v.interface}" name "${n}" type vlan id "${toString v.id}"
|
2013-12-30 04:52:30 +01:00
|
|
|
|
ip link set "${n}" up
|
|
|
|
|
'';
|
|
|
|
|
postStop = ''
|
|
|
|
|
ip link delete "${n}"
|
|
|
|
|
'';
|
2014-08-25 00:16:47 +02:00
|
|
|
|
});
|
2013-12-30 04:52:30 +01:00
|
|
|
|
|
2012-10-10 23:55:42 +02:00
|
|
|
|
in listToAttrs (
|
2012-11-02 17:08:11 +01:00
|
|
|
|
map configureInterface interfaces ++
|
|
|
|
|
map createTunDevice (filter (i: i.virtual) interfaces))
|
2014-08-25 00:16:47 +02:00
|
|
|
|
// mapAttrs' createBridgeDevice cfg.bridges
|
|
|
|
|
// mapAttrs' createBondDevice cfg.bonds
|
|
|
|
|
// mapAttrs' createSitDevice cfg.sits
|
|
|
|
|
// mapAttrs' createVlanDevice cfg.vlans
|
2012-10-11 22:18:48 +02:00
|
|
|
|
// { "network-setup" = networkSetup; };
|
2012-10-10 23:55:42 +02:00
|
|
|
|
|
2013-05-22 01:30:24 +02:00
|
|
|
|
# Set the host and domain names in the activation script. Don't
|
|
|
|
|
# clear it if it's not configured in the NixOS configuration,
|
2013-10-29 17:34:43 +01:00
|
|
|
|
# since it may have been set by dhcpcd in the meantime.
|
2010-09-13 17:41:38 +02:00
|
|
|
|
system.activationScripts.hostname =
|
2010-09-14 13:58:55 +02:00
|
|
|
|
optionalString (config.networking.hostName != "") ''
|
2010-09-13 17:41:38 +02:00
|
|
|
|
hostname "${config.networking.hostName}"
|
2010-09-14 13:58:55 +02:00
|
|
|
|
'';
|
2013-05-22 01:30:24 +02:00
|
|
|
|
system.activationScripts.domain =
|
|
|
|
|
optionalString (config.networking.domain != "") ''
|
|
|
|
|
domainname "${config.networking.domain}"
|
|
|
|
|
'';
|
2009-07-16 19:18:54 +02:00
|
|
|
|
|
2012-10-11 23:59:41 +02:00
|
|
|
|
services.udev.extraRules =
|
|
|
|
|
''
|
|
|
|
|
KERNEL=="tun", TAG+="systemd"
|
|
|
|
|
'';
|
|
|
|
|
|
2009-07-16 19:18:54 +02:00
|
|
|
|
};
|
2011-09-14 20:20:50 +02:00
|
|
|
|
|
2006-11-20 18:06:44 +01:00
|
|
|
|
}
|