nixos/dhcpcd: don't solicit or accept ipv6 router advertisements if use static addresses
This commit is contained in:
parent
83ba52e31a
commit
0e9cb9fcfd
3 changed files with 18 additions and 0 deletions
|
@ -377,6 +377,13 @@
|
|||
security.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>services.dhcpcd</literal> service now don’t solicit
|
||||
or accept IPv6 Router Advertisements on interfaces that use
|
||||
static IPv6 addresses.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The module <literal>services.headscale</literal> was
|
||||
|
|
|
@ -104,6 +104,8 @@ In addition to numerous new and upgraded packages, this release has the followin
|
|||
|
||||
- `services.chronyd` is now started with additional systemd sandbox/hardening options for better security.
|
||||
|
||||
- `services.dhcpcd` service now don't solicit or accept IPv6 Router Advertisements on interfaces that use static IPv6 addresses.
|
||||
|
||||
- The module `services.headscale` was refactored to be compliant with [RFC 0042](https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md). To be precise, this means that the following things have changed:
|
||||
|
||||
- Most settings has been migrated under [services.headscale.settings](#opt-services.headscale.settings) which is an attribute-set that
|
||||
|
|
|
@ -33,6 +33,13 @@ let
|
|||
(if !config.networking.useDHCP && enableDHCP then
|
||||
map (i: i.name) (filter (i: i.useDHCP == true) interfaces) else null);
|
||||
|
||||
staticIPv6Addresses = map (i: i.name) (filter (i: i.ipv6.addresses != [ ]) interfaces);
|
||||
|
||||
noIPv6rs = concatStringsSep "\n" (map (name: ''
|
||||
interface ${name}
|
||||
noipv6rs
|
||||
'') staticIPv6Addresses);
|
||||
|
||||
# Config file adapted from the one that ships with dhcpcd.
|
||||
dhcpcdConf = pkgs.writeText "dhcpcd.conf"
|
||||
''
|
||||
|
@ -75,6 +82,8 @@ let
|
|||
''}
|
||||
|
||||
${cfg.extraConfig}
|
||||
|
||||
${optionalString config.networking.enableIPv6 noIPv6rs}
|
||||
'';
|
||||
|
||||
exitHook = pkgs.writeText "dhcpcd.exit-hook"
|
||||
|
|
Loading…
Reference in a new issue