diff options
-rw-r--r-- | nixos/modules/tasks/network-interfaces.nix | 67 |
1 files changed, 40 insertions, 27 deletions
diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix index 2adb4bcfabab..ca7a5ab77add 100644 --- a/nixos/modules/tasks/network-interfaces.nix +++ b/nixos/modules/tasks/network-interfaces.nix @@ -138,8 +138,6 @@ let Whether this interface is virtual and should be created by tunctl. This is mainly useful for creating bridges between a host a virtual network such as VPN or a virtual machine. - - Defaults to tap device, unless interface contains "tun" in its name. ''; }; @@ -151,6 +149,15 @@ let ''; }; + virtualType = mkOption { + default = null; + type = types.nullOr (types.addCheck types.str (v: v == "tun" || v == "tap")); + description = '' + The explicit type of interface to create. Accepts tun or tap strings. + Also accepts null to implicitly detect the type of device. + ''; + }; + proxyARP = mkOption { default = false; type = types.bool; @@ -673,22 +680,28 @@ in ''); }; - createTunDevice = i: nameValuePair "${i.name}" + createTunDevice = i: nameValuePair "${i.name}-netdev" { description = "Virtual Network Interface ${i.name}"; requires = [ "dev-net-tun.device" ]; after = [ "dev-net-tun.device" ]; - wantedBy = [ "network.target" ]; - requiredBy = [ "sys-subsystem-net-devices-${i.name}.device" ]; - serviceConfig = - { Type = "oneshot"; - RemainAfterExit = true; - ExecStart = "${pkgs.tunctl}/bin/tunctl -t '${i.name}' -u '${i.virtualOwner}'"; - ExecStop = "${pkgs.tunctl}/bin/tunctl -d '${i.name}'"; - }; + wantedBy = [ "network.target" "sys-subsystem-net-devices-${i.name}.device" ]; + path = [ pkgs.iproute ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = '' + ip tuntap add dev "${i.name}" \ + ${optionalString (i.virtualType != null) "mode ${i.virtualType}"} \ + user "${i.virtualOwner}" + ''; + postStop = '' + ip link del ${i.name} + ''; }; - createBridgeDevice = n: v: - let + createBridgeDevice = n: v: nameValuePair "${n}-netdev" + (let deps = map (i: "sys-subsystem-net-devices-${i}.device") v.interfaces; in { description = "Bridge Interface ${n}"; @@ -725,10 +738,10 @@ in ip link set "${n}" down brctl delbr "${n}" ''; - }; + }); - createBondDevice = n: v: - let + createBondDevice = n: v: nameValuePair "${n}-netdev" + (let deps = map (i: "sys-subsystem-net-devices-${i}.device") v.interfaces; in { description = "Bond Interface ${n}"; @@ -764,10 +777,10 @@ in ifenslave -d "${n}" ip link delete "${n}" ''; - }; + }); - createSitDevice = n: v: - let + createSitDevice = n: v: nameValuePair "${n}-netdev" + (let deps = optional (v.dev != null) "sys-subsystem-net-devices-${v.dev}.device"; in { description = "6-to-4 Tunnel Interface ${n}"; @@ -790,10 +803,10 @@ in postStop = '' ip link delete "${n}" ''; - }; + }); - createVlanDevice = n: v: - let + createVlanDevice = n: v: nameValuePair "${n}-netdev" + (let deps = [ "sys-subsystem-net-devices-${v.interface}.device" ]; in { description = "Vlan Interface ${n}"; @@ -812,15 +825,15 @@ in postStop = '' ip link delete "${n}" ''; - }; + }); in listToAttrs ( map configureInterface interfaces ++ map createTunDevice (filter (i: i.virtual) interfaces)) - // mapAttrs createBridgeDevice cfg.bridges - // mapAttrs createBondDevice cfg.bonds - // mapAttrs createSitDevice cfg.sits - // mapAttrs createVlanDevice cfg.vlans + // mapAttrs' createBridgeDevice cfg.bridges + // mapAttrs' createBondDevice cfg.bonds + // mapAttrs' createSitDevice cfg.sits + // mapAttrs' createVlanDevice cfg.vlans // { "network-setup" = networkSetup; }; # Set the host and domain names in the activation script. Don't |