diff options
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/services/networking/dhcpcd.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/security/hologram-agent.nix | 7 | ||||
-rw-r--r-- | nixos/modules/tasks/network-interfaces-scripted.nix | 77 | ||||
-rw-r--r-- | nixos/modules/tasks/network-interfaces-systemd.nix | 10 | ||||
-rw-r--r-- | nixos/modules/tasks/network-interfaces.nix | 138 | ||||
-rw-r--r-- | nixos/modules/virtualisation/virtualbox-host.nix | 2 |
6 files changed, 142 insertions, 94 deletions
diff --git a/nixos/modules/services/networking/dhcpcd.nix b/nixos/modules/services/networking/dhcpcd.nix index d283c7624335..d10b72ecf058 100644 --- a/nixos/modules/services/networking/dhcpcd.nix +++ b/nixos/modules/services/networking/dhcpcd.nix @@ -16,7 +16,7 @@ let # Don't start dhcpcd on explicitly configured interfaces or on # interfaces that are part of a bridge, bond or sit device. ignoredInterfaces = - map (i: i.name) (filter (i: if i.useDHCP != null then !i.useDHCP else i.ip4 != [ ] || i.ipAddress != null) interfaces) + map (i: i.name) (filter (i: if i.useDHCP != null then !i.useDHCP else i.ipv4.addresses != [ ]) interfaces) ++ mapAttrsToList (i: _: i) config.networking.sits ++ concatLists (attrValues (mapAttrs (n: v: v.interfaces) config.networking.bridges)) ++ concatLists (attrValues (mapAttrs (n: v: v.interfaces) config.networking.vswitches)) diff --git a/nixos/modules/services/security/hologram-agent.nix b/nixos/modules/services/security/hologram-agent.nix index 6c53a2df6306..39ed506f7617 100644 --- a/nixos/modules/services/security/hologram-agent.nix +++ b/nixos/modules/services/security/hologram-agent.nix @@ -35,10 +35,9 @@ in { config = mkIf cfg.enable { boot.kernelModules = [ "dummy" ]; - networking.interfaces.dummy0 = { - ipAddress = "169.254.169.254"; - prefixLength = 32; - }; + networking.interfaces.dummy0.ipv4.addresses = [ + { address = "169.254.169.254"; prefixLength = 32; } + ]; systemd.services.hologram-agent = { description = "Provide EC2 instance credentials to machines outside of EC2"; diff --git a/nixos/modules/tasks/network-interfaces-scripted.nix b/nixos/modules/tasks/network-interfaces-scripted.nix index 63d07832d105..66732ce7732e 100644 --- a/nixos/modules/tasks/network-interfaces-scripted.nix +++ b/nixos/modules/tasks/network-interfaces-scripted.nix @@ -20,14 +20,8 @@ let "sys-subsystem-net-devices-${escapeSystemdPath interface}.device"; interfaceIps = i: - i.ip4 ++ optionals cfg.enableIPv6 i.ip6 - ++ optional (i.ipAddress != null) { - address = i.ipAddress; - prefixLength = i.prefixLength; - } ++ optional (cfg.enableIPv6 && i.ipv6Address != null) { - address = i.ipv6Address; - prefixLength = i.ipv6PrefixLength; - }; + i.ipv4.addresses + ++ optionals cfg.enableIPv6 i.ipv6.addresses; destroyBond = i: '' while true; do @@ -185,33 +179,58 @@ let path = [ pkgs.iproute ]; script = '' - # FIXME: shouldn't this be done in network-link? - echo "bringing up interface..." - ip link set "${i.name}" up - state="/run/nixos/network/addresses/${i.name}" + mkdir -p $(dirname "$state") + ${flip concatMapStrings ips (ip: + let + cidr = "${ip.address}/${toString ip.prefixLength}"; + in + '' + echo "${cidr}" >> $state + echo -n "adding address ${cidr}... " + if out=$(ip addr add "${cidr}" dev "${i.name}" 2>&1); then + echo "done" + elif ! echo "$out" | grep "File exists" >/dev/null 2>&1; then + echo "failed" + exit 1 + fi + '' + )} + + state="/run/nixos/network/routes/${i.name}" mkdir -p $(dirname "$state") - '' + flip concatMapStrings (ips) (ip: - let - address = "${ip.address}/${toString ip.prefixLength}"; - in - '' - echo "${address}" >> $state - if out=$(ip addr add "${address}" dev "${i.name}" 2>&1); then - echo "added ip ${address}" - elif ! echo "$out" | grep "File exists" >/dev/null 2>&1; then - echo "failed to add ${address}" - exit 1 - fi - ''); + ${flip concatMapStrings (i.ipv4.routes ++ i.ipv6.routes) (route: + let + cidr = "${route.address}/${toString route.prefixLength}"; + via = optionalString (route.via != null) ''via "${route.via}"''; + options = concatStrings (mapAttrsToList (name: val: "${name} ${val} ") route.options); + in + '' + echo "${cidr}" >> $state + echo -n "adding route ${cidr}... " + if out=$(ip route add "${cidr}" ${options} ${via} dev "${i.name}" 2>&1); then + echo "done" + elif ! echo "$out" | grep "File exists" >/dev/null 2>&1; then + echo "failed" + exit 1 + fi + '' + )} + ''; preStop = '' + state="/run/nixos/network/routes/${i.name}" + while read cidr; do + echo -n "deleting route $cidr... " + ip route del "$cidr" dev "${i.name}" >/dev/null 2>&1 && echo "done" || echo "failed" + done < "$state" + rm -f "$state" + state="/run/nixos/network/addresses/${i.name}" - while read address; do - echo -n "deleting $address..." - ip addr del "$address" dev "${i.name}" >/dev/null 2>&1 || echo -n " Failed" - echo "" + while read cidr; do + echo -n "deleting address $cidr... " + ip addr del "$cidr" dev "${i.name}" >/dev/null 2>&1 && echo "done" || echo "failed" done < "$state" rm -f "$state" ''; diff --git a/nixos/modules/tasks/network-interfaces-systemd.nix b/nixos/modules/tasks/network-interfaces-systemd.nix index be7f52a76def..c640e886fca8 100644 --- a/nixos/modules/tasks/network-interfaces-systemd.nix +++ b/nixos/modules/tasks/network-interfaces-systemd.nix @@ -9,14 +9,8 @@ let interfaces = attrValues cfg.interfaces; interfaceIps = i: - i.ip4 ++ optionals cfg.enableIPv6 i.ip6 - ++ optional (i.ipAddress != null) { - address = i.ipAddress; - prefixLength = i.prefixLength; - } ++ optional (cfg.enableIPv6 && i.ipv6Address != null) { - address = i.ipv6Address; - prefixLength = i.ipv6PrefixLength; - }; + i.ipv4.addresses + ++ optionals cfg.enableIPv6 i.ipv6.addresses; dhcpStr = useDHCP: if useDHCP == true || useDHCP == null then "both" else "none"; diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix index f80c5045c07d..5036b701bd86 100644 --- a/nixos/modules/tasks/network-interfaces.nix +++ b/nixos/modules/tasks/network-interfaces.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, utils, stdenv, ... }: +{ config, options, lib, pkgs, utils, stdenv, ... }: with lib; with utils; @@ -101,7 +101,7 @@ let address = mkOption { type = types.str; description = '' - IPv${toString v} address of the interface. Leave empty to configure the + IPv${toString v} address of the interface. Leave empty to configure the interface using DHCP. ''; }; @@ -116,6 +116,40 @@ let }; }; + routeOpts = v: + { options = { + address = mkOption { + type = types.str; + description = "IPv${toString v} address of the network."; + }; + + prefixLength = mkOption { + type = types.addCheck types.int (n: n >= 0 && n <= (if v == 4 then 32 else 128)); + description = '' + Subnet mask of the network, specified as the number of + bits in the prefix (<literal>${if v == 4 then "24" else "64"}</literal>). + ''; + }; + + via = mkOption { + type = types.nullOr types.str; + default = null; + description = "IPv${toString v} address of the next hop."; + }; + + options = mkOption { + type = types.attrsOf types.str; + default = { }; + example = { mtu = "1492"; window = "524288"; }; + description = '' + Other route options. See the symbol <literal>OPTION</literal> + in the <literal>ip-route(8)</literal> manual page for the details. + ''; + }; + + }; + }; + gatewayCoerce = address: { inherit address; }; gatewayOpts = { ... }: { @@ -148,7 +182,6 @@ let interfaceOpts = { name, ... }: { options = { - name = mkOption { example = "eth0"; type = types.str; @@ -175,7 +208,7 @@ let ''; }; - ip4 = mkOption { + ipv4.addresses = mkOption { default = [ ]; example = [ { address = "10.0.0.1"; prefixLength = 16; } @@ -187,7 +220,7 @@ let ''; }; - ip6 = mkOption { + ipv6.addresses = mkOption { default = [ ]; example = [ { address = "fdfd:b3f0:482::1"; prefixLength = 48; } @@ -199,50 +232,27 @@ let ''; }; - ipAddress = mkOption { - default = null; - example = "10.0.0.1"; - type = types.nullOr types.str; - description = '' - IP address of the interface. Leave empty to configure the - interface using DHCP. - ''; - }; - - prefixLength = mkOption { - default = null; - example = 24; - type = types.nullOr types.int; - description = '' - Subnet mask of the interface, specified as the number of - bits in the prefix (<literal>24</literal>). - ''; - }; - - subnetMask = mkOption { - default = null; - description = '' - Defunct, supply the prefix length instead. - ''; - }; - - ipv6Address = mkOption { - default = null; - example = "2001:1470:fffd:2098::e006"; - type = types.nullOr types.str; + ipv4.routes = mkOption { + default = []; + example = [ + { address = "10.0.0.0"; prefixLength = 16; } + { address = "192.168.2.0"; prefixLength = 24; via = "192.168.1.1"; } + ]; + type = with types; listOf (submodule (routeOpts 4)); description = '' - IPv6 address of the interface. Leave empty to configure the - interface using NDP. + List of extra IPv4 static routes that will be assigned to the interface. ''; }; - ipv6PrefixLength = mkOption { - default = 64; - example = 64; - type = types.int; + ipv6.routes = mkOption { + default = []; + example = [ + { address = "fdfd:b3f0::"; prefixLength = 48; } + { address = "2001:1470:fffd:2098::"; prefixLength = 64; via = "fdfd:b3f0::1"; } + ]; + type = with types; listOf (submodule (routeOpts 6)); description = '' - Subnet mask of the interface, specified as the number of - bits in the prefix (<literal>64</literal>). + List of extra IPv6 static routes that will be assigned to the interface. ''; }; @@ -317,6 +327,32 @@ let name = mkDefault name; }; + # Renamed or removed options + imports = + let + defined = x: x != "_mkMergedOptionModule"; + in [ + (mkRenamedOptionModule [ "ip4" ] [ "ipv4" "addresses"]) + (mkRenamedOptionModule [ "ip6" ] [ "ipv6" "addresses"]) + (mkRemovedOptionModule [ "subnetMask" ] '' + Supply a prefix length instead; use option + networking.interfaces.<name>.ipv{4,6}.addresses'') + (mkMergedOptionModule + [ [ "ipAddress" ] [ "prefixLength" ] ] + [ "ipv4" "addresses" ] + (cfg: with cfg; + optional (defined ipAddress && defined prefixLength) + { address = ipAddress; prefixLength = prefixLength; })) + (mkMergedOptionModule + [ [ "ipv6Address" ] [ "ipv6PrefixLength" ] ] + [ "ipv6" "addresses" ] + (cfg: with cfg; + optional (defined ipv6Address && defined ipv6PrefixLength) + { address = ipv6Address; prefixLength = ipv6PrefixLength; })) + + ({ options.warnings = options.warnings; }) + ]; + }; hexChars = stringToCharacters "0123456789abcdef"; @@ -453,7 +489,7 @@ in networking.interfaces = mkOption { default = {}; example = - { eth0.ip4 = [ { + { eth0.ipv4 = [ { address = "131.211.84.78"; prefixLength = 25; } ]; @@ -932,13 +968,10 @@ in config = { + warnings = concatMap (i: i.warnings) interfaces; + assertions = (flip map interfaces (i: { - assertion = i.subnetMask == null; - message = '' - The networking.interfaces."${i.name}".subnetMask option is defunct. Use prefixLength instead. - ''; - })) ++ (flip map interfaces (i: { # With the linux kernel, interface name length is limited by IFNAMSIZ # to 16 bytes, including the trailing null byte. # See include/linux/if.h in the kernel sources @@ -947,7 +980,7 @@ in The name of networking.interfaces."${i.name}" is too long, it needs to be less than 16 characters. ''; })) ++ (flip map slaveIfs (i: { - assertion = i.ip4 == [ ] && i.ipAddress == null && i.ip6 == [ ] && i.ipv6Address == null; + assertion = i.ipv4.addresses == [ ] && i.ipv6.addresses == [ ]; message = '' The networking.interfaces."${i.name}" must not have any defined ips when it is a slave. ''; @@ -1089,6 +1122,9 @@ in '' + optionalString (i.mtu != null) '' echo "setting MTU to ${toString i.mtu}..." ip link set "${i.name}" mtu "${toString i.mtu}" + '' + '' + echo -n "bringing up interface... " + ip link set "${i.name}" up && echo "done" || (echo "failed"; exit 1) ''; }))); diff --git a/nixos/modules/virtualisation/virtualbox-host.nix b/nixos/modules/virtualisation/virtualbox-host.nix index bb0c38bd4eb8..91a46ac852b2 100644 --- a/nixos/modules/virtualisation/virtualbox-host.nix +++ b/nixos/modules/virtualisation/virtualbox-host.nix @@ -124,7 +124,7 @@ in ''; }; - networking.interfaces.vboxnet0.ip4 = [ { address = "192.168.56.1"; prefixLength = 24; } ]; + networking.interfaces.vboxnet0.ipv4.addresses = { address = "192.168.56.1"; prefixLength = 24; }; # Make sure NetworkManager won't assume this interface being up # means we have internet access. networking.networkmanager.unmanaged = ["vboxnet0"]; |