diff options
Diffstat (limited to 'nixpkgs/nixos/modules/tasks')
4 files changed, 109 insertions, 101 deletions
diff --git a/nixpkgs/nixos/modules/tasks/filesystems.nix b/nixpkgs/nixos/modules/tasks/filesystems.nix index 7cb2ca23fa41..91e30aa4c0af 100644 --- a/nixpkgs/nixos/modules/tasks/filesystems.nix +++ b/nixpkgs/nixos/modules/tasks/filesystems.nix @@ -187,9 +187,8 @@ let skipCheck = fs: fs.noCheck || fs.device == "none" || builtins.elem fs.fsType fsToSkipCheck || isBindMount fs; # https://wiki.archlinux.org/index.php/fstab#Filepath_spaces escape = string: builtins.replaceStrings [ " " "\t" ] [ "\\040" "\\011" ] string; - in fstabFileSystems: { rootPrefix ? "" }: concatMapStrings (fs: - (optionalString (isBindMount fs) (escape rootPrefix)) - + (if fs.device != null then escape fs.device + in fstabFileSystems: { }: concatMapStrings (fs: + (if fs.device != null then escape fs.device else if fs.label != null then "/dev/disk/by-label/${escape fs.label}" else throw "No device specified for mount point ‘${fs.mountPoint}’.") + " " + escape fs.mountPoint @@ -199,9 +198,7 @@ let + "\n" ) fstabFileSystems; - initrdFstab = pkgs.writeText "initrd-fstab" (makeFstabEntries (filter utils.fsNeededForBoot fileSystems) { - rootPrefix = "/sysroot"; - }); + initrdFstab = pkgs.writeText "initrd-fstab" (makeFstabEntries (filter utils.fsNeededForBoot fileSystems) { }); in diff --git a/nixpkgs/nixos/modules/tasks/network-interfaces-scripted.nix b/nixpkgs/nixos/modules/tasks/network-interfaces-scripted.nix index 24f0c37acf90..da4aa916d655 100644 --- a/nixpkgs/nixos/modules/tasks/network-interfaces-scripted.nix +++ b/nixpkgs/nixos/modules/tasks/network-interfaces-scripted.nix @@ -61,8 +61,6 @@ let MACAddress = i.macAddress; } // optionalAttrs (i.mtu != null) { MTUBytes = toString i.mtu; - } // optionalAttrs (i.wakeOnLan.enable == true) { - WakeOnLan = "magic"; }; }; in listToAttrs (map createNetworkLink interfaces); diff --git a/nixpkgs/nixos/modules/tasks/network-interfaces-systemd.nix b/nixpkgs/nixos/modules/tasks/network-interfaces-systemd.nix index dfa883a2c336..cee23eb24406 100644 --- a/nixpkgs/nixos/modules/tasks/network-interfaces-systemd.nix +++ b/nixpkgs/nixos/modules/tasks/network-interfaces-systemd.nix @@ -28,21 +28,20 @@ let # TODO: warn the user that any address configured on those interfaces will be useless ++ concatMap (i: attrNames (filterAttrs (_: config: config.type != "internal") i.interfaces)) (attrValues cfg.vswitches); - domains = cfg.search ++ (optional (cfg.domain != null) cfg.domain); - genericNetwork = override: - let gateway = optional (cfg.defaultGateway != null && (cfg.defaultGateway.address or "") != "") cfg.defaultGateway.address - ++ optional (cfg.defaultGateway6 != null && (cfg.defaultGateway6.address or "") != "") cfg.defaultGateway6.address; - makeGateway = gateway: { + defaultGateways = mkMerge (forEach [ cfg.defaultGateway cfg.defaultGateway6 ] (gateway: + optionalAttrs (gateway != null && gateway.interface != null) { + networks."40-${gateway.interface}" = { + matchConfig.Name = gateway.interface; + routes = [{ routeConfig = { - Gateway = gateway; - GatewayOnLink = false; + Gateway = gateway.address; + } // optionalAttrs (gateway.metric != null) { + Metric = gateway.metric; }; - }; - in optionalAttrs (gateway != [ ]) { - routes = override (map makeGateway gateway); - } // optionalAttrs (domains != [ ]) { - domains = override domains; - }; + }]; + }; + } + )); genericDhcpNetworks = initrd: mkIf cfg.useDHCP { networks."99-ethernet-default-dhcp" = { @@ -59,23 +58,14 @@ let # more likely to result in interfaces being configured to # use DHCP when they shouldn't. - # When wait-online.anyInterface is enabled, RequiredForOnline really - # means "sufficient for online", so we can enable it. - # Otherwise, don't block the network coming online because of default networks. matchConfig.Name = ["en*" "eth*"]; DHCP = "yes"; - linkConfig.RequiredForOnline = - lib.mkDefault (if initrd - then config.boot.initrd.systemd.network.wait-online.anyInterface - else config.systemd.network.wait-online.anyInterface); networkConfig.IPv6PrivacyExtensions = "kernel"; }; networks."99-wireless-client-dhcp" = { # Like above, but this is much more likely to be correct. matchConfig.WLANInterfaceType = "station"; DHCP = "yes"; - linkConfig.RequiredForOnline = - lib.mkDefault config.systemd.network.wait-online.anyInterface; networkConfig.IPv6PrivacyExtensions = "kernel"; # We also set the route metric to one more than the default # of 1024, so that Ethernet is preferred if both are @@ -98,10 +88,10 @@ let }; }; }); - networks."40-${i.name}" = mkMerge [ (genericNetwork id) { + networks."40-${i.name}" = { name = mkDefault i.name; DHCP = mkForce (dhcpStr - (if i.useDHCP != null then i.useDHCP else false)); + (if i.useDHCP != null then i.useDHCP else (config.networking.useDHCP && i.ipv4.addresses == [ ]))); address = forEach (interfaceIps i) (ip: "${ip.address}/${toString ip.prefixLength}"); routes = forEach (interfaceRoutes i) @@ -170,7 +160,34 @@ let } // optionalAttrs (i.mtu != null) { MTUBytes = toString i.mtu; }; - }]; + }; + })); + + bridgeNetworks = mkMerge (flip mapAttrsToList cfg.bridges (name: bridge: { + netdevs."40-${name}" = { + netdevConfig = { + Name = name; + Kind = "bridge"; + }; + }; + networks = listToAttrs (forEach bridge.interfaces (bi: + nameValuePair "40-${bi}" { + DHCP = mkOverride 0 (dhcpStr false); + networkConfig.Bridge = name; + })); + })); + + vlanNetworks = mkMerge (flip mapAttrsToList cfg.vlans (name: vlan: { + netdevs."40-${name}" = { + netdevConfig = { + Name = name; + Kind = "vlan"; + }; + vlanConfig.Id = vlan.id; + }; + networks."40-${vlan.interface}" = { + vlan = [ name ]; + }; })); in @@ -182,7 +199,16 @@ in # Note this is if initrd.network.enable, not if # initrd.systemd.network.enable. By setting the latter and not the # former, the user retains full control over the configuration. - boot.initrd.systemd.network = mkMerge [(genericDhcpNetworks true) interfaceNetworks]; + boot.initrd.systemd.network = mkMerge [ + defaultGateways + (genericDhcpNetworks true) + interfaceNetworks + bridgeNetworks + vlanNetworks + ]; + boot.initrd.availableKernelModules = + optional (cfg.bridges != {}) "bridge" ++ + optional (cfg.vlans != {}) "8021q"; }) (mkIf cfg.useNetworkd { @@ -191,11 +217,11 @@ in assertion = cfg.defaultGatewayWindowSize == null; message = "networking.defaultGatewayWindowSize is not supported by networkd."; } { - assertion = cfg.defaultGateway == null || cfg.defaultGateway.interface == null; - message = "networking.defaultGateway.interface is not supported by networkd."; + assertion = cfg.defaultGateway != null -> cfg.defaultGateway.interface != null; + message = "networking.defaultGateway.interface is not optional when using networkd."; } { - assertion = cfg.defaultGateway6 == null || cfg.defaultGateway6.interface == null; - message = "networking.defaultGateway6.interface is not supported by networkd."; + assertion = cfg.defaultGateway6 != null -> cfg.defaultGateway6.interface != null; + message = "networking.defaultGateway6.interface is not optional when using networkd."; } ] ++ flip mapAttrsToList cfg.bridges (n: { rstp, ... }: { assertion = !rstp; message = "networking.bridges.${n}.rstp is not supported by networkd."; @@ -210,21 +236,10 @@ in mkMerge [ { enable = true; } + defaultGateways (genericDhcpNetworks false) interfaceNetworks - (mkMerge (flip mapAttrsToList cfg.bridges (name: bridge: { - netdevs."40-${name}" = { - netdevConfig = { - Name = name; - Kind = "bridge"; - }; - }; - networks = listToAttrs (forEach bridge.interfaces (bi: - nameValuePair "40-${bi}" (mkMerge [ (genericNetwork (mkOverride 999)) { - DHCP = mkOverride 0 (dhcpStr false); - networkConfig.Bridge = name; - } ]))); - }))) + bridgeNetworks (mkMerge (flip mapAttrsToList cfg.bonds (name: bond: { netdevs."40-${name}" = { netdevConfig = { @@ -291,10 +306,10 @@ in }; networks = listToAttrs (forEach bond.interfaces (bi: - nameValuePair "40-${bi}" (mkMerge [ (genericNetwork (mkOverride 999)) { + nameValuePair "40-${bi}" { DHCP = mkOverride 0 (dhcpStr false); networkConfig.Bond = name; - } ]))); + })); }))) (mkMerge (flip mapAttrsToList cfg.macvlans (name: macvlan: { netdevs."40-${name}" = { @@ -304,9 +319,9 @@ in }; macvlanConfig = optionalAttrs (macvlan.mode != null) { Mode = macvlan.mode; }; }; - networks."40-${macvlan.interface}" = (mkMerge [ (genericNetwork (mkOverride 999)) { + networks."40-${macvlan.interface}" = { macvlan = [ name ]; - } ]); + }; }))) (mkMerge (flip mapAttrsToList cfg.fooOverUDP (name: fou: { netdevs."40-${name}" = { @@ -351,9 +366,9 @@ in }))); }; networks = mkIf (sit.dev != null) { - "40-${sit.dev}" = (mkMerge [ (genericNetwork (mkOverride 999)) { + "40-${sit.dev}" = { tunnel = [ name ]; - } ]); + }; }; }))) (mkMerge (flip mapAttrsToList cfg.greTunnels (name: gre: { @@ -372,23 +387,12 @@ in }); }; networks = mkIf (gre.dev != null) { - "40-${gre.dev}" = (mkMerge [ (genericNetwork (mkOverride 999)) { + "40-${gre.dev}" = { tunnel = [ name ]; - } ]); - }; - }))) - (mkMerge (flip mapAttrsToList cfg.vlans (name: vlan: { - netdevs."40-${name}" = { - netdevConfig = { - Name = name; - Kind = "vlan"; }; - vlanConfig.Id = vlan.id; }; - networks."40-${vlan.interface}" = (mkMerge [ (genericNetwork (mkOverride 999)) { - vlan = [ name ]; - } ]); }))) + vlanNetworks ]; # We need to prefill the slaved devices with networking options diff --git a/nixpkgs/nixos/modules/tasks/network-interfaces.nix b/nixpkgs/nixos/modules/tasks/network-interfaces.nix index 0d4033ca9430..853a2cb31432 100644 --- a/nixpkgs/nixos/modules/tasks/network-interfaces.nix +++ b/nixpkgs/nixos/modules/tasks/network-interfaces.nix @@ -190,9 +190,11 @@ let type = types.nullOr types.bool; default = null; description = lib.mdDoc '' - Whether this interface should be configured with dhcp. - Null implies the old behavior which depends on whether ip addresses - are specified or not. + Whether this interface should be configured with DHCP. Overrides the + default set by {option}`networking.useDHCP`. If `null` (the default), + DHCP is enabled if the interface has no IPv4 addresses configured + with {option}`networking.interfaces.<name>.ipv4.addresses`, and + disabled otherwise. ''; }; @@ -327,6 +329,24 @@ let default = false; description = lib.mdDoc "Whether to enable wol on this interface."; }; + policy = mkOption { + type = with types; listOf ( + enum ["phy" "unicast" "multicast" "broadcast" "arp" "magic" "secureon"] + ); + default = ["magic"]; + description = lib.mdDoc '' + The [Wake-on-LAN policy](https://www.freedesktop.org/software/systemd/man/systemd.link.html#WakeOnLan=) + to set for the device. + + The options are + - `phy`: Wake on PHY activity + - `unicast`: Wake on unicast messages + - `multicast`: Wake on multicast messages + - `broadcast`: Wake on broadcast messages + - `arp`: Wake on ARP + - `magic`: Wake on receipt of a magic packet + ''; + }; }; }; @@ -622,9 +642,7 @@ in } ]; }; description = lib.mdDoc '' - The configuration for each network interface. If - {option}`networking.useDHCP` is true, then every - interface not listed here will be configured using DHCP. + The configuration for each network interface. Please note that {option}`systemd.network.netdevs` has more features and is better maintained. When building new things, it is advised to @@ -1286,8 +1304,8 @@ in default = true; description = lib.mdDoc '' Whether to use DHCP to obtain an IP address and other - configuration for all network interfaces that are not manually - configured. + configuration for all network interfaces that do not have any manually + configured IPv4 addresses. ''; }; @@ -1326,7 +1344,10 @@ in config = { - warnings = concatMap (i: i.warnings) interfaces; + warnings = (concatMap (i: i.warnings) interfaces) ++ (lib.optional + (config.systemd.network.enable && cfg.useDHCP && !cfg.useNetworkd) '' + The combination of `systemd.network.enable = true`, `networking.useDHCP = true` and `networking.useNetworkd = false` can cause both networkd and dhcpcd to manage the same interfaces. This can lead to loss of networking. It is recommended you choose only one of networkd (by also enabling `networking.useNetworkd`) or scripting (by disabling `systemd.network.enable`) + ''); assertions = (forEach interfaces (i: { @@ -1385,28 +1406,6 @@ in val = tempaddrValues.${opt}.sysctl; in nameValuePair "net.ipv6.conf.${replaceStrings ["."] ["/"] i.name}.use_tempaddr" val)); - security.wrappers = { - ping = { - owner = "root"; - group = "root"; - capabilities = "cap_net_raw+p"; - source = "${pkgs.iputils.out}/bin/ping"; - }; - }; - security.apparmor.policies."bin.ping".profile = lib.mkIf config.security.apparmor.policies."bin.ping".enable (lib.mkAfter '' - /run/wrappers/bin/ping { - include <abstractions/base> - include <nixos/security.wrappers/ping> - rpx /run/wrappers/wrappers.*/ping, - } - /run/wrappers/wrappers.*/ping { - include <abstractions/base> - include <nixos/security.wrappers/ping> - capability net_raw, - capability setpcap, - } - ''); - # Set the host and domain names in the activation script. Don't # clear it if it's not configured in the NixOS configuration, # since it may have been set by dhcpcd in the meantime. @@ -1442,6 +1441,16 @@ in ] ++ bridgeStp; + # Wake-on-LAN configuration is shared by the scripted and networkd backends. + systemd.network.links = pipe interfaces [ + (filter (i: i.wakeOnLan.enable)) + (map (i: nameValuePair "40-${i.name}" { + matchConfig.OriginalName = i.name; + linkConfig.WakeOnLan = concatStringsSep " " i.wakeOnLan.policy; + })) + listToAttrs + ]; + # The network-interfaces target is kept for backwards compatibility. # New modules must NOT use it. systemd.targets.network-interfaces = |