From 062928c3ad2eeb2c4d20146c1b85f75bfed31c7c Mon Sep 17 00:00:00 2001 From: Eric Sagnes Date: Sun, 11 Sep 2016 19:45:24 +0900 Subject: network-interfaces module: optionSet -> submodule --- nixos/modules/tasks/network-interfaces.nix | 508 +++++++++++++++-------------- 1 file changed, 261 insertions(+), 247 deletions(-) (limited to 'nixos/modules/tasks/network-interfaces.nix') diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix index c52bd904caec..5d7ce906ea33 100644 --- a/nixos/modules/tasks/network-interfaces.nix +++ b/nixos/modules/tasks/network-interfaces.nix @@ -97,21 +97,22 @@ let addrOpts = v: assert v == 4 || v == 6; - { - address = mkOption { - type = types.str; - description = '' - IPv${toString v} address of the interface. Leave empty to configure the - interface using DHCP. - ''; - }; + { options = { + address = mkOption { + type = types.str; + description = '' + IPv${toString v} address of the interface. Leave empty to configure the + interface using DHCP. + ''; + }; - prefixLength = mkOption { - type = types.addCheck types.int (n: n >= 0 && n <= (if v == 4 then 32 else 128)); - description = '' - Subnet mask of the interface, specified as the number of - bits in the prefix (${if v == 4 then "24" else "64"}). - ''; + prefixLength = mkOption { + type = types.addCheck types.int (n: n >= 0 && n <= (if v == 4 then 32 else 128)); + description = '' + Subnet mask of the interface, specified as the number of + bits in the prefix (${if v == 4 then "24" else "64"}). + ''; + }; }; }; @@ -141,8 +142,7 @@ let { address = "10.0.0.1"; prefixLength = 16; } { address = "192.168.1.1"; prefixLength = 24; } ]; - type = types.listOf types.optionSet; - options = addrOpts 4; + type = with types; listOf (submodule (addrOpts 4)); description = '' List of IPv4 addresses that will be statically assigned to the interface. ''; @@ -154,8 +154,7 @@ let { address = "fdfd:b3f0:482::1"; prefixLength = 48; } { address = "2001:1470:fffd:2098::e006"; prefixLength = 64; } ]; - type = types.listOf types.optionSet; - options = addrOpts 6; + type = with types; listOf (submodule (addrOpts 6)); description = '' List of IPv6 addresses that will be statically assigned to the interface. ''; @@ -415,8 +414,7 @@ in is true, then every interface not listed here will be configured using DHCP. ''; - type = types.loaOf types.optionSet; - options = [ interfaceOpts ]; + type = with types; loaOf (submodule interfaceOpts); }; networking.vswitches = mkOption { @@ -434,53 +432,55 @@ in interface. ''; - type = types.attrsOf types.optionSet; + type = with types; attrsOf (submodule { - options = { + options = { - interfaces = mkOption { - example = [ "eth0" "eth1" ]; - type = types.listOf types.str; - description = - "The physical network interfaces connected by the vSwitch."; - }; + interfaces = mkOption { + example = [ "eth0" "eth1" ]; + type = types.listOf types.str; + description = + "The physical network interfaces connected by the vSwitch."; + }; - controllers = mkOption { - type = types.listOf types.str; - default = []; - example = [ "ptcp:6653:[::1]" ]; - description = '' - Specify the controller targets. For the allowed options see man 8 ovs-vsctl. - ''; - }; + controllers = mkOption { + type = types.listOf types.str; + default = []; + example = [ "ptcp:6653:[::1]" ]; + description = '' + Specify the controller targets. For the allowed options see man 8 ovs-vsctl. + ''; + }; - openFlowRules = mkOption { - type = types.lines; - default = ""; - example = '' - actions=normal - ''; - description = '' - OpenFlow rules to insert into the Open vSwitch. All openFlowRules are - loaded with ovs-ofctl within one atomic operation. - ''; - }; + openFlowRules = mkOption { + type = types.lines; + default = ""; + example = '' + actions=normal + ''; + description = '' + OpenFlow rules to insert into the Open vSwitch. All openFlowRules are + loaded with ovs-ofctl within one atomic operation. + ''; + }; + + extraOvsctlCmds = mkOption { + type = types.lines; + default = ""; + example = '' + set-fail-mode secure + set Bridge stp_enable=true + ''; + description = '' + Commands to manipulate the Open vSwitch database. Every line executed with ovs-vsctl. + All commands are bundled together with the operations for adding the interfaces + into one atomic operation. + ''; + }; - extraOvsctlCmds = mkOption { - type = types.lines; - default = ""; - example = '' - set-fail-mode secure - set Bridge stp_enable=true - ''; - description = '' - Commands to manipulate the Open vSwitch database. Every line executed with ovs-vsctl. - All commands are bundled together with the operations for adding the interfaces - into one atomic operation. - ''; }; - }; + }); }; @@ -499,25 +499,27 @@ in bridge's network interface. ''; - type = types.attrsOf types.optionSet; + type = with types; attrsOf (submodule { - options = { + options = { - interfaces = mkOption { - example = [ "eth0" "eth1" ]; - type = types.listOf types.str; - description = - "The physical network interfaces connected by the bridge."; - }; + interfaces = mkOption { + example = [ "eth0" "eth1" ]; + type = types.listOf types.str; + description = + "The physical network interfaces connected by the bridge."; + }; + + rstp = mkOption { + example = true; + default = false; + type = types.bool; + description = "Whether the bridge interface should enable rstp."; + }; - rstp = mkOption { - example = true; - default = false; - type = types.bool; - description = "Whether the bridge interface should enable rstp."; }; - }; + }); }; @@ -538,65 +540,66 @@ in name specifying the name of the bond's network interface ''; - type = types.attrsOf types.optionSet; + type = with types; attrsOf (submodule { - options = { + options = { - interfaces = mkOption { - example = [ "enp4s0f0" "enp4s0f1" "wlan0" ]; - type = types.listOf types.str; - description = "The interfaces to bond together"; - }; + interfaces = mkOption { + example = [ "enp4s0f0" "enp4s0f1" "wlan0" ]; + type = types.listOf types.str; + description = "The interfaces to bond together"; + }; - lacp_rate = mkOption { - default = null; - example = "fast"; - type = types.nullOr types.str; - description = '' - Option specifying the rate in which we'll ask our link partner - to transmit LACPDU packets in 802.3ad mode. - ''; - }; - - miimon = mkOption { - default = null; - example = 100; - type = types.nullOr types.int; - description = '' - Miimon is the number of millisecond in between each round of polling - by the device driver for failed links. By default polling is not - enabled and the driver is trusted to properly detect and handle - failure scenarios. - ''; - }; - - mode = mkOption { - default = null; - example = "active-backup"; - type = types.nullOr types.str; - description = '' - The mode which the bond will be running. The default mode for - the bonding driver is balance-rr, optimizing for throughput. - More information about valid modes can be found at - https://www.kernel.org/doc/Documentation/networking/bonding.txt - ''; - }; + lacp_rate = mkOption { + default = null; + example = "fast"; + type = types.nullOr types.str; + description = '' + Option specifying the rate in which we'll ask our link partner + to transmit LACPDU packets in 802.3ad mode. + ''; + }; + + miimon = mkOption { + default = null; + example = 100; + type = types.nullOr types.int; + description = '' + Miimon is the number of millisecond in between each round of polling + by the device driver for failed links. By default polling is not + enabled and the driver is trusted to properly detect and handle + failure scenarios. + ''; + }; + + mode = mkOption { + default = null; + example = "active-backup"; + type = types.nullOr types.str; + description = '' + The mode which the bond will be running. The default mode for + the bonding driver is balance-rr, optimizing for throughput. + More information about valid modes can be found at + https://www.kernel.org/doc/Documentation/networking/bonding.txt + ''; + }; + + xmit_hash_policy = mkOption { + default = null; + example = "layer2+3"; + type = types.nullOr types.str; + description = '' + Selects the transmit hash policy to use for slave selection in + balance-xor, 802.3ad, and tlb modes. + ''; + }; - xmit_hash_policy = mkOption { - default = null; - example = "layer2+3"; - type = types.nullOr types.str; - description = '' - Selects the transmit hash policy to use for slave selection in - balance-xor, 802.3ad, and tlb modes. - ''; }; - }; + }); }; networking.macvlans = mkOption { - type = types.attrsOf types.optionSet; default = { }; example = literalExample { wan = { @@ -608,26 +611,28 @@ in This option allows you to define macvlan interfaces which should be automatically created. ''; - options = { + type = with types; attrsOf (submodule { + options = { + + interface = mkOption { + example = "enp4s0"; + type = types.str; + description = "The interface the macvlan will transmit packets through."; + }; + + mode = mkOption { + default = null; + type = types.nullOr types.str; + example = "vepa"; + description = "The mode of the macvlan device."; + }; - interface = mkOption { - example = "enp4s0"; - type = types.str; - description = "The interface the macvlan will transmit packets through."; }; - mode = mkOption { - default = null; - type = types.nullOr types.str; - example = "vepa"; - description = "The mode of the macvlan device."; - }; - - }; + }); }; networking.sits = mkOption { - type = types.attrsOf types.optionSet; default = { }; example = literalExample { hurricane = { @@ -644,46 +649,49 @@ in description = '' This option allows you to define 6-to-4 interfaces which should be automatically created. ''; - options = { - - remote = mkOption { - type = types.nullOr types.str; - default = null; - example = "10.0.0.1"; - description = '' - The address of the remote endpoint to forward traffic over. - ''; - }; - - local = mkOption { - type = types.nullOr types.str; - default = null; - example = "10.0.0.22"; - description = '' - The address of the local endpoint which the remote - side should send packets to. - ''; - }; - - ttl = mkOption { - type = types.nullOr types.int; - default = null; - example = 255; - description = '' - The time-to-live of the connection to the remote tunnel endpoint. - ''; - }; + type = with types; attrsOf (submodule { + options = { + + remote = mkOption { + type = types.nullOr types.str; + default = null; + example = "10.0.0.1"; + description = '' + The address of the remote endpoint to forward traffic over. + ''; + }; + + local = mkOption { + type = types.nullOr types.str; + default = null; + example = "10.0.0.22"; + description = '' + The address of the local endpoint which the remote + side should send packets to. + ''; + }; + + ttl = mkOption { + type = types.nullOr types.int; + default = null; + example = 255; + description = '' + The time-to-live of the connection to the remote tunnel endpoint. + ''; + }; + + dev = mkOption { + type = types.nullOr types.str; + default = null; + example = "enp4s0f0"; + description = '' + The underlying network device on which the tunnel resides. + ''; + }; - dev = mkOption { - type = types.nullOr types.str; - default = null; - example = "enp4s0f0"; - description = '' - The underlying network device on which the tunnel resides. - ''; }; - }; + }); }; networking.vlans = mkOption { @@ -706,23 +714,26 @@ in specifying the name of the vlan interface. ''; - type = types.attrsOf types.optionSet; + type = with types; attrsOf (submodule { - options = { + options = { - id = mkOption { - example = 1; - type = types.int; - description = "The vlan identifier"; - }; + id = mkOption { + example = 1; + type = types.int; + description = "The vlan identifier"; + }; + + interface = mkOption { + example = "enp4s0"; + type = types.str; + description = "The interface the vlan will transmit packets through."; + }; - interface = mkOption { - example = "enp4s0"; - type = types.str; - description = "The interface the vlan will transmit packets through."; }; - }; + }); + }; networking.wlanInterfaces = mkOption { @@ -760,73 +771,76 @@ in would have to be created explicitly. ''; - type = types.attrsOf types.optionSet; - - options = { + type = with types; attrsOf (submodule { - device = mkOption { - type = types.string; - example = "wlp6s0"; - description = "The name of the underlying hardware WLAN device as assigned by udev."; - }; + options = { - type = mkOption { - type = types.string; - default = "managed"; - example = "ibss"; - description = '' - The type of the WLAN interface. The type has to be either managed, - ibss, monitor, mesh or wds. - Also, the type has to be supported by the underlying hardware of the device. - ''; - }; + device = mkOption { + type = types.string; + example = "wlp6s0"; + description = "The name of the underlying hardware WLAN device as assigned by udev."; + }; - meshID = mkOption { - type = types.nullOr types.string; - default = null; - description = "MeshID of interface with type mesh."; - }; - - flags = mkOption { - type = types.nullOr types.string; - default = null; - example = "control"; - description = '' - Flags for interface of type monitor. The valid flags are: - none: no special flags - fcsfail: show frames with FCS errors - control: show control frames - otherbss: show frames from other BSSes - cook: use cooked mode - active: use active mode (ACK incoming unicast packets) - ''; - }; + type = mkOption { + type = types.string; + default = "managed"; + example = "ibss"; + description = '' + The type of the WLAN interface. The type has to be either managed, + ibss, monitor, mesh or wds. + Also, the type has to be supported by the underlying hardware of the device. + ''; + }; + + meshID = mkOption { + type = types.nullOr types.string; + default = null; + description = "MeshID of interface with type mesh."; + }; + + flags = mkOption { + type = types.nullOr types.string; + default = null; + example = "control"; + description = '' + Flags for interface of type monitor. The valid flags are: + none: no special flags + fcsfail: show frames with FCS errors + control: show control frames + otherbss: show frames from other BSSes + cook: use cooked mode + active: use active mode (ACK incoming unicast packets) + ''; + }; + + fourAddr = mkOption { + type = types.nullOr types.bool; + default = null; + description = "Whether to enable 4-address mode with type managed."; + }; + + mac = mkOption { + type = types.nullOr types.str; + default = null; + example = "02:00:00:00:00:01"; + description = '' + MAC address to use for the device. If null, then the MAC of the + underlying hardware WLAN device is used. + + INFO: Locally administered MAC addresses are of the form: + + x2:xx:xx:xx:xx:xx + x6:xx:xx:xx:xx:xx + xA:xx:xx:xx:xx:xx + xE:xx:xx:xx:xx:xx + + ''; + }; - fourAddr = mkOption { - type = types.nullOr types.bool; - default = null; - description = "Whether to enable 4-address mode with type managed."; }; - mac = mkOption { - type = types.nullOr types.str; - default = null; - example = "02:00:00:00:00:01"; - description = '' - MAC address to use for the device. If null, then the MAC of the - underlying hardware WLAN device is used. - - INFO: Locally administered MAC addresses are of the form: - - x2:xx:xx:xx:xx:xx - x6:xx:xx:xx:xx:xx - xA:xx:xx:xx:xx:xx - xE:xx:xx:xx:xx:xx - - ''; - }; + }); - }; }; networking.useDHCP = mkOption { -- cgit 1.4.1 From 896b2916ab255b650174dc1ae3583fef9df20f6f Mon Sep 17 00:00:00 2001 From: "Данило Глинський (Danylo Hlynskyi)" Date: Tue, 13 Sep 2016 09:04:00 +0300 Subject: nixos: fix typo in networking.interfaces..virtual (#18548) --- nixos/modules/tasks/network-interfaces.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nixos/modules/tasks/network-interfaces.nix') diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix index c52bd904caec..dc62cae24c7a 100644 --- a/nixos/modules/tasks/network-interfaces.nix +++ b/nixos/modules/tasks/network-interfaces.nix @@ -231,7 +231,7 @@ let type = types.bool; description = '' Whether this interface is virtual and should be created by tunctl. - This is mainly useful for creating bridges between a host a virtual + This is mainly useful for creating bridges between a host and a virtual network such as VPN or a virtual machine. ''; }; -- cgit 1.4.1 From 85c36d1f7d1f93bf5e964f11308a2a5fd814cfe3 Mon Sep 17 00:00:00 2001 From: Alexander Ried Date: Tue, 13 Sep 2016 11:00:08 +0200 Subject: network-interfaces.target: add deprecation notice --- nixos/modules/tasks/network-interfaces.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'nixos/modules/tasks/network-interfaces.nix') diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix index dc62cae24c7a..144ad10138d6 100644 --- a/nixos/modules/tasks/network-interfaces.nix +++ b/nixos/modules/tasks/network-interfaces.nix @@ -932,8 +932,10 @@ in ] ++ bridgeStp; + # The network-interfaces target is kept for backwards compatibility. + # New modules must NOT use it. systemd.targets."network-interfaces" = - { description = "All Network Interfaces"; + { description = "All Network Interfaces (deprecated)"; wantedBy = [ "network.target" ]; before = [ "network.target" ]; after = [ "network-pre.target" ]; -- cgit 1.4.1 From 97801380b05447e59e47ba97d93f6c6cfefd56e4 Mon Sep 17 00:00:00 2001 From: aszlig Date: Tue, 20 Sep 2016 13:29:40 +0200 Subject: nixos/networking: Use type lines for localCommands Using types.str doesn't work if you want to mkBefore/mkAfter across different module definitions, because it only allows for one definition for the same priority. This is especially useful if you deploy Hetzner machines via NixOps, because the physical specification already defines localCommands. Signed-off-by: aszlig --- nixos/modules/tasks/network-interfaces.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nixos/modules/tasks/network-interfaces.nix') diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix index dc62cae24c7a..9042418b7234 100644 --- a/nixos/modules/tasks/network-interfaces.nix +++ b/nixos/modules/tasks/network-interfaces.nix @@ -391,7 +391,7 @@ in }; networking.localCommands = mkOption { - type = types.str; + type = types.lines; default = ""; example = "text=anything; echo You can put $text here."; description = '' -- cgit 1.4.1 From f0492bd53c3e78afc429f3b2f3792f13d6352cdb Mon Sep 17 00:00:00 2001 From: Arnold Krille Date: Fri, 30 Sep 2016 10:45:48 +0200 Subject: containers: Do not wait for udev for network devices Test that adding physical devices to containers works, find that network setup then doesn't work because there is no udev in the container to tell systemd that the device is present. Fixed by not depending on the device in the container. Activate the new container test for release Bonds, bridges and other network devices need the underlying not as dependency when used inside the container. Because the device is already there. But the address configuration needs the aggregated device itself. --- .../modules/tasks/network-interfaces-scripted.nix | 33 ++++++++--- nixos/modules/tasks/network-interfaces.nix | 13 +++-- nixos/release.nix | 1 + nixos/tests/containers-physical_interfaces.nix | 66 ++++++++++++++++++++++ 4 files changed, 101 insertions(+), 12 deletions(-) create mode 100644 nixos/tests/containers-physical_interfaces.nix (limited to 'nixos/modules/tasks/network-interfaces.nix') diff --git a/nixos/modules/tasks/network-interfaces-scripted.nix b/nixos/modules/tasks/network-interfaces-scripted.nix index 6a8f20bab5b6..4bbb5a3a1669 100644 --- a/nixos/modules/tasks/network-interfaces-scripted.nix +++ b/nixos/modules/tasks/network-interfaces-scripted.nix @@ -46,6 +46,23 @@ in systemd.services = let + deviceDependency = dev: + if (config.boot.isContainer == false) + then + # Trust udev when not in the container + [ (subsystemDevice dev) ] + else + # When in the container, check whether the interface is built from other definitions + if (hasAttr dev cfg.bridges) || + (hasAttr dev cfg.bonds) || + (hasAttr dev cfg.macvlans) || + (hasAttr dev cfg.sits) || + (hasAttr dev cfg.vlans) || + (hasAttr dev cfg.vswitches) || + (hasAttr dev cfg.wlanInterfaces) + then [ "${dev}-netdev.service" ] + else []; + networkLocalCommands = { after = [ "network-setup.service" ]; bindsTo = [ "network-setup.service" ]; @@ -120,8 +137,8 @@ in # order before network-setup because the routes that are configured # there may need ip addresses configured before = [ "network-setup.service" ]; - bindsTo = [ (subsystemDevice i.name) ]; - after = [ (subsystemDevice i.name) "network-pre.target" ]; + bindsTo = deviceDependency i.name; + after = [ "network-pre.target" ] ++ (deviceDependency i.name); serviceConfig.Type = "oneshot"; serviceConfig.RemainAfterExit = true; path = [ pkgs.iproute ]; @@ -179,7 +196,7 @@ in createBridgeDevice = n: v: nameValuePair "${n}-netdev" (let - deps = map subsystemDevice v.interfaces; + deps = if config.boot.isContainer then [] else map subsystemDevice v.interfaces; in { description = "Bridge Interface ${n}"; wantedBy = [ "network-setup.service" (subsystemDevice n) ]; @@ -220,7 +237,7 @@ in createVswitchDevice = n: v: nameValuePair "${n}-netdev" (let - deps = map subsystemDevice v.interfaces; + deps = if config.boot.isContainer then [] else map subsystemDevice v.interfaces; ofRules = pkgs.writeText "vswitch-${n}-openFlowRules" v.openFlowRules; in { description = "Open vSwitch Interface ${n}"; @@ -253,7 +270,7 @@ in createBondDevice = n: v: nameValuePair "${n}-netdev" (let - deps = map subsystemDevice v.interfaces; + deps = if config.boot.isContainer then [] else map subsystemDevice v.interfaces; in { description = "Bond Interface ${n}"; wantedBy = [ "network-setup.service" (subsystemDevice n) ]; @@ -291,7 +308,7 @@ in createMacvlanDevice = n: v: nameValuePair "${n}-netdev" (let - deps = [ (subsystemDevice v.interface) ]; + deps = deviceDependency v.interface; in { description = "Vlan Interface ${n}"; wantedBy = [ "network-setup.service" (subsystemDevice n) ]; @@ -316,7 +333,7 @@ in createSitDevice = n: v: nameValuePair "${n}-netdev" (let - deps = optional (v.dev != null) (subsystemDevice v.dev); + deps = optional (v.dev != null) (deviceDependency v.dev); in { description = "6-to-4 Tunnel Interface ${n}"; wantedBy = [ "network-setup.service" (subsystemDevice n) ]; @@ -344,7 +361,7 @@ in createVlanDevice = n: v: nameValuePair "${n}-netdev" (let - deps = [ (subsystemDevice v.interface) ]; + deps = deviceDependency v.interface; in { description = "Vlan Interface ${n}"; wantedBy = [ "network-setup.service" (subsystemDevice n) ]; diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix index cac7e6b02eba..aae4dc5fdadf 100644 --- a/nixos/modules/tasks/network-interfaces.nix +++ b/nixos/modules/tasks/network-interfaces.nix @@ -310,9 +310,9 @@ in generate a random 32-bit ID using the following commands: cksum /etc/machine-id | while read c rest; do printf "%x" $c; done - + (this derives it from the machine-id that systemd generates) or - + head -c4 /dev/urandom | od -A none -t x4 ''; }; @@ -972,12 +972,17 @@ in ''; }; } // (listToAttrs (flip map interfaces (i: + let + deviceDependency = if config.boot.isContainer + then [] + else [ (subsystemDevice i.name) ]; + in nameValuePair "network-link-${i.name}" { description = "Link configuration of ${i.name}"; wantedBy = [ "network-interfaces.target" ]; before = [ "network-interfaces.target" ]; - bindsTo = [ (subsystemDevice i.name) ]; - after = [ (subsystemDevice i.name) "network-pre.target" ]; + bindsTo = deviceDependency; + after = [ "network-pre.target" ] ++ deviceDependency; path = [ pkgs.iproute ]; serviceConfig = { Type = "oneshot"; diff --git a/nixos/release.nix b/nixos/release.nix index bff17da607f3..10c624afebc7 100644 --- a/nixos/release.nix +++ b/nixos/release.nix @@ -227,6 +227,7 @@ in rec { tests.containers-bridge = callTest tests/containers-bridge.nix {}; tests.containers-imperative = callTest tests/containers-imperative.nix {}; tests.containers-extra_veth = callTest tests/containers-extra_veth.nix {}; + tests.containers-physical_interfaces = callTest tests/containers-physical_interfaces.nix {}; tests.docker = hydraJob (import tests/docker.nix { system = "x86_64-linux"; }); tests.dnscrypt-proxy = callTest tests/dnscrypt-proxy.nix { system = "x86_64-linux"; }; tests.ecryptfs = callTest tests/ecryptfs.nix {}; diff --git a/nixos/tests/containers-physical_interfaces.nix b/nixos/tests/containers-physical_interfaces.nix new file mode 100644 index 000000000000..4a53f8c824f5 --- /dev/null +++ b/nixos/tests/containers-physical_interfaces.nix @@ -0,0 +1,66 @@ + +import ./make-test.nix ({ pkgs, ...} : { + name = "containers-physical_interfaces"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ kampfschlaefer ]; + }; + + nodes = { + server = { config, pkgs, ... }: + { + virtualisation.memorySize = 256; + virtualisation.vlans = [ 1 ]; + + containers.server = { + privateNetwork = true; + interfaces = [ "eth1" ]; + + config = { + networking.interfaces.eth1 = { + ip4 = [ { address = "10.10.0.1"; prefixLength = 24; } ]; + }; + networking.firewall.enable = false; + }; + }; + }; + client = { config, pkgs, ... }: { + virtualisation.memorySize = 256; + virtualisation.vlans = [ 1 ]; + + containers.client = { + privateNetwork = true; + interfaces = [ "eth1" ]; + + config = { + networking.bridges.br0.interfaces = [ "eth1" ]; + networking.interfaces.br0 = { + ip4 = [ { address = "10.10.0.2"; prefixLength = 24; } ]; + }; + networking.firewall.enable = false; + }; + }; + }; + }; + + testScript = '' + startAll; + + $server->waitForUnit("default.target"); + $server->execute("ip link >&2"); + + $server->succeed("ip link show dev eth1 >&2"); + + $server->succeed("nixos-container start server"); + $server->waitForUnit("container\@server"); + $server->succeed("systemctl -M server list-dependencies network-addresses-eth1.service >&2"); + + $server->succeed("nixos-container run server -- ip a show dev eth1 >&2"); + + $client->waitForUnit("default.target"); + $client->succeed("nixos-container start client"); + $client->waitForUnit("container\@client"); + $client->succeed("systemctl -M client list-dependencies network-addresses-br0.service >&2"); + $client->succeed("systemctl -M client status -n 30 -l network-addresses-br0.service"); + $client->succeed("nixos-container run client -- ping -w 10 -c 1 -n 10.10.0.1"); + ''; +}) -- cgit 1.4.1 From ffc0e2f4fc63f3a2d028dbd7d981223fb19cbeb4 Mon Sep 17 00:00:00 2001 From: Eric Sagnes Date: Fri, 4 Nov 2016 13:05:44 +0900 Subject: network-interfaces module: use enum --- nixos/modules/tasks/network-interfaces.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nixos/modules/tasks/network-interfaces.nix') diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix index aae4dc5fdadf..1faa8abd5f7f 100644 --- a/nixos/modules/tasks/network-interfaces.nix +++ b/nixos/modules/tasks/network-interfaces.nix @@ -245,7 +245,7 @@ let virtualType = mkOption { default = null; - type = types.nullOr (types.addCheck types.str (v: v == "tun" || v == "tap")); + type = with types; nullOr (enum [ "tun" "tap" ]); description = '' The explicit type of interface to create. Accepts tun or tap strings. Also accepts null to implicitly detect the type of device. -- cgit 1.4.1 From 0ebc5ec7cb2172063c2e9274327a9a7051641c13 Mon Sep 17 00:00:00 2001 From: Eric Sagnes Date: Wed, 16 Nov 2016 22:37:57 +0900 Subject: network-interfaces: use enum --- nixos/modules/tasks/network-interfaces.nix | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) (limited to 'nixos/modules/tasks/network-interfaces.nix') diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix index 1faa8abd5f7f..aaa78daeb3a3 100644 --- a/nixos/modules/tasks/network-interfaces.nix +++ b/nixos/modules/tasks/network-interfaces.nix @@ -782,13 +782,12 @@ in }; type = mkOption { - type = types.string; + type = types.enum [ "managed" "ibss" "monitor" "mesh" "wds" ]; default = "managed"; example = "ibss"; description = '' - The type of the WLAN interface. The type has to be either managed, - ibss, monitor, mesh or wds. - Also, the type has to be supported by the underlying hardware of the device. + The type of the WLAN interface. + The type has to be supported by the underlying hardware of the device. ''; }; @@ -799,17 +798,11 @@ in }; flags = mkOption { - type = types.nullOr types.string; + type = with types; nullOr (enum [ "none" "fcsfail" "control" "otherbss" "cook" "active" ]); default = null; example = "control"; description = '' - Flags for interface of type monitor. The valid flags are: - none: no special flags - fcsfail: show frames with FCS errors - control: show control frames - otherbss: show frames from other BSSes - cook: use cooked mode - active: use active mode (ACK incoming unicast packets) + Flags for interface of type monitor. ''; }; -- cgit 1.4.1 From 49d444416cf88dad03da0ec71573cd9747245581 Mon Sep 17 00:00:00 2001 From: Bjørn Forsman Date: Sun, 1 Jan 2017 16:41:34 +0100 Subject: nixos: cosmetic refactor of environment.etc."hostid" Create the file using attrset instead of list, to make it easier to later provide other files in the same module. --- nixos/modules/tasks/network-interfaces.nix | 24 ++++++++++-------------- 1 file changed, 10 insertions(+), 14 deletions(-) (limited to 'nixos/modules/tasks/network-interfaces.nix') diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix index aaa78daeb3a3..74f7e5fcc2c3 100644 --- a/nixos/modules/tasks/network-interfaces.nix +++ b/nixos/modules/tasks/network-interfaces.nix @@ -910,20 +910,16 @@ in domainname "${cfg.domain}" ''; - environment.etc = mkIf (cfg.hostId != null) - [ - { - target = "hostid"; - source = pkgs.runCommand "gen-hostid" {} '' - hi="${cfg.hostId}" - ${if pkgs.stdenv.isBigEndian then '' - echo -ne "\x''${hi:0:2}\x''${hi:2:2}\x''${hi:4:2}\x''${hi:6:2}" > $out - '' else '' - echo -ne "\x''${hi:6:2}\x''${hi:4:2}\x''${hi:2:2}\x''${hi:0:2}" > $out - ''} - ''; - } - ]; + environment.etc."hostid" = mkIf (cfg.hostId != null) + { source = pkgs.runCommand "gen-hostid" {} '' + hi="${cfg.hostId}" + ${if pkgs.stdenv.isBigEndian then '' + echo -ne "\x''${hi:0:2}\x''${hi:2:2}\x''${hi:4:2}\x''${hi:6:2}" > $out + '' else '' + echo -ne "\x''${hi:6:2}\x''${hi:4:2}\x''${hi:2:2}\x''${hi:0:2}" > $out + ''} + ''; + }; environment.systemPackages = [ pkgs.host -- cgit 1.4.1 From cb9195b7bcde7ec8a2d5fa99df0a93afacd5c537 Mon Sep 17 00:00:00 2001 From: Bjørn Forsman Date: Sun, 1 Jan 2017 16:44:32 +0100 Subject: nixos: provide /etc/hostname /etc/hostname is the file used by hostnamectl(1) and the org.freedesktop.hostname1 dbus service (both provided by systemd) to get the "static hostname". Better provide it so that users of those tools/services get a proper hostname. An example of an issue created by the lack of /etc/hostname is that the bluetooth stack on NixOS identifies itself to peers as "BlueZ $VERSION" instead of the hostname. References: https://www.freedesktop.org/software/systemd/man/hostname.html Changes v1 -> v2: * ensure /etc/hostname ends with a newline --- nixos/modules/tasks/network-interfaces.nix | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'nixos/modules/tasks/network-interfaces.nix') diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix index 74f7e5fcc2c3..83d9854d3517 100644 --- a/nixos/modules/tasks/network-interfaces.nix +++ b/nixos/modules/tasks/network-interfaces.nix @@ -921,6 +921,13 @@ in ''; }; + # static hostname configuration needed for hostnamectl and the + # org.freedesktop.hostname1 dbus service (both provided by systemd) + environment.etc."hostname" = mkIf (cfg.hostName != "") + { + text = cfg.hostName + "\n"; + }; + environment.systemPackages = [ pkgs.host pkgs.iproute -- cgit 1.4.1