From 40d88e9f80075567f4c36e371a3dd36568108b02 Mon Sep 17 00:00:00 2001 From: "William A. Kennington III" Date: Thu, 26 Jun 2014 00:13:21 -0500 Subject: nixos/network-interfaces: Add sit interfaces Previously, we had no method for creating 6-to-4 tunneled interfaces. This patch adds the option networking.sits, which allows the user to create named 6-to-4 sit devices. --- nixos/modules/tasks/network-interfaces.nix | 89 ++++++++++++++++++++++++++++++ 1 file changed, 89 insertions(+) (limited to 'nixos') diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix index 991f9f261450..7dabe70f00c4 100644 --- a/nixos/modules/tasks/network-interfaces.nix +++ b/nixos/modules/tasks/network-interfaces.nix @@ -7,6 +7,7 @@ let cfg = config.networking; interfaces = attrValues cfg.interfaces; hasVirtuals = any (i: i.virtual) interfaces; + hasSits = cfg.sits != { }; hasBonds = cfg.bonds != { }; interfaceOpts = { name, ... }: { @@ -321,6 +322,66 @@ in }; }; + networking.sits = mkOption { + type = types.attrsOf types.optionSet; + default = { }; + example = { + hurricane = { + remote = "10.0.0.1"; + local = "10.0.0.22"; + ttl = 255; + }; + msipv6 = { + remote = "192.168.0.1"; + dev = "enp3s0"; + ttl = 127; + }; + }; + description = '' + This option allows you to define 6-to-4 interfaces which should be automatically created. + ''; + options = { + + remote = mkOption { + type = types.nullOr types.str; + default = null; + example = "10.0.0.1"; + description = '' + The address of the remote endpoint to forward traffic over. + ''; + }; + + local = mkOption { + type = types.nullOr types.str; + default = null; + example = "10.0.0.22"; + description = '' + The address of the local endpoint which the remote + side should send packets to. + ''; + }; + + ttl = mkOption { + type = types.nullOr types.int; + default = null; + example = 255; + description = '' + The time-to-live of the connection to the remote tunnel endpoint. + ''; + }; + + dev = mkOption { + type = types.nullOr types.str; + default = null; + example = "enp4s0f0"; + description = '' + The underlying network device on which the tunnel resides. + ''; + }; + + }; + }; + networking.vlans = mkOption { default = { }; example = { @@ -380,6 +441,7 @@ in boot.kernelModules = [ ] ++ optional cfg.enableIPv6 "ipv6" ++ optional hasVirtuals "tun" + ++ optional hasSits "sit" ++ optional hasBonds "bonding"; boot.extraModprobeConfig = @@ -641,6 +703,32 @@ in ''; }; + createSitDevice = n: v: + let + deps = optional (v.dev != null) "sys-subsystem-net-devices-${v.dev}.device"; + in + { description = "6-to-4 Tunnel Interface ${n}"; + wantedBy = [ "network.target" "sys-subsystem-net-devices-${n}.device" ]; + bindsTo = deps; + after = deps; + serviceConfig.Type = "oneshot"; + serviceConfig.RemainAfterExit = true; + path = [ pkgs.iproute ]; + script = '' + # Remove Dead Interfaces + ip link show "${n}" >/dev/null 2>&1 && ip link delete "${n}" + ip link add "${n}" type sit \ + ${optionalString (v.remote != null) "remote \"${v.remote}\""} \ + ${optionalString (v.local != null) "local \"${v.local}\""} \ + ${optionalString (v.ttl != null) "ttl ${toString v.ttl}"} \ + ${optionalString (v.dev != null) "dev \"${v.dev}\""} + ip link set "${n}" up + ''; + postStop = '' + ip link delete "${n}" + ''; + }; + createVlanDevice = n: v: let deps = [ "sys-subsystem-net-devices-${v.interface}.device" ]; @@ -668,6 +756,7 @@ in map createTunDevice (filter (i: i.virtual) interfaces)) // mapAttrs createBridgeDevice cfg.bridges // mapAttrs createBondDevice cfg.bonds + // mapAttrs createSitDevice cfg.sits // mapAttrs createVlanDevice cfg.vlans // { "network-setup" = networkSetup; }; -- cgit 1.4.1 From bc6979f7e1a3a2fe65d813cc18ee5a37ed0e4d4d Mon Sep 17 00:00:00 2001 From: "William A. Kennington III" Date: Fri, 4 Jul 2014 15:01:26 -0500 Subject: nixos/dhcpcd: Don't configure sit devices --- nixos/modules/services/networking/dhcpcd.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/services/networking/dhcpcd.nix b/nixos/modules/services/networking/dhcpcd.nix index 5a353fc0942a..866707c3a913 100644 --- a/nixos/modules/services/networking/dhcpcd.nix +++ b/nixos/modules/services/networking/dhcpcd.nix @@ -7,9 +7,10 @@ let dhcpcd = if !config.boot.isContainer then pkgs.dhcpcd else pkgs.dhcpcd.override { udev = null; }; # Don't start dhcpcd on explicitly configured interfaces or on - # interfaces that are part of a bridge. + # interfaces that are part of a bridge, bond or sit device. ignoredInterfaces = map (i: i.name) (filter (i: i.ipAddress != null) (attrValues config.networking.interfaces)) + ++ mapAttrsToList (i: _: i) config.networking.sits ++ concatLists (attrValues (mapAttrs (n: v: v.interfaces) config.networking.bridges)) ++ concatLists (attrValues (mapAttrs (n: v: v.interfaces) config.networking.bonds)) ++ config.networking.dhcpcd.denyInterfaces; @@ -35,7 +36,7 @@ let # Ignore peth* devices; on Xen, they're renamed physical # Ethernet cards used for bridging. Likewise for vif* and tap* # (Xen) and virbr* and vnet* (libvirt). - denyinterfaces ${toString ignoredInterfaces} lo peth* vif* tap* tun* virbr* vnet* vboxnet* + denyinterfaces ${toString ignoredInterfaces} lo peth* vif* tap* tun* virbr* vnet* vboxnet* sit* ${config.networking.dhcpcd.extraConfig} ''; -- cgit 1.4.1