From 1f845ebc343350c18e9d292c6999174b9c63fad2 Mon Sep 17 00:00:00 2001 From: Majiir Paktu Date: Thu, 24 Aug 2023 23:57:46 -0400 Subject: nixos/tests/systemd-initrd-vlan: init --- nixos/tests/all-tests.nix | 1 + nixos/tests/systemd-initrd-vlan.nix | 59 +++++++++++++++++++++++++++++++++++++ 2 files changed, 60 insertions(+) create mode 100644 nixos/tests/systemd-initrd-vlan.nix (limited to 'nixos') diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 19aaac694594..f5fbba20483a 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -766,6 +766,7 @@ in { systemd-initrd-networkd = handleTest ./systemd-initrd-networkd.nix {}; systemd-initrd-networkd-ssh = handleTest ./systemd-initrd-networkd-ssh.nix {}; systemd-initrd-networkd-openvpn = handleTest ./initrd-network-openvpn { systemdStage1 = true; }; + systemd-initrd-vlan = handleTest ./systemd-initrd-vlan.nix {}; systemd-journal = handleTest ./systemd-journal.nix {}; systemd-machinectl = handleTest ./systemd-machinectl.nix {}; systemd-networkd = handleTest ./systemd-networkd.nix {}; diff --git a/nixos/tests/systemd-initrd-vlan.nix b/nixos/tests/systemd-initrd-vlan.nix new file mode 100644 index 000000000000..5060163a047d --- /dev/null +++ b/nixos/tests/systemd-initrd-vlan.nix @@ -0,0 +1,59 @@ +import ./make-test-python.nix ({ lib, ... }: { + name = "systemd-initrd-vlan"; + meta.maintainers = [ lib.maintainers.majiir ]; + + # Tests VLAN interface configuration in systemd-initrd. + # + # Two nodes are configured for a tagged VLAN. (Note that they also still have + # their ordinary eth0 and eth1 interfaces, which are not VLAN-tagged.) + # + # The 'server' node waits forever in initrd (stage 1) with networking + # enabled. The 'client' node pings it to test network connectivity. + + nodes = let + network = id: { + networking = { + vlans."eth1.10" = { + id = 10; + interface = "eth1"; + }; + interfaces."eth1.10" = { + ipv4.addresses = [{ + address = "192.168.10.${id}"; + prefixLength = 24; + }]; + }; + }; + }; + in { + # Node that will use initrd networking. + server = network "1" // { + boot.initrd.systemd.enable = true; + boot.initrd.network.enable = true; + boot.initrd.systemd.services.boot-blocker = { + before = [ "initrd.target" ]; + wantedBy = [ "initrd.target" ]; + script = "sleep infinity"; + serviceConfig.Type = "oneshot"; + }; + }; + + # Node that will ping the server. + client = network "2"; + }; + + testScript = '' + start_all() + client.wait_for_unit("network.target") + + # Wait for the regular (untagged) interface to be up. + def server_is_up(_) -> bool: + status, _ = client.execute("ping -n -c 1 server >&2") + return status == 0 + with client.nested("waiting for server to come up"): + retry(server_is_up) + + # Try to ping the (tagged) VLAN interface. + client.succeed("ping -n -w 10 -c 1 192.168.10.1 >&2") + ''; +}) -- cgit 1.4.1 From 2cb4671ebcfbe75cff7bca5975ff7202e3fb52de Mon Sep 17 00:00:00 2001 From: Majiir Paktu Date: Fri, 25 Aug 2023 10:44:43 -0400 Subject: nixos/network-interfaces-systemd: add VLAN interfaces in systemd-initrd --- nixos/modules/tasks/network-interfaces-systemd.nix | 34 +++++++++++++--------- 1 file changed, 21 insertions(+), 13 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/tasks/network-interfaces-systemd.nix b/nixos/modules/tasks/network-interfaces-systemd.nix index dfa883a2c336..adbc7c80c418 100644 --- a/nixos/modules/tasks/network-interfaces-systemd.nix +++ b/nixos/modules/tasks/network-interfaces-systemd.nix @@ -173,6 +173,19 @@ let }]; })); + vlanNetworks = mkMerge (flip mapAttrsToList cfg.vlans (name: vlan: { + netdevs."40-${name}" = { + netdevConfig = { + Name = name; + Kind = "vlan"; + }; + vlanConfig.Id = vlan.id; + }; + networks."40-${vlan.interface}" = (mkMerge [ (genericNetwork (mkOverride 999)) { + vlan = [ name ]; + } ]); + })); + in { @@ -182,7 +195,13 @@ in # Note this is if initrd.network.enable, not if # initrd.systemd.network.enable. By setting the latter and not the # former, the user retains full control over the configuration. - boot.initrd.systemd.network = mkMerge [(genericDhcpNetworks true) interfaceNetworks]; + boot.initrd.systemd.network = mkMerge [ + (genericDhcpNetworks true) + interfaceNetworks + vlanNetworks + ]; + boot.initrd.availableKernelModules = + optional (cfg.vlans != {}) "8021q"; }) (mkIf cfg.useNetworkd { @@ -377,18 +396,7 @@ in } ]); }; }))) - (mkMerge (flip mapAttrsToList cfg.vlans (name: vlan: { - netdevs."40-${name}" = { - netdevConfig = { - Name = name; - Kind = "vlan"; - }; - vlanConfig.Id = vlan.id; - }; - networks."40-${vlan.interface}" = (mkMerge [ (genericNetwork (mkOverride 999)) { - vlan = [ name ]; - } ]); - }))) + vlanNetworks ]; # We need to prefill the slaved devices with networking options -- cgit 1.4.1 From a3211ceb47e20a4466b95051bbb047b54a7fdd60 Mon Sep 17 00:00:00 2001 From: Majiir Paktu Date: Fri, 25 Aug 2023 13:11:20 -0400 Subject: nixos/tests/systemd-initrd-bridge: init --- nixos/tests/all-tests.nix | 1 + nixos/tests/systemd-initrd-bridge.nix | 63 +++++++++++++++++++++++++++++++++++ 2 files changed, 64 insertions(+) create mode 100644 nixos/tests/systemd-initrd-bridge.nix (limited to 'nixos') diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index f5fbba20483a..a6201b9d40d0 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -752,6 +752,7 @@ in { systemd-cryptenroll = handleTest ./systemd-cryptenroll.nix {}; systemd-credentials-tpm2 = handleTest ./systemd-credentials-tpm2.nix {}; systemd-escaping = handleTest ./systemd-escaping.nix {}; + systemd-initrd-bridge = handleTest ./systemd-initrd-bridge.nix {}; systemd-initrd-btrfs-raid = handleTest ./systemd-initrd-btrfs-raid.nix {}; systemd-initrd-luks-fido2 = handleTest ./systemd-initrd-luks-fido2.nix {}; systemd-initrd-luks-keyfile = handleTest ./systemd-initrd-luks-keyfile.nix {}; diff --git a/nixos/tests/systemd-initrd-bridge.nix b/nixos/tests/systemd-initrd-bridge.nix new file mode 100644 index 000000000000..f48a46ff2b93 --- /dev/null +++ b/nixos/tests/systemd-initrd-bridge.nix @@ -0,0 +1,63 @@ +import ./make-test-python.nix ({ lib, ... }: { + name = "systemd-initrd-bridge"; + meta.maintainers = [ lib.maintainers.majiir ]; + + # Tests bridge interface configuration in systemd-initrd. + # + # The 'a' and 'b' nodes are connected to a 'bridge' node through different + # links. The 'bridge' node configures a bridge across them. It waits forever + # in initrd (stage 1) with networking enabled. 'a' and 'b' ping 'bridge' to + # test connectivity with the bridge interface. Then, 'a' pings 'b' to test + # the bridge itself. + + nodes = { + bridge = { config, lib, ... }: { + boot.initrd.systemd.enable = true; + boot.initrd.network.enable = true; + boot.initrd.systemd.services.boot-blocker = { + before = [ "initrd.target" ]; + wantedBy = [ "initrd.target" ]; + script = "sleep infinity"; + serviceConfig.Type = "oneshot"; + }; + + networking.primaryIPAddress = "192.168.1.${toString config.virtualisation.test.nodeNumber}"; + + virtualisation.vlans = [ 1 2 ]; + networking.bridges.br0.interfaces = [ "eth1" "eth2" ]; + + networking.interfaces = { + eth1.ipv4.addresses = lib.mkForce []; + eth2.ipv4.addresses = lib.mkForce []; + br0.ipv4.addresses = [{ + address = config.networking.primaryIPAddress; + prefixLength = 24; + }]; + }; + }; + + a = { + virtualisation.vlans = [ 1 ]; + }; + + b = { config, ... }: { + virtualisation.vlans = [ 2 ]; + networking.primaryIPAddress = lib.mkForce "192.168.1.${toString config.virtualisation.test.nodeNumber}"; + networking.interfaces.eth1.ipv4.addresses = lib.mkForce [{ + address = config.networking.primaryIPAddress; + prefixLength = 24; + }]; + }; + }; + + testScript = '' + start_all() + a.wait_for_unit("network.target") + b.wait_for_unit("network.target") + + a.succeed("ping -n -w 10 -c 1 bridge >&2") + b.succeed("ping -n -w 10 -c 1 bridge >&2") + + a.succeed("ping -n -w 10 -c 1 b >&2") + ''; +}) -- cgit 1.4.1 From 1f34babe84854576c936969f8a879403be9f2515 Mon Sep 17 00:00:00 2001 From: Majiir Paktu Date: Fri, 25 Aug 2023 13:11:40 -0400 Subject: nixos/network-interfaces-systemd: add bridge interfaces in systemd-initrd --- nixos/modules/tasks/network-interfaces-systemd.nix | 30 ++++++++++++---------- 1 file changed, 17 insertions(+), 13 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/tasks/network-interfaces-systemd.nix b/nixos/modules/tasks/network-interfaces-systemd.nix index adbc7c80c418..679567cbb730 100644 --- a/nixos/modules/tasks/network-interfaces-systemd.nix +++ b/nixos/modules/tasks/network-interfaces-systemd.nix @@ -173,6 +173,20 @@ let }]; })); + bridgeNetworks = mkMerge (flip mapAttrsToList cfg.bridges (name: bridge: { + netdevs."40-${name}" = { + netdevConfig = { + Name = name; + Kind = "bridge"; + }; + }; + networks = listToAttrs (forEach bridge.interfaces (bi: + nameValuePair "40-${bi}" (mkMerge [ (genericNetwork (mkOverride 999)) { + DHCP = mkOverride 0 (dhcpStr false); + networkConfig.Bridge = name; + } ]))); + })); + vlanNetworks = mkMerge (flip mapAttrsToList cfg.vlans (name: vlan: { netdevs."40-${name}" = { netdevConfig = { @@ -198,9 +212,11 @@ in boot.initrd.systemd.network = mkMerge [ (genericDhcpNetworks true) interfaceNetworks + bridgeNetworks vlanNetworks ]; boot.initrd.availableKernelModules = + optional (cfg.bridges != {}) "bridge" ++ optional (cfg.vlans != {}) "8021q"; }) @@ -231,19 +247,7 @@ in } (genericDhcpNetworks false) interfaceNetworks - (mkMerge (flip mapAttrsToList cfg.bridges (name: bridge: { - netdevs."40-${name}" = { - netdevConfig = { - Name = name; - Kind = "bridge"; - }; - }; - networks = listToAttrs (forEach bridge.interfaces (bi: - nameValuePair "40-${bi}" (mkMerge [ (genericNetwork (mkOverride 999)) { - DHCP = mkOverride 0 (dhcpStr false); - networkConfig.Bridge = name; - } ]))); - }))) + bridgeNetworks (mkMerge (flip mapAttrsToList cfg.bonds (name: bond: { netdevs."40-${name}" = { netdevConfig = { -- cgit 1.4.1