2021-11-20 17:34:13 +00:00
|
|
|
{ config, lib, pkgs, utils, ... }:
|
2015-04-19 19:05:12 +00:00
|
|
|
|
2021-11-20 17:34:13 +00:00
|
|
|
with utils.systemdUtils.unitOptions;
|
|
|
|
with utils.systemdUtils.lib;
|
2023-07-01 02:18:05 +00:00
|
|
|
with utils.systemdUtils.network.units;
|
2015-04-19 19:05:12 +00:00
|
|
|
with lib;
|
|
|
|
|
|
|
|
let
|
|
|
|
|
2020-07-01 16:05:32 +00:00
|
|
|
check = {
|
|
|
|
|
2022-03-13 04:30:49 +00:00
|
|
|
global = {
|
|
|
|
sectionNetwork = checkUnitConfig "Network" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"SpeedMeter"
|
|
|
|
"SpeedMeterIntervalSec"
|
|
|
|
"ManageForeignRoutingPolicyRules"
|
|
|
|
"ManageForeignRoutes"
|
|
|
|
"RouteTable"
|
|
|
|
])
|
|
|
|
(assertValueOneOf "SpeedMeter" boolValues)
|
|
|
|
(assertInt "SpeedMeterIntervalSec")
|
|
|
|
(assertValueOneOf "ManageForeignRoutingPolicyRules" boolValues)
|
|
|
|
(assertValueOneOf "ManageForeignRoutes" boolValues)
|
|
|
|
];
|
|
|
|
|
|
|
|
sectionDHCPv4 = checkUnitConfig "DHCPv4" [
|
|
|
|
(assertOnlyFields [
|
2022-04-26 19:49:52 +00:00
|
|
|
"ClientIdentifier"
|
2022-03-13 04:30:49 +00:00
|
|
|
"DUIDType"
|
|
|
|
"DUIDRawData"
|
|
|
|
])
|
2022-04-26 19:49:52 +00:00
|
|
|
(assertValueOneOf "ClientIdentifier" ["mac" "duid" "duid-only"])
|
2022-03-13 04:30:49 +00:00
|
|
|
];
|
|
|
|
|
|
|
|
sectionDHCPv6 = checkUnitConfig "DHCPv6" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"DUIDType"
|
|
|
|
"DUIDRawData"
|
|
|
|
])
|
|
|
|
];
|
|
|
|
};
|
|
|
|
|
2020-07-01 16:05:32 +00:00
|
|
|
link = {
|
|
|
|
|
|
|
|
sectionLink = checkUnitConfig "Link" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"Description"
|
|
|
|
"Alias"
|
|
|
|
"MACAddressPolicy"
|
|
|
|
"MACAddress"
|
|
|
|
"NamePolicy"
|
|
|
|
"Name"
|
|
|
|
"AlternativeNamesPolicy"
|
|
|
|
"AlternativeName"
|
|
|
|
"MTUBytes"
|
|
|
|
"BitsPerSecond"
|
|
|
|
"Duplex"
|
|
|
|
"AutoNegotiation"
|
|
|
|
"WakeOnLan"
|
|
|
|
"Port"
|
|
|
|
"Advertise"
|
|
|
|
"ReceiveChecksumOffload"
|
|
|
|
"TransmitChecksumOffload"
|
|
|
|
"TCPSegmentationOffload"
|
|
|
|
"TCP6SegmentationOffload"
|
|
|
|
"GenericSegmentationOffload"
|
|
|
|
"GenericReceiveOffload"
|
|
|
|
"LargeReceiveOffload"
|
|
|
|
"RxChannels"
|
|
|
|
"TxChannels"
|
|
|
|
"OtherChannels"
|
|
|
|
"CombinedChannels"
|
|
|
|
"RxBufferSize"
|
|
|
|
"TxBufferSize"
|
2023-05-06 04:37:44 +00:00
|
|
|
"ReceiveQueues"
|
|
|
|
"TransmitQueues"
|
|
|
|
"TransmitQueueLength"
|
2020-07-01 16:05:32 +00:00
|
|
|
])
|
|
|
|
(assertValueOneOf "MACAddressPolicy" ["persistent" "random" "none"])
|
|
|
|
(assertMacAddress "MACAddress")
|
|
|
|
(assertByteFormat "MTUBytes")
|
|
|
|
(assertByteFormat "BitsPerSecond")
|
|
|
|
(assertValueOneOf "Duplex" ["half" "full"])
|
|
|
|
(assertValueOneOf "AutoNegotiation" boolValues)
|
|
|
|
(assertValueOneOf "WakeOnLan" ["phy" "unicast" "multicast" "broadcast" "arp" "magic" "secureon" "off"])
|
|
|
|
(assertValueOneOf "Port" ["tp" "aui" "bnc" "mii" "fibre"])
|
|
|
|
(assertValueOneOf "ReceiveChecksumOffload" boolValues)
|
|
|
|
(assertValueOneOf "TransmitChecksumOffload" boolValues)
|
|
|
|
(assertValueOneOf "TCPSegmentationOffload" boolValues)
|
|
|
|
(assertValueOneOf "TCP6SegmentationOffload" boolValues)
|
|
|
|
(assertValueOneOf "GenericSegmentationOffload" boolValues)
|
|
|
|
(assertValueOneOf "GenericReceiveOffload" boolValues)
|
|
|
|
(assertValueOneOf "LargeReceiveOffload" boolValues)
|
|
|
|
(assertInt "RxChannels")
|
2020-07-09 08:12:22 +00:00
|
|
|
(assertRange "RxChannels" 1 4294967295)
|
2020-07-01 16:05:32 +00:00
|
|
|
(assertInt "TxChannels")
|
2020-07-09 08:12:22 +00:00
|
|
|
(assertRange "TxChannels" 1 4294967295)
|
2020-07-01 16:05:32 +00:00
|
|
|
(assertInt "OtherChannels")
|
2020-07-09 08:12:22 +00:00
|
|
|
(assertRange "OtherChannels" 1 4294967295)
|
2020-07-01 16:05:32 +00:00
|
|
|
(assertInt "CombinedChannels")
|
2020-07-09 08:12:22 +00:00
|
|
|
(assertRange "CombinedChannels" 1 4294967295)
|
2020-07-01 16:05:32 +00:00
|
|
|
(assertInt "RxBufferSize")
|
|
|
|
(assertInt "TxBufferSize")
|
2023-05-06 04:37:44 +00:00
|
|
|
(assertRange "ReceiveQueues" 1 4096)
|
|
|
|
(assertRange "TransmitQueues" 1 4096)
|
|
|
|
(assertRange "TransmitQueueLength" 1 4294967294)
|
2020-07-01 16:05:32 +00:00
|
|
|
];
|
|
|
|
};
|
|
|
|
|
|
|
|
netdev = let
|
|
|
|
|
|
|
|
tunChecks = [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"MultiQueue"
|
|
|
|
"PacketInfo"
|
|
|
|
"VNetHeader"
|
|
|
|
"User"
|
|
|
|
"Group"
|
|
|
|
])
|
|
|
|
(assertValueOneOf "MultiQueue" boolValues)
|
|
|
|
(assertValueOneOf "PacketInfo" boolValues)
|
|
|
|
(assertValueOneOf "VNetHeader" boolValues)
|
|
|
|
];
|
|
|
|
in {
|
|
|
|
|
|
|
|
sectionNetdev = checkUnitConfig "Netdev" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"Description"
|
|
|
|
"Name"
|
|
|
|
"Kind"
|
|
|
|
"MTUBytes"
|
|
|
|
"MACAddress"
|
|
|
|
])
|
|
|
|
(assertHasField "Name")
|
|
|
|
(assertHasField "Kind")
|
|
|
|
(assertValueOneOf "Kind" [
|
|
|
|
"bond"
|
|
|
|
"bridge"
|
|
|
|
"dummy"
|
|
|
|
"gre"
|
|
|
|
"gretap"
|
|
|
|
"erspan"
|
|
|
|
"ip6gre"
|
|
|
|
"ip6tnl"
|
|
|
|
"ip6gretap"
|
|
|
|
"ipip"
|
|
|
|
"ipvlan"
|
|
|
|
"macvlan"
|
|
|
|
"macvtap"
|
|
|
|
"sit"
|
|
|
|
"tap"
|
|
|
|
"tun"
|
|
|
|
"veth"
|
|
|
|
"vlan"
|
|
|
|
"vti"
|
|
|
|
"vti6"
|
|
|
|
"vxlan"
|
|
|
|
"geneve"
|
|
|
|
"l2tp"
|
|
|
|
"macsec"
|
|
|
|
"vrf"
|
|
|
|
"vcan"
|
|
|
|
"vxcan"
|
|
|
|
"wireguard"
|
|
|
|
"netdevsim"
|
|
|
|
"nlmon"
|
|
|
|
"fou"
|
|
|
|
"xfrm"
|
|
|
|
"ifb"
|
2021-11-16 22:41:17 +00:00
|
|
|
"batadv"
|
2020-07-01 16:05:32 +00:00
|
|
|
])
|
|
|
|
(assertByteFormat "MTUBytes")
|
nixos/networkd: support netdev MAC addresses
According to systemd.netdev manpage:
```
MACAddress=
Specifies the MAC address to use for the device, or takes the special value "none". When "none", systemd-networkd does not request the MAC address for
the device, and the kernel will assign a random MAC address. For "tun", "tap", or "l2tp" devices, the MACAddress= setting in the [NetDev] section is
not supported and will be ignored. Please specify it in the [Link] section of the corresponding systemd.network(5) file. If this option is not set,
"vlan" device inherits the MAC address of the master interface. For other kind of netdevs, if this option is not set, then the MAC address is
generated based on the interface name and the machine-id(5).
Note, even if "none" is specified, systemd-udevd will assign the persistent MAC address for the device, as 99-default.link has
MACAddressPolicy=persistent. So, it is also necessary to create a custom .link file for the device, if the MAC address assignment is not desired.
```
Therefore, `none` is an acceptable value.
2023-07-03 23:21:35 +00:00
|
|
|
(assertNetdevMacAddress "MACAddress")
|
2020-07-01 16:05:32 +00:00
|
|
|
];
|
|
|
|
|
|
|
|
sectionVLAN = checkUnitConfig "VLAN" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"Id"
|
|
|
|
"GVRP"
|
|
|
|
"MVRP"
|
|
|
|
"LooseBinding"
|
|
|
|
"ReorderHeader"
|
|
|
|
])
|
2020-07-09 08:12:22 +00:00
|
|
|
(assertInt "Id")
|
2020-07-01 16:05:32 +00:00
|
|
|
(assertRange "Id" 0 4094)
|
|
|
|
(assertValueOneOf "GVRP" boolValues)
|
|
|
|
(assertValueOneOf "MVRP" boolValues)
|
|
|
|
(assertValueOneOf "LooseBinding" boolValues)
|
|
|
|
(assertValueOneOf "ReorderHeader" boolValues)
|
|
|
|
];
|
|
|
|
|
|
|
|
sectionMACVLAN = checkUnitConfig "MACVLAN" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"Mode"
|
|
|
|
])
|
|
|
|
(assertValueOneOf "Mode" ["private" "vepa" "bridge" "passthru"])
|
|
|
|
];
|
|
|
|
|
|
|
|
sectionVXLAN = checkUnitConfig "VXLAN" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"VNI"
|
|
|
|
"Remote"
|
|
|
|
"Local"
|
|
|
|
"Group"
|
|
|
|
"TOS"
|
|
|
|
"TTL"
|
|
|
|
"MacLearning"
|
|
|
|
"FDBAgeingSec"
|
|
|
|
"MaximumFDBEntries"
|
|
|
|
"ReduceARPProxy"
|
|
|
|
"L2MissNotification"
|
|
|
|
"L3MissNotification"
|
|
|
|
"RouteShortCircuit"
|
|
|
|
"UDPChecksum"
|
|
|
|
"UDP6ZeroChecksumTx"
|
|
|
|
"UDP6ZeroChecksumRx"
|
|
|
|
"RemoteChecksumTx"
|
|
|
|
"RemoteChecksumRx"
|
|
|
|
"GroupPolicyExtension"
|
|
|
|
"GenericProtocolExtension"
|
|
|
|
"DestinationPort"
|
|
|
|
"PortRange"
|
|
|
|
"FlowLabel"
|
|
|
|
"IPDoNotFragment"
|
2023-07-03 23:53:34 +00:00
|
|
|
"Independent"
|
2020-07-01 16:05:32 +00:00
|
|
|
])
|
2020-07-09 08:12:22 +00:00
|
|
|
(assertInt "VNI")
|
2020-07-01 16:05:32 +00:00
|
|
|
(assertRange "VNI" 1 16777215)
|
|
|
|
(assertValueOneOf "MacLearning" boolValues)
|
|
|
|
(assertInt "MaximumFDBEntries")
|
|
|
|
(assertValueOneOf "ReduceARPProxy" boolValues)
|
|
|
|
(assertValueOneOf "L2MissNotification" boolValues)
|
|
|
|
(assertValueOneOf "L3MissNotification" boolValues)
|
|
|
|
(assertValueOneOf "RouteShortCircuit" boolValues)
|
|
|
|
(assertValueOneOf "UDPChecksum" boolValues)
|
|
|
|
(assertValueOneOf "UDP6ZeroChecksumTx" boolValues)
|
|
|
|
(assertValueOneOf "UDP6ZeroChecksumRx" boolValues)
|
|
|
|
(assertValueOneOf "RemoteChecksumTx" boolValues)
|
|
|
|
(assertValueOneOf "RemoteChecksumRx" boolValues)
|
|
|
|
(assertValueOneOf "GroupPolicyExtension" boolValues)
|
|
|
|
(assertValueOneOf "GenericProtocolExtension" boolValues)
|
2020-07-09 08:12:22 +00:00
|
|
|
(assertInt "FlowLabel")
|
2020-07-01 16:05:32 +00:00
|
|
|
(assertRange "FlowLabel" 0 1048575)
|
|
|
|
(assertValueOneOf "IPDoNotFragment" (boolValues + ["inherit"]))
|
2023-07-03 23:53:34 +00:00
|
|
|
(assertValueOneOf "Independent" boolValues)
|
2020-07-01 16:05:32 +00:00
|
|
|
];
|
|
|
|
|
|
|
|
sectionTunnel = checkUnitConfig "Tunnel" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"Local"
|
|
|
|
"Remote"
|
|
|
|
"TOS"
|
|
|
|
"TTL"
|
|
|
|
"DiscoverPathMTU"
|
|
|
|
"IPv6FlowLabel"
|
|
|
|
"CopyDSCP"
|
|
|
|
"EncapsulationLimit"
|
|
|
|
"Key"
|
|
|
|
"InputKey"
|
|
|
|
"OutputKey"
|
|
|
|
"Mode"
|
|
|
|
"Independent"
|
|
|
|
"AssignToLoopback"
|
|
|
|
"AllowLocalRemote"
|
|
|
|
"FooOverUDP"
|
|
|
|
"FOUDestinationPort"
|
|
|
|
"FOUSourcePort"
|
|
|
|
"Encapsulation"
|
|
|
|
"IPv6RapidDeploymentPrefix"
|
|
|
|
"ISATAP"
|
|
|
|
"SerializeTunneledPackets"
|
|
|
|
"ERSPANIndex"
|
|
|
|
])
|
2020-07-09 08:12:22 +00:00
|
|
|
(assertInt "TTL")
|
2020-07-01 16:05:32 +00:00
|
|
|
(assertRange "TTL" 0 255)
|
|
|
|
(assertValueOneOf "DiscoverPathMTU" boolValues)
|
|
|
|
(assertValueOneOf "CopyDSCP" boolValues)
|
|
|
|
(assertValueOneOf "Mode" ["ip6ip6" "ipip6" "any"])
|
|
|
|
(assertValueOneOf "Independent" boolValues)
|
|
|
|
(assertValueOneOf "AssignToLoopback" boolValues)
|
|
|
|
(assertValueOneOf "AllowLocalRemote" boolValues)
|
|
|
|
(assertValueOneOf "FooOverUDP" boolValues)
|
|
|
|
(assertPort "FOUDestinationPort")
|
|
|
|
(assertPort "FOUSourcePort")
|
|
|
|
(assertValueOneOf "Encapsulation" ["FooOverUDP" "GenericUDPEncapsulation"])
|
|
|
|
(assertValueOneOf "ISATAP" boolValues)
|
|
|
|
(assertValueOneOf "SerializeTunneledPackets" boolValues)
|
2020-07-09 08:12:22 +00:00
|
|
|
(assertInt "ERSPANIndex")
|
2020-07-01 16:05:32 +00:00
|
|
|
(assertRange "ERSPANIndex" 1 1048575)
|
|
|
|
];
|
|
|
|
|
2021-08-11 09:02:47 +00:00
|
|
|
sectionFooOverUDP = checkUnitConfig "FooOverUDP" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"Port"
|
|
|
|
"Encapsulation"
|
|
|
|
"Protocol"
|
|
|
|
])
|
|
|
|
(assertPort "Port")
|
|
|
|
(assertValueOneOf "Encapsulation" ["FooOverUDP" "GenericUDPEncapsulation"])
|
|
|
|
];
|
|
|
|
|
2020-07-01 16:05:32 +00:00
|
|
|
sectionPeer = checkUnitConfig "Peer" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"Name"
|
|
|
|
"MACAddress"
|
|
|
|
])
|
|
|
|
(assertMacAddress "MACAddress")
|
|
|
|
];
|
|
|
|
|
|
|
|
sectionTun = checkUnitConfig "Tun" tunChecks;
|
|
|
|
|
|
|
|
sectionTap = checkUnitConfig "Tap" tunChecks;
|
|
|
|
|
2023-02-27 23:06:39 +00:00
|
|
|
sectionL2TP = checkUnitConfig "L2TP" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"TunnelId"
|
|
|
|
"PeerTunnelId"
|
|
|
|
"Remote"
|
|
|
|
"Local"
|
|
|
|
"EncapsulationType"
|
|
|
|
"UDPSourcePort"
|
|
|
|
"UDPDestinationPort"
|
|
|
|
"UDPChecksum"
|
|
|
|
"UDP6ZeroChecksumTx"
|
|
|
|
"UDP6ZeroChecksumRx"
|
|
|
|
])
|
|
|
|
(assertInt "TunnelId")
|
|
|
|
(assertRange "TunnelId" 1 4294967295)
|
|
|
|
(assertInt "PeerTunnelId")
|
|
|
|
(assertRange "PeerTunnelId" 1 4294967295)
|
|
|
|
(assertValueOneOf "EncapsulationType" [ "ip" "udp" ])
|
|
|
|
(assertPort "UDPSourcePort")
|
|
|
|
(assertPort "UDPDestinationPort")
|
|
|
|
(assertValueOneOf "UDPChecksum" boolValues)
|
|
|
|
(assertValueOneOf "UDP6ZeroChecksumTx" boolValues)
|
|
|
|
(assertValueOneOf "UDP6ZeroChecksumRx" boolValues)
|
|
|
|
];
|
|
|
|
|
|
|
|
sectionL2TPSession = checkUnitConfig "L2TPSession" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"Name"
|
|
|
|
"SessionId"
|
|
|
|
"PeerSessionId"
|
|
|
|
"Layer2SpecificHeader"
|
|
|
|
])
|
|
|
|
(assertHasField "Name")
|
|
|
|
(assertHasField "SessionId")
|
|
|
|
(assertInt "SessionId")
|
|
|
|
(assertRange "SessionId" 1 4294967295)
|
|
|
|
(assertHasField "PeerSessionId")
|
|
|
|
(assertInt "PeerSessionId")
|
|
|
|
(assertRange "PeerSessionId" 1 4294967295)
|
|
|
|
(assertValueOneOf "Layer2SpecificHeader" [ "none" "default" ])
|
|
|
|
];
|
|
|
|
|
2020-07-01 16:05:32 +00:00
|
|
|
# NOTE The PrivateKey directive is missing on purpose here, please
|
|
|
|
# do not add it to this list. The nix store is world-readable let's
|
|
|
|
# refrain ourselves from providing a footgun.
|
|
|
|
sectionWireGuard = checkUnitConfig "WireGuard" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"PrivateKeyFile"
|
|
|
|
"ListenPort"
|
|
|
|
"FirewallMark"
|
2022-03-13 04:04:41 +00:00
|
|
|
"RouteTable"
|
|
|
|
"RouteMetric"
|
2020-07-01 16:05:32 +00:00
|
|
|
])
|
2020-07-09 08:12:22 +00:00
|
|
|
(assertInt "FirewallMark")
|
|
|
|
(assertRange "FirewallMark" 1 4294967295)
|
2020-07-01 16:05:32 +00:00
|
|
|
];
|
|
|
|
|
|
|
|
# NOTE The PresharedKey directive is missing on purpose here, please
|
|
|
|
# do not add it to this list. The nix store is world-readable,let's
|
|
|
|
# refrain ourselves from providing a footgun.
|
|
|
|
sectionWireGuardPeer = checkUnitConfig "WireGuardPeer" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"PublicKey"
|
|
|
|
"PresharedKeyFile"
|
|
|
|
"AllowedIPs"
|
|
|
|
"Endpoint"
|
|
|
|
"PersistentKeepalive"
|
2022-03-13 04:04:41 +00:00
|
|
|
"RouteTable"
|
|
|
|
"RouteMetric"
|
2020-07-01 16:05:32 +00:00
|
|
|
])
|
2020-07-09 08:12:22 +00:00
|
|
|
(assertInt "PersistentKeepalive")
|
2020-07-01 16:05:32 +00:00
|
|
|
(assertRange "PersistentKeepalive" 0 65535)
|
|
|
|
];
|
|
|
|
|
|
|
|
sectionBond = checkUnitConfig "Bond" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"Mode"
|
|
|
|
"TransmitHashPolicy"
|
|
|
|
"LACPTransmitRate"
|
|
|
|
"MIIMonitorSec"
|
|
|
|
"UpDelaySec"
|
|
|
|
"DownDelaySec"
|
|
|
|
"LearnPacketIntervalSec"
|
|
|
|
"AdSelect"
|
|
|
|
"AdActorSystemPriority"
|
|
|
|
"AdUserPortKey"
|
|
|
|
"AdActorSystem"
|
|
|
|
"FailOverMACPolicy"
|
|
|
|
"ARPValidate"
|
|
|
|
"ARPIntervalSec"
|
|
|
|
"ARPIPTargets"
|
|
|
|
"ARPAllTargets"
|
|
|
|
"PrimaryReselectPolicy"
|
|
|
|
"ResendIGMP"
|
|
|
|
"PacketsPerSlave"
|
|
|
|
"GratuitousARP"
|
|
|
|
"AllSlavesActive"
|
|
|
|
"DynamicTransmitLoadBalancing"
|
|
|
|
"MinLinks"
|
|
|
|
])
|
|
|
|
(assertValueOneOf "Mode" [
|
|
|
|
"balance-rr"
|
|
|
|
"active-backup"
|
|
|
|
"balance-xor"
|
|
|
|
"broadcast"
|
|
|
|
"802.3ad"
|
|
|
|
"balance-tlb"
|
|
|
|
"balance-alb"
|
|
|
|
])
|
|
|
|
(assertValueOneOf "TransmitHashPolicy" [
|
|
|
|
"layer2"
|
|
|
|
"layer3+4"
|
|
|
|
"layer2+3"
|
|
|
|
"encap2+3"
|
|
|
|
"encap3+4"
|
|
|
|
])
|
|
|
|
(assertValueOneOf "LACPTransmitRate" ["slow" "fast"])
|
|
|
|
(assertValueOneOf "AdSelect" ["stable" "bandwidth" "count"])
|
2020-07-09 08:12:22 +00:00
|
|
|
(assertInt "AdActorSystemPriority")
|
2020-07-01 16:05:32 +00:00
|
|
|
(assertRange "AdActorSystemPriority" 1 65535)
|
2020-07-09 08:12:22 +00:00
|
|
|
(assertInt "AdUserPortKey")
|
2020-07-01 16:05:32 +00:00
|
|
|
(assertRange "AdUserPortKey" 0 1023)
|
|
|
|
(assertValueOneOf "FailOverMACPolicy" ["none" "active" "follow"])
|
|
|
|
(assertValueOneOf "ARPValidate" ["none" "active" "backup" "all"])
|
|
|
|
(assertValueOneOf "ARPAllTargets" ["any" "all"])
|
|
|
|
(assertValueOneOf "PrimaryReselectPolicy" ["always" "better" "failure"])
|
2020-07-09 08:12:22 +00:00
|
|
|
(assertInt "ResendIGMP")
|
2020-07-01 16:05:32 +00:00
|
|
|
(assertRange "ResendIGMP" 0 255)
|
2020-07-09 08:12:22 +00:00
|
|
|
(assertInt "PacketsPerSlave")
|
2020-07-01 16:05:32 +00:00
|
|
|
(assertRange "PacketsPerSlave" 0 65535)
|
2020-07-09 08:12:22 +00:00
|
|
|
(assertInt "GratuitousARP")
|
2020-07-01 16:05:32 +00:00
|
|
|
(assertRange "GratuitousARP" 0 255)
|
|
|
|
(assertValueOneOf "AllSlavesActive" boolValues)
|
|
|
|
(assertValueOneOf "DynamicTransmitLoadBalancing" boolValues)
|
|
|
|
(assertInt "MinLinks")
|
|
|
|
(assertMinimum "MinLinks" 0)
|
|
|
|
];
|
|
|
|
|
|
|
|
sectionXfrm = checkUnitConfig "Xfrm" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"InterfaceId"
|
|
|
|
"Independent"
|
|
|
|
])
|
2020-07-09 08:12:22 +00:00
|
|
|
(assertInt "InterfaceId")
|
|
|
|
(assertRange "InterfaceId" 1 4294967295)
|
2020-07-01 16:05:32 +00:00
|
|
|
(assertValueOneOf "Independent" boolValues)
|
|
|
|
];
|
|
|
|
|
|
|
|
sectionVRF = checkUnitConfig "VRF" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"Table"
|
|
|
|
])
|
|
|
|
(assertInt "Table")
|
|
|
|
(assertMinimum "Table" 0)
|
|
|
|
];
|
2021-11-16 22:41:17 +00:00
|
|
|
|
|
|
|
sectionBatmanAdvanced = checkUnitConfig "BatmanAdvanced" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"GatewayMode"
|
|
|
|
"Aggregation"
|
|
|
|
"BridgeLoopAvoidance"
|
|
|
|
"DistributedArpTable"
|
|
|
|
"Fragmentation"
|
|
|
|
"HopPenalty"
|
|
|
|
"OriginatorIntervalSec"
|
|
|
|
"GatewayBandwithDown"
|
|
|
|
"GatewayBandwithUp"
|
|
|
|
"RoutingAlgorithm"
|
|
|
|
])
|
|
|
|
(assertValueOneOf "GatewayMode" ["off" "client" "server"])
|
|
|
|
(assertValueOneOf "Aggregation" boolValues)
|
|
|
|
(assertValueOneOf "BridgeLoopAvoidance" boolValues)
|
|
|
|
(assertValueOneOf "DistributedArpTable" boolValues)
|
|
|
|
(assertValueOneOf "Fragmentation" boolValues)
|
|
|
|
(assertInt "HopPenalty")
|
|
|
|
(assertRange "HopPenalty" 0 255)
|
|
|
|
(assertValueOneOf "RoutingAlgorithm" ["batman-v" "batman-iv"])
|
|
|
|
];
|
2020-07-01 16:05:32 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
network = {
|
|
|
|
|
|
|
|
sectionLink = checkUnitConfig "Link" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"MACAddress"
|
|
|
|
"MTUBytes"
|
|
|
|
"ARP"
|
|
|
|
"Multicast"
|
|
|
|
"AllMulticast"
|
|
|
|
"Unmanaged"
|
2022-08-19 13:00:18 +00:00
|
|
|
"Group"
|
2020-07-01 16:05:32 +00:00
|
|
|
"RequiredForOnline"
|
2022-07-25 22:02:25 +00:00
|
|
|
"RequiredFamilyForOnline"
|
2021-09-25 14:03:42 +00:00
|
|
|
"ActivationPolicy"
|
2022-08-02 11:36:01 +00:00
|
|
|
"Promiscuous"
|
2020-07-01 16:05:32 +00:00
|
|
|
])
|
|
|
|
(assertMacAddress "MACAddress")
|
|
|
|
(assertByteFormat "MTUBytes")
|
|
|
|
(assertValueOneOf "ARP" boolValues)
|
|
|
|
(assertValueOneOf "Multicast" boolValues)
|
|
|
|
(assertValueOneOf "AllMulticast" boolValues)
|
2022-08-02 11:36:01 +00:00
|
|
|
(assertValueOneOf "Promiscuous" boolValues)
|
2020-07-01 16:05:32 +00:00
|
|
|
(assertValueOneOf "Unmanaged" boolValues)
|
2022-08-19 13:00:18 +00:00
|
|
|
(assertInt "Group")
|
|
|
|
(assertRange "Group" 0 2147483647)
|
2020-07-01 16:05:32 +00:00
|
|
|
(assertValueOneOf "RequiredForOnline" (boolValues ++ [
|
|
|
|
"missing"
|
|
|
|
"off"
|
|
|
|
"no-carrier"
|
|
|
|
"dormant"
|
|
|
|
"degraded-carrier"
|
|
|
|
"carrier"
|
|
|
|
"degraded"
|
|
|
|
"enslaved"
|
|
|
|
"routable"
|
|
|
|
]))
|
2022-07-25 22:02:25 +00:00
|
|
|
(assertValueOneOf "RequiredFamilyForOnline" [
|
|
|
|
"ipv4"
|
|
|
|
"ipv6"
|
|
|
|
"both"
|
|
|
|
"any"
|
|
|
|
])
|
2021-09-25 14:03:42 +00:00
|
|
|
(assertValueOneOf "ActivationPolicy" ([
|
|
|
|
"up"
|
|
|
|
"always-up"
|
|
|
|
"manual"
|
|
|
|
"always-down"
|
|
|
|
"down"
|
|
|
|
"bound"
|
|
|
|
]))
|
2020-07-01 16:05:32 +00:00
|
|
|
];
|
|
|
|
|
|
|
|
sectionNetwork = checkUnitConfig "Network" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"Description"
|
|
|
|
"DHCP"
|
|
|
|
"DHCPServer"
|
|
|
|
"LinkLocalAddressing"
|
|
|
|
"IPv4LLRoute"
|
|
|
|
"DefaultRouteOnDevice"
|
|
|
|
"LLMNR"
|
|
|
|
"MulticastDNS"
|
|
|
|
"DNSOverTLS"
|
|
|
|
"DNSSEC"
|
|
|
|
"DNSSECNegativeTrustAnchors"
|
|
|
|
"LLDP"
|
|
|
|
"EmitLLDP"
|
|
|
|
"BindCarrier"
|
|
|
|
"Address"
|
|
|
|
"Gateway"
|
|
|
|
"DNS"
|
|
|
|
"Domains"
|
|
|
|
"DNSDefaultRoute"
|
|
|
|
"NTP"
|
|
|
|
"IPForward"
|
|
|
|
"IPMasquerade"
|
|
|
|
"IPv6PrivacyExtensions"
|
|
|
|
"IPv6AcceptRA"
|
|
|
|
"IPv6DuplicateAddressDetection"
|
|
|
|
"IPv6HopLimit"
|
|
|
|
"IPv4ProxyARP"
|
|
|
|
"IPv6ProxyNDP"
|
|
|
|
"IPv6ProxyNDPAddress"
|
2021-01-30 11:33:14 +00:00
|
|
|
"IPv6SendRA"
|
2022-10-08 22:00:18 +00:00
|
|
|
"DHCPPrefixDelegation"
|
2020-07-01 16:05:32 +00:00
|
|
|
"IPv6MTUBytes"
|
|
|
|
"Bridge"
|
|
|
|
"Bond"
|
|
|
|
"VRF"
|
|
|
|
"VLAN"
|
|
|
|
"IPVLAN"
|
|
|
|
"MACVLAN"
|
2023-07-03 22:46:35 +00:00
|
|
|
"MACVTAP"
|
2020-07-01 16:05:32 +00:00
|
|
|
"VXLAN"
|
|
|
|
"Tunnel"
|
|
|
|
"MACsec"
|
|
|
|
"ActiveSlave"
|
|
|
|
"PrimarySlave"
|
|
|
|
"ConfigureWithoutCarrier"
|
|
|
|
"IgnoreCarrierLoss"
|
|
|
|
"Xfrm"
|
|
|
|
"KeepConfiguration"
|
2021-11-16 22:41:17 +00:00
|
|
|
"BatmanAdvanced"
|
2020-07-01 16:05:32 +00:00
|
|
|
])
|
|
|
|
# Note: For DHCP the values both, none, v4, v6 are deprecated
|
|
|
|
(assertValueOneOf "DHCP" ["yes" "no" "ipv4" "ipv6"])
|
|
|
|
(assertValueOneOf "DHCPServer" boolValues)
|
|
|
|
(assertValueOneOf "LinkLocalAddressing" ["yes" "no" "ipv4" "ipv6" "fallback" "ipv4-fallback"])
|
|
|
|
(assertValueOneOf "IPv4LLRoute" boolValues)
|
|
|
|
(assertValueOneOf "DefaultRouteOnDevice" boolValues)
|
|
|
|
(assertValueOneOf "LLMNR" (boolValues ++ ["resolve"]))
|
|
|
|
(assertValueOneOf "MulticastDNS" (boolValues ++ ["resolve"]))
|
|
|
|
(assertValueOneOf "DNSOverTLS" (boolValues ++ ["opportunistic"]))
|
|
|
|
(assertValueOneOf "DNSSEC" (boolValues ++ ["allow-downgrade"]))
|
|
|
|
(assertValueOneOf "LLDP" (boolValues ++ ["routers-only"]))
|
|
|
|
(assertValueOneOf "EmitLLDP" (boolValues ++ ["nearest-bridge" "non-tpmr-bridge" "customer-bridge"]))
|
|
|
|
(assertValueOneOf "DNSDefaultRoute" boolValues)
|
|
|
|
(assertValueOneOf "IPForward" (boolValues ++ ["ipv4" "ipv6"]))
|
2022-01-20 11:16:46 +00:00
|
|
|
(assertValueOneOf "IPMasquerade" (boolValues ++ ["ipv4" "ipv6" "both"]))
|
2020-07-01 16:05:32 +00:00
|
|
|
(assertValueOneOf "IPv6PrivacyExtensions" (boolValues ++ ["prefer-public" "kernel"]))
|
|
|
|
(assertValueOneOf "IPv6AcceptRA" boolValues)
|
|
|
|
(assertInt "IPv6DuplicateAddressDetection")
|
|
|
|
(assertMinimum "IPv6DuplicateAddressDetection" 0)
|
|
|
|
(assertInt "IPv6HopLimit")
|
|
|
|
(assertMinimum "IPv6HopLimit" 0)
|
|
|
|
(assertValueOneOf "IPv4ProxyARP" boolValues)
|
|
|
|
(assertValueOneOf "IPv6ProxyNDP" boolValues)
|
2021-01-30 11:33:14 +00:00
|
|
|
(assertValueOneOf "IPv6SendRA" boolValues)
|
2022-10-08 22:00:18 +00:00
|
|
|
(assertValueOneOf "DHCPPrefixDelegation" boolValues)
|
2020-07-01 16:05:32 +00:00
|
|
|
(assertByteFormat "IPv6MTUBytes")
|
|
|
|
(assertValueOneOf "ActiveSlave" boolValues)
|
|
|
|
(assertValueOneOf "PrimarySlave" boolValues)
|
|
|
|
(assertValueOneOf "ConfigureWithoutCarrier" boolValues)
|
|
|
|
(assertValueOneOf "KeepConfiguration" (boolValues ++ ["static" "dhcp-on-stop" "dhcp"]))
|
|
|
|
];
|
|
|
|
|
|
|
|
sectionAddress = checkUnitConfig "Address" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"Address"
|
|
|
|
"Peer"
|
|
|
|
"Broadcast"
|
|
|
|
"Label"
|
|
|
|
"PreferredLifetime"
|
|
|
|
"Scope"
|
2022-10-27 04:53:32 +00:00
|
|
|
"RouteMetric"
|
2020-07-01 16:05:32 +00:00
|
|
|
"HomeAddress"
|
|
|
|
"DuplicateAddressDetection"
|
|
|
|
"ManageTemporaryAddress"
|
|
|
|
"AddPrefixRoute"
|
|
|
|
"AutoJoin"
|
|
|
|
])
|
|
|
|
(assertHasField "Address")
|
|
|
|
(assertValueOneOf "PreferredLifetime" ["forever" "infinity" "0" 0])
|
2022-10-27 04:53:32 +00:00
|
|
|
(assertInt "RouteMetric")
|
2020-07-01 16:05:32 +00:00
|
|
|
(assertValueOneOf "HomeAddress" boolValues)
|
|
|
|
(assertValueOneOf "DuplicateAddressDetection" ["ipv4" "ipv6" "both" "none"])
|
|
|
|
(assertValueOneOf "ManageTemporaryAddress" boolValues)
|
|
|
|
(assertValueOneOf "AddPrefixRoute" boolValues)
|
|
|
|
(assertValueOneOf "AutoJoin" boolValues)
|
|
|
|
];
|
|
|
|
|
|
|
|
sectionRoutingPolicyRule = checkUnitConfig "RoutingPolicyRule" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"TypeOfService"
|
|
|
|
"From"
|
|
|
|
"To"
|
|
|
|
"FirewallMark"
|
|
|
|
"Table"
|
|
|
|
"Priority"
|
|
|
|
"IncomingInterface"
|
|
|
|
"OutgoingInterface"
|
|
|
|
"SourcePort"
|
|
|
|
"DestinationPort"
|
|
|
|
"IPProtocol"
|
|
|
|
"InvertRule"
|
|
|
|
"Family"
|
|
|
|
"User"
|
|
|
|
"SuppressPrefixLength"
|
2021-12-07 09:13:22 +00:00
|
|
|
"Type"
|
2022-10-08 22:27:52 +00:00
|
|
|
"SuppressInterfaceGroup"
|
2020-07-01 16:05:32 +00:00
|
|
|
])
|
2020-07-09 08:12:22 +00:00
|
|
|
(assertInt "TypeOfService")
|
2020-07-01 16:05:32 +00:00
|
|
|
(assertRange "TypeOfService" 0 255)
|
|
|
|
(assertInt "FirewallMark")
|
2020-07-09 08:12:22 +00:00
|
|
|
(assertRange "FirewallMark" 1 4294967295)
|
2020-07-01 16:05:32 +00:00
|
|
|
(assertInt "Priority")
|
|
|
|
(assertPort "SourcePort")
|
|
|
|
(assertPort "DestinationPort")
|
|
|
|
(assertValueOneOf "InvertRule" boolValues)
|
|
|
|
(assertValueOneOf "Family" ["ipv4" "ipv6" "both"])
|
2020-07-09 08:12:22 +00:00
|
|
|
(assertInt "SuppressPrefixLength")
|
2020-07-01 16:05:32 +00:00
|
|
|
(assertRange "SuppressPrefixLength" 0 128)
|
2021-12-07 09:13:22 +00:00
|
|
|
(assertValueOneOf "Type" ["blackhole" "unreachable" "prohibit"])
|
2022-10-08 22:27:52 +00:00
|
|
|
(assertRange "SuppressInterfaceGroup" 0 2147483647)
|
2020-07-01 16:05:32 +00:00
|
|
|
];
|
|
|
|
|
|
|
|
sectionRoute = checkUnitConfig "Route" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"Gateway"
|
|
|
|
"GatewayOnLink"
|
|
|
|
"Destination"
|
|
|
|
"Source"
|
|
|
|
"Metric"
|
|
|
|
"IPv6Preference"
|
|
|
|
"Scope"
|
|
|
|
"PreferredSource"
|
|
|
|
"Table"
|
|
|
|
"Protocol"
|
|
|
|
"Type"
|
|
|
|
"InitialCongestionWindow"
|
|
|
|
"InitialAdvertisedReceiveWindow"
|
|
|
|
"QuickAck"
|
|
|
|
"FastOpenNoCookie"
|
|
|
|
"TTLPropagate"
|
|
|
|
"MTUBytes"
|
|
|
|
"IPServiceType"
|
|
|
|
"MultiPathRoute"
|
|
|
|
])
|
|
|
|
(assertValueOneOf "GatewayOnLink" boolValues)
|
|
|
|
(assertInt "Metric")
|
|
|
|
(assertValueOneOf "IPv6Preference" ["low" "medium" "high"])
|
|
|
|
(assertValueOneOf "Scope" ["global" "site" "link" "host" "nowhere"])
|
|
|
|
(assertValueOneOf "Type" [
|
|
|
|
"unicast"
|
|
|
|
"local"
|
|
|
|
"broadcast"
|
|
|
|
"anycast"
|
|
|
|
"multicast"
|
|
|
|
"blackhole"
|
|
|
|
"unreachable"
|
|
|
|
"prohibit"
|
|
|
|
"throw"
|
|
|
|
"nat"
|
|
|
|
"xresolve"
|
|
|
|
])
|
|
|
|
(assertValueOneOf "QuickAck" boolValues)
|
|
|
|
(assertValueOneOf "FastOpenNoCookie" boolValues)
|
|
|
|
(assertValueOneOf "TTLPropagate" boolValues)
|
|
|
|
(assertByteFormat "MTUBytes")
|
|
|
|
(assertValueOneOf "IPServiceType" ["CS6" "CS4"])
|
|
|
|
];
|
|
|
|
|
|
|
|
sectionDHCPv4 = checkUnitConfig "DHCPv4" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"UseDNS"
|
|
|
|
"RoutesToDNS"
|
|
|
|
"UseNTP"
|
|
|
|
"UseSIP"
|
|
|
|
"UseMTU"
|
|
|
|
"Anonymize"
|
|
|
|
"SendHostname"
|
|
|
|
"UseHostname"
|
|
|
|
"Hostname"
|
|
|
|
"UseDomains"
|
|
|
|
"UseRoutes"
|
|
|
|
"UseTimezone"
|
|
|
|
"ClientIdentifier"
|
|
|
|
"VendorClassIdentifier"
|
|
|
|
"UserClass"
|
|
|
|
"MaxAttempts"
|
|
|
|
"DUIDType"
|
|
|
|
"DUIDRawData"
|
|
|
|
"IAID"
|
|
|
|
"RequestBroadcast"
|
|
|
|
"RouteMetric"
|
|
|
|
"RouteTable"
|
|
|
|
"RouteMTUBytes"
|
|
|
|
"ListenPort"
|
|
|
|
"SendRelease"
|
|
|
|
"SendDecline"
|
|
|
|
"BlackList"
|
|
|
|
"RequestOptions"
|
|
|
|
"SendOption"
|
2022-10-08 22:27:52 +00:00
|
|
|
"FallbackLeaseLifetimeSec"
|
|
|
|
"Label"
|
|
|
|
"Use6RD"
|
2020-07-01 16:05:32 +00:00
|
|
|
])
|
|
|
|
(assertValueOneOf "UseDNS" boolValues)
|
|
|
|
(assertValueOneOf "RoutesToDNS" boolValues)
|
|
|
|
(assertValueOneOf "UseNTP" boolValues)
|
|
|
|
(assertValueOneOf "UseSIP" boolValues)
|
|
|
|
(assertValueOneOf "UseMTU" boolValues)
|
|
|
|
(assertValueOneOf "Anonymize" boolValues)
|
|
|
|
(assertValueOneOf "SendHostname" boolValues)
|
|
|
|
(assertValueOneOf "UseHostname" boolValues)
|
|
|
|
(assertValueOneOf "UseDomains" (boolValues ++ ["route"]))
|
|
|
|
(assertValueOneOf "UseRoutes" boolValues)
|
|
|
|
(assertValueOneOf "UseTimezone" boolValues)
|
|
|
|
(assertValueOneOf "ClientIdentifier" ["mac" "duid" "duid-only"])
|
|
|
|
(assertInt "IAID")
|
|
|
|
(assertValueOneOf "RequestBroadcast" boolValues)
|
|
|
|
(assertInt "RouteMetric")
|
|
|
|
(assertInt "RouteTable")
|
2020-07-09 08:12:22 +00:00
|
|
|
(assertRange "RouteTable" 0 4294967295)
|
2020-07-01 16:05:32 +00:00
|
|
|
(assertByteFormat "RouteMTUBytes")
|
|
|
|
(assertPort "ListenPort")
|
|
|
|
(assertValueOneOf "SendRelease" boolValues)
|
|
|
|
(assertValueOneOf "SendDecline" boolValues)
|
2022-10-08 22:27:52 +00:00
|
|
|
(assertValueOneOf "FallbackLeaseLifetimeSec" ["forever" "infinity"])
|
|
|
|
(assertValueOneOf "Use6RD" boolValues)
|
2020-07-01 16:05:32 +00:00
|
|
|
];
|
|
|
|
|
|
|
|
sectionDHCPv6 = checkUnitConfig "DHCPv6" [
|
|
|
|
(assertOnlyFields [
|
2021-01-30 10:04:35 +00:00
|
|
|
"UseAddress"
|
2020-07-01 16:05:32 +00:00
|
|
|
"UseDNS"
|
|
|
|
"UseNTP"
|
2021-01-30 10:04:35 +00:00
|
|
|
"RouteMetric"
|
2020-07-01 16:05:32 +00:00
|
|
|
"RapidCommit"
|
2021-01-30 10:04:35 +00:00
|
|
|
"MUDURL"
|
|
|
|
"RequestOptions"
|
|
|
|
"SendVendorOption"
|
2020-07-01 16:05:32 +00:00
|
|
|
"PrefixDelegationHint"
|
2021-01-30 10:04:35 +00:00
|
|
|
"WithoutRA"
|
|
|
|
"SendOption"
|
|
|
|
"UserClass"
|
|
|
|
"VendorClass"
|
2021-09-28 13:33:06 +00:00
|
|
|
"DUIDType"
|
|
|
|
"DUIDRawData"
|
|
|
|
"IAID"
|
2022-10-08 22:27:52 +00:00
|
|
|
"UseDelegatedPrefix"
|
2020-07-01 16:05:32 +00:00
|
|
|
])
|
2021-01-30 10:04:35 +00:00
|
|
|
(assertValueOneOf "UseAddress" boolValues)
|
2020-07-01 16:05:32 +00:00
|
|
|
(assertValueOneOf "UseDNS" boolValues)
|
|
|
|
(assertValueOneOf "UseNTP" boolValues)
|
2021-01-30 10:04:35 +00:00
|
|
|
(assertInt "RouteMetric")
|
2020-07-01 16:05:32 +00:00
|
|
|
(assertValueOneOf "RapidCommit" boolValues)
|
2022-10-08 22:14:53 +00:00
|
|
|
(assertValueOneOf "WithoutRA" ["no" "solicit" "information-request"])
|
2021-01-30 10:04:35 +00:00
|
|
|
(assertRange "SendOption" 1 65536)
|
2021-09-28 13:33:06 +00:00
|
|
|
(assertInt "IAID")
|
2022-10-08 22:27:52 +00:00
|
|
|
(assertValueOneOf "UseDelegatedPrefix" boolValues)
|
2020-07-01 16:05:32 +00:00
|
|
|
];
|
|
|
|
|
2022-10-08 22:00:18 +00:00
|
|
|
sectionDHCPPrefixDelegation = checkUnitConfig "DHCPPrefixDelegation" [
|
2021-01-30 10:24:13 +00:00
|
|
|
(assertOnlyFields [
|
2022-10-08 22:00:18 +00:00
|
|
|
"UplinkInterface"
|
2021-01-30 10:24:13 +00:00
|
|
|
"SubnetId"
|
|
|
|
"Announce"
|
|
|
|
"Assign"
|
|
|
|
"Token"
|
2022-10-08 22:00:18 +00:00
|
|
|
"ManageTemporaryAddress"
|
|
|
|
"RouteMetric"
|
2021-01-30 10:24:13 +00:00
|
|
|
])
|
|
|
|
(assertValueOneOf "Announce" boolValues)
|
|
|
|
(assertValueOneOf "Assign" boolValues)
|
2022-10-08 22:00:18 +00:00
|
|
|
(assertValueOneOf "ManageTemporaryAddress" boolValues)
|
|
|
|
(assertRange "RouteMetric" 0 4294967295)
|
2021-01-30 10:24:13 +00:00
|
|
|
];
|
|
|
|
|
2021-01-30 10:32:07 +00:00
|
|
|
sectionIPv6AcceptRA = checkUnitConfig "IPv6AcceptRA" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"UseDNS"
|
|
|
|
"UseDomains"
|
|
|
|
"RouteTable"
|
|
|
|
"UseAutonomousPrefix"
|
|
|
|
"UseOnLinkPrefix"
|
|
|
|
"RouterDenyList"
|
|
|
|
"RouterAllowList"
|
|
|
|
"PrefixDenyList"
|
|
|
|
"PrefixAllowList"
|
|
|
|
"RouteDenyList"
|
|
|
|
"RouteAllowList"
|
|
|
|
"DHCPv6Client"
|
2022-04-29 11:55:16 +00:00
|
|
|
"RouteMetric"
|
2022-10-08 22:46:33 +00:00
|
|
|
"UseMTU"
|
|
|
|
"UseGateway"
|
|
|
|
"UseRoutePrefix"
|
|
|
|
"Token"
|
2021-01-30 10:32:07 +00:00
|
|
|
])
|
|
|
|
(assertValueOneOf "UseDNS" boolValues)
|
|
|
|
(assertValueOneOf "UseDomains" (boolValues ++ ["route"]))
|
|
|
|
(assertRange "RouteTable" 0 4294967295)
|
|
|
|
(assertValueOneOf "UseAutonomousPrefix" boolValues)
|
|
|
|
(assertValueOneOf "UseOnLinkPrefix" boolValues)
|
|
|
|
(assertValueOneOf "DHCPv6Client" (boolValues ++ ["always"]))
|
2022-10-08 22:27:52 +00:00
|
|
|
(assertValueOneOf "UseMTU" boolValues)
|
|
|
|
(assertValueOneOf "UseGateway" boolValues)
|
|
|
|
(assertValueOneOf "UseRoutePrefix" boolValues)
|
2020-07-01 16:05:32 +00:00
|
|
|
];
|
|
|
|
|
|
|
|
sectionDHCPServer = checkUnitConfig "DHCPServer" [
|
|
|
|
(assertOnlyFields [
|
2022-08-25 08:35:22 +00:00
|
|
|
"ServerAddress"
|
2020-07-01 16:05:32 +00:00
|
|
|
"PoolOffset"
|
|
|
|
"PoolSize"
|
|
|
|
"DefaultLeaseTimeSec"
|
|
|
|
"MaxLeaseTimeSec"
|
2022-08-25 08:35:22 +00:00
|
|
|
"UplinkInterface"
|
2020-07-01 16:05:32 +00:00
|
|
|
"EmitDNS"
|
|
|
|
"DNS"
|
|
|
|
"EmitNTP"
|
|
|
|
"NTP"
|
|
|
|
"EmitSIP"
|
|
|
|
"SIP"
|
2021-05-17 16:30:37 +00:00
|
|
|
"EmitPOP3"
|
|
|
|
"POP3"
|
|
|
|
"EmitSMTP"
|
|
|
|
"SMTP"
|
|
|
|
"EmitLPR"
|
|
|
|
"LPR"
|
2020-07-01 16:05:32 +00:00
|
|
|
"EmitRouter"
|
2022-08-25 08:35:22 +00:00
|
|
|
"Router"
|
2020-07-01 16:05:32 +00:00
|
|
|
"EmitTimezone"
|
|
|
|
"Timezone"
|
|
|
|
"SendOption"
|
2021-05-17 16:30:37 +00:00
|
|
|
"SendVendorOption"
|
2022-08-25 08:35:22 +00:00
|
|
|
"BindToInterface"
|
|
|
|
"RelayTarget"
|
|
|
|
"RelayAgentCircuitId"
|
|
|
|
"RelayAgentRemoteId"
|
2020-07-01 16:05:32 +00:00
|
|
|
])
|
|
|
|
(assertInt "PoolOffset")
|
|
|
|
(assertMinimum "PoolOffset" 0)
|
|
|
|
(assertInt "PoolSize")
|
|
|
|
(assertMinimum "PoolSize" 0)
|
|
|
|
(assertValueOneOf "EmitDNS" boolValues)
|
|
|
|
(assertValueOneOf "EmitNTP" boolValues)
|
|
|
|
(assertValueOneOf "EmitSIP" boolValues)
|
2021-05-17 16:30:37 +00:00
|
|
|
(assertValueOneOf "EmitPOP3" boolValues)
|
|
|
|
(assertValueOneOf "EmitSMTP" boolValues)
|
|
|
|
(assertValueOneOf "EmitLPR" boolValues)
|
2020-07-01 16:05:32 +00:00
|
|
|
(assertValueOneOf "EmitRouter" boolValues)
|
|
|
|
(assertValueOneOf "EmitTimezone" boolValues)
|
2022-08-25 08:35:22 +00:00
|
|
|
(assertValueOneOf "BindToInterface" boolValues)
|
2020-07-01 16:05:32 +00:00
|
|
|
];
|
|
|
|
|
2021-01-30 11:33:14 +00:00
|
|
|
sectionIPv6SendRA = checkUnitConfig "IPv6SendRA" [
|
2020-07-01 16:05:32 +00:00
|
|
|
(assertOnlyFields [
|
|
|
|
"Managed"
|
|
|
|
"OtherInformation"
|
|
|
|
"RouterLifetimeSec"
|
|
|
|
"RouterPreference"
|
2022-08-25 08:35:22 +00:00
|
|
|
"UplinkInterface"
|
2020-07-01 16:05:32 +00:00
|
|
|
"EmitDNS"
|
|
|
|
"DNS"
|
|
|
|
"EmitDomains"
|
|
|
|
"Domains"
|
|
|
|
"DNSLifetimeSec"
|
|
|
|
])
|
|
|
|
(assertValueOneOf "Managed" boolValues)
|
|
|
|
(assertValueOneOf "OtherInformation" boolValues)
|
|
|
|
(assertValueOneOf "RouterPreference" ["high" "medium" "low" "normal" "default"])
|
|
|
|
(assertValueOneOf "EmitDNS" boolValues)
|
|
|
|
(assertValueOneOf "EmitDomains" boolValues)
|
|
|
|
];
|
|
|
|
|
|
|
|
sectionIPv6Prefix = checkUnitConfig "IPv6Prefix" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"AddressAutoconfiguration"
|
|
|
|
"OnLink"
|
|
|
|
"Prefix"
|
|
|
|
"PreferredLifetimeSec"
|
|
|
|
"ValidLifetimeSec"
|
2022-10-08 22:46:33 +00:00
|
|
|
"Token"
|
2020-07-01 16:05:32 +00:00
|
|
|
])
|
|
|
|
(assertValueOneOf "AddressAutoconfiguration" boolValues)
|
|
|
|
(assertValueOneOf "OnLink" boolValues)
|
|
|
|
];
|
|
|
|
|
2022-07-31 21:11:01 +00:00
|
|
|
sectionIPv6RoutePrefix = checkUnitConfig "IPv6RoutePrefix" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"Route"
|
|
|
|
"LifetimeSec"
|
|
|
|
])
|
|
|
|
(assertHasField "Route")
|
|
|
|
(assertInt "LifetimeSec")
|
|
|
|
];
|
|
|
|
|
2021-11-30 08:57:15 +00:00
|
|
|
sectionDHCPServerStaticLease = checkUnitConfig "DHCPServerStaticLease" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"MACAddress"
|
|
|
|
"Address"
|
|
|
|
])
|
|
|
|
(assertHasField "MACAddress")
|
|
|
|
(assertHasField "Address")
|
|
|
|
(assertMacAddress "MACAddress")
|
|
|
|
];
|
|
|
|
|
2023-02-27 23:06:39 +00:00
|
|
|
sectionBridge = checkUnitConfig "Bridge" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"UnicastFlood"
|
|
|
|
"MulticastFlood"
|
|
|
|
"MulticastToUnicast"
|
|
|
|
"NeighborSuppression"
|
|
|
|
"Learning"
|
|
|
|
"Hairpin"
|
|
|
|
"Isolated"
|
|
|
|
"UseBPDU"
|
|
|
|
"FastLeave"
|
|
|
|
"AllowPortToBeRoot"
|
|
|
|
"ProxyARP"
|
|
|
|
"ProxyARPWiFi"
|
|
|
|
"MulticastRouter"
|
|
|
|
"Cost"
|
|
|
|
"Priority"
|
|
|
|
])
|
|
|
|
(assertValueOneOf "UnicastFlood" boolValues)
|
|
|
|
(assertValueOneOf "MulticastFlood" boolValues)
|
|
|
|
(assertValueOneOf "MulticastToUnicast" boolValues)
|
|
|
|
(assertValueOneOf "NeighborSuppression" boolValues)
|
|
|
|
(assertValueOneOf "Learning" boolValues)
|
|
|
|
(assertValueOneOf "Hairpin" boolValues)
|
|
|
|
(assertValueOneOf "Isolated" boolValues)
|
|
|
|
(assertValueOneOf "UseBPDU" boolValues)
|
|
|
|
(assertValueOneOf "FastLeave" boolValues)
|
|
|
|
(assertValueOneOf "AllowPortToBeRoot" boolValues)
|
|
|
|
(assertValueOneOf "ProxyARP" boolValues)
|
|
|
|
(assertValueOneOf "ProxyARPWiFi" boolValues)
|
|
|
|
(assertValueOneOf "MulticastRouter" [ "no" "query" "permanent" "temporary" ])
|
|
|
|
(assertInt "Cost")
|
|
|
|
(assertRange "Cost" 1 65535)
|
|
|
|
(assertInt "Priority")
|
|
|
|
(assertRange "Priority" 0 63)
|
|
|
|
];
|
2023-02-27 23:06:39 +00:00
|
|
|
|
|
|
|
sectionBridgeFDB = checkUnitConfig "BridgeFDB" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"MACAddress"
|
|
|
|
"Destination"
|
|
|
|
"VLANId"
|
|
|
|
"VNI"
|
|
|
|
"AssociatedWith"
|
|
|
|
"OutgoingInterface"
|
|
|
|
])
|
|
|
|
(assertHasField "MACAddress")
|
|
|
|
(assertInt "VLANId")
|
|
|
|
(assertRange "VLANId" 0 4094)
|
|
|
|
(assertInt "VNI")
|
|
|
|
(assertRange "VNI" 1 16777215)
|
|
|
|
(assertValueOneOf "AssociatedWith" [ "use" "self" "master" "router" ])
|
|
|
|
];
|
2023-02-27 23:06:39 +00:00
|
|
|
|
|
|
|
sectionBridgeMDB = checkUnitConfig "BridgeMDB" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"MulticastGroupAddress"
|
|
|
|
"VLANId"
|
|
|
|
])
|
|
|
|
(assertHasField "MulticastGroupAddress")
|
|
|
|
(assertInt "VLANId")
|
|
|
|
(assertRange "VLANId" 0 4094)
|
|
|
|
];
|
2023-02-27 23:06:39 +00:00
|
|
|
|
|
|
|
sectionLLDP = checkUnitConfig "LLDP" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"MUDURL"
|
|
|
|
])
|
|
|
|
];
|
2023-02-27 23:06:39 +00:00
|
|
|
|
|
|
|
sectionCAN = checkUnitConfig "CAN" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"BitRate"
|
|
|
|
"SamplePoint"
|
|
|
|
"TimeQuantaNSec"
|
|
|
|
"PropagationSegment"
|
|
|
|
"PhaseBufferSegment1"
|
|
|
|
"PhaseBufferSegment2"
|
|
|
|
"SyncJumpWidth"
|
|
|
|
"DataBitRate"
|
|
|
|
"DataSamplePoint"
|
|
|
|
"DataTimeQuantaNSec"
|
|
|
|
"DataPropagationSegment"
|
|
|
|
"DataPhaseBufferSegment1"
|
|
|
|
"DataPhaseBufferSegment2"
|
|
|
|
"DataSyncJumpWidth"
|
|
|
|
"FDMode"
|
|
|
|
"FDNonISO"
|
|
|
|
"RestartSec"
|
|
|
|
"Termination"
|
|
|
|
"TripleSampling"
|
|
|
|
"BusErrorReporting"
|
|
|
|
"ListenOnly"
|
|
|
|
"Loopback"
|
|
|
|
"OneShot"
|
|
|
|
"PresumeAck"
|
|
|
|
"ClassicDataLengthCode"
|
|
|
|
])
|
|
|
|
(assertInt "TimeQuantaNSec" )
|
|
|
|
(assertRange "TimeQuantaNSec" 0 4294967295 )
|
|
|
|
(assertInt "PropagationSegment" )
|
|
|
|
(assertRange "PropagationSegment" 0 4294967295 )
|
|
|
|
(assertInt "PhaseBufferSegment1" )
|
|
|
|
(assertRange "PhaseBufferSegment1" 0 4294967295 )
|
|
|
|
(assertInt "PhaseBufferSegment2" )
|
|
|
|
(assertRange "PhaseBufferSegment2" 0 4294967295 )
|
|
|
|
(assertInt "SyncJumpWidth" )
|
|
|
|
(assertRange "SyncJumpWidth" 0 4294967295 )
|
|
|
|
(assertInt "DataTimeQuantaNSec" )
|
|
|
|
(assertRange "DataTimeQuantaNSec" 0 4294967295 )
|
|
|
|
(assertInt "DataPropagationSegment" )
|
|
|
|
(assertRange "DataPropagationSegment" 0 4294967295 )
|
|
|
|
(assertInt "DataPhaseBufferSegment1" )
|
|
|
|
(assertRange "DataPhaseBufferSegment1" 0 4294967295 )
|
|
|
|
(assertInt "DataPhaseBufferSegment2" )
|
|
|
|
(assertRange "DataPhaseBufferSegment2" 0 4294967295 )
|
|
|
|
(assertInt "DataSyncJumpWidth" )
|
|
|
|
(assertRange "DataSyncJumpWidth" 0 4294967295 )
|
|
|
|
(assertValueOneOf "FDMode" boolValues)
|
|
|
|
(assertValueOneOf "FDNonISO" boolValues)
|
|
|
|
(assertValueOneOf "TripleSampling" boolValues)
|
|
|
|
(assertValueOneOf "BusErrorReporting" boolValues)
|
|
|
|
(assertValueOneOf "ListenOnly" boolValues)
|
|
|
|
(assertValueOneOf "Loopback" boolValues)
|
|
|
|
(assertValueOneOf "OneShot" boolValues)
|
|
|
|
(assertValueOneOf "PresumeAck" boolValues)
|
|
|
|
(assertValueOneOf "ClassicDataLengthCode" boolValues)
|
|
|
|
];
|
2023-02-27 23:06:39 +00:00
|
|
|
|
|
|
|
sectionIPoIB = checkUnitConfig "IPoIB" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"Mode"
|
|
|
|
"IgnoreUserspaceMulticastGroup"
|
|
|
|
])
|
|
|
|
(assertValueOneOf "Mode" [ "datagram" "connected" ])
|
|
|
|
(assertValueOneOf "IgnoreUserspaceMulticastGroup" boolValues)
|
|
|
|
];
|
2023-02-27 23:06:39 +00:00
|
|
|
|
|
|
|
sectionQDisc = checkUnitConfig "QDisc" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"Parent"
|
|
|
|
"Handle"
|
|
|
|
])
|
|
|
|
(assertValueOneOf "Parent" [ "clsact" "ingress" ])
|
|
|
|
];
|
2023-02-27 23:06:39 +00:00
|
|
|
|
|
|
|
sectionNetworkEmulator = checkUnitConfig "NetworkEmulator" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"Parent"
|
|
|
|
"Handle"
|
|
|
|
"DelaySec"
|
|
|
|
"DelayJitterSec"
|
|
|
|
"PacketLimit"
|
|
|
|
"LossRate"
|
|
|
|
"DuplicateRate"
|
|
|
|
])
|
|
|
|
(assertInt "PacketLimit")
|
|
|
|
(assertRange "PacketLimit" 0 4294967294)
|
|
|
|
];
|
2023-02-27 23:06:39 +00:00
|
|
|
|
|
|
|
sectionTokenBucketFilter = checkUnitConfig "TokenBucketFilter" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"Parent"
|
|
|
|
"Handle"
|
|
|
|
"LatencySec"
|
|
|
|
"LimitBytes"
|
|
|
|
"BurstBytes"
|
|
|
|
"Rate"
|
|
|
|
"MPUBytes"
|
|
|
|
"PeakRate"
|
|
|
|
"MTUBytes"
|
|
|
|
])
|
|
|
|
];
|
2023-02-27 23:06:39 +00:00
|
|
|
|
|
|
|
sectionPIE = checkUnitConfig "PIE" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"Parent"
|
|
|
|
"Handle"
|
|
|
|
"PacketLimit"
|
|
|
|
])
|
|
|
|
(assertInt "PacketLimit")
|
|
|
|
(assertRange "PacketLimit" 1 4294967294)
|
|
|
|
];
|
2023-02-27 23:06:39 +00:00
|
|
|
|
|
|
|
sectionFlowQueuePIE = checkUnitConfig "FlowQueuePIE" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"Parent"
|
|
|
|
"Handle"
|
|
|
|
"PacketLimit"
|
|
|
|
])
|
|
|
|
(assertInt "PacketLimit")
|
|
|
|
(assertRange "PacketLimit" 1 4294967294)
|
|
|
|
];
|
2023-02-27 23:06:40 +00:00
|
|
|
|
|
|
|
sectionStochasticFairBlue = checkUnitConfig "StochasticFairBlue" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"Parent"
|
|
|
|
"Handle"
|
|
|
|
"PacketLimit"
|
|
|
|
])
|
|
|
|
(assertInt "PacketLimit")
|
|
|
|
(assertRange "PacketLimit" 1 4294967294)
|
|
|
|
];
|
2023-02-27 23:06:40 +00:00
|
|
|
|
|
|
|
sectionStochasticFairnessQueueing = checkUnitConfig "StochasticFairnessQueueing" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"Parent"
|
|
|
|
"Handle"
|
|
|
|
"PerturbPeriodSec"
|
|
|
|
])
|
|
|
|
(assertInt "PerturbPeriodSec")
|
|
|
|
];
|
2023-02-27 23:06:40 +00:00
|
|
|
|
2023-02-27 23:06:40 +00:00
|
|
|
sectionBFIFO = checkUnitConfig "BFIFO" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"Parent"
|
|
|
|
"Handle"
|
|
|
|
"LimitBytes"
|
|
|
|
])
|
|
|
|
];
|
2023-02-27 23:06:40 +00:00
|
|
|
|
2023-02-27 23:06:40 +00:00
|
|
|
sectionPFIFO = checkUnitConfig "PFIFO" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"Parent"
|
|
|
|
"Handle"
|
|
|
|
"PacketLimit"
|
|
|
|
])
|
|
|
|
(assertInt "PacketLimit")
|
|
|
|
(assertRange "PacketLimit" 0 4294967294)
|
|
|
|
];
|
2023-02-27 23:06:40 +00:00
|
|
|
|
|
|
|
sectionPFIFOHeadDrop = checkUnitConfig "PFIFOHeadDrop" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"Parent"
|
|
|
|
"Handle"
|
|
|
|
"PacketLimit"
|
|
|
|
])
|
|
|
|
(assertInt "PacketLimit")
|
|
|
|
(assertRange "PacketLimit" 0 4294967294)
|
|
|
|
];
|
2023-02-27 23:06:40 +00:00
|
|
|
|
|
|
|
sectionPFIFOFast = checkUnitConfig "PFIFOFast" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"Parent"
|
|
|
|
"Handle"
|
|
|
|
])
|
|
|
|
];
|
2023-02-27 23:06:40 +00:00
|
|
|
|
|
|
|
sectionCAKE = checkUnitConfig "CAKE" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"Parent"
|
|
|
|
"Handle"
|
|
|
|
"Bandwidth"
|
|
|
|
"AutoRateIngress"
|
|
|
|
"OverheadBytes"
|
|
|
|
"MPUBytes"
|
|
|
|
"CompensationMode"
|
|
|
|
"UseRawPacketSize"
|
|
|
|
"FlowIsolationMode"
|
|
|
|
"NAT"
|
|
|
|
"PriorityQueueingPreset"
|
|
|
|
"FirewallMark"
|
|
|
|
"Wash"
|
|
|
|
"SplitGSO"
|
|
|
|
])
|
|
|
|
(assertValueOneOf "AutoRateIngress" boolValues)
|
|
|
|
(assertInt "OverheadBytes")
|
|
|
|
(assertRange "OverheadBytes" (-64) 256)
|
|
|
|
(assertInt "MPUBytes")
|
|
|
|
(assertRange "MPUBytes" 1 256)
|
|
|
|
(assertValueOneOf "CompensationMode" [ "none" "atm" "ptm" ])
|
|
|
|
(assertValueOneOf "UseRawPacketSize" boolValues)
|
|
|
|
(assertValueOneOf "FlowIsolationMode"
|
|
|
|
[
|
|
|
|
"none"
|
|
|
|
"src-host"
|
|
|
|
"dst-host"
|
|
|
|
"hosts"
|
|
|
|
"flows"
|
|
|
|
"dual-src-host"
|
|
|
|
"dual-dst-host"
|
|
|
|
"triple"
|
|
|
|
])
|
|
|
|
(assertValueOneOf "NAT" boolValues)
|
|
|
|
(assertValueOneOf "PriorityQueueingPreset"
|
|
|
|
[
|
|
|
|
"besteffort"
|
|
|
|
"precedence"
|
|
|
|
"diffserv8"
|
|
|
|
"diffserv4"
|
|
|
|
"diffserv3"
|
|
|
|
])
|
|
|
|
(assertInt "FirewallMark")
|
|
|
|
(assertRange "FirewallMark" 1 4294967295)
|
|
|
|
(assertValueOneOf "Wash" boolValues)
|
|
|
|
(assertValueOneOf "SplitGSO" boolValues)
|
|
|
|
];
|
2023-02-27 23:06:40 +00:00
|
|
|
|
|
|
|
sectionControlledDelay = checkUnitConfig "ControlledDelay" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"Parent"
|
|
|
|
"Handle"
|
|
|
|
"PacketLimit"
|
|
|
|
"TargetSec"
|
|
|
|
"IntervalSec"
|
|
|
|
"ECN"
|
|
|
|
"CEThresholdSec"
|
|
|
|
])
|
|
|
|
(assertValueOneOf "ECN" boolValues)
|
|
|
|
];
|
2023-02-27 23:06:40 +00:00
|
|
|
|
|
|
|
sectionDeficitRoundRobinScheduler = checkUnitConfig "DeficitRoundRobinScheduler" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"Parent"
|
|
|
|
"Handle"
|
|
|
|
])
|
|
|
|
];
|
2023-02-27 23:06:40 +00:00
|
|
|
|
|
|
|
sectionDeficitRoundRobinSchedulerClass = checkUnitConfig "DeficitRoundRobinSchedulerClass" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"Parent"
|
|
|
|
"Handle"
|
|
|
|
"QuantumBytes"
|
|
|
|
])
|
|
|
|
];
|
2023-02-27 23:06:40 +00:00
|
|
|
|
|
|
|
sectionEnhancedTransmissionSelection = checkUnitConfig "EnhancedTransmissionSelection" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"Parent"
|
|
|
|
"Handle"
|
|
|
|
"Bands"
|
|
|
|
"StrictBands"
|
|
|
|
"QuantumBytes"
|
|
|
|
"PriorityMap"
|
|
|
|
])
|
|
|
|
(assertInt "Bands")
|
|
|
|
(assertRange "Bands" 1 16)
|
|
|
|
(assertInt "StrictBands")
|
|
|
|
(assertRange "StrictBands" 1 16)
|
|
|
|
];
|
2023-02-27 23:06:40 +00:00
|
|
|
|
|
|
|
sectionGenericRandomEarlyDetection = checkUnitConfig "GenericRandomEarlyDetection" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"Parent"
|
|
|
|
"Handle"
|
|
|
|
"VirtualQueues"
|
|
|
|
"DefaultVirtualQueue"
|
|
|
|
"GenericRIO"
|
|
|
|
])
|
|
|
|
(assertInt "VirtualQueues")
|
|
|
|
(assertRange "VirtualQueues" 1 16)
|
|
|
|
(assertInt "DefaultVirtualQueue")
|
|
|
|
(assertRange "DefaultVirtualQueue" 1 16)
|
|
|
|
(assertValueOneOf "GenericRIO" boolValues)
|
|
|
|
];
|
2023-02-27 23:06:40 +00:00
|
|
|
|
|
|
|
sectionFairQueueingControlledDelay = checkUnitConfig "FairQueueingControlledDelay" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"Parent"
|
|
|
|
"Handle"
|
|
|
|
"PacketLimit"
|
|
|
|
"MemoryLimitBytes"
|
|
|
|
"Flows"
|
|
|
|
"TargetSec"
|
|
|
|
"IntervalSec"
|
|
|
|
"QuantumBytes"
|
|
|
|
"ECN"
|
|
|
|
"CEThresholdSec"
|
|
|
|
])
|
|
|
|
(assertInt "PacketLimit")
|
|
|
|
(assertInt "Flows")
|
|
|
|
(assertValueOneOf "ECN" boolValues)
|
|
|
|
];
|
2023-02-27 23:06:40 +00:00
|
|
|
|
|
|
|
sectionFairQueueing = checkUnitConfig "FairQueueing" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"Parent"
|
|
|
|
"Handle"
|
|
|
|
"PacketLimit"
|
|
|
|
"FlowLimit"
|
|
|
|
"QuantumBytes"
|
|
|
|
"InitualQuantumBytes"
|
|
|
|
"MaximumRate"
|
|
|
|
"Buckets"
|
|
|
|
"OrphanMask"
|
|
|
|
"Pacing"
|
|
|
|
"CEThresholdSec"
|
|
|
|
])
|
|
|
|
(assertInt "PacketLimit")
|
|
|
|
(assertInt "FlowLimit")
|
|
|
|
(assertInt "OrphanMask")
|
|
|
|
(assertValueOneOf "Pacing" boolValues)
|
|
|
|
];
|
2023-02-27 23:06:40 +00:00
|
|
|
|
|
|
|
sectionTrivialLinkEqualizer = checkUnitConfig "TrivialLinkEqualizer" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"Parent"
|
|
|
|
"Handle"
|
|
|
|
"Id"
|
|
|
|
])
|
|
|
|
];
|
2023-02-27 23:06:41 +00:00
|
|
|
|
|
|
|
sectionHierarchyTokenBucket = checkUnitConfig "HierarchyTokenBucket" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"Parent"
|
|
|
|
"Handle"
|
|
|
|
"DefaultClass"
|
|
|
|
"RateToQuantum"
|
|
|
|
])
|
|
|
|
(assertInt "RateToQuantum")
|
|
|
|
];
|
2023-02-27 23:06:41 +00:00
|
|
|
|
|
|
|
sectionHierarchyTokenBucketClass = checkUnitConfig "HierarchyTokenBucketClass" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"Parent"
|
|
|
|
"ClassId"
|
|
|
|
"Priority"
|
|
|
|
"QuantumBytes"
|
|
|
|
"MTUBytes"
|
|
|
|
"OverheadBytes"
|
|
|
|
"Rate"
|
|
|
|
"CeilRate"
|
|
|
|
"BufferBytes"
|
|
|
|
"CeilBufferBytes"
|
|
|
|
])
|
|
|
|
];
|
2023-02-27 23:06:41 +00:00
|
|
|
|
|
|
|
sectionHeavyHitterFilter = checkUnitConfig "HeavyHitterFilter" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"Parent"
|
|
|
|
"Handle"
|
|
|
|
"PacketLimit"
|
|
|
|
])
|
|
|
|
(assertInt "PacketLimit")
|
|
|
|
(assertRange "PacketLimit" 0 4294967294)
|
|
|
|
];
|
2023-02-27 23:06:41 +00:00
|
|
|
|
|
|
|
sectionQuickFairQueueing = checkUnitConfig "QuickFairQueueing" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"Parent"
|
|
|
|
"Handle"
|
|
|
|
])
|
|
|
|
];
|
2023-02-27 23:06:41 +00:00
|
|
|
|
|
|
|
sectionQuickFairQueueingClass = checkUnitConfig "QuickFairQueueingClass" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"Parent"
|
|
|
|
"ClassId"
|
|
|
|
"Weight"
|
|
|
|
"MaxPacketBytes"
|
|
|
|
])
|
|
|
|
(assertInt "Weight")
|
|
|
|
(assertRange "Weight" 1 1023)
|
|
|
|
];
|
2023-02-27 23:06:41 +00:00
|
|
|
|
|
|
|
sectionBridgeVLAN = checkUnitConfig "BridgeVLAN" [
|
|
|
|
(assertOnlyFields [
|
|
|
|
"VLAN"
|
|
|
|
"EgressUntagged"
|
|
|
|
"PVID"
|
|
|
|
])
|
|
|
|
(assertInt "PVID")
|
|
|
|
(assertRange "PVID" 0 4094)
|
|
|
|
];
|
2020-07-01 16:05:32 +00:00
|
|
|
};
|
|
|
|
};
|
2017-07-27 17:49:56 +00:00
|
|
|
|
2015-04-19 19:05:12 +00:00
|
|
|
commonNetworkOptions = {
|
|
|
|
|
|
|
|
enable = mkOption {
|
2015-04-30 04:20:54 +00:00
|
|
|
default = true;
|
2015-04-19 19:05:12 +00:00
|
|
|
type = types.bool;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Whether to manage network configuration using {command}`systemd-network`.
|
2022-04-08 13:06:20 +00:00
|
|
|
|
|
|
|
This also enables {option}`systemd.networkd.enable`.
|
2015-04-19 19:05:12 +00:00
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
matchConfig = mkOption {
|
|
|
|
default = {};
|
|
|
|
example = { Name = "eth0"; };
|
|
|
|
type = types.attrsOf unitOption;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[Match]` section of the unit. See
|
|
|
|
{manpage}`systemd.link(5)`
|
|
|
|
{manpage}`systemd.netdev(5)`
|
|
|
|
{manpage}`systemd.network(5)`
|
|
|
|
for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2016-12-17 11:03:40 +00:00
|
|
|
extraConfig = mkOption {
|
|
|
|
default = "";
|
|
|
|
type = types.lines;
|
|
|
|
description = lib.mdDoc "Extra configuration append to unit";
|
|
|
|
};
|
2015-04-19 19:05:12 +00:00
|
|
|
};
|
|
|
|
|
2022-03-13 04:30:49 +00:00
|
|
|
networkdOptions = {
|
|
|
|
networkConfig = mkOption {
|
|
|
|
default = {};
|
|
|
|
example = { SpeedMeter = true; ManageForeignRoutingPolicyRules = false; };
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.global.sectionNetwork;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[Network]` section of the networkd config.
|
|
|
|
See {manpage}`networkd.conf(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
dhcpV4Config = mkOption {
|
|
|
|
default = {};
|
|
|
|
example = { DUIDType = "vendor"; };
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.global.sectionDHCPv4;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[DHCPv4]` section of the networkd config.
|
|
|
|
See {manpage}`networkd.conf(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
dhcpV6Config = mkOption {
|
|
|
|
default = {};
|
|
|
|
example = { DUIDType = "vendor"; };
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.global.sectionDHCPv6;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[DHCPv6]` section of the networkd config.
|
|
|
|
See {manpage}`networkd.conf(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2015-04-19 19:05:12 +00:00
|
|
|
linkOptions = commonNetworkOptions // {
|
2020-03-10 23:24:50 +00:00
|
|
|
# overwrite enable option from above
|
|
|
|
enable = mkOption {
|
|
|
|
default = true;
|
|
|
|
type = types.bool;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Whether to enable this .link unit. It's handled by udev no matter if {command}`systemd-networkd` is enabled or not
|
|
|
|
'';
|
|
|
|
};
|
2015-04-19 19:05:12 +00:00
|
|
|
|
|
|
|
linkConfig = mkOption {
|
|
|
|
default = {};
|
|
|
|
example = { MACAddress = "00:ff:ee:aa:cc:dd"; };
|
2020-07-01 16:05:32 +00:00
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.link.sectionLink;
|
2015-04-19 19:05:12 +00:00
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[Link]` section of the unit. See
|
|
|
|
{manpage}`systemd.link(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
};
|
|
|
|
|
2023-02-27 23:06:39 +00:00
|
|
|
|
|
|
|
l2tpSessionOptions = {
|
|
|
|
options = {
|
|
|
|
l2tpSessionConfig = mkOption {
|
|
|
|
default = {};
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionL2TPSession;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[L2TPSession]` section of the unit. See
|
|
|
|
{manpage}`systemd.netdev(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2020-07-01 16:05:32 +00:00
|
|
|
wireguardPeerOptions = {
|
|
|
|
options = {
|
|
|
|
wireguardPeerConfig = mkOption {
|
|
|
|
default = {};
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionWireGuardPeer;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[WireGuardPeer]` section of the unit. See
|
|
|
|
{manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2015-04-19 19:05:12 +00:00
|
|
|
netdevOptions = commonNetworkOptions // {
|
|
|
|
|
|
|
|
netdevConfig = mkOption {
|
|
|
|
example = { Name = "mybridge"; Kind = "bridge"; };
|
2020-07-01 16:05:32 +00:00
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionNetdev;
|
2015-04-19 19:05:12 +00:00
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[Netdev]` section of the unit. See
|
|
|
|
{manpage}`systemd.netdev(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
vlanConfig = mkOption {
|
|
|
|
default = {};
|
2020-07-08 18:43:17 +00:00
|
|
|
example = { Id = 4; };
|
2020-07-01 16:05:32 +00:00
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionVLAN;
|
2015-04-19 19:05:12 +00:00
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[VLAN]` section of the unit. See
|
|
|
|
{manpage}`systemd.netdev(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
macvlanConfig = mkOption {
|
|
|
|
default = {};
|
|
|
|
example = { Mode = "private"; };
|
2020-07-01 16:05:32 +00:00
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionMACVLAN;
|
2015-04-19 19:05:12 +00:00
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[MACVLAN]` section of the unit. See
|
|
|
|
{manpage}`systemd.netdev(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
vxlanConfig = mkOption {
|
|
|
|
default = {};
|
2020-07-01 16:05:32 +00:00
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionVXLAN;
|
2015-04-19 19:05:12 +00:00
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[VXLAN]` section of the unit. See
|
|
|
|
{manpage}`systemd.netdev(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
tunnelConfig = mkOption {
|
|
|
|
default = {};
|
|
|
|
example = { Remote = "192.168.1.1"; };
|
2020-07-01 16:05:32 +00:00
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionTunnel;
|
2015-04-19 19:05:12 +00:00
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[Tunnel]` section of the unit. See
|
|
|
|
{manpage}`systemd.netdev(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2021-08-11 09:02:47 +00:00
|
|
|
fooOverUDPConfig = mkOption {
|
|
|
|
default = { };
|
|
|
|
example = { Port = 9001; };
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionFooOverUDP;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[FooOverUDP]` section of the unit. See
|
|
|
|
{manpage}`systemd.netdev(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2015-04-19 19:05:12 +00:00
|
|
|
peerConfig = mkOption {
|
|
|
|
default = {};
|
|
|
|
example = { Name = "veth2"; };
|
2020-07-01 16:05:32 +00:00
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionPeer;
|
2015-04-19 19:05:12 +00:00
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[Peer]` section of the unit. See
|
|
|
|
{manpage}`systemd.netdev(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
tunConfig = mkOption {
|
|
|
|
default = {};
|
|
|
|
example = { User = "openvpn"; };
|
2020-07-01 16:05:32 +00:00
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionTun;
|
2015-04-19 19:05:12 +00:00
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[Tun]` section of the unit. See
|
|
|
|
{manpage}`systemd.netdev(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
tapConfig = mkOption {
|
|
|
|
default = {};
|
|
|
|
example = { User = "openvpn"; };
|
2020-07-01 16:05:32 +00:00
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionTap;
|
2015-04-19 19:05:12 +00:00
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[Tap]` section of the unit. See
|
|
|
|
{manpage}`systemd.netdev(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2023-02-27 23:06:39 +00:00
|
|
|
l2tpConfig = mkOption {
|
|
|
|
default = {};
|
|
|
|
example = {
|
|
|
|
TunnelId = 10;
|
|
|
|
PeerTunnelId = 12;
|
|
|
|
Local = "static";
|
|
|
|
Remote = "192.168.30.101";
|
|
|
|
EncapsulationType = "ip";
|
|
|
|
};
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionL2TP;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[L2TP]` section of the unit. See
|
|
|
|
{manpage}`systemd.netdev(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
l2tpSessions = mkOption {
|
|
|
|
default = [];
|
|
|
|
example = [ { l2tpSessionConfig={
|
|
|
|
SessionId = 25;
|
|
|
|
PeerSessionId = 26;
|
|
|
|
Name = "l2tp-sess";
|
|
|
|
};}];
|
|
|
|
type = with types; listOf (submodule l2tpSessionOptions);
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each item in this array specifies an option in the
|
|
|
|
`[L2TPSession]` section of the unit. See
|
|
|
|
{manpage}`systemd.netdev(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2020-07-01 16:05:32 +00:00
|
|
|
wireguardConfig = mkOption {
|
|
|
|
default = {};
|
|
|
|
example = {
|
|
|
|
PrivateKeyFile = "/etc/wireguard/secret.key";
|
|
|
|
ListenPort = 51820;
|
2021-10-03 16:06:03 +00:00
|
|
|
FirewallMark = 42;
|
2020-07-01 16:05:32 +00:00
|
|
|
};
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionWireGuard;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[WireGuard]` section of the unit. See
|
|
|
|
{manpage}`systemd.netdev(5)` for details.
|
|
|
|
Use `PrivateKeyFile` instead of
|
|
|
|
`PrivateKey`: the nix store is
|
|
|
|
world-readable.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
wireguardPeers = mkOption {
|
|
|
|
default = [];
|
|
|
|
example = [ { wireguardPeerConfig={
|
|
|
|
Endpoint = "192.168.1.1:51820";
|
|
|
|
PublicKey = "27s0OvaBBdHoJYkH9osZpjpgSOVNw+RaKfboT/Sfq0g=";
|
|
|
|
PresharedKeyFile = "/etc/wireguard/psk.key";
|
|
|
|
AllowedIPs = [ "10.0.0.1/32" ];
|
|
|
|
PersistentKeepalive = 15;
|
|
|
|
};}];
|
|
|
|
type = with types; listOf (submodule wireguardPeerOptions);
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each item in this array specifies an option in the
|
|
|
|
`[WireGuardPeer]` section of the unit. See
|
|
|
|
{manpage}`systemd.netdev(5)` for details.
|
|
|
|
Use `PresharedKeyFile` instead of
|
|
|
|
`PresharedKey`: the nix store is
|
|
|
|
world-readable.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2015-04-19 19:05:12 +00:00
|
|
|
bondConfig = mkOption {
|
|
|
|
default = {};
|
|
|
|
example = { Mode = "802.3ad"; };
|
2020-07-01 16:05:32 +00:00
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionBond;
|
2015-04-19 19:05:12 +00:00
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[Bond]` section of the unit. See
|
|
|
|
{manpage}`systemd.netdev(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2020-01-14 09:37:52 +00:00
|
|
|
xfrmConfig = mkOption {
|
|
|
|
default = {};
|
|
|
|
example = { InterfaceId = 1; };
|
2020-07-01 16:05:32 +00:00
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionXfrm;
|
2020-01-14 09:37:52 +00:00
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[Xfrm]` section of the unit. See
|
|
|
|
{manpage}`systemd.netdev(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2020-07-01 16:05:32 +00:00
|
|
|
vrfConfig = mkOption {
|
|
|
|
default = {};
|
|
|
|
example = { Table = 2342; };
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionVRF;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[VRF]` section of the unit. See
|
|
|
|
{manpage}`systemd.netdev(5)` for details.
|
|
|
|
A detailed explanation about how VRFs work can be found in the
|
|
|
|
[kernel docs](https://www.kernel.org/doc/Documentation/networking/vrf.txt).
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2021-11-16 22:41:17 +00:00
|
|
|
batmanAdvancedConfig = mkOption {
|
|
|
|
default = {};
|
|
|
|
example = {
|
|
|
|
GatewayMode = "server";
|
|
|
|
RoutingAlgorithm = "batman-v";
|
|
|
|
};
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionBatmanAdvanced;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[BatmanAdvanced]` section of the unit. See
|
|
|
|
{manpage}`systemd.netdev(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2015-04-19 19:05:12 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
addressOptions = {
|
2016-10-03 04:02:42 +00:00
|
|
|
options = {
|
|
|
|
addressConfig = mkOption {
|
|
|
|
example = { Address = "192.168.0.100/24"; };
|
2020-07-01 16:05:32 +00:00
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.network.sectionAddress;
|
2016-10-03 04:02:42 +00:00
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[Address]` section of the unit. See
|
|
|
|
{manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
2015-04-19 19:05:12 +00:00
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2020-02-29 17:17:27 +00:00
|
|
|
routingPolicyRulesOptions = {
|
|
|
|
options = {
|
|
|
|
routingPolicyRuleConfig = mkOption {
|
|
|
|
default = { };
|
2021-10-03 16:06:03 +00:00
|
|
|
example = { Table = 10; IncomingInterface = "eth1"; Family = "both"; };
|
2020-07-01 16:05:32 +00:00
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.network.sectionRoutingPolicyRule;
|
2020-02-29 17:17:27 +00:00
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[RoutingPolicyRule]` section of the unit. See
|
|
|
|
{manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2015-04-19 19:05:12 +00:00
|
|
|
routeOptions = {
|
2016-10-03 04:02:42 +00:00
|
|
|
options = {
|
|
|
|
routeConfig = mkOption {
|
|
|
|
default = {};
|
|
|
|
example = { Gateway = "192.168.0.1"; };
|
2020-07-01 16:05:32 +00:00
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.network.sectionRoute;
|
2016-10-03 04:02:42 +00:00
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[Route]` section of the unit. See
|
|
|
|
{manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
2015-04-19 19:05:12 +00:00
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2020-03-07 14:06:58 +00:00
|
|
|
ipv6PrefixOptions = {
|
|
|
|
options = {
|
|
|
|
ipv6PrefixConfig = mkOption {
|
|
|
|
default = {};
|
|
|
|
example = { Prefix = "fd00::/64"; };
|
2020-07-01 16:05:32 +00:00
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.network.sectionIPv6Prefix;
|
2020-03-07 14:06:58 +00:00
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[IPv6Prefix]` section of the unit. See
|
|
|
|
{manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2022-07-31 21:11:01 +00:00
|
|
|
ipv6RoutePrefixOptions = {
|
|
|
|
options = {
|
|
|
|
ipv6RoutePrefixConfig = mkOption {
|
|
|
|
default = {};
|
|
|
|
example = { Route = "fd00::/64"; };
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.network.sectionIPv6RoutePrefix;
|
2022-09-01 17:44:36 +00:00
|
|
|
description = lib.mdDoc ''
|
2022-07-31 21:11:01 +00:00
|
|
|
Each attribute in this set specifies an option in the
|
2022-09-01 17:44:36 +00:00
|
|
|
`[IPv6RoutePrefix]` section of the unit. See
|
|
|
|
{manpage}`systemd.network(5)` for details.
|
2022-07-31 21:11:01 +00:00
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2021-11-30 08:57:15 +00:00
|
|
|
dhcpServerStaticLeaseOptions = {
|
|
|
|
options = {
|
|
|
|
dhcpServerStaticLeaseConfig = mkOption {
|
|
|
|
default = {};
|
|
|
|
example = { MACAddress = "65:43:4a:5b:d8:5f"; Address = "192.168.1.42"; };
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPServerStaticLease;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[DHCPServerStaticLease]` section of the unit. See
|
|
|
|
{manpage}`systemd.network(5)` for details.
|
|
|
|
|
|
|
|
Make sure to configure the corresponding client interface to use
|
|
|
|
`ClientIdentifier=mac`.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2023-02-27 23:06:39 +00:00
|
|
|
bridgeFDBOptions = {
|
|
|
|
options = {
|
|
|
|
bridgeFDBConfig = mkOption {
|
|
|
|
default = {};
|
|
|
|
example = { MACAddress = "65:43:4a:5b:d8:5f"; Destination = "192.168.1.42"; VNI = 20; };
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.network.sectionBridgeFDB;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[BridgeFDB]` section of the unit. See
|
|
|
|
{manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2023-02-27 23:06:39 +00:00
|
|
|
bridgeMDBOptions = {
|
|
|
|
options = {
|
|
|
|
bridgeMDBConfig = mkOption {
|
|
|
|
default = {};
|
|
|
|
example = { MulticastGroupAddress = "ff02::1:2:3:4"; VLANId = 10; };
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.network.sectionBridgeMDB;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[BridgeMDB]` section of the unit. See
|
|
|
|
{manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2023-02-27 23:06:41 +00:00
|
|
|
bridgeVLANOptions = {
|
|
|
|
options = {
|
2023-05-16 23:33:34 +00:00
|
|
|
bridgeVLANConfig = mkOption {
|
2023-02-27 23:06:41 +00:00
|
|
|
default = {};
|
|
|
|
example = { VLAN = 20; };
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.network.sectionBridgeVLAN;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[BridgeVLAN]` section of the unit. See
|
|
|
|
{manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2015-04-19 19:05:12 +00:00
|
|
|
networkOptions = commonNetworkOptions // {
|
|
|
|
|
2020-07-01 16:05:32 +00:00
|
|
|
linkConfig = mkOption {
|
|
|
|
default = {};
|
|
|
|
example = { Unmanaged = true; };
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.network.sectionLink;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[Link]` section of the unit. See
|
|
|
|
{manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2015-04-19 19:05:12 +00:00
|
|
|
networkConfig = mkOption {
|
|
|
|
default = {};
|
|
|
|
example = { Description = "My Network"; };
|
2020-07-01 16:05:32 +00:00
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.network.sectionNetwork;
|
2015-04-19 19:05:12 +00:00
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[Network]` section of the unit. See
|
|
|
|
{manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2020-01-08 19:18:26 +00:00
|
|
|
# systemd.network.networks.*.dhcpConfig has been deprecated in favor of ….dhcpV4Config
|
|
|
|
# Produce a nice warning message so users know it is gone.
|
2015-04-19 19:05:12 +00:00
|
|
|
dhcpConfig = mkOption {
|
2020-01-08 19:18:26 +00:00
|
|
|
visible = false;
|
|
|
|
apply = _: throw "The option `systemd.network.networks.*.dhcpConfig` can no longer be used since it's been removed. Please use `systemd.network.networks.*.dhcpV4Config` instead.";
|
|
|
|
};
|
|
|
|
|
|
|
|
dhcpV4Config = mkOption {
|
2015-04-19 19:05:12 +00:00
|
|
|
default = {};
|
|
|
|
example = { UseDNS = true; UseRoutes = true; };
|
2020-07-01 16:05:32 +00:00
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPv4;
|
2015-04-19 19:05:12 +00:00
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
2020-01-08 19:18:26 +00:00
|
|
|
`[DHCPv4]` section of the unit. See
|
2015-04-19 19:05:12 +00:00
|
|
|
{manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2020-01-08 19:15:09 +00:00
|
|
|
dhcpV6Config = mkOption {
|
|
|
|
default = {};
|
2021-10-03 16:06:03 +00:00
|
|
|
example = { UseDNS = true; };
|
2020-07-01 16:05:32 +00:00
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPv6;
|
2020-01-08 19:15:09 +00:00
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[DHCPv6]` section of the unit. See
|
|
|
|
{manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2021-01-30 10:24:13 +00:00
|
|
|
dhcpV6PrefixDelegationConfig = mkOption {
|
2022-10-08 22:00:18 +00:00
|
|
|
visible = false;
|
|
|
|
apply = _: throw "The option `systemd.network.networks.<name>.dhcpV6PrefixDelegationConfig` has been renamed to `systemd.network.networks.<name>.dhcpPrefixDelegationConfig`.";
|
|
|
|
};
|
|
|
|
|
|
|
|
dhcpPrefixDelegationConfig = mkOption {
|
2021-01-30 10:24:13 +00:00
|
|
|
default = {};
|
|
|
|
example = { SubnetId = "auto"; Announce = true; };
|
2022-10-08 22:00:18 +00:00
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPPrefixDelegation;
|
2021-01-30 10:24:13 +00:00
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
2022-10-08 22:00:18 +00:00
|
|
|
`[DHCPPrefixDelegation]` section of the unit. See
|
2021-01-30 10:24:13 +00:00
|
|
|
{manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2021-01-30 10:32:07 +00:00
|
|
|
ipv6AcceptRAConfig = mkOption {
|
|
|
|
default = {};
|
|
|
|
example = { UseDNS = true; DHCPv6Client = "always"; };
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.network.sectionIPv6AcceptRA;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[IPv6AcceptRA]` section of the unit. See
|
|
|
|
{manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2020-07-01 16:05:32 +00:00
|
|
|
dhcpServerConfig = mkOption {
|
2020-03-07 13:44:46 +00:00
|
|
|
default = {};
|
2020-07-01 16:05:32 +00:00
|
|
|
example = { PoolOffset = 50; EmitDNS = false; };
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPServer;
|
2020-03-07 13:44:46 +00:00
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
2020-07-01 16:05:32 +00:00
|
|
|
`[DHCPServer]` section of the unit. See
|
2020-03-07 14:06:58 +00:00
|
|
|
{manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2021-01-30 11:33:14 +00:00
|
|
|
# systemd.network.networks.*.ipv6PrefixDelegationConfig has been deprecated
|
|
|
|
# in 247 in favor of systemd.network.networks.*.ipv6SendRAConfig.
|
2020-07-01 16:05:32 +00:00
|
|
|
ipv6PrefixDelegationConfig = mkOption {
|
2021-01-30 11:33:14 +00:00
|
|
|
visible = false;
|
|
|
|
apply = _: throw "The option `systemd.network.networks.*.ipv6PrefixDelegationConfig` has been replaced by `systemd.network.networks.*.ipv6SendRAConfig`.";
|
|
|
|
};
|
|
|
|
|
|
|
|
ipv6SendRAConfig = mkOption {
|
2015-12-23 05:04:39 +00:00
|
|
|
default = {};
|
2020-07-01 16:05:32 +00:00
|
|
|
example = { EmitDNS = true; Managed = true; OtherInformation = true; };
|
2021-01-30 11:33:14 +00:00
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.network.sectionIPv6SendRA;
|
2015-12-23 05:04:39 +00:00
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
2021-01-30 11:33:14 +00:00
|
|
|
`[IPv6SendRA]` section of the unit. See
|
2015-12-23 05:04:39 +00:00
|
|
|
{manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2021-11-30 08:57:15 +00:00
|
|
|
dhcpServerStaticLeases = mkOption {
|
|
|
|
default = [];
|
2022-07-30 04:44:02 +00:00
|
|
|
example = [ { dhcpServerStaticLeaseConfig = { MACAddress = "65:43:4a:5b:d8:5f"; Address = "192.168.1.42"; }; } ];
|
2021-11-30 08:57:15 +00:00
|
|
|
type = with types; listOf (submodule dhcpServerStaticLeaseOptions);
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
A list of DHCPServerStaticLease sections to be added to the unit. See
|
|
|
|
{manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2020-07-01 16:05:32 +00:00
|
|
|
ipv6Prefixes = mkOption {
|
|
|
|
default = [];
|
2022-07-30 04:44:02 +00:00
|
|
|
example = [ { ipv6PrefixConfig = { AddressAutoconfiguration = true; OnLink = true; }; } ];
|
2020-07-01 16:05:32 +00:00
|
|
|
type = with types; listOf (submodule ipv6PrefixOptions);
|
2017-07-27 17:49:56 +00:00
|
|
|
description = lib.mdDoc ''
|
2020-07-01 16:05:32 +00:00
|
|
|
A list of ipv6Prefix sections to be added to the unit. See
|
2017-07-27 17:49:56 +00:00
|
|
|
{manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2022-07-31 21:11:01 +00:00
|
|
|
ipv6RoutePrefixes = mkOption {
|
|
|
|
default = [];
|
2022-09-01 00:04:18 +00:00
|
|
|
example = [ { ipv6RoutePrefixConfig = { Route = "fd00::/64"; LifetimeSec = 3600; }; } ];
|
2022-07-31 21:11:01 +00:00
|
|
|
type = with types; listOf (submodule ipv6RoutePrefixOptions);
|
2022-09-01 17:44:36 +00:00
|
|
|
description = lib.mdDoc ''
|
2022-07-31 21:11:01 +00:00
|
|
|
A list of ipv6RoutePrefix sections to be added to the unit. See
|
2022-09-01 17:44:36 +00:00
|
|
|
{manpage}`systemd.network(5)` for details.
|
2022-07-31 21:11:01 +00:00
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2023-02-27 23:06:39 +00:00
|
|
|
bridgeConfig = mkOption {
|
|
|
|
default = {};
|
|
|
|
example = { MulticastFlood = false; Cost = 20; };
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.network.sectionBridge;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[Bridge]` section of the unit. See
|
|
|
|
{manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2023-02-27 23:06:39 +00:00
|
|
|
bridgeFDBs = mkOption {
|
|
|
|
default = [];
|
|
|
|
example = [ { bridgeFDBConfig = { MACAddress = "90:e2:ba:43:fc:71"; Destination = "192.168.100.4"; VNI = 3600; }; } ];
|
|
|
|
type = with types; listOf (submodule bridgeFDBOptions);
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
A list of BridgeFDB sections to be added to the unit. See
|
|
|
|
{manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2023-02-27 23:06:39 +00:00
|
|
|
bridgeMDBs = mkOption {
|
|
|
|
default = [];
|
|
|
|
example = [ { bridgeMDBConfig = { MulticastGroupAddress = "ff02::1:2:3:4"; VLANId = 10; } ; } ];
|
|
|
|
type = with types; listOf (submodule bridgeMDBOptions);
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
A list of BridgeMDB sections to be added to the unit. See
|
|
|
|
{manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2023-02-27 23:06:39 +00:00
|
|
|
lldpConfig = mkOption {
|
|
|
|
default = {};
|
|
|
|
example = { MUDURL = "https://things.example.org/product_abc123/v5"; };
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.network.sectionLLDP;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[LLDP]` section of the unit. See
|
|
|
|
{manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2023-02-27 23:06:39 +00:00
|
|
|
canConfig = mkOption {
|
|
|
|
default = {};
|
|
|
|
example = { };
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.network.sectionCAN;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[CAN]` section of the unit. See
|
|
|
|
{manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2023-02-27 23:06:39 +00:00
|
|
|
ipoIBConfig = mkOption {
|
|
|
|
default = {};
|
|
|
|
example = { };
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.network.sectionIPoIB;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[IPoIB]` section of the unit. See
|
|
|
|
{manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2023-02-27 23:06:39 +00:00
|
|
|
qdiscConfig = mkOption {
|
|
|
|
default = {};
|
|
|
|
example = { Parent = "ingress"; };
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.network.sectionQDisc;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[QDisc]` section of the unit. See
|
|
|
|
{manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2023-02-27 23:06:39 +00:00
|
|
|
networkEmulatorConfig = mkOption {
|
|
|
|
default = {};
|
|
|
|
example = { Parent = "ingress"; DelaySec = "20msec"; };
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.network.sectionNetworkEmulator;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[NetworkEmulator]` section of the unit. See
|
|
|
|
{manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2023-02-27 23:06:39 +00:00
|
|
|
tokenBucketFilterConfig = mkOption {
|
|
|
|
default = {};
|
|
|
|
example = { Parent = "ingress"; Rate = "100k"; };
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.network.sectionTokenBucketFilter;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[TokenBucketFilter]` section of the unit. See
|
|
|
|
{manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2023-02-27 23:06:39 +00:00
|
|
|
pieConfig = mkOption {
|
|
|
|
default = {};
|
|
|
|
example = { Parent = "ingress"; PacketLimit = "3847"; };
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.network.sectionPIE;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[PIE]` section of the unit. See
|
|
|
|
{manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2023-02-27 23:06:39 +00:00
|
|
|
flowQueuePIEConfig = mkOption {
|
|
|
|
default = {};
|
|
|
|
example = { Parent = "ingress"; PacketLimit = "3847"; };
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.network.sectionFlowQueuePIE;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[FlowQueuePIE]` section of the unit. See
|
|
|
|
{manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2023-02-27 23:06:40 +00:00
|
|
|
stochasticFairBlueConfig = mkOption {
|
|
|
|
default = {};
|
|
|
|
example = { Parent = "ingress"; PacketLimit = "3847"; };
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.network.sectionStochasticFairBlue;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[StochasticFairBlue]` section of the unit. See
|
|
|
|
{manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2023-02-27 23:06:40 +00:00
|
|
|
stochasticFairnessQueueingConfig = mkOption {
|
|
|
|
default = {};
|
|
|
|
example = { Parent = "ingress"; PerturbPeriodSec = "30"; };
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.network.sectionStochasticFairnessQueueing;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[StochasticFairnessQueueing]` section of the unit. See
|
|
|
|
{manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2023-02-27 23:06:40 +00:00
|
|
|
bfifoConfig = mkOption {
|
|
|
|
default = {};
|
|
|
|
example = { Parent = "ingress"; LimitBytes = "20K"; };
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.network.sectionBFIFO;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[BFIFO]` section of the unit. See
|
|
|
|
{manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2023-02-27 23:06:40 +00:00
|
|
|
pfifoConfig = mkOption {
|
|
|
|
default = {};
|
|
|
|
example = { Parent = "ingress"; PacketLimit = "300"; };
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.network.sectionPFIFO;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[PFIFO]` section of the unit. See
|
|
|
|
{manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2023-02-27 23:06:40 +00:00
|
|
|
pfifoHeadDropConfig = mkOption {
|
|
|
|
default = {};
|
|
|
|
example = { Parent = "ingress"; PacketLimit = "300"; };
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.network.sectionPFIFOHeadDrop;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[PFIFOHeadDrop]` section of the unit. See
|
|
|
|
{manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2023-02-27 23:06:40 +00:00
|
|
|
pfifoFastConfig = mkOption {
|
|
|
|
default = {};
|
|
|
|
example = { Parent = "ingress"; };
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.network.sectionPFIFOFast;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[PFIFOFast]` section of the unit. See
|
|
|
|
{manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2023-02-27 23:06:40 +00:00
|
|
|
cakeConfig = mkOption {
|
|
|
|
default = {};
|
|
|
|
example = { Bandwidth = "40M"; OverheadBytes = 8; CompensationMode = "ptm"; };
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.network.sectionCAKE;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[CAKE]` section of the unit. See
|
|
|
|
{manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2023-02-27 23:06:40 +00:00
|
|
|
controlledDelayConfig = mkOption {
|
|
|
|
default = {};
|
|
|
|
example = { Parent = "ingress"; TargetSec = "20msec"; };
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.network.sectionControlledDelay;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[ControlledDelay]` section of the unit. See
|
|
|
|
{manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2023-02-27 23:06:40 +00:00
|
|
|
deficitRoundRobinSchedulerConfig = mkOption {
|
|
|
|
default = {};
|
|
|
|
example = { Parent = "root"; };
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.network.sectionDeficitRoundRobinScheduler;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[DeficitRoundRobinScheduler]` section of the unit. See
|
|
|
|
{manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2023-02-27 23:06:40 +00:00
|
|
|
deficitRoundRobinSchedulerClassConfig = mkOption {
|
|
|
|
default = {};
|
|
|
|
example = { Parent = "root"; QuantumBytes = "300k"; };
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.network.sectionDeficitRoundRobinSchedulerClass;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[DeficitRoundRobinSchedulerClass]` section of the unit. See
|
|
|
|
{manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2023-02-27 23:06:40 +00:00
|
|
|
enhancedTransmissionSelectionConfig = mkOption {
|
|
|
|
default = {};
|
|
|
|
example = { Parent = "root"; QuantumBytes = "300k"; Bands = 3; PriorityMap = "100 200 300"; };
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.network.sectionEnhancedTransmissionSelection;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[EnhancedTransmissionSelection]` section of the unit. See
|
|
|
|
{manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2023-02-27 23:06:40 +00:00
|
|
|
genericRandomEarlyDetectionConfig = mkOption {
|
|
|
|
default = {};
|
|
|
|
example = { Parent = "root"; VirtualQueues = 5; DefaultVirtualQueue = 3; };
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.network.sectionGenericRandomEarlyDetection;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[GenericRandomEarlyDetection]` section of the unit. See
|
|
|
|
{manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2023-02-27 23:06:40 +00:00
|
|
|
fairQueueingControlledDelayConfig = mkOption {
|
|
|
|
default = {};
|
|
|
|
example = { Parent = "root"; Flows = 5; };
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.network.sectionFairQueueingControlledDelay;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[FairQueueingControlledDelay]` section of the unit. See
|
|
|
|
{manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2023-02-27 23:06:40 +00:00
|
|
|
fairQueueingConfig = mkOption {
|
|
|
|
default = {};
|
|
|
|
example = { Parent = "root"; FlowLimit = 5; };
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.network.sectionFairQueueing;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[FairQueueing]` section of the unit. See
|
|
|
|
{manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2023-02-27 23:06:40 +00:00
|
|
|
trivialLinkEqualizerConfig = mkOption {
|
|
|
|
default = {};
|
|
|
|
example = { Parent = "root"; Id = 0; };
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.network.sectionTrivialLinkEqualizer;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[TrivialLinkEqualizer]` section of the unit. See
|
|
|
|
{manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2023-02-27 23:06:41 +00:00
|
|
|
hierarchyTokenBucketConfig = mkOption {
|
|
|
|
default = {};
|
|
|
|
example = { Parent = "root"; };
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.network.sectionHierarchyTokenBucket;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[HierarchyTokenBucket]` section of the unit. See
|
|
|
|
{manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2023-02-27 23:06:41 +00:00
|
|
|
hierarchyTokenBucketClassConfig = mkOption {
|
|
|
|
default = {};
|
|
|
|
example = { Parent = "root"; Rate = "10M"; };
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.network.sectionHierarchyTokenBucketClass;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[HierarchyTokenBucketClass]` section of the unit. See
|
|
|
|
{manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2023-02-27 23:06:41 +00:00
|
|
|
heavyHitterFilterConfig = mkOption {
|
|
|
|
default = {};
|
|
|
|
example = { Parent = "root"; PacketLimit = 10000; };
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.network.sectionHeavyHitterFilter;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[HeavyHitterFilter]` section of the unit. See
|
|
|
|
{manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2023-02-27 23:06:41 +00:00
|
|
|
quickFairQueueingConfig = mkOption {
|
|
|
|
default = {};
|
|
|
|
example = { Parent = "root"; };
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.network.sectionQuickFairQueueing;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[QuickFairQueueing]` section of the unit. See
|
|
|
|
{manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2023-02-27 23:06:41 +00:00
|
|
|
quickFairQueueingConfigClass = mkOption {
|
|
|
|
default = {};
|
|
|
|
example = { Parent = "root"; Weight = 133; };
|
|
|
|
type = types.addCheck (types.attrsOf unitOption) check.network.sectionQuickFairQueueingClass;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Each attribute in this set specifies an option in the
|
|
|
|
`[QuickFairQueueingClass]` section of the unit. See
|
|
|
|
{manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2023-02-27 23:06:41 +00:00
|
|
|
bridgeVLANs = mkOption {
|
|
|
|
default = [];
|
|
|
|
example = [ { bridgeVLANConfig = { VLAN = "10-20"; }; } ];
|
|
|
|
type = with types; listOf (submodule bridgeVLANOptions);
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
A list of BridgeVLAN sections to be added to the unit. See
|
|
|
|
{manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2015-04-19 19:05:12 +00:00
|
|
|
name = mkOption {
|
|
|
|
type = types.nullOr types.str;
|
|
|
|
default = null;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
The name of the network interface to match against.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
DHCP = mkOption {
|
|
|
|
type = types.nullOr types.str;
|
|
|
|
default = null;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Whether to enable DHCP on the interfaces matched.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
domains = mkOption {
|
|
|
|
type = types.nullOr (types.listOf types.str);
|
|
|
|
default = null;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
A list of domains to pass to the network config.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
address = mkOption {
|
|
|
|
default = [ ];
|
|
|
|
type = types.listOf types.str;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
A list of addresses to be added to the network section of the
|
|
|
|
unit. See {manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
gateway = mkOption {
|
|
|
|
default = [ ];
|
|
|
|
type = types.listOf types.str;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
A list of gateways to be added to the network section of the
|
|
|
|
unit. See {manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
dns = mkOption {
|
|
|
|
default = [ ];
|
|
|
|
type = types.listOf types.str;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
A list of dns servers to be added to the network section of the
|
|
|
|
unit. See {manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
ntp = mkOption {
|
|
|
|
default = [ ];
|
|
|
|
type = types.listOf types.str;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
A list of ntp servers to be added to the network section of the
|
|
|
|
unit. See {manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2018-07-30 07:22:33 +00:00
|
|
|
bridge = mkOption {
|
|
|
|
default = [ ];
|
|
|
|
type = types.listOf types.str;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
A list of bridge interfaces to be added to the network section of the
|
|
|
|
unit. See {manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
bond = mkOption {
|
|
|
|
default = [ ];
|
|
|
|
type = types.listOf types.str;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
A list of bond interfaces to be added to the network section of the
|
|
|
|
unit. See {manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
vrf = mkOption {
|
|
|
|
default = [ ];
|
|
|
|
type = types.listOf types.str;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
A list of vrf interfaces to be added to the network section of the
|
|
|
|
unit. See {manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2015-04-19 19:05:12 +00:00
|
|
|
vlan = mkOption {
|
|
|
|
default = [ ];
|
|
|
|
type = types.listOf types.str;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
A list of vlan interfaces to be added to the network section of the
|
|
|
|
unit. See {manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
macvlan = mkOption {
|
|
|
|
default = [ ];
|
|
|
|
type = types.listOf types.str;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
A list of macvlan interfaces to be added to the network section of the
|
|
|
|
unit. See {manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2023-07-03 22:46:35 +00:00
|
|
|
macvtap = mkOption {
|
|
|
|
default = [ ];
|
|
|
|
type = types.listOf types.str;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
A list of macvtap interfaces to be added to the network section of the
|
|
|
|
unit. See {manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2015-04-19 19:05:12 +00:00
|
|
|
vxlan = mkOption {
|
|
|
|
default = [ ];
|
|
|
|
type = types.listOf types.str;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
A list of vxlan interfaces to be added to the network section of the
|
|
|
|
unit. See {manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
tunnel = mkOption {
|
|
|
|
default = [ ];
|
|
|
|
type = types.listOf types.str;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
A list of tunnel interfaces to be added to the network section of the
|
|
|
|
unit. See {manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2020-01-14 09:37:52 +00:00
|
|
|
xfrm = mkOption {
|
|
|
|
default = [ ];
|
|
|
|
type = types.listOf types.str;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
A list of xfrm interfaces to be added to the network section of the
|
|
|
|
unit. See {manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2015-04-19 19:05:12 +00:00
|
|
|
addresses = mkOption {
|
|
|
|
default = [ ];
|
2016-10-03 04:02:42 +00:00
|
|
|
type = with types; listOf (submodule addressOptions);
|
2015-04-19 19:05:12 +00:00
|
|
|
description = lib.mdDoc ''
|
|
|
|
A list of address sections to be added to the unit. See
|
|
|
|
{manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2020-02-29 17:17:27 +00:00
|
|
|
routingPolicyRules = mkOption {
|
|
|
|
default = [ ];
|
|
|
|
type = with types; listOf (submodule routingPolicyRulesOptions);
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
A list of routing policy rules sections to be added to the unit. See
|
|
|
|
{manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2015-04-19 19:05:12 +00:00
|
|
|
routes = mkOption {
|
|
|
|
default = [ ];
|
2016-10-03 04:02:42 +00:00
|
|
|
type = with types; listOf (submodule routeOptions);
|
2015-04-19 19:05:12 +00:00
|
|
|
description = lib.mdDoc ''
|
|
|
|
A list of route sections to be added to the unit. See
|
|
|
|
{manpage}`systemd.network(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
};
|
|
|
|
|
2018-07-20 20:56:59 +00:00
|
|
|
networkConfig = { config, ... }: {
|
2015-04-19 19:05:12 +00:00
|
|
|
config = {
|
|
|
|
matchConfig = optionalAttrs (config.name != null) {
|
|
|
|
Name = config.name;
|
|
|
|
};
|
|
|
|
networkConfig = optionalAttrs (config.DHCP != null) {
|
|
|
|
DHCP = config.DHCP;
|
|
|
|
} // optionalAttrs (config.domains != null) {
|
|
|
|
Domains = concatStringsSep " " config.domains;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2022-03-13 04:30:49 +00:00
|
|
|
networkdConfig = { config, ... }: {
|
|
|
|
options = {
|
|
|
|
routeTables = mkOption {
|
|
|
|
default = {};
|
|
|
|
example = { foo = 27; };
|
|
|
|
type = with types; attrsOf int;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Defines route table names as an attrset of name to number.
|
|
|
|
See {manpage}`networkd.conf(5)` for details.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
addRouteTablesToIPRoute2 = mkOption {
|
|
|
|
default = true;
|
|
|
|
example = false;
|
|
|
|
type = types.bool;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
If true and routeTables are set, then the specified route tables
|
|
|
|
will also be installed into /etc/iproute2/rt_tables.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
config = {
|
|
|
|
networkConfig = optionalAttrs (config.routeTables != { }) {
|
|
|
|
RouteTable = mapAttrsToList
|
|
|
|
(name: number: "${name}:${toString number}")
|
|
|
|
config.routeTables;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
renderConfig = def:
|
|
|
|
{ text = ''
|
|
|
|
[Network]
|
|
|
|
${attrsToSection def.networkConfig}
|
|
|
|
''
|
|
|
|
+ optionalString (def.dhcpV4Config != { }) ''
|
|
|
|
[DHCPv4]
|
|
|
|
${attrsToSection def.dhcpV4Config}
|
|
|
|
''
|
|
|
|
+ optionalString (def.dhcpV6Config != { }) ''
|
|
|
|
[DHCPv6]
|
|
|
|
${attrsToSection def.dhcpV6Config}
|
|
|
|
''; };
|
|
|
|
|
2022-06-29 05:01:59 +00:00
|
|
|
mkUnitFiles = prefix: cfg: listToAttrs (map (name: {
|
|
|
|
name = "${prefix}systemd/network/${name}";
|
2019-09-14 17:51:29 +00:00
|
|
|
value.source = "${cfg.units.${name}.unit}/${name}";
|
|
|
|
}) (attrNames cfg.units));
|
2015-04-19 19:05:12 +00:00
|
|
|
|
2023-04-21 17:34:35 +00:00
|
|
|
commonOptions = visible: {
|
2015-04-19 19:05:12 +00:00
|
|
|
|
2023-04-21 17:34:35 +00:00
|
|
|
enable = mkOption {
|
2015-04-19 19:05:12 +00:00
|
|
|
default = false;
|
|
|
|
type = types.bool;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Whether to enable networkd or not.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2023-04-21 17:34:35 +00:00
|
|
|
links = mkOption {
|
2015-04-19 19:05:12 +00:00
|
|
|
default = {};
|
2023-04-21 17:34:35 +00:00
|
|
|
inherit visible;
|
2016-10-03 04:02:42 +00:00
|
|
|
type = with types; attrsOf (submodule [ { options = linkOptions; } ]);
|
2015-04-19 19:05:12 +00:00
|
|
|
description = lib.mdDoc "Definition of systemd network links.";
|
|
|
|
};
|
|
|
|
|
2023-04-21 17:34:35 +00:00
|
|
|
netdevs = mkOption {
|
2015-04-19 19:05:12 +00:00
|
|
|
default = {};
|
2023-04-21 17:34:35 +00:00
|
|
|
inherit visible;
|
2016-10-03 04:02:42 +00:00
|
|
|
type = with types; attrsOf (submodule [ { options = netdevOptions; } ]);
|
2015-04-19 19:05:12 +00:00
|
|
|
description = lib.mdDoc "Definition of systemd network devices.";
|
|
|
|
};
|
|
|
|
|
2023-04-21 17:34:35 +00:00
|
|
|
networks = mkOption {
|
2015-04-19 19:05:12 +00:00
|
|
|
default = {};
|
2023-04-21 17:34:35 +00:00
|
|
|
inherit visible;
|
2016-10-03 04:02:42 +00:00
|
|
|
type = with types; attrsOf (submodule [ { options = networkOptions; } networkConfig ]);
|
2015-04-19 19:05:12 +00:00
|
|
|
description = lib.mdDoc "Definition of systemd networks.";
|
|
|
|
};
|
|
|
|
|
2023-04-21 17:34:35 +00:00
|
|
|
config = mkOption {
|
2022-03-13 04:30:49 +00:00
|
|
|
default = {};
|
2023-04-21 17:34:35 +00:00
|
|
|
inherit visible;
|
2022-03-13 04:30:49 +00:00
|
|
|
type = with types; submodule [ { options = networkdOptions; } networkdConfig ];
|
|
|
|
description = lib.mdDoc "Definition of global systemd network config.";
|
|
|
|
};
|
|
|
|
|
2023-04-21 17:34:35 +00:00
|
|
|
units = mkOption {
|
2015-04-19 19:05:12 +00:00
|
|
|
description = lib.mdDoc "Definition of networkd units.";
|
|
|
|
default = {};
|
2019-11-29 11:50:51 +00:00
|
|
|
internal = true;
|
2016-09-13 03:56:05 +00:00
|
|
|
type = with types; attrsOf (submodule (
|
|
|
|
{ name, config, ... }:
|
2019-11-29 11:50:51 +00:00
|
|
|
{ options = mapAttrs (_: x: x // { internal = true; }) concreteUnitOptions;
|
2015-04-19 19:05:12 +00:00
|
|
|
config = {
|
|
|
|
unit = mkDefault (makeUnit name config);
|
|
|
|
};
|
2016-09-13 03:56:05 +00:00
|
|
|
}));
|
2015-04-19 19:05:12 +00:00
|
|
|
};
|
|
|
|
|
2023-04-21 17:34:35 +00:00
|
|
|
wait-online = {
|
2022-11-26 01:47:47 +00:00
|
|
|
enable = mkOption {
|
|
|
|
type = types.bool;
|
|
|
|
default = true;
|
|
|
|
example = false;
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Whether to enable the systemd-networkd-wait-online service.
|
|
|
|
|
|
|
|
systemd-networkd-wait-online can timeout and fail if there are no network interfaces
|
|
|
|
available for it to manage. When systemd-networkd is enabled but a different service is
|
|
|
|
responsible for managing the system's internet connection (for example, NetworkManager or
|
|
|
|
connman are used to manage WiFi connections), this service is unnecessary and can be
|
|
|
|
disabled.
|
|
|
|
'';
|
|
|
|
};
|
2022-03-28 20:56:49 +00:00
|
|
|
anyInterface = mkOption {
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Whether to consider the network online when any interface is online, as opposed to all of them.
|
|
|
|
This is useful on portable machines with a wired and a wireless interface, for example.
|
|
|
|
'';
|
|
|
|
type = types.bool;
|
|
|
|
default = false;
|
|
|
|
};
|
|
|
|
|
|
|
|
ignoredInterfaces = mkOption {
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Network interfaces to be ignored when deciding if the system is online.
|
|
|
|
'';
|
|
|
|
type = with types; listOf str;
|
|
|
|
default = [];
|
|
|
|
example = [ "wg0" ];
|
|
|
|
};
|
|
|
|
|
|
|
|
timeout = mkOption {
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Time to wait for the network to come online, in seconds. Set to 0 to disable.
|
|
|
|
'';
|
|
|
|
type = types.ints.unsigned;
|
|
|
|
default = 120;
|
|
|
|
example = 0;
|
|
|
|
};
|
|
|
|
|
|
|
|
extraArgs = mkOption {
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
Extra command-line arguments to pass to systemd-networkd-wait-online.
|
|
|
|
These also affect per-interface `systemd-network-wait-online@` services.
|
|
|
|
|
2023-02-17 12:48:15 +00:00
|
|
|
See {manpage}`systemd-networkd-wait-online.service(8)` for all available options.
|
2022-03-28 20:56:49 +00:00
|
|
|
'';
|
|
|
|
type = with types; listOf str;
|
|
|
|
default = [];
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2015-04-19 19:05:12 +00:00
|
|
|
};
|
|
|
|
|
2023-07-01 02:18:05 +00:00
|
|
|
commonConfig = config: let
|
|
|
|
cfg = config.systemd.network;
|
|
|
|
mkUnit = f: def: { inherit (def) enable; text = f def; };
|
|
|
|
in mkMerge [
|
2020-01-08 19:18:26 +00:00
|
|
|
|
2020-03-10 23:24:50 +00:00
|
|
|
# .link units are honored by udev, no matter if systemd-networkd is enabled or not.
|
|
|
|
{
|
2023-07-01 02:18:05 +00:00
|
|
|
systemd.network.units = mapAttrs' (n: v: nameValuePair "${n}.link" (mkUnit linkToUnit v)) cfg.links;
|
2022-03-28 20:56:49 +00:00
|
|
|
|
|
|
|
systemd.network.wait-online.extraArgs =
|
|
|
|
[ "--timeout=${toString cfg.wait-online.timeout}" ]
|
|
|
|
++ optional cfg.wait-online.anyInterface "--any"
|
|
|
|
++ map (i: "--ignore=${i}") cfg.wait-online.ignoredInterfaces;
|
2020-03-10 23:24:50 +00:00
|
|
|
}
|
2015-04-19 19:05:12 +00:00
|
|
|
|
2020-03-10 23:24:50 +00:00
|
|
|
(mkIf config.systemd.network.enable {
|
2019-11-24 21:45:39 +00:00
|
|
|
|
2023-07-01 02:18:05 +00:00
|
|
|
systemd.network.units = mapAttrs' (n: v: nameValuePair "${n}.netdev" (mkUnit netdevToUnit v)) cfg.netdevs
|
|
|
|
// mapAttrs' (n: v: nameValuePair "${n}.network" (mkUnit networkToUnit v)) cfg.networks;
|
2015-04-20 09:31:17 +00:00
|
|
|
|
2020-05-19 09:04:14 +00:00
|
|
|
# systemd-networkd is socket-activated by kernel netlink route change
|
|
|
|
# messages. It is important to have systemd buffer those on behalf of
|
|
|
|
# networkd.
|
|
|
|
systemd.sockets.systemd-networkd.wantedBy = [ "sockets.target" ];
|
|
|
|
|
2020-03-10 23:24:50 +00:00
|
|
|
systemd.services.systemd-networkd-wait-online = {
|
2022-11-26 01:47:47 +00:00
|
|
|
inherit (cfg.wait-online) enable;
|
2020-03-10 23:24:50 +00:00
|
|
|
wantedBy = [ "network-online.target" ];
|
2022-03-28 20:56:49 +00:00
|
|
|
serviceConfig.ExecStart = [
|
|
|
|
""
|
|
|
|
"${config.systemd.package}/lib/systemd/systemd-networkd-wait-online ${utils.escapeSystemdExecArgs cfg.wait-online.extraArgs}"
|
|
|
|
];
|
2020-03-10 23:24:50 +00:00
|
|
|
};
|
2015-04-19 19:05:12 +00:00
|
|
|
|
2020-03-10 23:24:50 +00:00
|
|
|
systemd.services."systemd-network-wait-online@" = {
|
|
|
|
description = "Wait for Network Interface %I to be Configured";
|
|
|
|
conflicts = [ "shutdown.target" ];
|
|
|
|
requisite = [ "systemd-networkd.service" ];
|
|
|
|
after = [ "systemd-networkd.service" ];
|
|
|
|
serviceConfig = {
|
|
|
|
Type = "oneshot";
|
|
|
|
RemainAfterExit = true;
|
2022-03-28 20:56:49 +00:00
|
|
|
ExecStart = "${config.systemd.package}/lib/systemd/systemd-networkd-wait-online -i %I ${utils.escapeSystemdExecArgs cfg.wait-online.extraArgs}";
|
2020-03-10 23:24:50 +00:00
|
|
|
};
|
2015-04-19 19:05:12 +00:00
|
|
|
};
|
|
|
|
|
2022-06-29 05:01:59 +00:00
|
|
|
})
|
|
|
|
];
|
|
|
|
|
|
|
|
stage2Config = let
|
|
|
|
cfg = config.systemd.network;
|
|
|
|
unitFiles = mkUnitFiles "" cfg;
|
|
|
|
in mkMerge [
|
|
|
|
(commonConfig config)
|
|
|
|
|
|
|
|
{ environment.etc = unitFiles; }
|
|
|
|
|
|
|
|
(mkIf config.systemd.network.enable {
|
|
|
|
|
|
|
|
users.users.systemd-network.group = "systemd-network";
|
|
|
|
|
|
|
|
systemd.additionalUpstreamSystemUnits = [
|
|
|
|
"systemd-networkd-wait-online.service"
|
|
|
|
"systemd-networkd.service"
|
|
|
|
"systemd-networkd.socket"
|
|
|
|
];
|
|
|
|
|
2022-03-13 04:30:49 +00:00
|
|
|
environment.etc."systemd/networkd.conf" = renderConfig cfg.config;
|
|
|
|
|
2022-06-29 05:01:59 +00:00
|
|
|
systemd.services.systemd-networkd = {
|
|
|
|
wantedBy = [ "multi-user.target" ];
|
|
|
|
restartTriggers = map (x: x.source) (attrValues unitFiles) ++ [
|
|
|
|
config.environment.etc."systemd/networkd.conf".source
|
|
|
|
];
|
|
|
|
aliases = [ "dbus-org.freedesktop.network1.service" ];
|
|
|
|
};
|
|
|
|
|
2022-03-13 04:30:49 +00:00
|
|
|
networking.iproute2 = mkIf (cfg.config.addRouteTablesToIPRoute2 && cfg.config.routeTables != { }) {
|
|
|
|
enable = mkDefault true;
|
|
|
|
rttablesExtraConfig = ''
|
|
|
|
|
|
|
|
# Extra tables defined in NixOS systemd.networkd.config.routeTables.
|
|
|
|
${concatStringsSep "\n" (mapAttrsToList (name: number: "${toString number} ${name}") cfg.config.routeTables)}
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2020-03-10 23:24:50 +00:00
|
|
|
services.resolved.enable = mkDefault true;
|
2022-06-29 05:01:59 +00:00
|
|
|
|
|
|
|
})
|
|
|
|
];
|
|
|
|
|
|
|
|
stage1Config = let
|
|
|
|
cfg = config.boot.initrd.systemd.network;
|
|
|
|
in mkMerge [
|
|
|
|
(commonConfig config.boot.initrd)
|
|
|
|
|
|
|
|
{
|
|
|
|
systemd.network.enable = mkDefault config.boot.initrd.network.enable;
|
|
|
|
systemd.contents = mkUnitFiles "/etc/" cfg;
|
|
|
|
|
|
|
|
# Networkd link files are used early by udev to set up interfaces early.
|
|
|
|
# This must be done in stage 1 to avoid race conditions between udev and
|
|
|
|
# network daemons.
|
|
|
|
systemd.network.units = lib.filterAttrs (n: _: hasSuffix ".link" n) config.systemd.network.units;
|
|
|
|
systemd.storePaths = ["${config.boot.initrd.systemd.package}/lib/systemd/network/99-default.link"];
|
|
|
|
}
|
|
|
|
|
|
|
|
(mkIf cfg.enable {
|
|
|
|
|
2023-06-14 20:09:25 +00:00
|
|
|
systemd.package = mkDefault pkgs.systemdStage1Network;
|
2022-06-29 05:01:59 +00:00
|
|
|
|
2023-03-07 03:21:48 +00:00
|
|
|
# For networkctl
|
|
|
|
systemd.dbus.enable = mkDefault true;
|
|
|
|
|
2022-06-29 05:01:59 +00:00
|
|
|
systemd.additionalUpstreamUnits = [
|
|
|
|
"systemd-networkd-wait-online.service"
|
|
|
|
"systemd-networkd.service"
|
|
|
|
"systemd-networkd.socket"
|
|
|
|
"systemd-network-generator.service"
|
|
|
|
"network-online.target"
|
|
|
|
"network-pre.target"
|
|
|
|
"network.target"
|
|
|
|
"nss-lookup.target"
|
|
|
|
"nss-user-lookup.target"
|
|
|
|
"remote-fs-pre.target"
|
|
|
|
"remote-fs.target"
|
|
|
|
];
|
|
|
|
systemd.users.systemd-network = {};
|
|
|
|
systemd.groups.systemd-network = {};
|
|
|
|
|
|
|
|
systemd.contents."/etc/systemd/networkd.conf" = renderConfig cfg.config;
|
|
|
|
|
systemd stage 1 networking: Stop systemd-networkd on switch-root
This essentially backports
https://github.com/systemd/systemd/pull/27791. `systemd-networkd.service`
is sent the `SIGTERM` signal, but it is not required to be stopped
before `initrd-switch-root.target` is reached, despite the use of
`systemctl isolate initrd-switch-root.target`. This is because when
there is no ordering at all between two units, and a transaction stops
one and starts the other, the two operations can happen
simultaneously. This means the service could still be running when
`switch-root` actually occurs. Then, stage 2 systemd will see the
service still running and decide it doesn't need to add a start
operation for it to its initial transaction. Finally, the service
exits, but only after it's already too late. If, however, there is any
ordering at all between a stopping unit and a starting unit, then the
stop operation will be done first. This way, we ensure that the
service is properly exited before doing `switch-root`.
This is something to keep in mind going forward. There may be other
services that need this treatment. These `before` and `conflicts`
definitions are the correct way to ensure a unit is actually stopped
before you reach initrd-switch-root
2023-06-07 02:41:08 +00:00
|
|
|
systemd.services.systemd-networkd = {
|
|
|
|
wantedBy = [ "initrd.target" ];
|
|
|
|
# These before and conflicts lines can be removed when this PR makes it into a release:
|
|
|
|
# https://github.com/systemd/systemd/pull/27791
|
|
|
|
before = ["initrd-switch-root.target"];
|
|
|
|
conflicts = ["initrd-switch-root.target"];
|
|
|
|
};
|
|
|
|
systemd.sockets.systemd-networkd = {
|
|
|
|
wantedBy = [ "initrd.target" ];
|
|
|
|
before = ["initrd-switch-root.target"];
|
|
|
|
conflicts = ["initrd-switch-root.target"];
|
|
|
|
};
|
|
|
|
|
2022-06-29 05:01:59 +00:00
|
|
|
systemd.services.systemd-network-generator.wantedBy = [ "sysinit.target" ];
|
|
|
|
|
|
|
|
systemd.storePaths = [
|
|
|
|
"${config.boot.initrd.systemd.package}/lib/systemd/systemd-networkd"
|
|
|
|
"${config.boot.initrd.systemd.package}/lib/systemd/systemd-networkd-wait-online"
|
|
|
|
"${config.boot.initrd.systemd.package}/lib/systemd/systemd-network-generator"
|
|
|
|
];
|
|
|
|
kernelModules = [ "af_packet" ];
|
|
|
|
|
2023-03-06 18:46:17 +00:00
|
|
|
systemd.services.nixos-flush-networkd = mkIf config.boot.initrd.network.flushBeforeStage2 {
|
|
|
|
description = "Flush Network Configuration";
|
|
|
|
wantedBy = ["initrd.target"];
|
|
|
|
after = ["systemd-networkd.service" "dbus.socket" "dbus.service"];
|
|
|
|
before = ["shutdown.target" "initrd-switch-root.target"];
|
|
|
|
conflicts = ["shutdown.target" "initrd-switch-root.target"];
|
|
|
|
unitConfig.DefaultDependencies = false;
|
|
|
|
serviceConfig = {
|
|
|
|
# This service does nothing when starting, but brings down
|
|
|
|
# interfaces when switching root. This is the easiest way to
|
|
|
|
# ensure proper ordering while stopping. See systemd.unit(5)
|
|
|
|
# section on Before= and After=. The important part is that
|
|
|
|
# we are stopped before units we need, like dbus.service,
|
|
|
|
# and that we are stopped before starting units like
|
|
|
|
# initrd-switch-root.target
|
|
|
|
Type = "oneshot";
|
|
|
|
RemainAfterExit = true;
|
|
|
|
ExecStart = "/bin/true";
|
|
|
|
};
|
|
|
|
# systemd-networkd doesn't bring down interfaces on its own
|
|
|
|
# when it exits (see: systemd-networkd(8)), so we have to do
|
|
|
|
# it ourselves. The networkctl command doesn't have a way to
|
|
|
|
# bring all interfaces down, so we have to iterate over the
|
|
|
|
# list and filter out unmanaged interfaces to bring them down
|
|
|
|
# individually.
|
|
|
|
preStop = ''
|
|
|
|
networkctl list --full --no-legend | while read _idx link _type _operational setup _; do
|
|
|
|
[ "$setup" = unmanaged ] && continue
|
|
|
|
networkctl down "$link"
|
|
|
|
done
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2022-06-29 05:01:59 +00:00
|
|
|
})
|
|
|
|
];
|
|
|
|
|
|
|
|
in
|
|
|
|
|
|
|
|
{
|
2023-04-21 17:34:35 +00:00
|
|
|
options = {
|
|
|
|
systemd.network = commonOptions true;
|
|
|
|
boot.initrd.systemd.network = commonOptions "shallow";
|
2022-06-29 05:01:59 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
config = mkMerge [
|
|
|
|
stage2Config
|
|
|
|
(mkIf config.boot.initrd.systemd.enable {
|
|
|
|
assertions = [{
|
|
|
|
assertion = config.boot.initrd.network.udhcpc.extraArgs == [];
|
|
|
|
message = ''
|
|
|
|
boot.initrd.network.udhcpc.extraArgs is not supported when
|
|
|
|
boot.initrd.systemd.enable is enabled
|
|
|
|
'';
|
|
|
|
}];
|
|
|
|
|
|
|
|
boot.initrd = stage1Config;
|
2020-03-10 23:24:50 +00:00
|
|
|
})
|
|
|
|
];
|
2015-04-19 19:05:12 +00:00
|
|
|
}
|