nixos/networkd: add PIE options

2025-01-21 20:34:06 +00:00 · 2023-02-28 00:06:39 +01:00 · 2023-02-28 00:06:39 +01:00 · 2784862e41
commit 2784862e41
parent d63035329e
1 changed files with 25 additions and 0 deletions
--- a/nixos/modules/system/boot/networkd.nix
+++ b/nixos/modules/system/boot/networkd.nix
@ -1133,6 +1133,16 @@ let
          "MTUBytes"
        ])
      ];
+
+      sectionPIE = checkUnitConfig "PIE" [
+        (assertOnlyFields [
+          "Parent"
+          "Handle"
+          "PacketLimit"
+        ])
+        (assertInt "PacketLimit")
+        (assertRange "PacketLimit" 1 4294967294)
+      ];
    };
  };

@ -1834,6 +1844,17 @@ let
      '';
    };

+    pieConfig = mkOption {
+      default = {};
+      example = { Parent = "ingress"; PacketLimit = "3847"; };
+      type = types.addCheck (types.attrsOf unitOption) check.network.sectionPIE;
+      description = lib.mdDoc ''
+        Each attribute in this set specifies an option in the
+        `[PIE]` section of the unit.  See
+        {manpage}`systemd.network(5)` for details.
+      '';
+    };
+
    name = mkOption {
      type = types.nullOr types.str;
      default = null;
@ -2277,6 +2298,10 @@ let
          [TokenBucketFilter]
          ${attrsToSection def.tockenBucketFilterConfig}
        ''
+        + optionalString (def.pieConfig != { }) ''
+          [PIE]
+          ${attrsToSection def.pieConfig}
+        ''
        + def.extraConfig;
    };