Commit Graph

186 Commits

Author SHA1 Message Date
Linus Heckemann
3631db714c
Merge pull request #158176 from lheckemann/fix-tempaddr
network-interfaces: use altered interface name for setting use_tempaddr
2022-03-29 10:39:46 +02:00
jpathy
19bb72c070 networking.greTunnels: Add ttl option 2022-03-23 00:24:44 +05:30
jpathy
0a62de4cd5 networking.greTunnels: support ip6gre* 2022-03-17 17:59:36 +05:30
Alyssa Ross
1176525f87 treewide: remove obsolete kernel version checks
We don't support Linux kernels older than 4.4 in Nixpkgs.
2022-02-19 21:09:19 +00:00
Linus Heckemann
c74d784771 network-interfaces: use altered interface name for setting use_tempaddr
Fixes #86764
2022-02-05 00:13:03 +01:00
Jade
fe636b4805
nixos/networking: Typo fix 2022-02-04 13:55:56 -05:00
Luflosi
ca58bd0a50
nixos/networkd: Add routes from interfaces to [Route] section of .network file
Closes https://github.com/NixOS/nixpkgs/pull/93635.
2022-01-20 20:14:55 +01:00
Guillaume Girol
fdc3784828
Merge pull request #148637 from hexagonal-sun/network/gre-tap-tun
nixos/network: add gre virtual interfaces
2022-01-01 17:04:29 +00:00
pennae
ed673a69db treewide: add defaultText for options with simple cfg.* expression defaults
adds defaultText for options with defaults that use only literals, full config.*
paths, and the cfg shortcut binding.
2021-12-09 01:14:16 +01:00
Matthew Leach
5ce7061945 nixos/networking: add options for configuring a GRE tunnel
Add `networking.greTunnels` option that allows a GRE tunnel to be
configured in NixOS.
2021-12-07 15:44:00 +00:00
Artturi
a0d4895e9d
Merge pull request #146709 from Artturin/underscorename 2021-11-21 03:12:31 +02:00
Artturin
2077956e78 nixos/network-interfaces: add a warning for underscores in hostname
until the issues in https://github.com/NixOS/nixpkgs/pull/138978
have been resolved
2021-11-21 01:39:39 +02:00
Artturin
31759dc4b7 nixos/networkmanager: remove redundant ipv6.ip6-privacy
this setting was added in 2016 in commit
bcdd81d9e1

the posibility to preferTempAddress was added to
nixos/network-interface in 2018 in commit
1fec496f38

preferTempAddress was renamed to tempAddress
in 2020 in commit 2485e6399e

therefore this setting is redundant since nm will use the sysctl option

nixos/network-interfaces: add default to sysctl so that the value for it
is set

networkmanager falls back to it
https://man.archlinux.org/man/NetworkManager.conf.5
2021-11-19 01:12:25 +02:00
pennae
c1f5155471 nixos/networking: support FOU encapsulation for sits 2021-10-16 20:48:03 -04:00
pennae
f29ea2d15d nixos/networking: add foo-over-udp endpoint support
allows configuration of foo-over-udp decapsulation endpoints. sadly networkd
seems to lack the features necessary to support local and peer address
configuration, so those are only supported when using scripted configuration.
2021-10-16 20:48:03 -04:00
Michele Guerini Rocco
46b2a2594a
Merge pull request #140779 from legendofmiracles/wol
nixos/wakeonlan: switch to systemd.link and to nixos/networking
2021-10-09 10:34:26 +02:00
legendofmiracles
bb3ea37eee
nixos/networking: add the wakeonlan option 2021-10-07 14:15:17 -06:00
Naïm Favier
2ddc335e6f
nixos/doc: clean up defaults and examples 2021-10-04 12:47:20 +02:00
Samuel Dionne-Riel
110165b784 Provide submodule to security.wrappers for older kernels
Fixes a regression from #126289
2021-09-29 16:10:27 -04:00
rnhmjoj
fedd7cd690
nixos: explicitely set security.wrappers ownership
This is slightly more verbose and inconvenient, but it forces you
to think about what the wrapper ownership and permissions will be.
2021-09-13 13:48:13 +02:00
John Whitman
8d3527aa88 nixos/network-interfaces: Fix wlan interface mac 2021-09-01 21:46:26 -04:00
github-actions[bot]
1ae6d3d02f
Merge master into staging-next 2021-05-07 18:24:29 +00:00
Linus Heckemann
4c4ac4bb20 nixos/network: allow configuring tempaddr for undeclared interfaces 2021-04-27 16:43:30 +02:00
Julien Moutinho
05d334cfe2 Revert "Revert "apparmor: fix and improve the service""
This reverts commit 420f89ceb2.
2021-04-23 07:17:55 +02:00
ajs124
c6d4dae35d treewide: fix eval without aliases after 9378fdf87e 2021-04-08 13:33:09 +02:00
Sandro Jäckel
9378fdf87e
iproute: deprecate alias 2021-04-04 01:43:46 +02:00
Florian Klink
b2f3bd4d79
Merge pull request #100155 from primeos/nixos-add-fqdn-option
nixos/networking: Add a read-only option for the FQDN
2021-01-25 16:45:45 +01:00
Julien Moutinho
2263fa5698 nixos/network-interfaces: fix typo in udev rule syntax 2020-11-24 04:21:44 +01:00
Florian Klink
13be37662d kernel config: explicitly enable CONFIG_IPV6
We currently build CONFIG_IPV6=m.

This seems to be not really well-supported in mainline kernels - see
https://lore.kernel.org/netdev/20201115224509.2020651-1-flokli@flokli.de/T/#u

Compiling it as a module doesn't give too much benefit - even for people
who did explicitly set `enableIPv6` to false, the `ipv6` module was
still loaded, as soon as another module was loaded that requires it
(bridge,br_netfilter,wireguard,ip6table_mangle,sctp,…).

By compiling it in, we only loose the possibility to not add it to
`boot.kernelModules` anymore (as it's part of the kernel directly). The
space savings are negligible.

People wanting to disable IPv6 still get the appropriate sysctls and
options set (while having the kernel code loaded), nothing is really
changing here.
2020-11-16 13:07:49 +01:00
Michael Weiss
971f0b45ef
nixos/networking: Add a read-only option for the FQDN
This is a convenience option that can be used to quickly obtain the
configured FQDN.
2020-10-12 15:27:31 +02:00
Michael Weiss
4a600af1b1 doc: Document a workaround for using an FQDN as hostname
Since #76542 this workaround is required to use a FQDN as hostname. See
#94011 and #94022 for the related discussion. Due to some
potential/unresolved issues (legacy software, backward compatibility,
etc.) we're documenting this workaround [0].

[0]: https://github.com/NixOS/nixpkgs/issues/94011#issuecomment-705952300
2020-10-10 10:48:54 -07:00
Michael Weiss
826ed96c10
nixos/networking: Switch to home.arpa as an example for the domain
The special-use domain "home.arpa." is designated for non-unique use in
residential home networks [0] and registered as such [1]. Therefore it
is more appropriate than "home." which could cause conflicts or result
in queries that leak out and reach the root name servers.

[0]: https://tools.ietf.org/html/rfc8375
[1]: https://www.iana.org/assignments/special-use-domain-names/special-use-domain-names.xhtml
2020-10-10 17:41:42 +02:00
Vladimír Čunát
420f89ceb2
Revert "apparmor: fix and improve the service"
This reverts commit fb6d63f3fd.

I really hope this finally fixes #99236: evaluation on Hydra.
This time I really did check basically the same commit on Hydra:
https://hydra.nixos.org/eval/1618011

Right now I don't have energy to find what exactly is wrong in the
commit, and it doesn't seem important in comparison to nixos-unstable
channel being stuck on a commit over one week old.
2020-10-07 12:22:18 +02:00
0x4A6F
c232d4b587
nixos: Conform with RFC 1123 in networking.hostName
Conform to RFC 1123 [0], specifically to "2.1 Host Names and Numbers",
which allow starting host name with alphanumerical instead of alphabetical characters.
RFC 1123 updates RFC 952 [1], which is referenced in "man 5 hosts".

[0]: https://tools.ietf.org/html/rfc1123
[1]: https://tools.ietf.org/html/rfc952
2020-10-01 22:06:00 +00:00
Julien Moutinho
fb6d63f3fd apparmor: fix and improve the service 2020-09-06 07:43:03 +02:00
WORLDofPEACE
18348c7829
Merge pull request #96042 from rnhmjoj/loaOf
treewide: completely remove types.loaOf
2020-09-02 08:45:37 -04:00
rnhmjoj
20d491a317
treewide: completely remove types.loaOf 2020-09-02 00:42:50 +02:00
V
b63b5eda68 rfkill: remove
rfkill was subsumed by util-linux in 2017 [1], and the upstream has not
been updated in over 5 years [2]. This package shadows the rfkill from
util-linux, so it can be completely removed with no breaking changes,
because util-linux is in the base package set in nixos/system-path.

[1] d17fb726b5
[2] https://git.sipsolutions.net/rfkill.git/log/
2020-08-24 02:49:27 +02:00
asdf8dfafjk
8e52c2a63e
nixos/networking: Enhance hostId description (#94800)
Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
2020-08-08 20:30:50 +01:00
Michael Weiss
a6afdbb70b
nixos: Allow empty hostnames again
This fixes a regression from 993baa587c which requires
networking.hostName to be a valid DNS label [0].
Unfortunately we missed the fact that the hostnames may also be empty,
if the user wants to obtain it from a DHCP server. This is even required
by a few modules/images (e.g. Amazon EC2, Azure, and Google Compute).

[0]: https://github.com/NixOS/nixpkgs/pull/76542#issuecomment-638138666
2020-06-03 15:23:37 +02:00
Florian Klink
4cd605f3ca
Merge pull request #62671 from kfiz/networking-proxy_arp-fix
tasks/network-interfaces.nix: Enable ip_forwarding for ipv4 and p…
2020-05-31 22:22:49 +02:00
Doro Rose
5d3a72f683 networking-interfaces.nix: remove broken NDP bits from proxyARP
The `networking.interfaces.<name?>.proxyARP` option previously mentioned it would also enable IPv6 forwarding and `proxy_ndp`.

However, the `proxy_ndp` option was never actually set (the non-existing `net.ipv6.conf.proxy_arp` sysctl was set
instead). In addition `proxy_ndp` also needs individual entries for each ip to proxy for.

Proxy ARP and Proxy NDP are two different concepts, and enabling the latter
should be a conscious decision.

This commit removes the broken NDP support, and disables explicitly
enabling IPv6 forwarding (which is the default in most cases anyways)

Fixes #62339.
2020-05-26 00:53:10 +02:00
Michael Weiss
993baa587c
nixos: Require networking.hostName to be a valid DNS label
This also means that the hostname must not contain the domain name part
anymore (i.e. must not be a FQDN).
See RFC 1035 [0], "man 5 hostname", or the kernel documentation [1].
Note: For legacy reasons we also allow underscores inside of the label
but this is not recommended and intentionally left undocumented.

[0]: https://tools.ietf.org/html/rfc1035
[1]: https://www.kernel.org/doc/html/latest/admin-guide/sysctl/kernel.html#domainname-hostname

Co-authored-by: zimbatm <zimbatm@zimbatm.com>
2020-05-25 18:13:39 +02:00
Florian Klink
532528190b nixos/networking: move network-link-${i.name} to scripted networking
The unit sets MTU and MAC Address even with networkd enabled, which
isn't necessary anymore, as networkd handles this by itself.
2020-04-13 22:03:35 +02:00
Florian Klink
ca391c8a4f nixos/networking: add assertion catching setting mac addresses on tun devices
Setting a MAC Address on a tun interface isn't supported, and invoking
the corresponding command fails.
2020-04-13 22:03:35 +02:00
David Costa
2e4a45c921 nixos/network-interfaces: fix examples types
make literalExample receive string arguments.
Fix nixos/nixos-homepage#255
2020-03-29 01:00:59 +01:00
Jörg Thalheim
1ddb140d95
Merge pull request #53033 from netixx/openvswitch-improved-systemd
openvswitch: better integration with systemd
2020-02-21 08:24:49 +00:00
rnhmjoj
2485e6399e
nixos/networking-interfaces: change preferTempAddress to allow disabling temp addresses 2020-02-01 11:38:40 +01:00
Netix (Espinet François)
cd3597b486
openvswitch: better integration with systemd
Systemd dependencies for scripted mode
were refactored according to analysis in #34586.

networking.vswitches can now be used with systemd-networkd,
although they are not supported by the daemon, a nixos receipe
creates the switch and attached required interfaces (just like
the scripted version).

Vlans and internal interfaces are implemented following the
  template format i.e. each interface is
described using an attributeSet (vlan and type at the moment).
If vlan is present, then interface is added to the vswitch with
given tag (access mode). Type internal enabled vswitch to create
interfaces (see openvswitch docs).

Added configuration for configuring supported openFlow version on
the vswitch

This commit is a split from the original PR #35127.
2019-12-15 21:16:26 +01:00
Linus Heckemann
0b754fbe54
Merge pull request #69302 from mayflower/networkd-disallow-dhcp
networkd: disallow useDHCP
2019-10-07 11:29:04 +02:00