nixos/networkd: Add the RoutingPolicyRule-related options
This commit is contained in:
parent
0a8af284e5
commit
611d765b76
|
@ -235,6 +235,21 @@ let
|
||||||
(assertValueOneOf "AutoJoin" boolValues)
|
(assertValueOneOf "AutoJoin" boolValues)
|
||||||
];
|
];
|
||||||
|
|
||||||
|
checkRoutingPolicyRule = checkUnitConfig "RoutingPolicyRule" [
|
||||||
|
(assertOnlyFields [
|
||||||
|
"TypeOfService" "From" "To" "FirewallMark" "Table" "Priority"
|
||||||
|
"IncomingInterface" "OutgoingInterface" "SourcePort" "DestinationPort"
|
||||||
|
"IPProtocol" "InvertRule" "Family"
|
||||||
|
])
|
||||||
|
(assertRange "TypeOfService" 0 255)
|
||||||
|
(assertRange "FirewallMark" 1 4294967295)
|
||||||
|
(assertInt "Priority")
|
||||||
|
(assertPort "SourcePort")
|
||||||
|
(assertPort "DestinationPort")
|
||||||
|
(assertValueOneOf "InvertRule" boolValues)
|
||||||
|
(assertValueOneOf "Family" ["ipv4" "ipv6" "both"])
|
||||||
|
];
|
||||||
|
|
||||||
checkRoute = checkUnitConfig "Route" [
|
checkRoute = checkUnitConfig "Route" [
|
||||||
(assertOnlyFields [
|
(assertOnlyFields [
|
||||||
"Gateway" "GatewayOnLink" "Destination" "Source" "Metric"
|
"Gateway" "GatewayOnLink" "Destination" "Source" "Metric"
|
||||||
|
@ -535,6 +550,22 @@ let
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
routingPolicyRulesOptions = {
|
||||||
|
options = {
|
||||||
|
routingPolicyRuleConfig = mkOption {
|
||||||
|
default = { };
|
||||||
|
example = { routingPolicyRuleConfig = { Table = 10; IncomingInterface = "eth1"; } ;};
|
||||||
|
type = types.addCheck (types.attrsOf unitOption) checkRoutingPolicyRule;
|
||||||
|
description = ''
|
||||||
|
Each attribute in this set specifies an option in the
|
||||||
|
<literal>[RoutingPolicyRule]</literal> section of the unit. See
|
||||||
|
<citerefentry><refentrytitle>systemd.network</refentrytitle>
|
||||||
|
<manvolnum>5</manvolnum></citerefentry> for details.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
routeOptions = {
|
routeOptions = {
|
||||||
options = {
|
options = {
|
||||||
routeConfig = mkOption {
|
routeConfig = mkOption {
|
||||||
|
@ -772,6 +803,16 @@ let
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
routingPolicyRules = mkOption {
|
||||||
|
default = [ ];
|
||||||
|
type = with types; listOf (submodule routingPolicyRulesOptions);
|
||||||
|
description = ''
|
||||||
|
A list of routing policy rules sections to be added to the unit. See
|
||||||
|
<citerefentry><refentrytitle>systemd.network</refentrytitle>
|
||||||
|
<manvolnum>5</manvolnum></citerefentry> for details.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
routes = mkOption {
|
routes = mkOption {
|
||||||
default = [ ];
|
default = [ ];
|
||||||
type = with types; listOf (submodule routeOptions);
|
type = with types; listOf (submodule routeOptions);
|
||||||
|
@ -928,6 +969,11 @@ let
|
||||||
[Route]
|
[Route]
|
||||||
${attrsToSection x.routeConfig}
|
${attrsToSection x.routeConfig}
|
||||||
|
|
||||||
|
'')}
|
||||||
|
${flip concatMapStrings def.routingPolicyRules (x: ''
|
||||||
|
[RoutingPolicyRule]
|
||||||
|
${attrsToSection x.routingPolicyRuleConfig}
|
||||||
|
|
||||||
'')}
|
'')}
|
||||||
${def.extraConfig}
|
${def.extraConfig}
|
||||||
'';
|
'';
|
||||||
|
|
|
@ -59,6 +59,11 @@ in rec {
|
||||||
optional (attr ? ${name} && ! isMacAddress attr.${name})
|
optional (attr ? ${name} && ! isMacAddress attr.${name})
|
||||||
"Systemd ${group} field `${name}' must be a valid mac address.";
|
"Systemd ${group} field `${name}' must be a valid mac address.";
|
||||||
|
|
||||||
|
isPort = i: i >= 0 && i <= 65535;
|
||||||
|
|
||||||
|
assertPort = name: group: attr:
|
||||||
|
optional (attr ? ${name} && ! isPort attr.${name})
|
||||||
|
"Error on the systemd ${group} field `${name}': ${attr.name} is not a valid port number.";
|
||||||
|
|
||||||
assertValueOneOf = name: values: group: attr:
|
assertValueOneOf = name: values: group: attr:
|
||||||
optional (attr ? ${name} && !elem attr.${name} values)
|
optional (attr ? ${name} && !elem attr.${name} values)
|
||||||
|
|
Loading…
Reference in New Issue
Block a user