nixos/network-interfaces-systemd: require defaultGateway.interface

The logic for configuring a gateway without an interface specified adds a route with Gateway= to *every interface* configured by NixOS for networkd. This leads to nonsensical configurations like the following: [Network] DHCP=no Address=192.168.0.1/24 [Route] Gateway=10.0.0.1 GatewayOnLink=false We remove this logic and make defaultGateway.interface required to configure a default gateway when using networkd. We can ignore the removal of GatewayOnLink because systemd defaults it to "no" anyway.
2023-10-02 20:26:13 -04:00 · 2023-10-02 20:26:13 -04:00 · c3e90f5667
commit c3e90f5667
parent c11b788d1a
2 changed files with 22 additions and 29 deletions
--- a/nixos/modules/tasks/network-interfaces-systemd.nix
+++ b/nixos/modules/tasks/network-interfaces-systemd.nix
@ -43,19 +43,6 @@ let
    }
  ));

-  genericNetwork = override:
-    let gateway = optional (cfg.defaultGateway != null && (cfg.defaultGateway.address or "") != "" && cfg.defaultGateway.interface == null) cfg.defaultGateway.address
-      ++ optional (cfg.defaultGateway6 != null && (cfg.defaultGateway6.address or "") != "" && cfg.defaultGateway6.interface == null) cfg.defaultGateway6.address;
-        makeGateway = gateway: {
-          routeConfig = {
-            Gateway = gateway;
-            GatewayOnLink = false;
-          };
-        };
-    in optionalAttrs (gateway != [ ]) {
-      routes = override (map makeGateway gateway);
-    };
-
  genericDhcpNetworks = initrd: mkIf cfg.useDHCP {
    networks."99-ethernet-default-dhcp" = {
      # We want to match physical ethernet interfaces as commonly
@ -101,7 +88,7 @@ let
        };
      };
    });
-    networks."40-${i.name}" = mkMerge [ (genericNetwork id) {
+    networks."40-${i.name}" = {
      name = mkDefault i.name;
      DHCP = mkForce (dhcpStr
        (if i.useDHCP != null then i.useDHCP else false));
@ -173,7 +160,7 @@ let
      } // optionalAttrs (i.mtu != null) {
        MTUBytes = toString i.mtu;
      };
-    }];
+    };
  }));

  bridgeNetworks = mkMerge (flip mapAttrsToList cfg.bridges (name: bridge: {
@ -184,10 +171,10 @@ let
      };
    };
    networks = listToAttrs (forEach bridge.interfaces (bi:
-      nameValuePair "40-${bi}" (mkMerge [ (genericNetwork (mkOverride 999)) {
+      nameValuePair "40-${bi}" {
        DHCP = mkOverride 0 (dhcpStr false);
        networkConfig.Bridge = name;
-      } ])));
+      }));
  }));

  vlanNetworks = mkMerge (flip mapAttrsToList cfg.vlans (name: vlan: {
@ -198,9 +185,9 @@ let
      };
      vlanConfig.Id = vlan.id;
    };
-    networks."40-${vlan.interface}" = (mkMerge [ (genericNetwork (mkOverride 999)) {
+    networks."40-${vlan.interface}" = {
      vlan = [ name ];
-    } ]);
+    };
  }));

 in
@ -229,6 +216,12 @@ in
    assertions = [ {
      assertion = cfg.defaultGatewayWindowSize == null;
      message = "networking.defaultGatewayWindowSize is not supported by networkd.";
+    } {
+      assertion = cfg.defaultGateway != null -> cfg.defaultGateway.interface != null;
+      message = "networking.defaultGateway.interface is not optional when using networkd.";
+    } {
+      assertion = cfg.defaultGateway6 != null -> cfg.defaultGateway6.interface != null;
+      message = "networking.defaultGateway6.interface is not optional when using networkd.";
    } ] ++ flip mapAttrsToList cfg.bridges (n: { rstp, ... }: {
      assertion = !rstp;
      message = "networking.bridges.${n}.rstp is not supported by networkd.";
@ -313,10 +306,10 @@ in
        };

        networks = listToAttrs (forEach bond.interfaces (bi:
-          nameValuePair "40-${bi}" (mkMerge [ (genericNetwork (mkOverride 999)) {
+          nameValuePair "40-${bi}" {
            DHCP = mkOverride 0 (dhcpStr false);
            networkConfig.Bond = name;
-          } ])));
+          }));
      })))
      (mkMerge (flip mapAttrsToList cfg.macvlans (name: macvlan: {
        netdevs."40-${name}" = {
@ -326,9 +319,9 @@ in
          };
          macvlanConfig = optionalAttrs (macvlan.mode != null) { Mode = macvlan.mode; };
        };
-        networks."40-${macvlan.interface}" = (mkMerge [ (genericNetwork (mkOverride 999)) {
+        networks."40-${macvlan.interface}" = {
          macvlan = [ name ];
-        } ]);
+        };
      })))
      (mkMerge (flip mapAttrsToList cfg.fooOverUDP (name: fou: {
        netdevs."40-${name}" = {
@ -373,9 +366,9 @@ in
              })));
        };
        networks = mkIf (sit.dev != null) {
-          "40-${sit.dev}" = (mkMerge [ (genericNetwork (mkOverride 999)) {
+          "40-${sit.dev}" = {
            tunnel = [ name ];
-          } ]);
+          };
        };
      })))
      (mkMerge (flip mapAttrsToList cfg.greTunnels (name: gre: {
@ -394,9 +387,9 @@ in
            });
        };
        networks = mkIf (gre.dev != null) {
-          "40-${gre.dev}" = (mkMerge [ (genericNetwork (mkOverride 999)) {
+          "40-${gre.dev}" = {
            tunnel = [ name ];
-          } ]);
+          };
        };
      })))
      vlanNetworks
--- a/nixos/tests/networking.nix
+++ b/nixos/tests/networking.nix
@ -113,8 +113,8 @@ let
        networking = {
          useNetworkd = networkd;
          useDHCP = false;
-          defaultGateway = "192.168.1.1";
-          defaultGateway6 = "fd00:1234:5678:1::1";
+          defaultGateway = { address = "192.168.1.1"; interface = "enp1s0"; };
+          defaultGateway6 = { address = "fd00:1234:5678:1::1"; interface = "enp1s0"; };
          interfaces.enp1s0.ipv4.addresses = [
            { address = "192.168.1.2"; prefixLength = 24; }
            { address = "192.168.1.3"; prefixLength = 32; }