colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/networkd: get rid of *Config attributes in lists

Browse Source 
This patch is about removing `wireguardPeerConfig`,
`dhcpServerStaticLeaseConfig` - a.k.a. the
AbstractSingletonProxyFactoryBean of nixpkgs - and friends.

As a former colleague said

> worst abstraction ever

I second that. I've written enough networkd config for NixOS systems so
far to have a strong dislike. In fact, these don't even make sense:
`netdevs.wireguardPeers._.wireguardPeerConfig` will be rendered into
the key `[WireGuardPeer]` and every key from `wireguardPeerConfig` is in
there. Since it's INI, there's no place where sections on the same level
as wireguardPeerConfig fit into. Hence, get rid of it all.

For the transition, using the old way is still allowed, but gives a
warning. I think we could drop this after one release.

The tests of rosenpass and systemd-networkd-dhcpserver-static-leases
were broken on the rev before, hence they were updated, but are still
not building.
This commit is contained in:
Maximilian Bosch 2024-05-17 18:21:52 +02:00
parent 805191d9fb
commit c4fd7cf16d
No known key found for this signature in database
13 changed files with 171 additions and 302 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
nixos/lib/systemd-lib.nix
View File

@ -182,6 +182,30 @@ in rec {
in if errors == [] then true
else trace (concatStringsSep "\n" errors) false;
checkUnitConfigWithLegacyKey = legacyKey: group: checks: attrs:
let
dump = lib.generators.toPretty { }
(lib.generators.withRecursion { depthLimit = 2; throwOnDepthLimit = false; } attrs);
attrs' =
if legacyKey == null
then attrs
else if ! attrs?${legacyKey}
then attrs
else if removeAttrs attrs [ legacyKey ] == {}
then attrs.${legacyKey}
else throw ''
The declaration
${dump}
must not mix unit options with the legacy key '${legacyKey}'.
This can be fixed by moving all settings from within ${legacyKey}
one level up.
'';
in
checkUnitConfig group checks attrs';
toOption = x:
if x == true then "true"
else if x == false then "false"

22
nixos/lib/systemd-network-units.nix
View File

@ -63,13 +63,13 @@ in {
${attrsToSection def.l2tpConfig}
'' + flip concatMapStrings def.l2tpSessions (x: ''
[L2TPSession]
${attrsToSection x.l2tpSessionConfig}
${attrsToSection x}
'') + optionalString (def.wireguardConfig != { }) ''
[WireGuard]
${attrsToSection def.wireguardConfig}
'' + flip concatMapStrings def.wireguardPeers (x: ''
[WireGuardPeer]
${attrsToSection x.wireguardPeerConfig}
${attrsToSection x}
'') + optionalString (def.bondConfig != { }) ''
[Bond]
${attrsToSection def.bondConfig}
@ -122,13 +122,13 @@ in {
${concatStringsSep "\n" (map (s: "Xfrm=${s}") def.xfrm)}
'' + "\n" + flip concatMapStrings def.addresses (x: ''
[Address]
${attrsToSection x.addressConfig}
${attrsToSection x}
'') + flip concatMapStrings def.routingPolicyRules (x: ''
[RoutingPolicyRule]
${attrsToSection x.routingPolicyRuleConfig}
${attrsToSection x}
'') + flip concatMapStrings def.routes (x: ''
[Route]
${attrsToSection x.routeConfig}
${attrsToSection x}
'') + optionalString (def.dhcpV4Config != { }) ''
[DHCPv4]
${attrsToSection def.dhcpV4Config}
@ -149,22 +149,22 @@ in {
${attrsToSection def.ipv6SendRAConfig}
'' + flip concatMapStrings def.ipv6Prefixes (x: ''
[IPv6Prefix]
${attrsToSection x.ipv6PrefixConfig}
${attrsToSection x}
'') + flip concatMapStrings def.ipv6RoutePrefixes (x: ''
[IPv6RoutePrefix]
${attrsToSection x.ipv6RoutePrefixConfig}
${attrsToSection x}
'') + flip concatMapStrings def.dhcpServerStaticLeases (x: ''
[DHCPServerStaticLease]
${attrsToSection x.dhcpServerStaticLeaseConfig}
${attrsToSection x}
'') + optionalString (def.bridgeConfig != { }) ''
[Bridge]
${attrsToSection def.bridgeConfig}
'' + flip concatMapStrings def.bridgeFDBs (x: ''
[BridgeFDB]
${attrsToSection x.bridgeFDBConfig}
${attrsToSection x}
'') + flip concatMapStrings def.bridgeMDBs (x: ''
[BridgeMDB]
${attrsToSection x.bridgeMDBConfig}
${attrsToSection x}
'') + optionalString (def.lldpConfig != { }) ''
[LLDP]
${attrsToSection def.lldpConfig}
@ -251,7 +251,7 @@ in {
${attrsToSection def.quickFairQueueingConfigClass}
'' + flip concatMapStrings def.bridgeVLANs (x: ''
[BridgeVLAN]
${attrsToSection x.bridgeVLANConfig}
${attrsToSection x}
'') + def.extraConfig;
}

4
nixos/modules/services/networking/rosenpass.nix
View File

@ -130,8 +130,8 @@ in
relevant = config.systemd.network.enable;
root = config.systemd.network.netdevs;
peer = (x: x.wireguardPeers);
key = (x: if x.wireguardPeerConfig ? PublicKey then x.wireguardPeerConfig.PublicKey else null);
description = "${options.systemd.network.netdevs}.\"<name>\".wireguardPeers.*.wireguardPeerConfig.PublicKey";
key = x: x.PublicKey or null;
description = "${options.systemd.network.netdevs}.\"<name>\".wireguardPeers.*.PublicKey";
}
{
relevant = config.networking.wireguard.enable;

245
nixos/modules/system/boot/networkd.nix
View File

@ -386,7 +386,7 @@ let
(assertValueOneOf "UDP6ZeroChecksumRx" boolValues)
];
sectionL2TPSession = checkUnitConfig "L2TPSession" [
sectionL2TPSession = checkUnitConfigWithLegacyKey "l2tpSessionConfig" "L2TPSession" [
(assertOnlyFields [
"Name"
"SessionId"
@ -421,7 +421,7 @@ let
# NOTE The PresharedKey directive is missing on purpose here, please
# do not add it to this list. The nix store is world-readable,let's
# refrain ourselves from providing a footgun.
sectionWireGuardPeer = checkUnitConfig "WireGuardPeer" [
sectionWireGuardPeer = checkUnitConfigWithLegacyKey "wireguardPeerConfig" "WireGuardPeer" [
(assertOnlyFields [
"PublicKey"
"PresharedKeyFile"
@ -712,7 +712,7 @@ let
(assertValueOneOf "KeepConfiguration" (boolValues ++ ["static" "dhcp-on-stop" "dhcp"]))
];
sectionAddress = checkUnitConfig "Address" [
sectionAddress = checkUnitConfigWithLegacyKey "addressConfig" "Address" [
(assertOnlyFields [
"Address"
"Peer"
@ -737,7 +737,7 @@ let
(assertValueOneOf "AutoJoin" boolValues)
];
sectionRoutingPolicyRule = checkUnitConfig "RoutingPolicyRule" [
sectionRoutingPolicyRule = checkUnitConfigWithLegacyKey "routingPolicyRuleConfig" "RoutingPolicyRule" [
(assertOnlyFields [
"TypeOfService"
"From"
@ -772,7 +772,7 @@ let
(assertRange "SuppressInterfaceGroup" 0 2147483647)
];
sectionRoute = checkUnitConfig "Route" [
sectionRoute = checkUnitConfigWithLegacyKey "routeConfig" "Route" [
(assertOnlyFields [
"Gateway"
"GatewayOnLink"
@ -1033,7 +1033,7 @@ let
(assertValueOneOf "EmitDomains" boolValues)
];
sectionIPv6Prefix = checkUnitConfig "IPv6Prefix" [
sectionIPv6Prefix = checkUnitConfigWithLegacyKey "ipv6PrefixConfig" "IPv6Prefix" [
(assertOnlyFields [
"AddressAutoconfiguration"
"OnLink"
@ -1048,7 +1048,7 @@ let
(assertValueOneOf "Assign" boolValues)
];
sectionIPv6RoutePrefix = checkUnitConfig "IPv6RoutePrefix" [
sectionIPv6RoutePrefix = checkUnitConfigWithLegacyKey "ipv6RoutePrefixConfig" "IPv6RoutePrefix" [
(assertOnlyFields [
"Route"
"LifetimeSec"
@ -1057,7 +1057,7 @@ let
(assertInt "LifetimeSec")
];
sectionDHCPServerStaticLease = checkUnitConfig "DHCPServerStaticLease" [
sectionDHCPServerStaticLease = checkUnitConfigWithLegacyKey "dhcpServerStaticLeaseConfig" "DHCPServerStaticLease" [
(assertOnlyFields [
"MACAddress"
"Address"
@ -1104,7 +1104,7 @@ let
(assertRange "Priority" 0 63)
];
sectionBridgeFDB = checkUnitConfig "BridgeFDB" [
sectionBridgeFDB = checkUnitConfigWithLegacyKey "bridgeFDBConfig" "BridgeFDB" [
(assertOnlyFields [
"MACAddress"
"Destination"
@ -1121,7 +1121,7 @@ let
(assertValueOneOf "AssociatedWith" [ "use" "self" "master" "router" ])
];
sectionBridgeMDB = checkUnitConfig "BridgeMDB" [
sectionBridgeMDB = checkUnitConfigWithLegacyKey "bridgeMDBConfig" "BridgeMDB" [
(assertOnlyFields [
"MulticastGroupAddress"
"VLANId"
@ -1524,7 +1524,7 @@ let
(assertRange "Weight" 1 1023)
];
sectionBridgeVLAN = checkUnitConfig "BridgeVLAN" [
sectionBridgeVLAN = checkUnitConfigWithLegacyKey "bridgeVLANConfig" "BridgeVLAN" [
(assertOnlyFields [
"VLAN"
"EgressUntagged"
@ -1627,34 +1627,21 @@ let
};
l2tpSessionOptions = {
options = {
l2tpSessionConfig = mkOption {
default = {};
type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionL2TPSession;
description = ''
Each attribute in this set specifies an option in the
`[L2TPSession]` section of the unit. See
{manpage}`systemd.netdev(5)` for details.
'';
};
mkSubsectionType = oldKey: checkF:
let
type = types.addCheck (types.attrsOf unitOption) checkF;
in type // {
merge = loc: defs:
let
final = type.merge loc defs;
in
if final?${oldKey}
then warn
"Using '${oldKey}' is deprecated! Move all attributes inside one level up and remove it."
final.${oldKey}
else
final;
};
};
wireguardPeerOptions = {
options = {
wireguardPeerConfig = mkOption {
default = {};
type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionWireGuardPeer;
description = ''
Each attribute in this set specifies an option in the
`[WireGuardPeer]` section of the unit. See
{manpage}`systemd.netdev(5)` for details.
'';
};
};
};
netdevOptions = commonNetworkOptions // {
@ -1805,12 +1792,12 @@ let
l2tpSessions = mkOption {
default = [];
example = [ { l2tpSessionConfig={
example = [ {
SessionId = 25;
PeerSessionId = 26;
Name = "l2tp-sess";
};}];
type = with types; listOf (submodule l2tpSessionOptions);
}];
type = types.listOf (mkSubsectionType "l2tpSessionConfig" check.netdev.sectionL2TPSession);
description = ''
Each item in this array specifies an option in the
`[L2TPSession]` section of the unit. See
@ -1838,14 +1825,14 @@ let
wireguardPeers = mkOption {
default = [];
example = [ { wireguardPeerConfig={
example = [ {
Endpoint = "192.168.1.1:51820";
PublicKey = "27s0OvaBBdHoJYkH9osZpjpgSOVNw+RaKfboT/Sfq0g=";
PresharedKeyFile = "/etc/wireguard/psk.key";
AllowedIPs = [ "10.0.0.1/32" ];
PersistentKeepalive = 15;
};}];
type = with types; listOf (submodule wireguardPeerOptions);
} ];
type = types.listOf (mkSubsectionType "wireguardPeerConfig" check.netdev.sectionWireGuardPeer);
description = ''
Each item in this array specifies an option in the
`[WireGuardPeer]` section of the unit. See
@ -1917,143 +1904,6 @@ let
};
addressOptions = {
options = {
addressConfig = mkOption {
example = { Address = "192.168.0.100/24"; };
type = types.addCheck (types.attrsOf unitOption) check.network.sectionAddress;
description = ''
Each attribute in this set specifies an option in the
`[Address]` section of the unit. See
{manpage}`systemd.network(5)` for details.
'';
};
};
};
routingPolicyRulesOptions = {
options = {
routingPolicyRuleConfig = mkOption {
default = { };
example = { Table = 10; IncomingInterface = "eth1"; Family = "both"; };
type = types.addCheck (types.attrsOf unitOption) check.network.sectionRoutingPolicyRule;
description = ''
Each attribute in this set specifies an option in the
`[RoutingPolicyRule]` section of the unit. See
{manpage}`systemd.network(5)` for details.
'';
};
};
};
routeOptions = {
options = {
routeConfig = mkOption {
default = {};
example = { Gateway = "192.168.0.1"; };
type = types.addCheck (types.attrsOf unitOption) check.network.sectionRoute;
description = ''
Each attribute in this set specifies an option in the
`[Route]` section of the unit. See
{manpage}`systemd.network(5)` for details.
'';
};
};
};
ipv6PrefixOptions = {
options = {
ipv6PrefixConfig = mkOption {
default = {};
example = { Prefix = "fd00::/64"; };
type = types.addCheck (types.attrsOf unitOption) check.network.sectionIPv6Prefix;
description = ''
Each attribute in this set specifies an option in the
`[IPv6Prefix]` section of the unit. See
{manpage}`systemd.network(5)` for details.
'';
};
};
};
ipv6RoutePrefixOptions = {
options = {
ipv6RoutePrefixConfig = mkOption {
default = {};
example = { Route = "fd00::/64"; };
type = types.addCheck (types.attrsOf unitOption) check.network.sectionIPv6RoutePrefix;
description = ''
Each attribute in this set specifies an option in the
`[IPv6RoutePrefix]` section of the unit. See
{manpage}`systemd.network(5)` for details.
'';
};
};
};
dhcpServerStaticLeaseOptions = {
options = {
dhcpServerStaticLeaseConfig = mkOption {
default = {};
example = { MACAddress = "65:43:4a:5b:d8:5f"; Address = "192.168.1.42"; };
type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPServerStaticLease;
description = ''
Each attribute in this set specifies an option in the
`[DHCPServerStaticLease]` section of the unit. See
{manpage}`systemd.network(5)` for details.
Make sure to configure the corresponding client interface to use
`ClientIdentifier=mac`.
'';
};
};
};
bridgeFDBOptions = {
options = {
bridgeFDBConfig = mkOption {
default = {};
example = { MACAddress = "65:43:4a:5b:d8:5f"; Destination = "192.168.1.42"; VNI = 20; };
type = types.addCheck (types.attrsOf unitOption) check.network.sectionBridgeFDB;
description = ''
Each attribute in this set specifies an option in the
`[BridgeFDB]` section of the unit. See
{manpage}`systemd.network(5)` for details.
'';
};
};
};
bridgeMDBOptions = {
options = {
bridgeMDBConfig = mkOption {
default = {};
example = { MulticastGroupAddress = "ff02::1:2:3:4"; VLANId = 10; };
type = types.addCheck (types.attrsOf unitOption) check.network.sectionBridgeMDB;
description = ''
Each attribute in this set specifies an option in the
`[BridgeMDB]` section of the unit. See
{manpage}`systemd.network(5)` for details.
'';
};
};
};
bridgeVLANOptions = {
options = {
bridgeVLANConfig = mkOption {
default = {};
example = { VLAN = 20; };
type = types.addCheck (types.attrsOf unitOption) check.network.sectionBridgeVLAN;
description = ''
Each attribute in this set specifies an option in the
`[BridgeVLAN]` section of the unit. See
{manpage}`systemd.network(5)` for details.
'';
};
};
};
networkOptions = commonNetworkOptions // {
linkConfig = mkOption {
@ -2165,8 +2015,8 @@ let
dhcpServerStaticLeases = mkOption {
default = [];
example = [ { dhcpServerStaticLeaseConfig = { MACAddress = "65:43:4a:5b:d8:5f"; Address = "192.168.1.42"; }; } ];
type = with types; listOf (submodule dhcpServerStaticLeaseOptions);
example = [ { MACAddress = "65:43:4a:5b:d8:5f"; Address = "192.168.1.42"; } ];
type = types.listOf (mkSubsectionType "dhcpServerStaticLeaseConfig" check.network.sectionDHCPServerStaticLease);
description = ''
A list of DHCPServerStaticLease sections to be added to the unit. See
{manpage}`systemd.network(5)` for details.
@ -2175,8 +2025,8 @@ let
ipv6Prefixes = mkOption {
default = [];
example = [ { ipv6PrefixConfig = { AddressAutoconfiguration = true; OnLink = true; }; } ];
type = with types; listOf (submodule ipv6PrefixOptions);
example = [ { AddressAutoconfiguration = true; OnLink = true; } ];
type = types.listOf (mkSubsectionType "ipv6PrefixConfig" check.network.sectionIPv6Prefix);
description = ''
A list of ipv6Prefix sections to be added to the unit. See
{manpage}`systemd.network(5)` for details.
@ -2185,8 +2035,8 @@ let
ipv6RoutePrefixes = mkOption {
default = [];
example = [ { ipv6RoutePrefixConfig = { Route = "fd00::/64"; LifetimeSec = 3600; }; } ];
type = with types; listOf (submodule ipv6RoutePrefixOptions);
example = [ { Route = "fd00::/64"; LifetimeSec = 3600; } ];
type = types.listOf (mkSubsectionType "ipv6RoutePrefixConfig" check.network.sectionIPv6RoutePrefix);
description = ''
A list of ipv6RoutePrefix sections to be added to the unit. See
{manpage}`systemd.network(5)` for details.
@ -2206,8 +2056,8 @@ let
bridgeFDBs = mkOption {
default = [];
example = [ { bridgeFDBConfig = { MACAddress = "90:e2:ba:43:fc:71"; Destination = "192.168.100.4"; VNI = 3600; }; } ];
type = with types; listOf (submodule bridgeFDBOptions);
example = [ { MACAddress = "90:e2:ba:43:fc:71"; Destination = "192.168.100.4"; VNI = 3600; } ];
type = types.listOf (mkSubsectionType "bridgeFDBConfig" check.network.sectionBridgeFDB);
description = ''
A list of BridgeFDB sections to be added to the unit. See
{manpage}`systemd.network(5)` for details.
@ -2216,8 +2066,8 @@ let
bridgeMDBs = mkOption {
default = [];
example = [ { bridgeMDBConfig = { MulticastGroupAddress = "ff02::1:2:3:4"; VLANId = 10; } ; } ];
type = with types; listOf (submodule bridgeMDBOptions);
example = [ { MulticastGroupAddress = "ff02::1:2:3:4"; VLANId = 10; } ];
type = types.listOf (mkSubsectionType "bridgeMDBConfig" check.network.sectionBridgeMDB);
description = ''
A list of BridgeMDB sections to be added to the unit. See
{manpage}`systemd.network(5)` for details.
@ -2534,8 +2384,8 @@ let
bridgeVLANs = mkOption {
default = [];
example = [ { bridgeVLANConfig = { VLAN = "10-20"; }; } ];
type = with types; listOf (submodule bridgeVLANOptions);
example = [ { VLAN = "10-20"; } ];
type = types.listOf (mkSubsectionType "bridgeVLANConfig" check.network.sectionBridgeVLAN);
description = ''
A list of BridgeVLAN sections to be added to the unit. See
{manpage}`systemd.network(5)` for details.
@ -2685,7 +2535,8 @@ let
addresses = mkOption {
default = [ ];
type = with types; listOf (submodule addressOptions);
example = [ { Address = "192.168.0.100/24"; } ];
type = types.listOf (mkSubsectionType "addressConfig" check.network.sectionAddress);
description = ''
A list of address sections to be added to the unit. See
{manpage}`systemd.network(5)` for details.
@ -2694,7 +2545,8 @@ let
routingPolicyRules = mkOption {
default = [ ];
type = with types; listOf (submodule routingPolicyRulesOptions);
example = [ { Table = 10; IncomingInterface = "eth1"; Family = "both"; } ];
type = types.listOf (mkSubsectionType "routingPolicyRuleConfig" check.network.sectionRoutingPolicyRule);
description = ''
A list of routing policy rules sections to be added to the unit. See
{manpage}`systemd.network(5)` for details.
@ -2703,7 +2555,8 @@ let
routes = mkOption {
default = [ ];
type = with types; listOf (submodule routeOptions);
example = [ { Gateway = "192.168.0.1"; } ];
type = types.listOf (mkSubsectionType "routeConfig" check.network.sectionRoute);
description = ''
A list of route sections to be added to the unit. See
{manpage}`systemd.network(5)` for details.

120
nixos/modules/tasks/network-interfaces-systemd.nix
View File

@ -32,13 +32,13 @@ let
optionalAttrs (gateway != null && gateway.interface != null) {
networks."40-${gateway.interface}" = {
matchConfig.Name = gateway.interface;
routes = [{
routeConfig = {
routes = [
({
Gateway = gateway.address;
} // optionalAttrs (gateway.metric != null) {
Metric = gateway.metric;
};
}];
})
];
};
}
));
@ -95,65 +95,63 @@ let
address = forEach (interfaceIps i)
(ip: "${ip.address}/${toString ip.prefixLength}");
routes = forEach (interfaceRoutes i)
(route: {
(route:
# Most of these route options have not been tested.
# Please fix or report any mistakes you may find.
routeConfig =
optionalAttrs (route.address != null && route.prefixLength != null) {
Destination = "${route.address}/${toString route.prefixLength}";
} //
optionalAttrs (route.options ? fastopen_no_cookie) {
FastOpenNoCookie = route.options.fastopen_no_cookie;
} //
optionalAttrs (route.via != null) {
Gateway = route.via;
} //
optionalAttrs (route.type != null) {
Type = route.type;
} //
optionalAttrs (route.options ? onlink) {
GatewayOnLink = true;
} //
optionalAttrs (route.options ? initrwnd) {
InitialAdvertisedReceiveWindow = route.options.initrwnd;
} //
optionalAttrs (route.options ? initcwnd) {
InitialCongestionWindow = route.options.initcwnd;
} //
optionalAttrs (route.options ? pref) {
IPv6Preference = route.options.pref;
} //
optionalAttrs (route.options ? mtu) {
MTUBytes = route.options.mtu;
} //
optionalAttrs (route.options ? metric) {
Metric = route.options.metric;
} //
optionalAttrs (route.options ? src) {
PreferredSource = route.options.src;
} //
optionalAttrs (route.options ? protocol) {
Protocol = route.options.protocol;
} //
optionalAttrs (route.options ? quickack) {
QuickAck = route.options.quickack;
} //
optionalAttrs (route.options ? scope) {
Scope = route.options.scope;
} //
optionalAttrs (route.options ? from) {
Source = route.options.from;
} //
optionalAttrs (route.options ? table) {
Table = route.options.table;
} //
optionalAttrs (route.options ? advmss) {
TCPAdvertisedMaximumSegmentSize = route.options.advmss;
} //
optionalAttrs (route.options ? ttl-propagate) {
TTLPropagate = route.options.ttl-propagate == "enabled";
};
});
optionalAttrs (route.address != null && route.prefixLength != null) {
Destination = "${route.address}/${toString route.prefixLength}";
} //
optionalAttrs (route.options ? fastopen_no_cookie) {
FastOpenNoCookie = route.options.fastopen_no_cookie;
} //
optionalAttrs (route.via != null) {
Gateway = route.via;
} //
optionalAttrs (route.type != null) {
Type = route.type;
} //
optionalAttrs (route.options ? onlink) {
GatewayOnLink = true;
} //
optionalAttrs (route.options ? initrwnd) {
InitialAdvertisedReceiveWindow = route.options.initrwnd;
} //
optionalAttrs (route.options ? initcwnd) {
InitialCongestionWindow = route.options.initcwnd;
} //
optionalAttrs (route.options ? pref) {
IPv6Preference = route.options.pref;
} //
optionalAttrs (route.options ? mtu) {
MTUBytes = route.options.mtu;
} //
optionalAttrs (route.options ? metric) {
Metric = route.options.metric;
} //
optionalAttrs (route.options ? src) {
PreferredSource = route.options.src;
} //
optionalAttrs (route.options ? protocol) {
Protocol = route.options.protocol;
} //
optionalAttrs (route.options ? quickack) {
QuickAck = route.options.quickack;
} //
optionalAttrs (route.options ? scope) {
Scope = route.options.scope;
} //
optionalAttrs (route.options ? from) {
Source = route.options.from;
} //
optionalAttrs (route.options ? table) {
Table = route.options.table;
} //
optionalAttrs (route.options ? advmss) {
TCPAdvertisedMaximumSegmentSize = route.options.advmss;
} //
optionalAttrs (route.options ? ttl-propagate) {
TTLPropagate = route.options.ttl-propagate == "enabled";
});
networkConfig.IPv6PrivacyExtensions = "kernel";
linkConfig = optionalAttrs (i.macAddress != null) {
MACAddress = i.macAddress;

4
nixos/tests/clatd.nix
View File

@ -59,7 +59,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }:
"100.64.0.2/24"
];
routes = [
{ routeConfig = { Destination = "192.0.2.0/24"; Gateway = "100.64.0.1"; }; }
{ Destination = "192.0.2.0/24"; Gateway = "100.64.0.1"; }
];
};
};
@ -149,7 +149,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }:
"2001:db8::2/64"
];
routes = [
{ routeConfig = { Destination = "::/0"; Gateway = "2001:db8::1"; }; }
{ Destination = "::/0"; Gateway = "2001:db8::1"; }
];
};
};

14
nixos/tests/rosenpass.nix
View File

@ -74,10 +74,8 @@ in
wireguardConfig.ListenPort = server.wg.listen;
wireguardPeers = [
{
wireguardPeerConfig = {
AllowedIPs = [ "::/0" ];
PublicKey = client.wg.public;
};
AllowedIPs = [ "::/0" ];
PublicKey = client.wg.public;
}
];
};
@ -97,11 +95,9 @@ in
systemd.network.netdevs."10-${deviceName}".wireguardPeers = [
{
wireguardPeerConfig = {
AllowedIPs = [ "::/0" ];
PublicKey = server.wg.public;
Endpoint = "server:${builtins.toString server.wg.listen}";
};
AllowedIPs = [ "::/0" ];
PublicKey = server.wg.public;
Endpoint = "server:${builtins.toString server.wg.listen}";
}
];

6
nixos/tests/systemd-networkd-dhcpserver-static-leases.nix
View File

@ -28,10 +28,8 @@ import ./make-test-python.nix ({ lib, ... }: {
Address = "10.0.0.1/24";
};
dhcpServerStaticLeases = [{
dhcpServerStaticLeaseConfig = {
MACAddress = "02:de:ad:be:ef:01";
Address = "10.0.0.10";
};
MACAddress = "02:de:ad:be:ef:01";
Address = "10.0.0.10";
}];
};
};

6
nixos/tests/systemd-networkd-dhcpserver.nix
View File

@ -54,7 +54,7 @@ import ./make-test-python.nix ({pkgs, ...}: {
name = "eth1";
networkConfig.Bridge = "br0";
bridgeVLANs = [
{ bridgeVLANConfig = { PVID = 2; EgressUntagged = 2; }; }
{ PVID = 2; EgressUntagged = 2; }
];
};
"02-br0" = {
@ -69,8 +69,8 @@ import ./make-test-python.nix ({pkgs, ...}: {
PoolSize = 1;
};
bridgeVLANs = [
{ bridgeVLANConfig = { PVID = 1; EgressUntagged = 1; }; }
{ bridgeVLANConfig = { VLAN = 2; }; }
{ PVID = 1; EgressUntagged = 1; }
{ VLAN = 2; }
];
};
"02-vlan2" = {

2
nixos/tests/systemd-networkd-ipv6-prefix-delegation.nix
View File

@ -258,7 +258,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: {
"01-lo" = {
name = "lo";
addresses = [
{ addressConfig.Address = "FD42::1/128"; }
{ Address = "FD42::1/128"; }
];
};
};

4
nixos/tests/systemd-networkd-vrf.nix
View File

@ -59,14 +59,14 @@ in {
matchConfig.Name = "vrf1";
networkConfig.IPForward = "yes";
routes = [
{ routeConfig = { Destination = "192.168.1.2"; Metric = 100; }; }
{ Destination = "192.168.1.2"; Metric = 100; }
];
};
networks."10-vrf2" = {
matchConfig.Name = "vrf2";
networkConfig.IPForward = "yes";
routes = [
{ routeConfig = { Destination = "192.168.2.3"; Metric = 100; }; }
{ Destination = "192.168.2.3"; Metric = 100; }
];
};

18
nixos/tests/systemd-networkd.nix
View File

@ -23,13 +23,13 @@ let generateNodeConf = { lib, pkgs, config, privk, pubk, peerId, nodeId, ...}: {
ListenPort = 51820;
FirewallMark = 42;
};
wireguardPeers = [ {wireguardPeerConfig={
wireguardPeers = [ {
Endpoint = "192.168.1.${peerId}:51820";
PublicKey = pubk;
PresharedKeyFile = pkgs.writeText "psk.key" "yTL3sCOL33Wzi6yCnf9uZQl/Z8laSE+zwpqOHC4HhFU=";
AllowedIPs = [ "10.0.0.${peerId}/32" ];
PersistentKeepalive = 15;
};}];
} ];
};
};
networks = {
@ -41,8 +41,8 @@ let generateNodeConf = { lib, pkgs, config, privk, pubk, peerId, nodeId, ...}: {
matchConfig = { Name = "wg0"; };
address = [ "10.0.0.${nodeId}/32" ];
routes = [
{ routeConfig = { Gateway = "10.0.0.${nodeId}"; Destination = "10.0.0.0/24"; }; }
{ routeConfig = { Gateway = "10.0.0.${nodeId}"; Destination = "10.0.0.0/24"; Table = "custom"; }; }
{ Gateway = "10.0.0.${nodeId}"; Destination = "10.0.0.0/24"; }
{ Gateway = "10.0.0.${nodeId}"; Destination = "10.0.0.0/24"; Table = "custom"; }
];
};
"30-eth1" = {
@ -52,11 +52,11 @@ let generateNodeConf = { lib, pkgs, config, privk, pubk, peerId, nodeId, ...}: {
"fe80::${nodeId}/64"
];
routingPolicyRules = [
{ routingPolicyRuleConfig = { Table = 10; IncomingInterface = "eth1"; Family = "both"; };}
{ routingPolicyRuleConfig = { Table = 20; OutgoingInterface = "eth1"; };}
{ routingPolicyRuleConfig = { Table = 30; From = "192.168.1.1"; To = "192.168.1.2"; SourcePort = 666 ; DestinationPort = 667; };}
{ routingPolicyRuleConfig = { Table = 40; IPProtocol = "tcp"; InvertRule = true; };}
{ routingPolicyRuleConfig = { Table = 50; IncomingInterface = "eth1"; Family = "ipv4"; };}
{ Table = 10; IncomingInterface = "eth1"; Family = "both"; }
{ Table = 20; OutgoingInterface = "eth1"; }
{ Table = 30; From = "192.168.1.1"; To = "192.168.1.2"; SourcePort = 666 ; DestinationPort = 667; }
{ Table = 40; IPProtocol = "tcp"; InvertRule = true; }
{ Table = 50; IncomingInterface = "eth1"; Family = "ipv4"; }
];
};
};

4
nixos/tests/tayga.nix
View File

@ -55,7 +55,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }:
"100.64.0.2/24"
];
routes = [
{ routeConfig = { Destination = "192.0.2.0/24"; Gateway = "100.64.0.1"; }; }
{ Destination = "192.0.2.0/24"; Gateway = "100.64.0.1"; }
];
};
};
@ -202,7 +202,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }:
"2001:db8::2/64"
];
routes = [
{ routeConfig = { Destination = "64:ff9b::/96"; Gateway = "2001:db8::1"; }; }
{ Destination = "64:ff9b::/96"; Gateway = "2001:db8::1"; }
];
};
};