From 0bdc8d7a58a38e4159bbd52a64b8341a98615b8b Mon Sep 17 00:00:00 2001 From: Andreas Rammhold Date: Wed, 8 Jan 2020 19:24:11 +0100 Subject: [PATCH 1/8] nixos/networkd: add RoutesToDNS to DHCP section --- nixos/modules/system/boot/networkd.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index a7580fb1997873..80c8428c63f0fb 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -276,13 +276,14 @@ let checkDhcp = checkUnitConfig "DHCP" [ (assertOnlyFields [ - "UseDNS" "UseNTP" "UseMTU" "Anonymize" "SendHostname" "UseHostname" + "UseDNS" "RoutesToDNS" "UseNTP" "UseMTU" "Anonymize" "SendHostname" "UseHostname" "Hostname" "UseDomains" "UseRoutes" "UseTimezone" "CriticalConnection" "ClientIdentifier" "VendorClassIdentifier" "UserClass" "DUIDType" "DUIDRawData" "IAID" "RequestBroadcast" "RouteMetric" "RouteTable" "ListenPort" "RapidCommit" ]) (assertValueOneOf "UseDNS" boolValues) + (assertValueOneOf "RoutesToDNS" boolValues) (assertValueOneOf "UseNTP" boolValues) (assertValueOneOf "UseMTU" boolValues) (assertValueOneOf "Anonymize" boolValues) From 7b78f0f098aebdeb6316fc066a4cdeaf62e37abd Mon Sep 17 00:00:00 2001 From: Andreas Rammhold Date: Wed, 8 Jan 2020 19:36:00 +0100 Subject: [PATCH 2/8] nixos/networkd: remove CriticalConnection= fields in favor of KeepConnection Systemd upstream has deprecated CriticalConnection with v244 in favor of KeepConnection as that seems to be more flexible: The CriticalConnection= setting in .network files is now deprecated, and replaced by a new KeepConfiguration= setting which allows more detailed configuration of the IP configuration to keep in place. --- nixos/doc/manual/release-notes/rl-2009.xml | 10 ++++++++++ nixos/modules/system/boot/networkd.nix | 6 +++--- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/nixos/doc/manual/release-notes/rl-2009.xml b/nixos/doc/manual/release-notes/rl-2009.xml index 1cf7c977eeb079..1b40a84be5544c 100644 --- a/nixos/doc/manual/release-notes/rl-2009.xml +++ b/nixos/doc/manual/release-notes/rl-2009.xml @@ -290,6 +290,16 @@ environment.systemPackages = [ has been set to true. + + + The systemd-networkd option + systemd.network.networks.<name>.dhcp.CriticalConnection + has been removed following upstream systemd's deprecation of the same. It is recommended to use + systemd.network.networks.<name>.networkConfig.KeepConfiguration instead. + See systemd.network + 5 for details. + + diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index 80c8428c63f0fb..7b55126b1cf39d 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -205,7 +205,7 @@ let "IPv6HopLimit" "IPv4ProxyARP" "IPv6ProxyNDP" "IPv6ProxyNDPAddress" "IPv6PrefixDelegation" "IPv6MTUBytes" "Bridge" "Bond" "VRF" "VLAN" "IPVLAN" "MACVLAN" "VXLAN" "Tunnel" "ActiveSlave" "PrimarySlave" - "ConfigureWithoutCarrier" "Xfrm" + "ConfigureWithoutCarrier" "Xfrm" "KeepConfiguration" ]) # Note: For DHCP the values both, none, v4, v6 are deprecated (assertValueOneOf "DHCP" ["yes" "no" "ipv4" "ipv6" "both" "none" "v4" "v6"]) @@ -228,6 +228,7 @@ let (assertValueOneOf "ActiveSlave" boolValues) (assertValueOneOf "PrimarySlave" boolValues) (assertValueOneOf "ConfigureWithoutCarrier" boolValues) + (assertValueOneOf "KeepConfiguration" (boolValues ++ ["static" "dhcp-on-stop" "dhcp"])) ]; checkAddress = checkUnitConfig "Address" [ @@ -277,7 +278,7 @@ let checkDhcp = checkUnitConfig "DHCP" [ (assertOnlyFields [ "UseDNS" "RoutesToDNS" "UseNTP" "UseMTU" "Anonymize" "SendHostname" "UseHostname" - "Hostname" "UseDomains" "UseRoutes" "UseTimezone" "CriticalConnection" + "Hostname" "UseDomains" "UseRoutes" "UseTimezone" "ClientIdentifier" "VendorClassIdentifier" "UserClass" "DUIDType" "DUIDRawData" "IAID" "RequestBroadcast" "RouteMetric" "RouteTable" "ListenPort" "RapidCommit" @@ -292,7 +293,6 @@ let (assertValueOneOf "UseDomains" ["yes" "no" "route"]) (assertValueOneOf "UseRoutes" boolValues) (assertValueOneOf "UseTimezone" boolValues) - (assertValueOneOf "CriticalConnection" boolValues) (assertValueOneOf "RequestBroadcast" boolValues) (assertInt "RouteTable") (assertMinimum "RouteTable" 0) From fc960a012397fac681c87a20f9321b38832b2ed2 Mon Sep 17 00:00:00 2001 From: Andreas Rammhold Date: Wed, 8 Jan 2020 20:05:41 +0100 Subject: [PATCH 3/8] nixos/networkd: add MaxAttempts and SendRelease to the DHCP options --- nixos/modules/system/boot/networkd.nix | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index 7b55126b1cf39d..d355d7ad9bda7f 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -279,9 +279,9 @@ let (assertOnlyFields [ "UseDNS" "RoutesToDNS" "UseNTP" "UseMTU" "Anonymize" "SendHostname" "UseHostname" "Hostname" "UseDomains" "UseRoutes" "UseTimezone" - "ClientIdentifier" "VendorClassIdentifier" "UserClass" "DUIDType" - "DUIDRawData" "IAID" "RequestBroadcast" "RouteMetric" "RouteTable" - "ListenPort" "RapidCommit" + "ClientIdentifier" "VendorClassIdentifier" "UserClass" "MaxAttempts" + "DUIDType" "DUIDRawData" "IAID" "RequestBroadcast" "RouteMetric" "RouteTable" + "ListenPort" "SendRelease" "RapidCommit" ]) (assertValueOneOf "UseDNS" boolValues) (assertValueOneOf "RoutesToDNS" boolValues) @@ -293,9 +293,11 @@ let (assertValueOneOf "UseDomains" ["yes" "no" "route"]) (assertValueOneOf "UseRoutes" boolValues) (assertValueOneOf "UseTimezone" boolValues) + (assertMinimum "MaxAttempts" 0) (assertValueOneOf "RequestBroadcast" boolValues) (assertInt "RouteTable") (assertMinimum "RouteTable" 0) + (assertValueOneOf "SendRelease" boolValues) (assertValueOneOf "RapidCommit" boolValues) ]; From bb9b61e2b7d1dd14d9685bb188d13f45cdf21ad5 Mon Sep 17 00:00:00 2001 From: Andreas Rammhold Date: Wed, 8 Jan 2020 20:15:09 +0100 Subject: [PATCH 4/8] nixos/networkd: introduce the DHCPv6 network section eqivalent MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit You can now specify option for the `[DHCPv6]` section with `systemd.network..dhcpV6Config.…`. Previously you could only use the combined legacy DHCP configuration. --- nixos/modules/system/boot/networkd.nix | 27 ++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index d355d7ad9bda7f..c4790f59dff64f 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -301,6 +301,16 @@ let (assertValueOneOf "RapidCommit" boolValues) ]; + checkDhcpV6 = checkUnitConfig "DHCPv6" [ + (assertOnlyFields [ + "UseDns" "UseNTP" "RapidCommit" "ForceDHCPv6PDOtherInformation" + ]) + (assertValueOneOf "UseDNS" boolValues) + (assertValueOneOf "UseNTP" boolValues) + (assertValueOneOf "RapidCommit" boolValues) + (assertValueOneOf "ForceDHCPv6PDOtherInformation" boolValues) + ]; + checkDhcpServer = checkUnitConfig "DHCPServer" [ (assertOnlyFields [ "PoolOffset" "PoolSize" "DefaultLeaseTimeSec" "MaxLeaseTimeSec" @@ -651,6 +661,18 @@ let ''; }; + dhcpV6Config = mkOption { + default = {}; + example = { UseDNS = true; UseRoutes = true; }; + type = types.addCheck (types.attrsOf unitOption) checkDhcpV6; + description = '' + Each attribute in this set specifies an option in the + [DHCPv6] section of the unit. See + systemd.network + 5 for details. + ''; + }; + dhcpServerConfig = mkOption { default = {}; example = { PoolOffset = 50; EmitDNS = false; }; @@ -980,6 +1002,11 @@ let [DHCP] ${attrsToSection def.dhcpConfig} + ''} + ${optionalString (def.dhcpV6Config != {}) '' + [DHCPv6] + ${attrsToSection def.dhcpV6Config} + ''} ${optionalString (def.dhcpServerConfig != { }) '' [DHCPServer] From 819e8bb35f4a8371ee6af77dba9b8860041956b6 Mon Sep 17 00:00:00 2001 From: Andreas Rammhold Date: Wed, 8 Jan 2020 20:18:26 +0100 Subject: [PATCH 5/8] nixos/networkd: rename the networkd dhcpConfig option to dhcpV4Config This follows upstreams change in documentation. While the `[DHCP]` section might still work it is undocumented and we should probably not be using it anymore. Users can just upgrade to the new option without much hassle. I had to create a bit of custom module deprecation code since the usual approach doesn't support wildcards in the path. --- nixos/doc/manual/release-notes/rl-2009.xml | 11 +++++++++ nixos/modules/system/boot/networkd.nix | 23 ++++++++++++------- .../virtualisation/nixos-containers.nix | 2 +- 3 files changed, 27 insertions(+), 9 deletions(-) diff --git a/nixos/doc/manual/release-notes/rl-2009.xml b/nixos/doc/manual/release-notes/rl-2009.xml index 1b40a84be5544c..54136ad55cdd05 100644 --- a/nixos/doc/manual/release-notes/rl-2009.xml +++ b/nixos/doc/manual/release-notes/rl-2009.xml @@ -300,6 +300,17 @@ environment.systemPackages = [ 5 for details. + + + The systemd-networkd option + systemd.network.networks._name_.dhcpConfig + has been renamed to + + following upstream systemd's documentation change. + See systemd.network + 5 for details. + + diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index c4790f59dff64f..887d1de95ff30f 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -275,13 +275,13 @@ let ]) ]; - checkDhcp = checkUnitConfig "DHCP" [ + checkDhcpV4 = checkUnitConfig "DHCPv4" [ (assertOnlyFields [ "UseDNS" "RoutesToDNS" "UseNTP" "UseMTU" "Anonymize" "SendHostname" "UseHostname" "Hostname" "UseDomains" "UseRoutes" "UseTimezone" "ClientIdentifier" "VendorClassIdentifier" "UserClass" "MaxAttempts" "DUIDType" "DUIDRawData" "IAID" "RequestBroadcast" "RouteMetric" "RouteTable" - "ListenPort" "SendRelease" "RapidCommit" + "ListenPort" "SendRelease" ]) (assertValueOneOf "UseDNS" boolValues) (assertValueOneOf "RoutesToDNS" boolValues) @@ -298,7 +298,6 @@ let (assertInt "RouteTable") (assertMinimum "RouteTable" 0) (assertValueOneOf "SendRelease" boolValues) - (assertValueOneOf "RapidCommit" boolValues) ]; checkDhcpV6 = checkUnitConfig "DHCPv6" [ @@ -649,13 +648,20 @@ let ''; }; + # systemd.network.networks.*.dhcpConfig has been deprecated in favor of ….dhcpV4Config + # Produce a nice warning message so users know it is gone. dhcpConfig = mkOption { + visible = false; + apply = _: throw "The option `systemd.network.networks.*.dhcpConfig` can no longer be used since it's been removed. Please use `systemd.network.networks.*.dhcpV4Config` instead."; + }; + + dhcpV4Config = mkOption { default = {}; example = { UseDNS = true; UseRoutes = true; }; - type = types.addCheck (types.attrsOf unitOption) checkDhcp; + type = types.addCheck (types.attrsOf unitOption) checkDhcpV4; description = '' Each attribute in this set specifies an option in the - [DHCP] section of the unit. See + [DHCPv4] section of the unit. See systemd.network 5 for details. ''; @@ -998,9 +1004,9 @@ let ${concatStringsSep "\n" (map (s: "Tunnel=${s}") def.tunnel)} ${concatStringsSep "\n" (map (s: "Xfrm=${s}") def.xfrm)} - ${optionalString (def.dhcpConfig != { }) '' - [DHCP] - ${attrsToSection def.dhcpConfig} + ${optionalString (def.dhcpV4Config != { }) '' + [DHCPv4] + ${attrsToSection def.dhcpV4Config} ''} ${optionalString (def.dhcpV6Config != {}) '' @@ -1084,6 +1090,7 @@ in }; config = mkMerge [ + # .link units are honored by udev, no matter if systemd-networkd is enabled or not. { systemd.network.units = mapAttrs' (n: v: nameValuePair "${n}.link" (linkToUnit n v)) cfg.links; diff --git a/nixos/modules/virtualisation/nixos-containers.nix b/nixos/modules/virtualisation/nixos-containers.nix index 016d68ea301835..b0fa03917c8222 100644 --- a/nixos/modules/virtualisation/nixos-containers.nix +++ b/nixos/modules/virtualisation/nixos-containers.nix @@ -546,7 +546,7 @@ in Note that this option might require to do some adjustments to the container configuration, e.g. you might want to set - systemd.network.networks.$interface.dhcpConfig.ClientIdentifier to "mac" + systemd.network.networks.$interface.dhcpV4Config.ClientIdentifier to "mac" if you use macvlans option. This way dhcp client identifier will be stable between the container restarts. From 5abd9a74fc493c2e8be869bfb28a2f5d60ae0d6b Mon Sep 17 00:00:00 2001 From: Andreas Rammhold Date: Sat, 7 Mar 2020 14:44:46 +0100 Subject: [PATCH 6/8] nixos/networkd: add ipv6PrefixDelegationConfig to networkd --- nixos/modules/system/boot/networkd.nix | 31 ++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index 887d1de95ff30f..ea86762db121c9 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -310,6 +310,20 @@ let (assertValueOneOf "ForceDHCPv6PDOtherInformation" boolValues) ]; + checkIpv6PrefixDelegation = checkUnitConfig "IPv6PrefixDelegation" [ + (assertOnlyFields [ + "Managed" "OtherInformation" "RouterLifetimeSec" + "RouterPreference" "EmitDNS" "DNS" "EmitDomains" "Domains" + "DNSLifetimeSec" + ]) + (assertValueOneOf "Managed" boolValues) + (assertValueOneOf "OtherInformation" boolValues) + (assertValueOneOf "RouterPreference" ["high" "medium" "low" "normal" "default"]) + (assertValueOneOf "EmitDNS" boolValues) + (assertValueOneOf "EmitDomains" boolValues) + (assertMinimum "DNSLifetimeSec" 0) + ]; + checkDhcpServer = checkUnitConfig "DHCPServer" [ (assertOnlyFields [ "PoolOffset" "PoolSize" "DefaultLeaseTimeSec" "MaxLeaseTimeSec" @@ -679,6 +693,18 @@ let ''; }; + ipv6PrefixDelegationConfig = mkOption { + default = {}; + example = { EmitDNS = true; Managed = true; OtherInformation = true; }; + type = types.addCheck (types.attrsOf unitOption) checkIpv6PrefixDelegation; + description = '' + Each attribute in this set specifies an option in the + [IPv6PrefixDelegation] section of the unit. See + systemd.network + 5 for details. + ''; + }; + dhcpServerConfig = mkOption { default = {}; example = { PoolOffset = 50; EmitDNS = false; }; @@ -1013,6 +1039,11 @@ let [DHCPv6] ${attrsToSection def.dhcpV6Config} + ''} + ${optionalString (def.ipv6PrefixDelegationConfig != {}) '' + [IPv6PrefixDelegation] + ${attrsToSection def.ipv6PrefixDelegationConfig} + ''} ${optionalString (def.dhcpServerConfig != { }) '' [DHCPServer] From 10ad353d8bb256339a30b48da3747c809f2ad0ab Mon Sep 17 00:00:00 2001 From: Andreas Rammhold Date: Sat, 7 Mar 2020 15:06:58 +0100 Subject: [PATCH 7/8] nixos/networkd: add ipv6Prefix --- nixos/modules/system/boot/networkd.nix | 44 ++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index ea86762db121c9..b06808fd64a022 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -324,6 +324,18 @@ let (assertMinimum "DNSLifetimeSec" 0) ]; + checkIpv6Prefix = checkUnitConfig "IPv6Prefix" [ + (assertOnlyFields [ + "AddressAutoconfiguration" "OnLink" "Prefix" + "PreferredLifetimeSec" "ValidLifetimeSec" + ]) + (assertValueOneOf "AddressAutoconfiguration" boolValues) + (assertValueOneOf "OnLink" boolValues) + (assertMinimum "PreferredLifetimeSec" 0) + (assertMinimum "ValidLifetimeSec" 0) + ]; + + checkDhcpServer = checkUnitConfig "DHCPServer" [ (assertOnlyFields [ "PoolOffset" "PoolSize" "DefaultLeaseTimeSec" "MaxLeaseTimeSec" @@ -647,6 +659,22 @@ let }; }; + ipv6PrefixOptions = { + options = { + ipv6PrefixConfig = mkOption { + default = {}; + example = { Prefix = "fd00::/64"; }; + type = types.addCheck (types.attrsOf unitOption) checkIpv6Prefix; + description = '' + Each attribute in this set specifies an option in the + [IPv6Prefix] section of the unit. See + systemd.network + 5 for details. + ''; + }; + }; + }; + networkOptions = commonNetworkOptions // { @@ -705,6 +733,17 @@ let ''; }; + ipv6Prefixes = mkOption { + default = []; + example = { AddressAutoconfiguration = true; OnLink = true; }; + type = with types; listOf (submodule ipv6PrefixOptions); + description = '' + A list of ipv6Prefix sections to be added to the unit. See + systemd.network + 5 for details. + ''; + }; + dhcpServerConfig = mkOption { default = {}; example = { PoolOffset = 50; EmitDNS = false; }; @@ -1045,6 +1084,11 @@ let ${attrsToSection def.ipv6PrefixDelegationConfig} ''} + ${flip concatMapStrings def.ipv6Prefixes (x: '' + [IPv6Prefix] + ${attrsToSection x.ipv6PrefixConfig} + + '')} ${optionalString (def.dhcpServerConfig != { }) '' [DHCPServer] ${attrsToSection def.dhcpServerConfig} From 00215e5bc0f046b0da8af5f5955b13ee8d915d51 Mon Sep 17 00:00:00 2001 From: Andreas Rammhold Date: Sat, 7 Mar 2020 23:29:37 +0100 Subject: [PATCH 8/8] nixos/networkd: support PrefixDelegationHint in DHCPv6 section With sytemd v244 we will have support for this option. --- nixos/modules/system/boot/networkd.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index b06808fd64a022..9b34b12e73a503 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -303,6 +303,7 @@ let checkDhcpV6 = checkUnitConfig "DHCPv6" [ (assertOnlyFields [ "UseDns" "UseNTP" "RapidCommit" "ForceDHCPv6PDOtherInformation" + "PrefixDelegationHint" ]) (assertValueOneOf "UseDNS" boolValues) (assertValueOneOf "UseNTP" boolValues)