2009-10-12 19:27:57 +02:00
|
|
|
|
{ config, pkgs, ... }:
|
2009-03-06 13:27:38 +01:00
|
|
|
|
|
2009-10-12 19:27:57 +02:00
|
|
|
|
with pkgs.lib;
|
2007-02-12 17:00:55 +01:00
|
|
|
|
|
2009-10-12 19:27:57 +02:00
|
|
|
|
let
|
2009-05-28 18:03:48 +02:00
|
|
|
|
|
2009-07-16 19:18:54 +02:00
|
|
|
|
cfg = config.networking;
|
2012-08-29 22:15:04 +02:00
|
|
|
|
hasVirtuals = any (i: i.virtual) cfg.interfaces;
|
2009-07-16 19:18:54 +02:00
|
|
|
|
|
2011-09-14 20:20:50 +02:00
|
|
|
|
in
|
2009-07-16 19:18:54 +02:00
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
###### interface
|
2009-05-28 18:03:48 +02:00
|
|
|
|
|
|
|
|
|
options = {
|
|
|
|
|
|
|
|
|
|
networking.hostName = mkOption {
|
|
|
|
|
default = "nixos";
|
2009-07-16 19:18:54 +02:00
|
|
|
|
description = ''
|
2009-05-28 18:03:48 +02:00
|
|
|
|
The name of the machine. Leave it empty if you want to obtain
|
|
|
|
|
it from a DHCP server (if using DHCP).
|
2009-07-16 19:18:54 +02:00
|
|
|
|
'';
|
2009-05-28 18:03:48 +02:00
|
|
|
|
};
|
|
|
|
|
|
2011-02-19 18:21:29 +01:00
|
|
|
|
networking.enableIPv6 = mkOption {
|
|
|
|
|
default = true;
|
2009-07-16 19:18:54 +02:00
|
|
|
|
description = ''
|
2011-02-19 18:21:29 +01:00
|
|
|
|
Whether to enable support for IPv6.
|
2009-07-16 19:18:54 +02:00
|
|
|
|
'';
|
2009-05-28 18:03:48 +02:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
networking.defaultGateway = mkOption {
|
|
|
|
|
default = "";
|
|
|
|
|
example = "131.211.84.1";
|
2009-07-16 19:18:54 +02:00
|
|
|
|
description = ''
|
2009-05-28 18:03:48 +02:00
|
|
|
|
The default gateway. It can be left empty if it is auto-detected through DHCP.
|
2009-07-16 19:18:54 +02:00
|
|
|
|
'';
|
2009-05-28 18:03:48 +02:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
networking.nameservers = mkOption {
|
|
|
|
|
default = [];
|
|
|
|
|
example = ["130.161.158.4" "130.161.33.17"];
|
2009-07-16 19:18:54 +02:00
|
|
|
|
description = ''
|
2009-05-28 18:03:48 +02:00
|
|
|
|
The list of nameservers. It can be left empty if it is auto-detected through DHCP.
|
2009-07-16 19:18:54 +02:00
|
|
|
|
'';
|
2009-05-28 18:03:48 +02:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
networking.domain = mkOption {
|
|
|
|
|
default = "";
|
|
|
|
|
example = "home";
|
2009-07-16 19:18:54 +02:00
|
|
|
|
description = ''
|
2009-05-28 18:03:48 +02:00
|
|
|
|
The domain. It can be left empty if it is auto-detected through DHCP.
|
2009-07-16 19:18:54 +02:00
|
|
|
|
'';
|
2009-05-28 18:03:48 +02:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
networking.localCommands = mkOption {
|
|
|
|
|
default = "";
|
|
|
|
|
example = "text=anything; echo You can put $text here.";
|
2009-07-16 19:18:54 +02:00
|
|
|
|
description = ''
|
2009-05-28 18:03:48 +02:00
|
|
|
|
Shell commands to be executed at the end of the
|
|
|
|
|
<literal>network-interfaces</literal> Upstart job. Note that if
|
|
|
|
|
you are using DHCP to obtain the network configuration,
|
|
|
|
|
interfaces may not be fully configured yet.
|
2009-07-16 19:18:54 +02:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
networking.interfaces = mkOption {
|
|
|
|
|
default = [];
|
|
|
|
|
example = [
|
|
|
|
|
{ name = "eth0";
|
|
|
|
|
ipAddress = "131.211.84.78";
|
|
|
|
|
subnetMask = "255.255.255.128";
|
|
|
|
|
}
|
|
|
|
|
];
|
|
|
|
|
description = ''
|
|
|
|
|
The configuration for each network interface. If
|
|
|
|
|
<option>networking.useDHCP</option> is true, then every
|
|
|
|
|
interface not listed here will be configured using DHCP.
|
|
|
|
|
'';
|
|
|
|
|
|
|
|
|
|
type = types.list types.optionSet;
|
|
|
|
|
|
|
|
|
|
options = {
|
|
|
|
|
|
|
|
|
|
name = mkOption {
|
|
|
|
|
example = "eth0";
|
|
|
|
|
type = types.string;
|
|
|
|
|
description = ''
|
|
|
|
|
Name of the interface.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
ipAddress = mkOption {
|
|
|
|
|
default = "";
|
|
|
|
|
example = "10.0.0.1";
|
|
|
|
|
type = types.string;
|
|
|
|
|
description = ''
|
|
|
|
|
IP address of the interface. Leave empty to configure the
|
|
|
|
|
interface using DHCP.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
subnetMask = mkOption {
|
|
|
|
|
default = "";
|
|
|
|
|
example = "255.255.255.0";
|
|
|
|
|
type = types.string;
|
|
|
|
|
description = ''
|
|
|
|
|
Subnet mask of the interface. Leave empty to use the
|
|
|
|
|
default subnet mask.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2010-11-24 23:58:48 +01:00
|
|
|
|
macAddress = mkOption {
|
|
|
|
|
default = "";
|
|
|
|
|
example = "00:11:22:33:44:55";
|
|
|
|
|
type = types.string;
|
|
|
|
|
description = ''
|
|
|
|
|
MAC address of the interface. Leave empty to use the default.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2012-08-29 22:15:04 +02:00
|
|
|
|
virtual = mkOption {
|
|
|
|
|
default = false;
|
|
|
|
|
type = types.bool;
|
|
|
|
|
description = ''
|
|
|
|
|
Whether this interface is virtual and should be created by tunctl.
|
|
|
|
|
This is mainly useful for creating bridges between a host a virtual
|
|
|
|
|
network such as VPN or a virtual machine.
|
|
|
|
|
|
|
|
|
|
Defaults to tap device, unless interface contains "tun" in its name.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
virtualOwner = mkOption {
|
|
|
|
|
default = "root";
|
|
|
|
|
type = types.uniq types.string;
|
|
|
|
|
description = ''
|
|
|
|
|
In case of a virtual device, the user who owns it.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2012-08-29 22:17:40 +02:00
|
|
|
|
proxyARP = mkOption {
|
|
|
|
|
default = false;
|
|
|
|
|
type = types.bool;
|
|
|
|
|
description = ''
|
|
|
|
|
Turn on proxy_arp for this device (and proxy_ndp for ipv6).
|
|
|
|
|
This is mainly useful for creating pseudo-bridges between a real
|
|
|
|
|
interface and a virtual network such as VPN or a virtual machine for
|
|
|
|
|
interfaces that don't support real bridging (most wlan interfaces).
|
|
|
|
|
As ARP proxying acts slightly above the link-layer, below-ip traffic
|
|
|
|
|
isn't bridged, so things like DHCP won't work. The advantage above
|
|
|
|
|
using NAT lies in the fact that no IP addresses are shared, so all
|
|
|
|
|
hosts are reachable/routeable.
|
|
|
|
|
|
|
|
|
|
WARNING: turns on ip-routing, so if you have multiple interfaces, you
|
|
|
|
|
should think of the consequence and setup firewall rules to limit this.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2009-07-16 19:18:54 +02:00
|
|
|
|
};
|
2011-09-14 20:20:50 +02:00
|
|
|
|
|
2009-05-28 18:03:48 +02:00
|
|
|
|
};
|
|
|
|
|
|
2010-05-21 16:12:03 +02:00
|
|
|
|
networking.ifaces = mkOption {
|
|
|
|
|
default = listToAttrs
|
|
|
|
|
(map (iface: { name = iface.name; value = iface; }) config.networking.interfaces);
|
|
|
|
|
internal = true;
|
|
|
|
|
description = ''
|
|
|
|
|
The network interfaces in <option>networking.interfaces</option>
|
|
|
|
|
as an attribute set keyed on the interface name.
|
|
|
|
|
'';
|
|
|
|
|
};
|
2011-09-14 20:20:50 +02:00
|
|
|
|
|
2011-03-15 16:13:48 +01:00
|
|
|
|
networking.bridges = mkOption {
|
|
|
|
|
default = { };
|
|
|
|
|
example =
|
|
|
|
|
{ br0.interfaces = [ "eth0" "eth1" ];
|
|
|
|
|
br1.interfaces = [ "eth2" "wlan0" ];
|
|
|
|
|
};
|
|
|
|
|
description =
|
|
|
|
|
''
|
|
|
|
|
This option allows you to define Ethernet bridge devices
|
|
|
|
|
that connect physical networks together. The value of this
|
|
|
|
|
option is an attribute set. Each attribute specifies a
|
|
|
|
|
bridge, with the attribute name specifying the name of the
|
|
|
|
|
bridge's network interface.
|
|
|
|
|
'';
|
|
|
|
|
|
|
|
|
|
type = types.attrsOf types.optionSet;
|
|
|
|
|
|
|
|
|
|
options = {
|
|
|
|
|
|
|
|
|
|
interfaces = mkOption {
|
|
|
|
|
example = [ "eth0" "eth1" ];
|
|
|
|
|
type = types.listOf types.string;
|
|
|
|
|
description =
|
|
|
|
|
"The physical network interfaces connected by the bridge.";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
};
|
2011-09-14 20:20:50 +02:00
|
|
|
|
|
2011-03-15 16:13:48 +01:00
|
|
|
|
};
|
|
|
|
|
|
2012-02-20 15:29:21 +01:00
|
|
|
|
networking.useDHCP = mkOption {
|
|
|
|
|
default = true;
|
|
|
|
|
merge = mergeEnableOption;
|
|
|
|
|
description = ''
|
|
|
|
|
Whether to use DHCP to obtain an IP adress and other
|
|
|
|
|
configuration for all network interfaces that are not manually
|
|
|
|
|
configured.
|
|
|
|
|
'';
|
|
|
|
|
};
|
2009-05-28 18:03:48 +02:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
2009-07-16 19:18:54 +02:00
|
|
|
|
###### implementation
|
2009-05-28 18:03:48 +02:00
|
|
|
|
|
2009-07-16 19:18:54 +02:00
|
|
|
|
config = {
|
2009-03-06 13:27:38 +01:00
|
|
|
|
|
2012-08-29 22:15:04 +02:00
|
|
|
|
boot.kernelModules = optional cfg.enableIPv6 "ipv6" ++ optional hasVirtuals "tun";
|
2011-02-19 18:21:29 +01:00
|
|
|
|
|
2009-09-29 17:43:52 +02:00
|
|
|
|
environment.systemPackages =
|
|
|
|
|
[ pkgs.host
|
|
|
|
|
pkgs.iproute
|
2010-06-04 16:00:56 +02:00
|
|
|
|
pkgs.iputils
|
2009-09-29 17:43:52 +02:00
|
|
|
|
pkgs.nettools
|
|
|
|
|
pkgs.wirelesstools
|
2010-04-21 13:37:52 +02:00
|
|
|
|
pkgs.rfkill
|
2012-02-20 01:00:50 +01:00
|
|
|
|
pkgs.openresolv
|
2011-09-14 20:20:50 +02:00
|
|
|
|
]
|
2011-03-24 17:23:28 +01:00
|
|
|
|
++ optional (cfg.bridges != {}) pkgs.bridge_utils
|
2012-08-29 22:15:04 +02:00
|
|
|
|
++ optional hasVirtuals pkgs.tunctl
|
2011-03-24 17:23:28 +01:00
|
|
|
|
++ optional cfg.enableIPv6 pkgs.ndisc6;
|
2010-06-02 23:10:48 +02:00
|
|
|
|
|
|
|
|
|
security.setuidPrograms = [ "ping" "ping6" ];
|
2011-09-14 20:20:50 +02:00
|
|
|
|
|
2012-08-15 21:38:52 +02:00
|
|
|
|
jobs."network-interfaces" =
|
|
|
|
|
{ description = "Static Network Interfaces";
|
2007-11-23 18:12:37 +01:00
|
|
|
|
|
2012-08-15 21:38:52 +02:00
|
|
|
|
after = [ "systemd-udev-settle.service" ];
|
|
|
|
|
before = [ "network.target" ];
|
|
|
|
|
wantedBy = [ "network.target" ];
|
2007-02-12 17:00:55 +01:00
|
|
|
|
|
2011-03-11 14:57:48 +01:00
|
|
|
|
path = [ pkgs.iproute ];
|
2011-03-09 13:28:44 +01:00
|
|
|
|
|
2009-07-16 19:18:54 +02:00
|
|
|
|
preStart =
|
|
|
|
|
''
|
2011-04-01 17:05:42 +02:00
|
|
|
|
set +e # continue in case of errors
|
2011-09-14 20:20:50 +02:00
|
|
|
|
|
2012-02-20 01:00:50 +01:00
|
|
|
|
# Set the static DNS configuration, if given.
|
|
|
|
|
cat | ${pkgs.openresolv}/sbin/resolvconf -a static <<EOF
|
|
|
|
|
${optionalString (cfg.nameservers != [] && cfg.domain != "") ''
|
|
|
|
|
domain ${cfg.domain}
|
|
|
|
|
''}
|
|
|
|
|
${flip concatMapStrings cfg.nameservers (ns: ''
|
|
|
|
|
nameserver ${ns}
|
|
|
|
|
'')}
|
|
|
|
|
EOF
|
2009-07-16 19:18:54 +02:00
|
|
|
|
|
|
|
|
|
# Set the default gateway.
|
2011-03-11 15:50:11 +01:00
|
|
|
|
${optionalString (cfg.defaultGateway != "") ''
|
2012-10-10 23:55:42 +02:00
|
|
|
|
ip route add default via "${cfg.defaultGateway}"
|
2011-03-11 15:50:11 +01:00
|
|
|
|
''}
|
2009-07-16 19:18:54 +02:00
|
|
|
|
|
2012-10-10 23:55:42 +02:00
|
|
|
|
# Turn on forwarding if any interface has enabled proxy_arp.
|
2012-08-29 22:17:40 +02:00
|
|
|
|
${optionalString (any (i: i.proxyARP) cfg.interfaces) ''
|
|
|
|
|
echo 1 > /proc/sys/net/ipv4/ip_forward
|
|
|
|
|
''}
|
|
|
|
|
|
2009-07-16 19:18:54 +02:00
|
|
|
|
# Run any user-specified commands.
|
2011-04-01 17:05:42 +02:00
|
|
|
|
${pkgs.stdenv.shell} ${pkgs.writeText "local-net-cmds" cfg.localCommands}
|
2009-07-16 19:18:54 +02:00
|
|
|
|
'';
|
2010-09-13 17:41:38 +02:00
|
|
|
|
};
|
|
|
|
|
|
2012-10-10 23:55:42 +02:00
|
|
|
|
boot.systemd.services =
|
|
|
|
|
let
|
|
|
|
|
|
|
|
|
|
# For each interface <foo>, create a job ‘<foo>-cfg.service"
|
|
|
|
|
# that performs static configuration. It has a "wants"
|
|
|
|
|
# dependency on ‘<foo>.service’, which is supposed to create
|
|
|
|
|
# the interface and need not exist (i.e. for hardware
|
|
|
|
|
# interfaces). It has a binds-to dependency on the actual
|
|
|
|
|
# network device, so it only gets started after the interface
|
|
|
|
|
# has appeared, and it's stopped when the interface
|
|
|
|
|
# disappears.
|
|
|
|
|
configureInterface = i: nameValuePair "${i.name}-cfg"
|
|
|
|
|
{ description = "Configuration of ${i.name}";
|
|
|
|
|
wantedBy = [ "network.target" ];
|
|
|
|
|
bindsTo = [ "sys-subsystem-net-devices-${i.name}.device" ];
|
2012-10-11 04:47:50 +02:00
|
|
|
|
after = [ "sys-subsystem-net-devices-${i.name}.device" ];
|
2012-10-10 23:55:42 +02:00
|
|
|
|
serviceConfig.Type = "oneshot";
|
|
|
|
|
serviceConfig.RemainAfterExit = true;
|
|
|
|
|
path = [ pkgs.iproute ];
|
|
|
|
|
script =
|
|
|
|
|
''
|
|
|
|
|
echo "bringing up interface..."
|
|
|
|
|
ip link set "${i.name}" up
|
|
|
|
|
''
|
|
|
|
|
+ optionalString (i.macAddress != "")
|
|
|
|
|
''
|
|
|
|
|
echo "setting MAC address to ${i.macAddress}..."
|
|
|
|
|
ip link set "${i.name}" address "${i.macAddress}"
|
|
|
|
|
''
|
|
|
|
|
+ optionalString (i.ipAddress != "")
|
|
|
|
|
''
|
|
|
|
|
echo "configuring interface..."
|
|
|
|
|
ip addr flush dev "${i.name}"
|
|
|
|
|
ip addr add "${i.ipAddress}""${optionalString (i.subnetMask != "") ("/" + i.subnetMask)}" \
|
|
|
|
|
dev "${i.name}"
|
|
|
|
|
${config.system.build.systemd}/bin/systemctl start ip-up.target
|
|
|
|
|
''
|
|
|
|
|
+ optionalString i.proxyARP
|
|
|
|
|
''
|
|
|
|
|
echo 1 > /proc/sys/net/ipv4/conf/${i.name}/proxy_arp
|
|
|
|
|
''
|
|
|
|
|
+ optionalString (i.proxyARP && cfg.enableIPv6)
|
|
|
|
|
''
|
|
|
|
|
echo 1 > /proc/sys/net/ipv6/conf/${i.name}/proxy_ndp
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
createTunDevice = i: nameValuePair "${i.name}"
|
|
|
|
|
{ description = "Virtual Network Interface ${i.name}";
|
2012-10-11 04:47:50 +02:00
|
|
|
|
wantedBy = [ "network.target" "sys-subsystem-net-devices-${i.name}.device" ];
|
2012-10-10 23:55:42 +02:00
|
|
|
|
serviceConfig =
|
|
|
|
|
{ Type = "oneshot";
|
|
|
|
|
RemainAfterExit = true;
|
|
|
|
|
ExecStart = "${pkgs.tunctl}/bin/tunctl -t '${i.name}' -u '${i.virtualOwner}'";
|
|
|
|
|
ExecStop = "${pkgs.tunctl}/bin/tunctl -d '${i.name}'";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
createBridgeDevice = n: v:
|
|
|
|
|
let
|
|
|
|
|
deps = map (i: "sys-subsystem-net-devices-${i}.device") v.interfaces;
|
|
|
|
|
in
|
|
|
|
|
{ description = "Bridge Interface ${n}";
|
2012-10-11 04:47:50 +02:00
|
|
|
|
wantedBy = [ "network.target" "sys-subsystem-net-devices-${n}.device" ];
|
2012-10-10 23:55:42 +02:00
|
|
|
|
bindsTo = deps;
|
|
|
|
|
after = deps;
|
|
|
|
|
serviceConfig.Type = "oneshot";
|
|
|
|
|
serviceConfig.RemainAfterExit = true;
|
|
|
|
|
path = [ pkgs.bridge_utils pkgs.iproute ];
|
|
|
|
|
script =
|
|
|
|
|
''
|
|
|
|
|
brctl addbr "${n}"
|
|
|
|
|
|
|
|
|
|
# Set bridge's hello time to 0 to avoid startup delays.
|
|
|
|
|
brctl setfd "${n}" 0
|
|
|
|
|
|
|
|
|
|
${flip concatMapStrings v.interfaces (i: ''
|
|
|
|
|
brctl addif "${n}" "${i}"
|
|
|
|
|
ip addr flush dev "${i}"
|
|
|
|
|
'')}
|
|
|
|
|
|
|
|
|
|
# !!! Should delete (brctl delif) any interfaces that
|
|
|
|
|
# no longer belong to the bridge.
|
|
|
|
|
'';
|
|
|
|
|
postStop =
|
|
|
|
|
''
|
|
|
|
|
ip link set "${n}" down
|
|
|
|
|
brctl delbr "${n}"
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
in listToAttrs (
|
|
|
|
|
map configureInterface cfg.interfaces ++
|
|
|
|
|
map createTunDevice (filter (i: i.virtual) cfg.interfaces))
|
|
|
|
|
// mapAttrs createBridgeDevice cfg.bridges;
|
|
|
|
|
|
2010-09-13 17:41:38 +02:00
|
|
|
|
# Set the host name in the activation script. Don't clear it if
|
|
|
|
|
# it's not configured in the NixOS configuration, since it may
|
|
|
|
|
# have been set by dhclient in the meantime.
|
|
|
|
|
system.activationScripts.hostname =
|
2010-09-14 13:58:55 +02:00
|
|
|
|
optionalString (config.networking.hostName != "") ''
|
2010-09-13 17:41:38 +02:00
|
|
|
|
hostname "${config.networking.hostName}"
|
2010-09-14 13:58:55 +02:00
|
|
|
|
'';
|
2009-07-16 19:18:54 +02:00
|
|
|
|
|
|
|
|
|
};
|
2011-09-14 20:20:50 +02:00
|
|
|
|
|
2006-11-20 18:06:44 +01:00
|
|
|
|
}
|