| blob | 83c0dc27885e3c956f1cadc12d1ffeb47034bf9f |
1 { config, lib, pkgs, utils, ... }:
3 with utils;
4 with lib;
6 let
8 cfg = config.networking;
9 interfaces = attrValues cfg.interfaces;
11 slaves = concatMap (i: i.interfaces) (attrValues cfg.bonds)
12 ++ concatMap (i: i.interfaces) (attrValues cfg.bridges)
13 ++ concatMap (i: attrNames (filterAttrs (_: config: config.type != "internal") i.interfaces)) (attrValues cfg.vswitches)
14 ++ concatMap (i: [i.interface]) (attrValues cfg.macvlans)
15 ++ concatMap (i: [i.interface]) (attrValues cfg.vlans);
17 # We must escape interfaces due to the systemd interpretation
18 subsystemDevice = interface:
19 "sys-subsystem-net-devices-${escapeSystemdPath interface}.device";
21 interfaceIps = i:
22 i.ipv4.addresses
23 ++ optionals cfg.enableIPv6 i.ipv6.addresses;
25 destroyBond = i: ''
26 while true; do
27 UPDATED=1
28 SLAVES=$(ip link | grep 'master ${i}' | awk -F: '{print $2}')
29 for I in $SLAVES; do
30 UPDATED=0
31 ip link set dev "$I" nomaster
32 done
33 [ "$UPDATED" -eq "1" ] && break
34 done
35 ip link set dev "${i}" down 2>/dev/null || true
36 ip link del dev "${i}" 2>/dev/null || true
37 '';
39 # warn that these attributes are deprecated (2017-2-2)
40 # Should be removed in the release after next
41 bondDeprecation = rec {
42 deprecated = [ "lacp_rate" "miimon" "mode" "xmit_hash_policy" ];
43 filterDeprecated = bond: (filterAttrs (attrName: attr:
44 elem attrName deprecated && attr != null) bond);
45 };
47 bondWarnings =
48 let oneBondWarnings = bondName: bond:
49 mapAttrsToList (bondText bondName) (bondDeprecation.filterDeprecated bond);
50 bondText = bondName: optName: _:
51 "${bondName}.${optName} is deprecated, use ${bondName}.driverOptions";
52 in {
53 warnings = flatten (mapAttrsToList oneBondWarnings cfg.bonds);
54 };
56 normalConfig = {
57 systemd.network.links = let
58 createNetworkLink = i: nameValuePair "40-${i.name}" {
59 matchConfig.OriginalName = i.name;
60 linkConfig = optionalAttrs (i.macAddress != null) {
61 MACAddress = i.macAddress;
62 } // optionalAttrs (i.mtu != null) {
63 MTUBytes = toString i.mtu;
64 };
65 };
66 in listToAttrs (map createNetworkLink interfaces);
67 systemd.services =
68 let
70 deviceDependency = dev:
71 # Use systemd service if we manage device creation, else
72 # trust udev when not in a container
73 if (dev == null || dev == "lo") then []
74 else if (hasAttr dev (filterAttrs (k: v: v.virtual) cfg.interfaces)) ||
75 (hasAttr dev cfg.bridges) ||
76 (hasAttr dev cfg.bonds) ||
77 (hasAttr dev cfg.macvlans) ||
78 (hasAttr dev cfg.sits) ||
79 (hasAttr dev cfg.vlans) ||
80 (hasAttr dev cfg.vswitches)
81 then [ "${dev}-netdev.service" ]
82 else optional (!config.boot.isContainer) (subsystemDevice dev);
84 hasDefaultGatewaySet = (cfg.defaultGateway != null && cfg.defaultGateway.address != "")
85 || (cfg.enableIPv6 && cfg.defaultGateway6 != null && cfg.defaultGateway6.address != "");
87 needNetworkSetup = cfg.resolvconf.enable || cfg.defaultGateway != null || cfg.defaultGateway6 != null;
89 networkLocalCommands = lib.mkIf needNetworkSetup {
90 after = [ "network-setup.service" ];
91 bindsTo = [ "network-setup.service" ];
92 };
94 networkSetup = lib.mkIf needNetworkSetup
95 { description = "Networking Setup";
97 after = [ "network-pre.target" "systemd-udevd.service" "systemd-sysctl.service" ];
98 before = [ "network.target" "shutdown.target" ];
99 wants = [ "network.target" ];
100 # exclude bridges from the partOf relationship to fix container networking bug #47210
101 partOf = map (i: "network-addresses-${i.name}.service") (filter (i: !(hasAttr i.name cfg.bridges)) interfaces);
102 conflicts = [ "shutdown.target" ];
103 wantedBy = [ "multi-user.target" ] ++ optional hasDefaultGatewaySet "network-online.target";
105 unitConfig.ConditionCapability = "CAP_NET_ADMIN";
107 path = [ pkgs.iproute2 ];
109 serviceConfig = {
110 Type = "oneshot";
111 RemainAfterExit = true;
112 };
114 unitConfig.DefaultDependencies = false;
116 script =
117 ''
118 ${optionalString config.networking.resolvconf.enable ''
119 # Set the static DNS configuration, if given.
120 ${pkgs.openresolv}/sbin/resolvconf -m 1 -a static <<EOF
121 ${optionalString (cfg.nameservers != [] && cfg.domain != null) ''
122 domain ${cfg.domain}
123 ''}
124 ${optionalString (cfg.search != []) ("search " + concatStringsSep " " cfg.search)}
125 ${flip concatMapStrings cfg.nameservers (ns: ''
126 nameserver ${ns}
127 '')}
128 EOF
129 ''}
131 # Set the default gateway.
132 ${optionalString (cfg.defaultGateway != null && cfg.defaultGateway.address != "") ''
133 ${optionalString (cfg.defaultGateway.interface != null) ''
134 ip route replace ${cfg.defaultGateway.address} dev ${cfg.defaultGateway.interface} ${optionalString (cfg.defaultGateway.metric != null)
135 "metric ${toString cfg.defaultGateway.metric}"
136 } proto static
137 ''}
138 ip route replace default ${optionalString (cfg.defaultGateway.metric != null)
139 "metric ${toString cfg.defaultGateway.metric}"
140 } via "${cfg.defaultGateway.address}" ${
141 optionalString (cfg.defaultGatewayWindowSize != null)
142 "window ${toString cfg.defaultGatewayWindowSize}"} ${
143 optionalString (cfg.defaultGateway.interface != null)
144 "dev ${cfg.defaultGateway.interface}"} proto static
145 ''}
146 ${optionalString (cfg.defaultGateway6 != null && cfg.defaultGateway6.address != "") ''
147 ${optionalString (cfg.defaultGateway6.interface != null) ''
148 ip -6 route replace ${cfg.defaultGateway6.address} dev ${cfg.defaultGateway6.interface} ${optionalString (cfg.defaultGateway6.metric != null)
149 "metric ${toString cfg.defaultGateway6.metric}"
150 } proto static
151 ''}
152 ip -6 route replace default ${optionalString (cfg.defaultGateway6.metric != null)
153 "metric ${toString cfg.defaultGateway6.metric}"
154 } via "${cfg.defaultGateway6.address}" ${
155 optionalString (cfg.defaultGatewayWindowSize != null)
156 "window ${toString cfg.defaultGatewayWindowSize}"} ${
157 optionalString (cfg.defaultGateway6.interface != null)
158 "dev ${cfg.defaultGateway6.interface}"} proto static
159 ''}
160 '';
161 };
163 # For each interface <foo>, create a job ‘network-addresses-<foo>.service"
164 # that performs static address configuration. It has a "wants"
165 # dependency on ‘<foo>.service’, which is supposed to create
166 # the interface and need not exist (i.e. for hardware
167 # interfaces). It has a binds-to dependency on the actual
168 # network device, so it only gets started after the interface
169 # has appeared, and it's stopped when the interface
170 # disappears.
171 configureAddrs = i:
172 let
173 ips = interfaceIps i;
174 in
175 nameValuePair "network-addresses-${i.name}"
176 { description = "Address configuration of ${i.name}";
177 wantedBy = [
178 "network-setup.service"
179 "network.target"
180 ];
181 # order before network-setup because the routes that are configured
182 # there may need ip addresses configured
183 before = [ "network-setup.service" ];
184 bindsTo = deviceDependency i.name;
185 after = [ "network-pre.target" ] ++ (deviceDependency i.name);
186 serviceConfig.Type = "oneshot";
187 serviceConfig.RemainAfterExit = true;
188 # Restart rather than stop+start this unit to prevent the
189 # network from dying during switch-to-configuration.
190 stopIfChanged = false;
191 path = [ pkgs.iproute2 ];
192 script =
193 ''
194 state="/run/nixos/network/addresses/${i.name}"
195 mkdir -p $(dirname "$state")
197 ip link set dev "${i.name}" up
199 ${flip concatMapStrings ips (ip:
200 let
201 cidr = "${ip.address}/${toString ip.prefixLength}";
202 in
203 ''
204 echo "${cidr}" >> $state
205 echo -n "adding address ${cidr}... "
206 if out=$(ip addr replace "${cidr}" dev "${i.name}" 2>&1); then
207 echo "done"
208 else
209 echo "'ip addr replace "${cidr}" dev "${i.name}"' failed: $out"
210 exit 1
211 fi
212 ''
213 )}
215 state="/run/nixos/network/routes/${i.name}"
216 mkdir -p $(dirname "$state")
218 ${flip concatMapStrings (i.ipv4.routes ++ i.ipv6.routes) (route:
219 let
220 cidr = "${route.address}/${toString route.prefixLength}";
221 via = optionalString (route.via != null) ''via "${route.via}"'';
222 options = concatStrings (mapAttrsToList (name: val: "${name} ${val} ") route.options);
223 type = toString route.type;
224 in
225 ''
226 echo "${cidr}" >> $state
227 echo -n "adding route ${cidr}... "
228 if out=$(ip route add ${type} "${cidr}" ${options} ${via} dev "${i.name}" proto static 2>&1); then
229 echo "done"
230 elif ! echo "$out" | grep "File exists" >/dev/null 2>&1; then
231 echo "'ip route add ${type} "${cidr}" ${options} ${via} dev "${i.name}"' failed: $out"
232 exit 1
233 fi
234 ''
235 )}
236 '';
237 preStop = ''
238 state="/run/nixos/network/routes/${i.name}"
239 if [ -e "$state" ]; then
240 while read cidr; do
241 echo -n "deleting route $cidr... "
242 ip route del "$cidr" dev "${i.name}" >/dev/null 2>&1 && echo "done" || echo "failed"
243 done < "$state"
244 rm -f "$state"
245 fi
247 state="/run/nixos/network/addresses/${i.name}"
248 if [ -e "$state" ]; then
249 while read cidr; do
250 echo -n "deleting address $cidr... "
251 ip addr del "$cidr" dev "${i.name}" >/dev/null 2>&1 && echo "done" || echo "failed"
252 done < "$state"
253 rm -f "$state"
254 fi
255 '';
256 };
258 createTunDevice = i: nameValuePair "${i.name}-netdev"
259 { description = "Virtual Network Interface ${i.name}";
260 bindsTo = optional (!config.boot.isContainer) "dev-net-tun.device";
261 after = optional (!config.boot.isContainer) "dev-net-tun.device" ++ [ "network-pre.target" ];
262 wantedBy = [ "network-setup.service" (subsystemDevice i.name) ];
263 partOf = [ "network-setup.service" ];
264 before = [ "network-setup.service" ];
265 path = [ pkgs.iproute2 ];
266 serviceConfig = {
267 Type = "oneshot";
268 RemainAfterExit = true;
269 };
270 script = ''
271 ip tuntap add dev "${i.name}" mode "${i.virtualType}" user "${i.virtualOwner}"
272 '';
273 postStop = ''
274 ip link del dev ${i.name} || true
275 '';
276 };
278 createBridgeDevice = n: v: nameValuePair "${n}-netdev"
279 (let
280 deps = concatLists (map deviceDependency v.interfaces);
281 in
282 { description = "Bridge Interface ${n}";
283 wantedBy = [ "network-setup.service" (subsystemDevice n) ];
284 bindsTo = deps ++ optional v.rstp "mstpd.service";
285 partOf = [ "network-setup.service" ] ++ optional v.rstp "mstpd.service";
286 after = [ "network-pre.target" ] ++ deps ++ optional v.rstp "mstpd.service"
287 ++ map (i: "network-addresses-${i}.service") v.interfaces;
288 before = [ "network-setup.service" ];
289 serviceConfig.Type = "oneshot";
290 serviceConfig.RemainAfterExit = true;
291 path = [ pkgs.iproute2 ];
292 script = ''
293 # Remove Dead Interfaces
294 echo "Removing old bridge ${n}..."
295 ip link show dev "${n}" >/dev/null 2>&1 && ip link del dev "${n}"
297 echo "Adding bridge ${n}..."
298 ip link add name "${n}" type bridge
300 # Enslave child interfaces
301 ${flip concatMapStrings v.interfaces (i: ''
302 ip link set dev "${i}" master "${n}"
303 ip link set dev "${i}" up
304 '')}
305 # Save list of enslaved interfaces
306 echo "${flip concatMapStrings v.interfaces (i: ''
307 ${i}
308 '')}" > /run/${n}.interfaces
310 ${optionalString config.virtualisation.libvirtd.enable ''
311 # Enslave dynamically added interfaces which may be lost on nixos-rebuild
312 #
313 # if `libvirtd.service` is not running, do not use `virsh` which would try activate it via 'libvirtd.socket' and thus start it out-of-order.
314 # `libvirtd.service` will set up bridge interfaces when it will start normally.
315 #
316 if /run/current-system/systemd/bin/systemctl --quiet is-active 'libvirtd.service'; then
317 for uri in qemu:///system lxc:///; do
318 for dom in $(${pkgs.libvirt}/bin/virsh -c $uri list --name); do
319 ${pkgs.libvirt}/bin/virsh -c $uri dumpxml "$dom" | \
320 ${pkgs.xmlstarlet}/bin/xmlstarlet sel -t -m "//domain/devices/interface[@type='bridge'][source/@bridge='${n}'][target/@dev]" -v "concat('ip link set dev ',target/@dev,' master ',source/@bridge,';')" | \
321 ${pkgs.bash}/bin/bash
322 done
323 done
324 fi
325 ''}
327 # Enable stp on the interface
328 ${optionalString v.rstp ''
329 echo 2 >/sys/class/net/${n}/bridge/stp_state
330 ''}
332 ip link set dev "${n}" up
333 '';
334 postStop = ''
335 ip link set dev "${n}" down || true
336 ip link del dev "${n}" || true
337 rm -f /run/${n}.interfaces
338 '';
339 reload = ''
340 # Un-enslave child interfaces (old list of interfaces)
341 for interface in `cat /run/${n}.interfaces`; do
342 ip link set dev "$interface" nomaster up
343 done
345 # Enslave child interfaces (new list of interfaces)
346 ${flip concatMapStrings v.interfaces (i: ''
347 ip link set dev "${i}" master "${n}"
348 ip link set dev "${i}" up
349 '')}
350 # Save list of enslaved interfaces
351 echo "${flip concatMapStrings v.interfaces (i: ''
352 ${i}
353 '')}" > /run/${n}.interfaces
355 # (Un-)set stp on the bridge
356 echo ${if v.rstp then "2" else "0"} > /sys/class/net/${n}/bridge/stp_state
357 '';
358 reloadIfChanged = true;
359 });
361 createVswitchDevice = n: v: nameValuePair "${n}-netdev"
362 (let
363 deps = concatLists (map deviceDependency (attrNames (filterAttrs (_: config: config.type != "internal") v.interfaces)));
364 internalConfigs = map (i: "network-addresses-${i}.service") (attrNames (filterAttrs (_: config: config.type == "internal") v.interfaces));
365 ofRules = pkgs.writeText "vswitch-${n}-openFlowRules" v.openFlowRules;
366 in
367 { description = "Open vSwitch Interface ${n}";
368 wantedBy = [ "network-setup.service" (subsystemDevice n) ] ++ internalConfigs;
369 # before = [ "network-setup.service" ];
370 # should work without internalConfigs dependencies because address/link configuration depends
371 # on the device, which is created by ovs-vswitchd with type=internal, but it does not...
372 before = [ "network-setup.service" ] ++ internalConfigs;
373 partOf = [ "network-setup.service" ]; # shutdown the bridge when network is shutdown
374 bindsTo = [ "ovs-vswitchd.service" ]; # requires ovs-vswitchd to be alive at all times
375 after = [ "network-pre.target" "ovs-vswitchd.service" ] ++ deps; # start switch after physical interfaces and vswitch daemon
376 wants = deps; # if one or more interface fails, the switch should continue to run
377 serviceConfig.Type = "oneshot";
378 serviceConfig.RemainAfterExit = true;
379 path = [ pkgs.iproute2 config.virtualisation.vswitch.package ];
380 preStart = ''
381 echo "Resetting Open vSwitch ${n}..."
382 ovs-vsctl --if-exists del-br ${n} -- add-br ${n} \
383 -- set bridge ${n} protocols=${concatStringsSep "," v.supportedOpenFlowVersions}
384 '';
385 script = ''
386 echo "Configuring Open vSwitch ${n}..."
387 ovs-vsctl ${concatStrings (mapAttrsToList (name: config: " -- add-port ${n} ${name}" + optionalString (config.vlan != null) " tag=${toString config.vlan}") v.interfaces)} \
388 ${concatStrings (mapAttrsToList (name: config: optionalString (config.type != null) " -- set interface ${name} type=${config.type}") v.interfaces)} \
389 ${concatMapStrings (x: " -- set-controller ${n} " + x) v.controllers} \
390 ${concatMapStrings (x: " -- " + x) (splitString "\n" v.extraOvsctlCmds)}
393 echo "Adding OpenFlow rules for Open vSwitch ${n}..."
394 ovs-ofctl --protocols=${v.openFlowVersion} add-flows ${n} ${ofRules}
395 '';
396 postStop = ''
397 echo "Cleaning Open vSwitch ${n}"
398 echo "Shutting down internal ${n} interface"
399 ip link set dev ${n} down || true
400 echo "Deleting flows for ${n}"
401 ovs-ofctl --protocols=${v.openFlowVersion} del-flows ${n} || true
402 echo "Deleting Open vSwitch ${n}"
403 ovs-vsctl --if-exists del-br ${n} || true
404 '';
405 });
407 createBondDevice = n: v: nameValuePair "${n}-netdev"
408 (let
409 deps = concatLists (map deviceDependency v.interfaces);
410 in
411 { description = "Bond Interface ${n}";
412 wantedBy = [ "network-setup.service" (subsystemDevice n) ];
413 bindsTo = deps;
414 partOf = [ "network-setup.service" ];
415 after = [ "network-pre.target" ] ++ deps
416 ++ map (i: "network-addresses-${i}.service") v.interfaces;
417 before = [ "network-setup.service" ];
418 serviceConfig.Type = "oneshot";
419 serviceConfig.RemainAfterExit = true;
420 path = [ pkgs.iproute2 pkgs.gawk ];
421 script = ''
422 echo "Destroying old bond ${n}..."
423 ${destroyBond n}
425 echo "Creating new bond ${n}..."
426 ip link add name "${n}" type bond \
427 ${let opts = (mapAttrs (const toString)
428 (bondDeprecation.filterDeprecated v))
429 // v.driverOptions;
430 in concatStringsSep "\n"
431 (mapAttrsToList (set: val: " ${set} ${val} \\") opts)}
433 # !!! There must be a better way to wait for the interface
434 while [ ! -d "/sys/class/net/${n}" ]; do sleep 0.1; done;
436 # Bring up the bond and enslave the specified interfaces
437 ip link set dev "${n}" up
438 ${flip concatMapStrings v.interfaces (i: ''
439 ip link set dev "${i}" down
440 ip link set dev "${i}" master "${n}"
441 '')}
442 '';
443 postStop = destroyBond n;
444 });
446 createMacvlanDevice = n: v: nameValuePair "${n}-netdev"
447 (let
448 deps = deviceDependency v.interface;
449 in
450 { description = "MACVLAN Interface ${n}";
451 wantedBy = [ "network-setup.service" (subsystemDevice n) ];
452 bindsTo = deps;
453 partOf = [ "network-setup.service" ];
454 after = [ "network-pre.target" ] ++ deps;
455 before = [ "network-setup.service" ];
456 serviceConfig.Type = "oneshot";
457 serviceConfig.RemainAfterExit = true;
458 path = [ pkgs.iproute2 ];
459 script = ''
460 # Remove Dead Interfaces
461 ip link show dev "${n}" >/dev/null 2>&1 && ip link delete dev "${n}"
462 ip link add link "${v.interface}" name "${n}" type macvlan \
463 ${optionalString (v.mode != null) "mode ${v.mode}"}
464 ip link set dev "${n}" up
465 '';
466 postStop = ''
467 ip link delete dev "${n}" || true
468 '';
469 });
471 createFouEncapsulation = n: v: nameValuePair "${n}-fou-encap"
472 (let
473 # if we have a device to bind to we can wait for its addresses to be
474 # configured, otherwise external sequencing is required.
475 deps = optionals (v.local != null && v.local.dev != null)
476 (deviceDependency v.local.dev ++ [ "network-addresses-${v.local.dev}.service" ]);
477 fouSpec = "port ${toString v.port} ${
478 if v.protocol != null then "ipproto ${toString v.protocol}" else "gue"
479 } ${
480 optionalString (v.local != null) "local ${escapeShellArg v.local.address} ${
481 optionalString (v.local.dev != null) "dev ${escapeShellArg v.local.dev}"
482 }"
483 }";
484 in
485 { description = "FOU endpoint ${n}";
486 wantedBy = [ "network-setup.service" (subsystemDevice n) ];
487 bindsTo = deps;
488 partOf = [ "network-setup.service" ];
489 after = [ "network-pre.target" ] ++ deps;
490 before = [ "network-setup.service" ];
491 serviceConfig.Type = "oneshot";
492 serviceConfig.RemainAfterExit = true;
493 path = [ pkgs.iproute2 ];
494 script = ''
495 # always remove previous incarnation since show can't filter
496 ip fou del ${fouSpec} >/dev/null 2>&1 || true
497 ip fou add ${fouSpec}
498 '';
499 postStop = ''
500 ip fou del ${fouSpec} || true
501 '';
502 });
504 createSitDevice = n: v: nameValuePair "${n}-netdev"
505 (let
506 deps = deviceDependency v.dev;
507 in
508 { description = "6-to-4 Tunnel Interface ${n}";
509 wantedBy = [ "network-setup.service" (subsystemDevice n) ];
510 bindsTo = deps;
511 partOf = [ "network-setup.service" ];
512 after = [ "network-pre.target" ] ++ deps;
513 before = [ "network-setup.service" ];
514 serviceConfig.Type = "oneshot";
515 serviceConfig.RemainAfterExit = true;
516 path = [ pkgs.iproute2 ];
517 script = ''
518 # Remove Dead Interfaces
519 ip link show dev "${n}" >/dev/null 2>&1 && ip link delete dev "${n}"
520 ip link add name "${n}" type sit \
521 ${optionalString (v.remote != null) "remote \"${v.remote}\""} \
522 ${optionalString (v.local != null) "local \"${v.local}\""} \
523 ${optionalString (v.ttl != null) "ttl ${toString v.ttl}"} \
524 ${optionalString (v.dev != null) "dev \"${v.dev}\""} \
525 ${optionalString (v.encapsulation != null)
526 "encap ${v.encapsulation.type} encap-dport ${toString v.encapsulation.port} ${
527 optionalString (v.encapsulation.sourcePort != null)
528 "encap-sport ${toString v.encapsulation.sourcePort}"
529 }"}
530 ip link set dev "${n}" up
531 '';
532 postStop = ''
533 ip link delete dev "${n}" || true
534 '';
535 });
537 createGreDevice = n: v: nameValuePair "${n}-netdev"
538 (let
539 deps = deviceDependency v.dev;
540 ttlarg = if lib.hasPrefix "ip6" v.type then "hoplimit" else "ttl";
541 in
542 { description = "GRE Tunnel Interface ${n}";
543 wantedBy = [ "network-setup.service" (subsystemDevice n) ];
544 bindsTo = deps;
545 partOf = [ "network-setup.service" ];
546 after = [ "network-pre.target" ] ++ deps;
547 before = [ "network-setup.service" ];
548 serviceConfig.Type = "oneshot";
549 serviceConfig.RemainAfterExit = true;
550 path = [ pkgs.iproute2 ];
551 script = ''
552 # Remove Dead Interfaces
553 ip link show dev "${n}" >/dev/null 2>&1 && ip link delete dev "${n}"
554 ip link add name "${n}" type ${v.type} \
555 ${optionalString (v.remote != null) "remote \"${v.remote}\""} \
556 ${optionalString (v.local != null) "local \"${v.local}\""} \
557 ${optionalString (v.ttl != null) "${ttlarg} ${toString v.ttl}"} \
558 ${optionalString (v.dev != null) "dev \"${v.dev}\""}
559 ip link set dev "${n}" up
560 '';
561 postStop = ''
562 ip link delete dev "${n}" || true
563 '';
564 });
566 createVlanDevice = n: v: nameValuePair "${n}-netdev"
567 (let
568 deps = deviceDependency v.interface;
569 in
570 { description = "VLAN Interface ${n}";
571 wantedBy = [ "network-setup.service" (subsystemDevice n) ];
572 bindsTo = deps;
573 partOf = [ "network-setup.service" ];
574 after = [ "network-pre.target" ] ++ deps;
575 before = [ "network-setup.service" ];
576 serviceConfig.Type = "oneshot";
577 serviceConfig.RemainAfterExit = true;
578 path = [ pkgs.iproute2 ];
579 script = ''
580 # Remove Dead Interfaces
581 ip link show dev "${n}" >/dev/null 2>&1 && ip link delete dev "${n}"
582 ip link add link "${v.interface}" name "${n}" type vlan id "${toString v.id}"
584 # We try to bring up the logical VLAN interface. If the master
585 # interface the logical interface is dependent upon is not up yet we will
586 # fail to immediately bring up the logical interface. The resulting logical
587 # interface will brought up later when the master interface is up.
588 ip link set dev "${n}" up || true
589 '';
590 postStop = ''
591 ip link delete dev "${n}" || true
592 '';
593 });
595 in listToAttrs (
596 map configureAddrs interfaces ++
597 map createTunDevice (filter (i: i.virtual) interfaces))
598 // mapAttrs' createBridgeDevice cfg.bridges
599 // mapAttrs' createVswitchDevice cfg.vswitches
600 // mapAttrs' createBondDevice cfg.bonds
601 // mapAttrs' createMacvlanDevice cfg.macvlans
602 // mapAttrs' createFouEncapsulation cfg.fooOverUDP
603 // mapAttrs' createSitDevice cfg.sits
604 // mapAttrs' createGreDevice cfg.greTunnels
605 // mapAttrs' createVlanDevice cfg.vlans
606 // {
607 network-setup = networkSetup;
608 network-local-commands = networkLocalCommands;
609 };
611 services.udev.extraRules =
612 ''
613 KERNEL=="tun", TAG+="systemd"
614 '';
617 };
619 in
621 {
622 config = mkMerge [
623 bondWarnings
624 (mkIf (!cfg.useNetworkd) normalConfig)
625 { # Ensure slave interfaces are brought up
626 networking.interfaces = genAttrs slaves (i: {});
627 }
628 ];
629 }