| blob | 33261021480f11bc4a183606a138f0d2d97adc49 |
1 { config, lib, pkgs, utils, ... }:
3 with utils.systemdUtils.unitOptions;
4 with utils.systemdUtils.lib;
5 with utils.systemdUtils.network.units;
6 with lib;
8 let
10 check = {
12 global = {
13 sectionNetwork = checkUnitConfig "Network" [
14 (assertOnlyFields [
15 "SpeedMeter"
16 "SpeedMeterIntervalSec"
17 "ManageForeignRoutingPolicyRules"
18 "ManageForeignRoutes"
19 "RouteTable"
20 ])
21 (assertValueOneOf "SpeedMeter" boolValues)
22 (assertInt "SpeedMeterIntervalSec")
23 (assertValueOneOf "ManageForeignRoutingPolicyRules" boolValues)
24 (assertValueOneOf "ManageForeignRoutes" boolValues)
25 ];
27 sectionDHCPv4 = checkUnitConfig "DHCPv4" [
28 (assertOnlyFields [
29 "ClientIdentifier"
30 "DUIDType"
31 "DUIDRawData"
32 ])
33 (assertValueOneOf "ClientIdentifier" ["mac" "duid" "duid-only"])
34 ];
36 sectionDHCPv6 = checkUnitConfig "DHCPv6" [
37 (assertOnlyFields [
38 "DUIDType"
39 "DUIDRawData"
40 ])
41 ];
42 };
44 link = {
46 sectionLink = checkUnitConfig "Link" [
47 (assertOnlyFields [
48 "Description"
49 "Alias"
50 "MACAddressPolicy"
51 "MACAddress"
52 "NamePolicy"
53 "Name"
54 "AlternativeNamesPolicy"
55 "AlternativeName"
56 "MTUBytes"
57 "BitsPerSecond"
58 "Duplex"
59 "AutoNegotiation"
60 "WakeOnLan"
61 "Port"
62 "Advertise"
63 "ReceiveChecksumOffload"
64 "TransmitChecksumOffload"
65 "TCPSegmentationOffload"
66 "TCP6SegmentationOffload"
67 "GenericSegmentationOffload"
68 "GenericReceiveOffload"
69 "LargeReceiveOffload"
70 "RxChannels"
71 "TxChannels"
72 "OtherChannels"
73 "CombinedChannels"
74 "RxBufferSize"
75 "TxBufferSize"
76 "ReceiveQueues"
77 "TransmitQueues"
78 "TransmitQueueLength"
79 ])
80 (assertValueOneOf "MACAddressPolicy" ["persistent" "random" "none"])
81 (assertMacAddress "MACAddress")
82 (assertByteFormat "MTUBytes")
83 (assertByteFormat "BitsPerSecond")
84 (assertValueOneOf "Duplex" ["half" "full"])
85 (assertValueOneOf "AutoNegotiation" boolValues)
86 (assertValuesSomeOfOr "WakeOnLan" ["phy" "unicast" "multicast" "broadcast" "arp" "magic" "secureon"] "off")
87 (assertValueOneOf "Port" ["tp" "aui" "bnc" "mii" "fibre"])
88 (assertValueOneOf "ReceiveChecksumOffload" boolValues)
89 (assertValueOneOf "TransmitChecksumOffload" boolValues)
90 (assertValueOneOf "TCPSegmentationOffload" boolValues)
91 (assertValueOneOf "TCP6SegmentationOffload" boolValues)
92 (assertValueOneOf "GenericSegmentationOffload" boolValues)
93 (assertValueOneOf "GenericReceiveOffload" boolValues)
94 (assertValueOneOf "LargeReceiveOffload" boolValues)
95 (assertInt "RxChannels")
96 (assertRange "RxChannels" 1 4294967295)
97 (assertInt "TxChannels")
98 (assertRange "TxChannels" 1 4294967295)
99 (assertInt "OtherChannels")
100 (assertRange "OtherChannels" 1 4294967295)
101 (assertInt "CombinedChannels")
102 (assertRange "CombinedChannels" 1 4294967295)
103 (assertInt "RxBufferSize")
104 (assertInt "TxBufferSize")
105 (assertRange "ReceiveQueues" 1 4096)
106 (assertRange "TransmitQueues" 1 4096)
107 (assertRange "TransmitQueueLength" 1 4294967294)
108 ];
109 };
111 netdev = let
113 tunChecks = [
114 (assertOnlyFields [
115 "MultiQueue"
116 "PacketInfo"
117 "VNetHeader"
118 "User"
119 "Group"
120 ])
121 (assertValueOneOf "MultiQueue" boolValues)
122 (assertValueOneOf "PacketInfo" boolValues)
123 (assertValueOneOf "VNetHeader" boolValues)
124 ];
126 # See https://www.freedesktop.org/software/systemd/man/latest/systemd.netdev.html#%5BIPVTAP%5D%20Section%20Options
127 ipVlanVtapChecks = [
128 (assertOnlyFields [
129 "Mode"
130 "Flags"
131 ])
132 (assertValueOneOf "Mode" ["L2" "L3" "L3S" ])
133 (assertValueOneOf "Flags" ["private" "vepa" "bridge" ])
134 ];
135 in {
137 sectionNetdev = checkUnitConfig "Netdev" [
138 (assertOnlyFields [
139 "Description"
140 "Name"
141 "Kind"
142 "MTUBytes"
143 "MACAddress"
144 ])
145 (assertHasField "Name")
146 (assertHasField "Kind")
147 (assertValueOneOf "Kind" [
148 "bond"
149 "bridge"
150 "dummy"
151 "gre"
152 "gretap"
153 "erspan"
154 "ip6gre"
155 "ip6tnl"
156 "ip6gretap"
157 "ipip"
158 "ipvlan"
159 "ipvtap"
160 "macvlan"
161 "macvtap"
162 "sit"
163 "tap"
164 "tun"
165 "veth"
166 "vlan"
167 "vti"
168 "vti6"
169 "vxlan"
170 "geneve"
171 "l2tp"
172 "macsec"
173 "wlan"
174 "vrf"
175 "vcan"
176 "vxcan"
177 "wireguard"
178 "netdevsim"
179 "nlmon"
180 "fou"
181 "xfrm"
182 "ifb"
183 "batadv"
184 ])
185 (assertByteFormat "MTUBytes")
186 (assertNetdevMacAddress "MACAddress")
187 ];
189 sectionVLAN = checkUnitConfig "VLAN" [
190 (assertOnlyFields [
191 "Id"
192 "GVRP"
193 "MVRP"
194 "LooseBinding"
195 "ReorderHeader"
196 ])
197 (assertInt "Id")
198 (assertRange "Id" 0 4094)
199 (assertValueOneOf "GVRP" boolValues)
200 (assertValueOneOf "MVRP" boolValues)
201 (assertValueOneOf "LooseBinding" boolValues)
202 (assertValueOneOf "ReorderHeader" boolValues)
203 ];
205 sectionIPVLAN = checkUnitConfig "IPVLAN" ipVlanVtapChecks;
207 sectionIPVTAP = checkUnitConfig "IPVTAP" ipVlanVtapChecks;
209 sectionMACVLAN = checkUnitConfig "MACVLAN" [
210 (assertOnlyFields [
211 "Mode"
212 ])
213 (assertValueOneOf "Mode" ["private" "vepa" "bridge" "passthru"])
214 ];
216 sectionVXLAN = checkUnitConfig "VXLAN" [
217 (assertOnlyFields [
218 "VNI"
219 "Remote"
220 "Local"
221 "Group"
222 "TOS"
223 "TTL"
224 "MacLearning"
225 "FDBAgeingSec"
226 "MaximumFDBEntries"
227 "ReduceARPProxy"
228 "L2MissNotification"
229 "L3MissNotification"
230 "RouteShortCircuit"
231 "UDPChecksum"
232 "UDP6ZeroChecksumTx"
233 "UDP6ZeroChecksumRx"
234 "RemoteChecksumTx"
235 "RemoteChecksumRx"
236 "GroupPolicyExtension"
237 "GenericProtocolExtension"
238 "DestinationPort"
239 "PortRange"
240 "FlowLabel"
241 "IPDoNotFragment"
242 "Independent"
243 ])
244 (assertInt "VNI")
245 (assertRange "VNI" 1 16777215)
246 (assertValueOneOf "MacLearning" boolValues)
247 (assertInt "MaximumFDBEntries")
248 (assertValueOneOf "ReduceARPProxy" boolValues)
249 (assertValueOneOf "L2MissNotification" boolValues)
250 (assertValueOneOf "L3MissNotification" boolValues)
251 (assertValueOneOf "RouteShortCircuit" boolValues)
252 (assertValueOneOf "UDPChecksum" boolValues)
253 (assertValueOneOf "UDP6ZeroChecksumTx" boolValues)
254 (assertValueOneOf "UDP6ZeroChecksumRx" boolValues)
255 (assertValueOneOf "RemoteChecksumTx" boolValues)
256 (assertValueOneOf "RemoteChecksumRx" boolValues)
257 (assertValueOneOf "GroupPolicyExtension" boolValues)
258 (assertValueOneOf "GenericProtocolExtension" boolValues)
259 (assertInt "FlowLabel")
260 (assertRange "FlowLabel" 0 1048575)
261 (assertValueOneOf "IPDoNotFragment" (boolValues + ["inherit"]))
262 (assertValueOneOf "Independent" boolValues)
263 ];
265 sectionTunnel = checkUnitConfig "Tunnel" [
266 (assertOnlyFields [
267 "Local"
268 "Remote"
269 "TOS"
270 "TTL"
271 "DiscoverPathMTU"
272 "IPv6FlowLabel"
273 "CopyDSCP"
274 "EncapsulationLimit"
275 "Key"
276 "InputKey"
277 "OutputKey"
278 "Mode"
279 "Independent"
280 "AssignToLoopback"
281 "AllowLocalRemote"
282 "FooOverUDP"
283 "FOUDestinationPort"
284 "FOUSourcePort"
285 "Encapsulation"
286 "IPv6RapidDeploymentPrefix"
287 "ISATAP"
288 "SerializeTunneledPackets"
289 "ERSPANIndex"
290 ])
291 (assertInt "TTL")
292 (assertRange "TTL" 0 255)
293 (assertValueOneOf "DiscoverPathMTU" boolValues)
294 (assertValueOneOf "CopyDSCP" boolValues)
295 (assertValueOneOf "Mode" ["ip6ip6" "ipip6" "any"])
296 (assertValueOneOf "Independent" boolValues)
297 (assertValueOneOf "AssignToLoopback" boolValues)
298 (assertValueOneOf "AllowLocalRemote" boolValues)
299 (assertValueOneOf "FooOverUDP" boolValues)
300 (assertPort "FOUDestinationPort")
301 (assertPort "FOUSourcePort")
302 (assertValueOneOf "Encapsulation" ["FooOverUDP" "GenericUDPEncapsulation"])
303 (assertValueOneOf "ISATAP" boolValues)
304 (assertValueOneOf "SerializeTunneledPackets" boolValues)
305 (assertInt "ERSPANIndex")
306 (assertRange "ERSPANIndex" 1 1048575)
307 ];
309 sectionFooOverUDP = checkUnitConfig "FooOverUDP" [
310 (assertOnlyFields [
311 "Port"
312 "Encapsulation"
313 "Protocol"
314 ])
315 (assertPort "Port")
316 (assertValueOneOf "Encapsulation" ["FooOverUDP" "GenericUDPEncapsulation"])
317 ];
319 sectionPeer = checkUnitConfig "Peer" [
320 (assertOnlyFields [
321 "Name"
322 "MACAddress"
323 ])
324 (assertMacAddress "MACAddress")
325 ];
327 sectionTun = checkUnitConfig "Tun" tunChecks;
329 sectionTap = checkUnitConfig "Tap" tunChecks;
331 sectionL2TP = checkUnitConfig "L2TP" [
332 (assertOnlyFields [
333 "TunnelId"
334 "PeerTunnelId"
335 "Remote"
336 "Local"
337 "EncapsulationType"
338 "UDPSourcePort"
339 "UDPDestinationPort"
340 "UDPChecksum"
341 "UDP6ZeroChecksumTx"
342 "UDP6ZeroChecksumRx"
343 ])
344 (assertInt "TunnelId")
345 (assertRange "TunnelId" 1 4294967295)
346 (assertInt "PeerTunnelId")
347 (assertRange "PeerTunnelId" 1 4294967295)
348 (assertValueOneOf "EncapsulationType" [ "ip" "udp" ])
349 (assertPort "UDPSourcePort")
350 (assertPort "UDPDestinationPort")
351 (assertValueOneOf "UDPChecksum" boolValues)
352 (assertValueOneOf "UDP6ZeroChecksumTx" boolValues)
353 (assertValueOneOf "UDP6ZeroChecksumRx" boolValues)
354 ];
356 sectionL2TPSession = checkUnitConfig "L2TPSession" [
357 (assertOnlyFields [
358 "Name"
359 "SessionId"
360 "PeerSessionId"
361 "Layer2SpecificHeader"
362 ])
363 (assertHasField "Name")
364 (assertHasField "SessionId")
365 (assertInt "SessionId")
366 (assertRange "SessionId" 1 4294967295)
367 (assertHasField "PeerSessionId")
368 (assertInt "PeerSessionId")
369 (assertRange "PeerSessionId" 1 4294967295)
370 (assertValueOneOf "Layer2SpecificHeader" [ "none" "default" ])
371 ];
373 # NOTE The PrivateKey directive is missing on purpose here, please
374 # do not add it to this list. The nix store is world-readable let's
375 # refrain ourselves from providing a footgun.
376 sectionWireGuard = checkUnitConfig "WireGuard" [
377 (assertOnlyFields [
378 "PrivateKeyFile"
379 "ListenPort"
380 "FirewallMark"
381 "RouteTable"
382 "RouteMetric"
383 ])
384 (assertInt "FirewallMark")
385 (assertRange "FirewallMark" 1 4294967295)
386 ];
388 # NOTE The PresharedKey directive is missing on purpose here, please
389 # do not add it to this list. The nix store is world-readable,let's
390 # refrain ourselves from providing a footgun.
391 sectionWireGuardPeer = checkUnitConfig "WireGuardPeer" [
392 (assertOnlyFields [
393 "PublicKey"
394 "PresharedKeyFile"
395 "AllowedIPs"
396 "Endpoint"
397 "PersistentKeepalive"
398 "RouteTable"
399 "RouteMetric"
400 ])
401 (assertInt "PersistentKeepalive")
402 (assertRange "PersistentKeepalive" 0 65535)
403 ];
405 sectionBond = checkUnitConfig "Bond" [
406 (assertOnlyFields [
407 "Mode"
408 "TransmitHashPolicy"
409 "LACPTransmitRate"
410 "MIIMonitorSec"
411 "UpDelaySec"
412 "DownDelaySec"
413 "LearnPacketIntervalSec"
414 "AdSelect"
415 "AdActorSystemPriority"
416 "AdUserPortKey"
417 "AdActorSystem"
418 "FailOverMACPolicy"
419 "ARPValidate"
420 "ARPIntervalSec"
421 "ARPIPTargets"
422 "ARPAllTargets"
423 "PrimaryReselectPolicy"
424 "ResendIGMP"
425 "PacketsPerSlave"
426 "GratuitousARP"
427 "AllSlavesActive"
428 "DynamicTransmitLoadBalancing"
429 "MinLinks"
430 ])
431 (assertValueOneOf "Mode" [
432 "balance-rr"
433 "active-backup"
434 "balance-xor"
435 "broadcast"
436 "802.3ad"
437 "balance-tlb"
438 "balance-alb"
439 ])
440 (assertValueOneOf "TransmitHashPolicy" [
441 "layer2"
442 "layer3+4"
443 "layer2+3"
444 "encap2+3"
445 "encap3+4"
446 ])
447 (assertValueOneOf "LACPTransmitRate" ["slow" "fast"])
448 (assertValueOneOf "AdSelect" ["stable" "bandwidth" "count"])
449 (assertInt "AdActorSystemPriority")
450 (assertRange "AdActorSystemPriority" 1 65535)
451 (assertInt "AdUserPortKey")
452 (assertRange "AdUserPortKey" 0 1023)
453 (assertValueOneOf "FailOverMACPolicy" ["none" "active" "follow"])
454 (assertValueOneOf "ARPValidate" ["none" "active" "backup" "all"])
455 (assertValueOneOf "ARPAllTargets" ["any" "all"])
456 (assertValueOneOf "PrimaryReselectPolicy" ["always" "better" "failure"])
457 (assertInt "ResendIGMP")
458 (assertRange "ResendIGMP" 0 255)
459 (assertInt "PacketsPerSlave")
460 (assertRange "PacketsPerSlave" 0 65535)
461 (assertInt "GratuitousARP")
462 (assertRange "GratuitousARP" 0 255)
463 (assertValueOneOf "AllSlavesActive" boolValues)
464 (assertValueOneOf "DynamicTransmitLoadBalancing" boolValues)
465 (assertInt "MinLinks")
466 (assertMinimum "MinLinks" 0)
467 ];
469 sectionXfrm = checkUnitConfig "Xfrm" [
470 (assertOnlyFields [
471 "InterfaceId"
472 "Independent"
473 ])
474 (assertInt "InterfaceId")
475 (assertRange "InterfaceId" 1 4294967295)
476 (assertValueOneOf "Independent" boolValues)
477 ];
479 sectionVRF = checkUnitConfig "VRF" [
480 (assertOnlyFields [
481 "Table"
482 ])
483 (assertInt "Table")
484 (assertMinimum "Table" 0)
485 ];
487 sectionWLAN = checkUnitConfig "WLAN" [
488 (assertOnlyFields [
489 "PhysicalDevice" # systemd supports both strings ("phy0") and indexes (0) here.
490 "Type"
491 "WDS"
492 ])
493 # See https://github.com/systemd/systemd/blob/main/src/basic/linux/nl80211.h#L3382
494 (assertValueOneOf "Type" [
495 "ad-hoc"
496 "station"
497 "ap"
498 "ap-vlan"
499 "wds"
500 "monitor"
501 "mesh-point"
502 "p2p-client"
503 "p2p-go"
504 "p2p-device"
505 "ocb"
506 "nan"
507 ])
508 (assertValueOneOf "WDS" boolValues)
509 ];
511 sectionBatmanAdvanced = checkUnitConfig "BatmanAdvanced" [
512 (assertOnlyFields [
513 "GatewayMode"
514 "Aggregation"
515 "BridgeLoopAvoidance"
516 "DistributedArpTable"
517 "Fragmentation"
518 "HopPenalty"
519 "OriginatorIntervalSec"
520 "GatewayBandwithDown"
521 "GatewayBandwithUp"
522 "RoutingAlgorithm"
523 ])
524 (assertValueOneOf "GatewayMode" ["off" "client" "server"])
525 (assertValueOneOf "Aggregation" boolValues)
526 (assertValueOneOf "BridgeLoopAvoidance" boolValues)
527 (assertValueOneOf "DistributedArpTable" boolValues)
528 (assertValueOneOf "Fragmentation" boolValues)
529 (assertInt "HopPenalty")
530 (assertRange "HopPenalty" 0 255)
531 (assertValueOneOf "RoutingAlgorithm" ["batman-v" "batman-iv"])
532 ];
533 };
535 network = {
537 sectionLink = checkUnitConfig "Link" [
538 (assertOnlyFields [
539 "MACAddress"
540 "MTUBytes"
541 "ARP"
542 "Multicast"
543 "AllMulticast"
544 "Unmanaged"
545 "Group"
546 "RequiredForOnline"
547 "RequiredFamilyForOnline"
548 "ActivationPolicy"
549 "Promiscuous"
550 ])
551 (assertMacAddress "MACAddress")
552 (assertByteFormat "MTUBytes")
553 (assertValueOneOf "ARP" boolValues)
554 (assertValueOneOf "Multicast" boolValues)
555 (assertValueOneOf "AllMulticast" boolValues)
556 (assertValueOneOf "Promiscuous" boolValues)
557 (assertValueOneOf "Unmanaged" boolValues)
558 (assertInt "Group")
559 (assertRange "Group" 0 2147483647)
560 (assertValueOneOf "RequiredForOnline" (boolValues ++ (
561 let
562 # https://freedesktop.org/software/systemd/man/networkctl.html#missing
563 operationalStates = [
564 "missing"
565 "off"
566 "no-carrier"
567 "dormant"
568 "degraded-carrier"
569 "carrier"
570 "degraded"
571 "enslaved"
572 "routable"
573 ];
574 operationalStateRanges = concatLists (imap0 (i: min: map (max: "${min}:${max}") (drop i operationalStates)) operationalStates);
575 in
576 operationalStates ++ operationalStateRanges
577 )))
578 (assertValueOneOf "RequiredFamilyForOnline" [
579 "ipv4"
580 "ipv6"
581 "both"
582 "any"
583 ])
584 (assertValueOneOf "ActivationPolicy" ([
585 "up"
586 "always-up"
587 "manual"
588 "always-down"
589 "down"
590 "bound"
591 ]))
592 ];
594 sectionNetwork = checkUnitConfig "Network" [
595 (assertOnlyFields [
596 "Description"
597 "DHCP"
598 "DHCPServer"
599 "LinkLocalAddressing"
600 "IPv4LLRoute"
601 "DefaultRouteOnDevice"
602 "LLMNR"
603 "MulticastDNS"
604 "DNSOverTLS"
605 "DNSSEC"
606 "DNSSECNegativeTrustAnchors"
607 "LLDP"
608 "EmitLLDP"
609 "BindCarrier"
610 "Address"
611 "Gateway"
612 "DNS"
613 "Domains"
614 "DNSDefaultRoute"
615 "NTP"
616 "IPForward"
617 "IPMasquerade"
618 "IPv6PrivacyExtensions"
619 "IPv6AcceptRA"
620 "IPv6DuplicateAddressDetection"
621 "IPv6HopLimit"
622 "IPv4ProxyARP"
623 "IPv6ProxyNDP"
624 "IPv6ProxyNDPAddress"
625 "IPv6SendRA"
626 "DHCPPrefixDelegation"
627 "IPv6MTUBytes"
628 "Bridge"
629 "Bond"
630 "VRF"
631 "VLAN"
632 "IPVLAN"
633 "IPVTAP"
634 "MACVLAN"
635 "MACVTAP"
636 "VXLAN"
637 "Tunnel"
638 "MACsec"
639 "ActiveSlave"
640 "PrimarySlave"
641 "ConfigureWithoutCarrier"
642 "IgnoreCarrierLoss"
643 "Xfrm"
644 "KeepConfiguration"
645 "BatmanAdvanced"
646 ])
647 # Note: For DHCP the values both, none, v4, v6 are deprecated
648 (assertValueOneOf "DHCP" ["yes" "no" "ipv4" "ipv6"])
649 (assertValueOneOf "DHCPServer" boolValues)
650 (assertValueOneOf "LinkLocalAddressing" ["yes" "no" "ipv4" "ipv6" "fallback" "ipv4-fallback"])
651 (assertValueOneOf "IPv4LLRoute" boolValues)
652 (assertValueOneOf "DefaultRouteOnDevice" boolValues)
653 (assertValueOneOf "LLMNR" (boolValues ++ ["resolve"]))
654 (assertValueOneOf "MulticastDNS" (boolValues ++ ["resolve"]))
655 (assertValueOneOf "DNSOverTLS" (boolValues ++ ["opportunistic"]))
656 (assertValueOneOf "DNSSEC" (boolValues ++ ["allow-downgrade"]))
657 (assertValueOneOf "LLDP" (boolValues ++ ["routers-only"]))
658 (assertValueOneOf "EmitLLDP" (boolValues ++ ["nearest-bridge" "non-tpmr-bridge" "customer-bridge"]))
659 (assertValueOneOf "DNSDefaultRoute" boolValues)
660 (assertValueOneOf "IPForward" (boolValues ++ ["ipv4" "ipv6"]))
661 (assertValueOneOf "IPMasquerade" (boolValues ++ ["ipv4" "ipv6" "both"]))
662 (assertValueOneOf "IPv6PrivacyExtensions" (boolValues ++ ["prefer-public" "kernel"]))
663 (assertValueOneOf "IPv6AcceptRA" boolValues)
664 (assertInt "IPv6DuplicateAddressDetection")
665 (assertMinimum "IPv6DuplicateAddressDetection" 0)
666 (assertInt "IPv6HopLimit")
667 (assertMinimum "IPv6HopLimit" 0)
668 (assertValueOneOf "IPv4ProxyARP" boolValues)
669 (assertValueOneOf "IPv6ProxyNDP" boolValues)
670 (assertValueOneOf "IPv6SendRA" boolValues)
671 (assertValueOneOf "DHCPPrefixDelegation" boolValues)
672 (assertByteFormat "IPv6MTUBytes")
673 (assertValueOneOf "ActiveSlave" boolValues)
674 (assertValueOneOf "PrimarySlave" boolValues)
675 (assertValueOneOf "ConfigureWithoutCarrier" boolValues)
676 (assertValueOneOf "KeepConfiguration" (boolValues ++ ["static" "dhcp-on-stop" "dhcp"]))
677 ];
679 sectionAddress = checkUnitConfig "Address" [
680 (assertOnlyFields [
681 "Address"
682 "Peer"
683 "Broadcast"
684 "Label"
685 "PreferredLifetime"
686 "Scope"
687 "RouteMetric"
688 "HomeAddress"
689 "DuplicateAddressDetection"
690 "ManageTemporaryAddress"
691 "AddPrefixRoute"
692 "AutoJoin"
693 ])
694 (assertHasField "Address")
695 (assertValueOneOf "PreferredLifetime" ["forever" "infinity" "0" 0])
696 (assertInt "RouteMetric")
697 (assertValueOneOf "HomeAddress" boolValues)
698 (assertValueOneOf "DuplicateAddressDetection" ["ipv4" "ipv6" "both" "none"])
699 (assertValueOneOf "ManageTemporaryAddress" boolValues)
700 (assertValueOneOf "AddPrefixRoute" boolValues)
701 (assertValueOneOf "AutoJoin" boolValues)
702 ];
704 sectionRoutingPolicyRule = checkUnitConfig "RoutingPolicyRule" [
705 (assertOnlyFields [
706 "TypeOfService"
707 "From"
708 "To"
709 "FirewallMark"
710 "Table"
711 "Priority"
712 "IncomingInterface"
713 "OutgoingInterface"
714 "SourcePort"
715 "DestinationPort"
716 "IPProtocol"
717 "InvertRule"
718 "Family"
719 "User"
720 "SuppressPrefixLength"
721 "Type"
722 "SuppressInterfaceGroup"
723 ])
724 (assertInt "TypeOfService")
725 (assertRange "TypeOfService" 0 255)
726 (assertInt "FirewallMark")
727 (assertRange "FirewallMark" 1 4294967295)
728 (assertInt "Priority")
729 (assertPort "SourcePort")
730 (assertPort "DestinationPort")
731 (assertValueOneOf "InvertRule" boolValues)
732 (assertValueOneOf "Family" ["ipv4" "ipv6" "both"])
733 (assertInt "SuppressPrefixLength")
734 (assertRange "SuppressPrefixLength" 0 128)
735 (assertValueOneOf "Type" ["blackhole" "unreachable" "prohibit"])
736 (assertRange "SuppressInterfaceGroup" 0 2147483647)
737 ];
739 sectionRoute = checkUnitConfig "Route" [
740 (assertOnlyFields [
741 "Gateway"
742 "GatewayOnLink"
743 "Destination"
744 "Source"
745 "Metric"
746 "IPv6Preference"
747 "Scope"
748 "PreferredSource"
749 "Table"
750 "Protocol"
751 "Type"
752 "InitialCongestionWindow"
753 "InitialAdvertisedReceiveWindow"
754 "QuickAck"
755 "FastOpenNoCookie"
756 "TTLPropagate"
757 "MTUBytes"
758 "IPServiceType"
759 "MultiPathRoute"
760 ])
761 (assertValueOneOf "GatewayOnLink" boolValues)
762 (assertInt "Metric")
763 (assertValueOneOf "IPv6Preference" ["low" "medium" "high"])
764 (assertValueOneOf "Scope" ["global" "site" "link" "host" "nowhere"])
765 (assertValueOneOf "Type" [
766 "unicast"
767 "local"
768 "broadcast"
769 "anycast"
770 "multicast"
771 "blackhole"
772 "unreachable"
773 "prohibit"
774 "throw"
775 "nat"
776 "xresolve"
777 ])
778 (assertValueOneOf "QuickAck" boolValues)
779 (assertValueOneOf "FastOpenNoCookie" boolValues)
780 (assertValueOneOf "TTLPropagate" boolValues)
781 (assertByteFormat "MTUBytes")
782 (assertValueOneOf "IPServiceType" ["CS6" "CS4"])
783 ];
785 sectionDHCPv4 = checkUnitConfig "DHCPv4" [
786 (assertOnlyFields [
787 "UseDNS"
788 "RoutesToDNS"
789 "UseNTP"
790 "UseSIP"
791 "UseMTU"
792 "Anonymize"
793 "SendHostname"
794 "UseHostname"
795 "Hostname"
796 "UseDomains"
797 "UseRoutes"
798 "UseTimezone"
799 "ClientIdentifier"
800 "VendorClassIdentifier"
801 "UserClass"
802 "MaxAttempts"
803 "DUIDType"
804 "DUIDRawData"
805 "IAID"
806 "RequestBroadcast"
807 "RouteMetric"
808 "RouteTable"
809 "RouteMTUBytes"
810 "ListenPort"
811 "SendRelease"
812 "SendDecline"
813 "BlackList"
814 "RequestOptions"
815 "SendOption"
816 "FallbackLeaseLifetimeSec"
817 "Label"
818 "Use6RD"
819 ])
820 (assertValueOneOf "UseDNS" boolValues)
821 (assertValueOneOf "RoutesToDNS" boolValues)
822 (assertValueOneOf "UseNTP" boolValues)
823 (assertValueOneOf "UseSIP" boolValues)
824 (assertValueOneOf "UseMTU" boolValues)
825 (assertValueOneOf "Anonymize" boolValues)
826 (assertValueOneOf "SendHostname" boolValues)
827 (assertValueOneOf "UseHostname" boolValues)
828 (assertValueOneOf "UseDomains" (boolValues ++ ["route"]))
829 (assertValueOneOf "UseRoutes" boolValues)
830 (assertValueOneOf "UseTimezone" boolValues)
831 (assertValueOneOf "ClientIdentifier" ["mac" "duid" "duid-only"])
832 (assertInt "IAID")
833 (assertValueOneOf "RequestBroadcast" boolValues)
834 (assertInt "RouteMetric")
835 (assertInt "RouteTable")
836 (assertRange "RouteTable" 0 4294967295)
837 (assertByteFormat "RouteMTUBytes")
838 (assertPort "ListenPort")
839 (assertValueOneOf "SendRelease" boolValues)
840 (assertValueOneOf "SendDecline" boolValues)
841 (assertValueOneOf "FallbackLeaseLifetimeSec" ["forever" "infinity"])
842 (assertValueOneOf "Use6RD" boolValues)
843 ];
845 sectionDHCPv6 = checkUnitConfig "DHCPv6" [
846 (assertOnlyFields [
847 "UseAddress"
848 "UseDNS"
849 "UseNTP"
850 "UseHostname"
851 "UseDomains"
852 "RouteMetric"
853 "RapidCommit"
854 "MUDURL"
855 "RequestOptions"
856 "SendVendorOption"
857 "PrefixDelegationHint"
858 "WithoutRA"
859 "SendOption"
860 "UserClass"
861 "VendorClass"
862 "DUIDType"
863 "DUIDRawData"
864 "IAID"
865 "UseDelegatedPrefix"
866 "SendRelease"
867 ])
868 (assertValueOneOf "UseAddress" boolValues)
869 (assertValueOneOf "UseDNS" boolValues)
870 (assertValueOneOf "UseNTP" boolValues)
871 (assertValueOneOf "UseHostname" boolValues)
872 (assertValueOneOf "UseDomains" (boolValues ++ ["route"]))
873 (assertInt "RouteMetric")
874 (assertValueOneOf "RapidCommit" boolValues)
875 (assertValueOneOf "WithoutRA" ["no" "solicit" "information-request"])
876 (assertRange "SendOption" 1 65536)
877 (assertInt "IAID")
878 (assertValueOneOf "UseDelegatedPrefix" boolValues)
879 (assertValueOneOf "SendRelease" boolValues)
880 ];
882 sectionDHCPPrefixDelegation = checkUnitConfig "DHCPPrefixDelegation" [
883 (assertOnlyFields [
884 "UplinkInterface"
885 "SubnetId"
886 "Announce"
887 "Assign"
888 "Token"
889 "ManageTemporaryAddress"
890 "RouteMetric"
891 ])
892 (assertValueOneOf "Announce" boolValues)
893 (assertValueOneOf "Assign" boolValues)
894 (assertValueOneOf "ManageTemporaryAddress" boolValues)
895 (assertRange "RouteMetric" 0 4294967295)
896 ];
898 sectionIPv6AcceptRA = checkUnitConfig "IPv6AcceptRA" [
899 (assertOnlyFields [
900 "UseDNS"
901 "UseDomains"
902 "RouteTable"
903 "UseAutonomousPrefix"
904 "UseOnLinkPrefix"
905 "RouterDenyList"
906 "RouterAllowList"
907 "PrefixDenyList"
908 "PrefixAllowList"
909 "RouteDenyList"
910 "RouteAllowList"
911 "DHCPv6Client"
912 "RouteMetric"
913 "UseMTU"
914 "UseGateway"
915 "UseRoutePrefix"
916 "Token"
917 ])
918 (assertValueOneOf "UseDNS" boolValues)
919 (assertValueOneOf "UseDomains" (boolValues ++ ["route"]))
920 (assertRange "RouteTable" 0 4294967295)
921 (assertValueOneOf "UseAutonomousPrefix" boolValues)
922 (assertValueOneOf "UseOnLinkPrefix" boolValues)
923 (assertValueOneOf "DHCPv6Client" (boolValues ++ ["always"]))
924 (assertValueOneOf "UseMTU" boolValues)
925 (assertValueOneOf "UseGateway" boolValues)
926 (assertValueOneOf "UseRoutePrefix" boolValues)
927 ];
929 sectionDHCPServer = checkUnitConfig "DHCPServer" [
930 (assertOnlyFields [
931 "ServerAddress"
932 "PoolOffset"
933 "PoolSize"
934 "DefaultLeaseTimeSec"
935 "MaxLeaseTimeSec"
936 "UplinkInterface"
937 "EmitDNS"
938 "DNS"
939 "EmitNTP"
940 "NTP"
941 "EmitSIP"
942 "SIP"
943 "EmitPOP3"
944 "POP3"
945 "EmitSMTP"
946 "SMTP"
947 "EmitLPR"
948 "LPR"
949 "EmitRouter"
950 "Router"
951 "EmitTimezone"
952 "Timezone"
953 "SendOption"
954 "SendVendorOption"
955 "BindToInterface"
956 "RelayTarget"
957 "RelayAgentCircuitId"
958 "RelayAgentRemoteId"
959 "BootServerAddress"
960 "BootServerName"
961 "BootFilename"
962 ])
963 (assertInt "PoolOffset")
964 (assertMinimum "PoolOffset" 0)
965 (assertInt "PoolSize")
966 (assertMinimum "PoolSize" 0)
967 (assertValueOneOf "EmitDNS" boolValues)
968 (assertValueOneOf "EmitNTP" boolValues)
969 (assertValueOneOf "EmitSIP" boolValues)
970 (assertValueOneOf "EmitPOP3" boolValues)
971 (assertValueOneOf "EmitSMTP" boolValues)
972 (assertValueOneOf "EmitLPR" boolValues)
973 (assertValueOneOf "EmitRouter" boolValues)
974 (assertValueOneOf "EmitTimezone" boolValues)
975 (assertValueOneOf "BindToInterface" boolValues)
976 ];
978 sectionIPv6SendRA = checkUnitConfig "IPv6SendRA" [
979 (assertOnlyFields [
980 "Managed"
981 "OtherInformation"
982 "RouterLifetimeSec"
983 "RouterPreference"
984 "UplinkInterface"
985 "EmitDNS"
986 "DNS"
987 "EmitDomains"
988 "Domains"
989 "DNSLifetimeSec"
990 ])
991 (assertValueOneOf "Managed" boolValues)
992 (assertValueOneOf "OtherInformation" boolValues)
993 (assertValueOneOf "RouterPreference" ["high" "medium" "low" "normal" "default"])
994 (assertValueOneOf "EmitDNS" boolValues)
995 (assertValueOneOf "EmitDomains" boolValues)
996 ];
998 sectionIPv6Prefix = checkUnitConfig "IPv6Prefix" [
999 (assertOnlyFields [
1000 "AddressAutoconfiguration"
1001 "OnLink"
1002 "Prefix"
1003 "PreferredLifetimeSec"
1004 "ValidLifetimeSec"
1005 "Assign"
1006 "Token"
1007 ])
1008 (assertValueOneOf "AddressAutoconfiguration" boolValues)
1009 (assertValueOneOf "OnLink" boolValues)
1010 (assertValueOneOf "Assign" boolValues)
1011 ];
1013 sectionIPv6RoutePrefix = checkUnitConfig "IPv6RoutePrefix" [
1014 (assertOnlyFields [
1015 "Route"
1016 "LifetimeSec"
1017 ])
1018 (assertHasField "Route")
1019 (assertInt "LifetimeSec")
1020 ];
1022 sectionDHCPServerStaticLease = checkUnitConfig "DHCPServerStaticLease" [
1023 (assertOnlyFields [
1024 "MACAddress"
1025 "Address"
1026 ])
1027 (assertHasField "MACAddress")
1028 (assertHasField "Address")
1029 (assertMacAddress "MACAddress")
1030 ];
1032 sectionBridge = checkUnitConfig "Bridge" [
1033 (assertOnlyFields [
1034 "UnicastFlood"
1035 "MulticastFlood"
1036 "MulticastToUnicast"
1037 "NeighborSuppression"
1038 "Learning"
1039 "HairPin"
1040 "Isolated"
1041 "UseBPDU"
1042 "FastLeave"
1043 "AllowPortToBeRoot"
1044 "ProxyARP"
1045 "ProxyARPWiFi"
1046 "MulticastRouter"
1047 "Cost"
1048 "Priority"
1049 ])
1050 (assertValueOneOf "UnicastFlood" boolValues)
1051 (assertValueOneOf "MulticastFlood" boolValues)
1052 (assertValueOneOf "MulticastToUnicast" boolValues)
1053 (assertValueOneOf "NeighborSuppression" boolValues)
1054 (assertValueOneOf "Learning" boolValues)
1055 (assertValueOneOf "HairPin" boolValues)
1056 (assertValueOneOf "Isolated" boolValues)
1057 (assertValueOneOf "UseBPDU" boolValues)
1058 (assertValueOneOf "FastLeave" boolValues)
1059 (assertValueOneOf "AllowPortToBeRoot" boolValues)
1060 (assertValueOneOf "ProxyARP" boolValues)
1061 (assertValueOneOf "ProxyARPWiFi" boolValues)
1062 (assertValueOneOf "MulticastRouter" [ "no" "query" "permanent" "temporary" ])
1063 (assertInt "Cost")
1064 (assertRange "Cost" 1 65535)
1065 (assertInt "Priority")
1066 (assertRange "Priority" 0 63)
1067 ];
1069 sectionBridgeFDB = checkUnitConfig "BridgeFDB" [
1070 (assertOnlyFields [
1071 "MACAddress"
1072 "Destination"
1073 "VLANId"
1074 "VNI"
1075 "AssociatedWith"
1076 "OutgoingInterface"
1077 ])
1078 (assertHasField "MACAddress")
1079 (assertInt "VLANId")
1080 (assertRange "VLANId" 0 4094)
1081 (assertInt "VNI")
1082 (assertRange "VNI" 1 16777215)
1083 (assertValueOneOf "AssociatedWith" [ "use" "self" "master" "router" ])
1084 ];
1086 sectionBridgeMDB = checkUnitConfig "BridgeMDB" [
1087 (assertOnlyFields [
1088 "MulticastGroupAddress"
1089 "VLANId"
1090 ])
1091 (assertHasField "MulticastGroupAddress")
1092 (assertInt "VLANId")
1093 (assertRange "VLANId" 0 4094)
1094 ];
1096 sectionLLDP = checkUnitConfig "LLDP" [
1097 (assertOnlyFields [
1098 "MUDURL"
1099 ])
1100 ];
1102 sectionCAN = checkUnitConfig "CAN" [
1103 (assertOnlyFields [
1104 "BitRate"
1105 "SamplePoint"
1106 "TimeQuantaNSec"
1107 "PropagationSegment"
1108 "PhaseBufferSegment1"
1109 "PhaseBufferSegment2"
1110 "SyncJumpWidth"
1111 "DataBitRate"
1112 "DataSamplePoint"
1113 "DataTimeQuantaNSec"
1114 "DataPropagationSegment"
1115 "DataPhaseBufferSegment1"
1116 "DataPhaseBufferSegment2"
1117 "DataSyncJumpWidth"
1118 "FDMode"
1119 "FDNonISO"
1120 "RestartSec"
1121 "Termination"
1122 "TripleSampling"
1123 "BusErrorReporting"
1124 "ListenOnly"
1125 "Loopback"
1126 "OneShot"
1127 "PresumeAck"
1128 "ClassicDataLengthCode"
1129 ])
1130 (assertInt "TimeQuantaNSec" )
1131 (assertRange "TimeQuantaNSec" 0 4294967295 )
1132 (assertInt "PropagationSegment" )
1133 (assertRange "PropagationSegment" 0 4294967295 )
1134 (assertInt "PhaseBufferSegment1" )
1135 (assertRange "PhaseBufferSegment1" 0 4294967295 )
1136 (assertInt "PhaseBufferSegment2" )
1137 (assertRange "PhaseBufferSegment2" 0 4294967295 )
1138 (assertInt "SyncJumpWidth" )
1139 (assertRange "SyncJumpWidth" 0 4294967295 )
1140 (assertInt "DataTimeQuantaNSec" )
1141 (assertRange "DataTimeQuantaNSec" 0 4294967295 )
1142 (assertInt "DataPropagationSegment" )
1143 (assertRange "DataPropagationSegment" 0 4294967295 )
1144 (assertInt "DataPhaseBufferSegment1" )
1145 (assertRange "DataPhaseBufferSegment1" 0 4294967295 )
1146 (assertInt "DataPhaseBufferSegment2" )
1147 (assertRange "DataPhaseBufferSegment2" 0 4294967295 )
1148 (assertInt "DataSyncJumpWidth" )
1149 (assertRange "DataSyncJumpWidth" 0 4294967295 )
1150 (assertValueOneOf "FDMode" boolValues)
1151 (assertValueOneOf "FDNonISO" boolValues)
1152 (assertValueOneOf "TripleSampling" boolValues)
1153 (assertValueOneOf "BusErrorReporting" boolValues)
1154 (assertValueOneOf "ListenOnly" boolValues)
1155 (assertValueOneOf "Loopback" boolValues)
1156 (assertValueOneOf "OneShot" boolValues)
1157 (assertValueOneOf "PresumeAck" boolValues)
1158 (assertValueOneOf "ClassicDataLengthCode" boolValues)
1159 ];
1161 sectionIPoIB = checkUnitConfig "IPoIB" [
1162 (assertOnlyFields [
1163 "Mode"
1164 "IgnoreUserspaceMulticastGroup"
1165 ])
1166 (assertValueOneOf "Mode" [ "datagram" "connected" ])
1167 (assertValueOneOf "IgnoreUserspaceMulticastGroup" boolValues)
1168 ];
1170 sectionQDisc = checkUnitConfig "QDisc" [
1171 (assertOnlyFields [
1172 "Parent"
1173 "Handle"
1174 ])
1175 (assertValueOneOf "Parent" [ "clsact" "ingress" ])
1176 ];
1178 sectionNetworkEmulator = checkUnitConfig "NetworkEmulator" [
1179 (assertOnlyFields [
1180 "Parent"
1181 "Handle"
1182 "DelaySec"
1183 "DelayJitterSec"
1184 "PacketLimit"
1185 "LossRate"
1186 "DuplicateRate"
1187 ])
1188 (assertInt "PacketLimit")
1189 (assertRange "PacketLimit" 0 4294967294)
1190 ];
1192 sectionTokenBucketFilter = checkUnitConfig "TokenBucketFilter" [
1193 (assertOnlyFields [
1194 "Parent"
1195 "Handle"
1196 "LatencySec"
1197 "LimitBytes"
1198 "BurstBytes"
1199 "Rate"
1200 "MPUBytes"
1201 "PeakRate"
1202 "MTUBytes"
1203 ])
1204 ];
1206 sectionPIE = checkUnitConfig "PIE" [
1207 (assertOnlyFields [
1208 "Parent"
1209 "Handle"
1210 "PacketLimit"
1211 ])
1212 (assertInt "PacketLimit")
1213 (assertRange "PacketLimit" 1 4294967294)
1214 ];
1216 sectionFlowQueuePIE = checkUnitConfig "FlowQueuePIE" [
1217 (assertOnlyFields [
1218 "Parent"
1219 "Handle"
1220 "PacketLimit"
1221 ])
1222 (assertInt "PacketLimit")
1223 (assertRange "PacketLimit" 1 4294967294)
1224 ];
1226 sectionStochasticFairBlue = checkUnitConfig "StochasticFairBlue" [
1227 (assertOnlyFields [
1228 "Parent"
1229 "Handle"
1230 "PacketLimit"
1231 ])
1232 (assertInt "PacketLimit")
1233 (assertRange "PacketLimit" 1 4294967294)
1234 ];
1236 sectionStochasticFairnessQueueing = checkUnitConfig "StochasticFairnessQueueing" [
1237 (assertOnlyFields [
1238 "Parent"
1239 "Handle"
1240 "PerturbPeriodSec"
1241 ])
1242 (assertInt "PerturbPeriodSec")
1243 ];
1245 sectionBFIFO = checkUnitConfig "BFIFO" [
1246 (assertOnlyFields [
1247 "Parent"
1248 "Handle"
1249 "LimitBytes"
1250 ])
1251 ];
1253 sectionPFIFO = checkUnitConfig "PFIFO" [
1254 (assertOnlyFields [
1255 "Parent"
1256 "Handle"
1257 "PacketLimit"
1258 ])
1259 (assertInt "PacketLimit")
1260 (assertRange "PacketLimit" 0 4294967294)
1261 ];
1263 sectionPFIFOHeadDrop = checkUnitConfig "PFIFOHeadDrop" [
1264 (assertOnlyFields [
1265 "Parent"
1266 "Handle"
1267 "PacketLimit"
1268 ])
1269 (assertInt "PacketLimit")
1270 (assertRange "PacketLimit" 0 4294967294)
1271 ];
1273 sectionPFIFOFast = checkUnitConfig "PFIFOFast" [
1274 (assertOnlyFields [
1275 "Parent"
1276 "Handle"
1277 ])
1278 ];
1280 sectionCAKE = checkUnitConfig "CAKE" [
1281 (assertOnlyFields [
1282 "Parent"
1283 "Handle"
1284 "Bandwidth"
1285 "AutoRateIngress"
1286 "OverheadBytes"
1287 "MPUBytes"
1288 "CompensationMode"
1289 "UseRawPacketSize"
1290 "FlowIsolationMode"
1291 "NAT"
1292 "PriorityQueueingPreset"
1293 "FirewallMark"
1294 "Wash"
1295 "SplitGSO"
1296 "AckFilter"
1297 ])
1298 (assertValueOneOf "AutoRateIngress" boolValues)
1299 (assertInt "OverheadBytes")
1300 (assertRange "OverheadBytes" (-64) 256)
1301 (assertInt "MPUBytes")
1302 (assertRange "MPUBytes" 1 256)
1303 (assertValueOneOf "CompensationMode" [ "none" "atm" "ptm" ])
1304 (assertValueOneOf "UseRawPacketSize" boolValues)
1305 (assertValueOneOf "FlowIsolationMode"
1306 [
1307 "none"
1308 "src-host"
1309 "dst-host"
1310 "hosts"
1311 "flows"
1312 "dual-src-host"
1313 "dual-dst-host"
1314 "triple"
1315 ])
1316 (assertValueOneOf "NAT" boolValues)
1317 (assertValueOneOf "PriorityQueueingPreset"
1318 [
1319 "besteffort"
1320 "precedence"
1321 "diffserv8"
1322 "diffserv4"
1323 "diffserv3"
1324 ])
1325 (assertInt "FirewallMark")
1326 (assertRange "FirewallMark" 1 4294967295)
1327 (assertValueOneOf "Wash" boolValues)
1328 (assertValueOneOf "SplitGSO" boolValues)
1329 (assertValueOneOf "AckFilter" (boolValues ++ ["aggressive"]))
1330 ];
1332 sectionControlledDelay = checkUnitConfig "ControlledDelay" [
1333 (assertOnlyFields [
1334 "Parent"
1335 "Handle"
1336 "PacketLimit"
1337 "TargetSec"
1338 "IntervalSec"
1339 "ECN"
1340 "CEThresholdSec"
1341 ])
1342 (assertValueOneOf "ECN" boolValues)
1343 ];
1345 sectionDeficitRoundRobinScheduler = checkUnitConfig "DeficitRoundRobinScheduler" [
1346 (assertOnlyFields [
1347 "Parent"
1348 "Handle"
1349 ])
1350 ];
1352 sectionDeficitRoundRobinSchedulerClass = checkUnitConfig "DeficitRoundRobinSchedulerClass" [
1353 (assertOnlyFields [
1354 "Parent"
1355 "Handle"
1356 "QuantumBytes"
1357 ])
1358 ];
1360 sectionEnhancedTransmissionSelection = checkUnitConfig "EnhancedTransmissionSelection" [
1361 (assertOnlyFields [
1362 "Parent"
1363 "Handle"
1364 "Bands"
1365 "StrictBands"
1366 "QuantumBytes"
1367 "PriorityMap"
1368 ])
1369 (assertInt "Bands")
1370 (assertRange "Bands" 1 16)
1371 (assertInt "StrictBands")
1372 (assertRange "StrictBands" 1 16)
1373 ];
1375 sectionGenericRandomEarlyDetection = checkUnitConfig "GenericRandomEarlyDetection" [
1376 (assertOnlyFields [
1377 "Parent"
1378 "Handle"
1379 "VirtualQueues"
1380 "DefaultVirtualQueue"
1381 "GenericRIO"
1382 ])
1383 (assertInt "VirtualQueues")
1384 (assertRange "VirtualQueues" 1 16)
1385 (assertInt "DefaultVirtualQueue")
1386 (assertRange "DefaultVirtualQueue" 1 16)
1387 (assertValueOneOf "GenericRIO" boolValues)
1388 ];
1390 sectionFairQueueingControlledDelay = checkUnitConfig "FairQueueingControlledDelay" [
1391 (assertOnlyFields [
1392 "Parent"
1393 "Handle"
1394 "PacketLimit"
1395 "MemoryLimitBytes"
1396 "Flows"
1397 "TargetSec"
1398 "IntervalSec"
1399 "QuantumBytes"
1400 "ECN"
1401 "CEThresholdSec"
1402 ])
1403 (assertInt "PacketLimit")
1404 (assertInt "Flows")
1405 (assertValueOneOf "ECN" boolValues)
1406 ];
1408 sectionFairQueueing = checkUnitConfig "FairQueueing" [
1409 (assertOnlyFields [
1410 "Parent"
1411 "Handle"
1412 "PacketLimit"
1413 "FlowLimit"
1414 "QuantumBytes"
1415 "InitualQuantumBytes"
1416 "MaximumRate"
1417 "Buckets"
1418 "OrphanMask"
1419 "Pacing"
1420 "CEThresholdSec"
1421 ])
1422 (assertInt "PacketLimit")
1423 (assertInt "FlowLimit")
1424 (assertInt "OrphanMask")
1425 (assertValueOneOf "Pacing" boolValues)
1426 ];
1428 sectionTrivialLinkEqualizer = checkUnitConfig "TrivialLinkEqualizer" [
1429 (assertOnlyFields [
1430 "Parent"
1431 "Handle"
1432 "Id"
1433 ])
1434 ];
1436 sectionHierarchyTokenBucket = checkUnitConfig "HierarchyTokenBucket" [
1437 (assertOnlyFields [
1438 "Parent"
1439 "Handle"
1440 "DefaultClass"
1441 "RateToQuantum"
1442 ])
1443 (assertInt "RateToQuantum")
1444 ];
1446 sectionHierarchyTokenBucketClass = checkUnitConfig "HierarchyTokenBucketClass" [
1447 (assertOnlyFields [
1448 "Parent"
1449 "ClassId"
1450 "Priority"
1451 "QuantumBytes"
1452 "MTUBytes"
1453 "OverheadBytes"
1454 "Rate"
1455 "CeilRate"
1456 "BufferBytes"
1457 "CeilBufferBytes"
1458 ])
1459 ];
1461 sectionHeavyHitterFilter = checkUnitConfig "HeavyHitterFilter" [
1462 (assertOnlyFields [
1463 "Parent"
1464 "Handle"
1465 "PacketLimit"
1466 ])
1467 (assertInt "PacketLimit")
1468 (assertRange "PacketLimit" 0 4294967294)
1469 ];
1471 sectionQuickFairQueueing = checkUnitConfig "QuickFairQueueing" [
1472 (assertOnlyFields [
1473 "Parent"
1474 "Handle"
1475 ])
1476 ];
1478 sectionQuickFairQueueingClass = checkUnitConfig "QuickFairQueueingClass" [
1479 (assertOnlyFields [
1480 "Parent"
1481 "ClassId"
1482 "Weight"
1483 "MaxPacketBytes"
1484 ])
1485 (assertInt "Weight")
1486 (assertRange "Weight" 1 1023)
1487 ];
1489 sectionBridgeVLAN = checkUnitConfig "BridgeVLAN" [
1490 (assertOnlyFields [
1491 "VLAN"
1492 "EgressUntagged"
1493 "PVID"
1494 ])
1495 (assertInt "PVID")
1496 (assertRange "PVID" 0 4094)
1497 ];
1498 };
1499 };
1501 commonNetworkOptions = {
1503 enable = mkOption {
1504 default = true;
1505 type = types.bool;
1506 description = lib.mdDoc ''
1507 Whether to manage network configuration using {command}`systemd-network`.
1509 This also enables {option}`systemd.networkd.enable`.
1510 '';
1511 };
1513 matchConfig = mkOption {
1514 default = {};
1515 example = { Name = "eth0"; };
1516 type = types.attrsOf unitOption;
1517 description = lib.mdDoc ''
1518 Each attribute in this set specifies an option in the
1519 `[Match]` section of the unit. See
1520 {manpage}`systemd.link(5)`
1521 {manpage}`systemd.netdev(5)`
1522 {manpage}`systemd.network(5)`
1523 for details.
1524 '';
1525 };
1527 extraConfig = mkOption {
1528 default = "";
1529 type = types.lines;
1530 description = lib.mdDoc "Extra configuration append to unit";
1531 };
1532 };
1534 networkdOptions = {
1535 networkConfig = mkOption {
1536 default = {};
1537 example = { SpeedMeter = true; ManageForeignRoutingPolicyRules = false; };
1538 type = types.addCheck (types.attrsOf unitOption) check.global.sectionNetwork;
1539 description = lib.mdDoc ''
1540 Each attribute in this set specifies an option in the
1541 `[Network]` section of the networkd config.
1542 See {manpage}`networkd.conf(5)` for details.
1543 '';
1544 };
1546 dhcpV4Config = mkOption {
1547 default = {};
1548 example = { DUIDType = "vendor"; };
1549 type = types.addCheck (types.attrsOf unitOption) check.global.sectionDHCPv4;
1550 description = lib.mdDoc ''
1551 Each attribute in this set specifies an option in the
1552 `[DHCPv4]` section of the networkd config.
1553 See {manpage}`networkd.conf(5)` for details.
1554 '';
1555 };
1557 dhcpV6Config = mkOption {
1558 default = {};
1559 example = { DUIDType = "vendor"; };
1560 type = types.addCheck (types.attrsOf unitOption) check.global.sectionDHCPv6;
1561 description = lib.mdDoc ''
1562 Each attribute in this set specifies an option in the
1563 `[DHCPv6]` section of the networkd config.
1564 See {manpage}`networkd.conf(5)` for details.
1565 '';
1566 };
1567 };
1569 linkOptions = commonNetworkOptions // {
1570 # overwrite enable option from above
1571 enable = mkOption {
1572 default = true;
1573 type = types.bool;
1574 description = lib.mdDoc ''
1575 Whether to enable this .link unit. It's handled by udev no matter if {command}`systemd-networkd` is enabled or not
1576 '';
1577 };
1579 linkConfig = mkOption {
1580 default = {};
1581 example = { MACAddress = "00:ff:ee:aa:cc:dd"; };
1582 type = types.addCheck (types.attrsOf unitOption) check.link.sectionLink;
1583 description = lib.mdDoc ''
1584 Each attribute in this set specifies an option in the
1585 `[Link]` section of the unit. See
1586 {manpage}`systemd.link(5)` for details.
1587 '';
1588 };
1590 };
1593 l2tpSessionOptions = {
1594 options = {
1595 l2tpSessionConfig = mkOption {
1596 default = {};
1597 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionL2TPSession;
1598 description = lib.mdDoc ''
1599 Each attribute in this set specifies an option in the
1600 `[L2TPSession]` section of the unit. See
1601 {manpage}`systemd.netdev(5)` for details.
1602 '';
1603 };
1604 };
1605 };
1607 wireguardPeerOptions = {
1608 options = {
1609 wireguardPeerConfig = mkOption {
1610 default = {};
1611 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionWireGuardPeer;
1612 description = lib.mdDoc ''
1613 Each attribute in this set specifies an option in the
1614 `[WireGuardPeer]` section of the unit. See
1615 {manpage}`systemd.network(5)` for details.
1616 '';
1617 };
1618 };
1619 };
1621 netdevOptions = commonNetworkOptions // {
1623 netdevConfig = mkOption {
1624 example = { Name = "mybridge"; Kind = "bridge"; };
1625 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionNetdev;
1626 description = lib.mdDoc ''
1627 Each attribute in this set specifies an option in the
1628 `[Netdev]` section of the unit. See
1629 {manpage}`systemd.netdev(5)` for details.
1630 '';
1631 };
1633 vlanConfig = mkOption {
1634 default = {};
1635 example = { Id = 4; };
1636 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionVLAN;
1637 description = lib.mdDoc ''
1638 Each attribute in this set specifies an option in the
1639 `[VLAN]` section of the unit. See
1640 {manpage}`systemd.netdev(5)` for details.
1641 '';
1642 };
1644 ipvlanConfig = mkOption {
1645 default = {};
1646 example = { Mode = "L2"; Flags = "private"; };
1647 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionIPVLAN;
1648 description = lib.mdDoc ''
1649 Each attribute in this set specifies an option in the `[IPVLAN]` section of the unit.
1650 See {manpage}`systemd.netdev(5)` for details.
1651 '';
1652 };
1654 ipvtapConfig = mkOption {
1655 default = {};
1656 example = { Mode = "L3"; Flags = "vepa"; };
1657 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionIPVTAP;
1658 description = lib.mdDoc ''
1659 Each attribute in this set specifies an option in the `[IPVTAP]` section of the unit.
1660 See {manpage}`systemd.netdev(5)` for details.
1661 '';
1662 };
1664 macvlanConfig = mkOption {
1665 default = {};
1666 example = { Mode = "private"; };
1667 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionMACVLAN;
1668 description = lib.mdDoc ''
1669 Each attribute in this set specifies an option in the
1670 `[MACVLAN]` section of the unit. See
1671 {manpage}`systemd.netdev(5)` for details.
1672 '';
1673 };
1675 vxlanConfig = mkOption {
1676 default = {};
1677 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionVXLAN;
1678 description = lib.mdDoc ''
1679 Each attribute in this set specifies an option in the
1680 `[VXLAN]` section of the unit. See
1681 {manpage}`systemd.netdev(5)` for details.
1682 '';
1683 };
1685 tunnelConfig = mkOption {
1686 default = {};
1687 example = { Remote = "192.168.1.1"; };
1688 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionTunnel;
1689 description = lib.mdDoc ''
1690 Each attribute in this set specifies an option in the
1691 `[Tunnel]` section of the unit. See
1692 {manpage}`systemd.netdev(5)` for details.
1693 '';
1694 };
1696 fooOverUDPConfig = mkOption {
1697 default = { };
1698 example = { Port = 9001; };
1699 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionFooOverUDP;
1700 description = lib.mdDoc ''
1701 Each attribute in this set specifies an option in the
1702 `[FooOverUDP]` section of the unit. See
1703 {manpage}`systemd.netdev(5)` for details.
1704 '';
1705 };
1707 peerConfig = mkOption {
1708 default = {};
1709 example = { Name = "veth2"; };
1710 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionPeer;
1711 description = lib.mdDoc ''
1712 Each attribute in this set specifies an option in the
1713 `[Peer]` section of the unit. See
1714 {manpage}`systemd.netdev(5)` for details.
1715 '';
1716 };
1718 tunConfig = mkOption {
1719 default = {};
1720 example = { User = "openvpn"; };
1721 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionTun;
1722 description = lib.mdDoc ''
1723 Each attribute in this set specifies an option in the
1724 `[Tun]` section of the unit. See
1725 {manpage}`systemd.netdev(5)` for details.
1726 '';
1727 };
1729 tapConfig = mkOption {
1730 default = {};
1731 example = { User = "openvpn"; };
1732 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionTap;
1733 description = lib.mdDoc ''
1734 Each attribute in this set specifies an option in the
1735 `[Tap]` section of the unit. See
1736 {manpage}`systemd.netdev(5)` for details.
1737 '';
1738 };
1740 l2tpConfig = mkOption {
1741 default = {};
1742 example = {
1743 TunnelId = 10;
1744 PeerTunnelId = 12;
1745 Local = "static";
1746 Remote = "192.168.30.101";
1747 EncapsulationType = "ip";
1748 };
1749 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionL2TP;
1750 description = lib.mdDoc ''
1751 Each attribute in this set specifies an option in the
1752 `[L2TP]` section of the unit. See
1753 {manpage}`systemd.netdev(5)` for details.
1754 '';
1755 };
1757 l2tpSessions = mkOption {
1758 default = [];
1759 example = [ { l2tpSessionConfig={
1760 SessionId = 25;
1761 PeerSessionId = 26;
1762 Name = "l2tp-sess";
1763 };}];
1764 type = with types; listOf (submodule l2tpSessionOptions);
1765 description = lib.mdDoc ''
1766 Each item in this array specifies an option in the
1767 `[L2TPSession]` section of the unit. See
1768 {manpage}`systemd.netdev(5)` for details.
1769 '';
1770 };
1772 wireguardConfig = mkOption {
1773 default = {};
1774 example = {
1775 PrivateKeyFile = "/etc/wireguard/secret.key";
1776 ListenPort = 51820;
1777 FirewallMark = 42;
1778 };
1779 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionWireGuard;
1780 description = lib.mdDoc ''
1781 Each attribute in this set specifies an option in the
1782 `[WireGuard]` section of the unit. See
1783 {manpage}`systemd.netdev(5)` for details.
1784 Use `PrivateKeyFile` instead of
1785 `PrivateKey`: the nix store is
1786 world-readable.
1787 '';
1788 };
1790 wireguardPeers = mkOption {
1791 default = [];
1792 example = [ { wireguardPeerConfig={
1793 Endpoint = "192.168.1.1:51820";
1794 PublicKey = "27s0OvaBBdHoJYkH9osZpjpgSOVNw+RaKfboT/Sfq0g=";
1795 PresharedKeyFile = "/etc/wireguard/psk.key";
1796 AllowedIPs = [ "10.0.0.1/32" ];
1797 PersistentKeepalive = 15;
1798 };}];
1799 type = with types; listOf (submodule wireguardPeerOptions);
1800 description = lib.mdDoc ''
1801 Each item in this array specifies an option in the
1802 `[WireGuardPeer]` section of the unit. See
1803 {manpage}`systemd.netdev(5)` for details.
1804 Use `PresharedKeyFile` instead of
1805 `PresharedKey`: the nix store is
1806 world-readable.
1807 '';
1808 };
1810 bondConfig = mkOption {
1811 default = {};
1812 example = { Mode = "802.3ad"; };
1813 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionBond;
1814 description = lib.mdDoc ''
1815 Each attribute in this set specifies an option in the
1816 `[Bond]` section of the unit. See
1817 {manpage}`systemd.netdev(5)` for details.
1818 '';
1819 };
1821 xfrmConfig = mkOption {
1822 default = {};
1823 example = { InterfaceId = 1; };
1824 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionXfrm;
1825 description = lib.mdDoc ''
1826 Each attribute in this set specifies an option in the
1827 `[Xfrm]` section of the unit. See
1828 {manpage}`systemd.netdev(5)` for details.
1829 '';
1830 };
1832 vrfConfig = mkOption {
1833 default = {};
1834 example = { Table = 2342; };
1835 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionVRF;
1836 description = lib.mdDoc ''
1837 Each attribute in this set specifies an option in the
1838 `[VRF]` section of the unit. See
1839 {manpage}`systemd.netdev(5)` for details.
1840 A detailed explanation about how VRFs work can be found in the
1841 [kernel docs](https://www.kernel.org/doc/Documentation/networking/vrf.txt).
1842 '';
1843 };
1845 wlanConfig = mkOption {
1846 default = {};
1847 example = { PhysicalDevice = 0; Type = "station"; };
1848 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionWLAN;
1849 description = lib.mdDoc ''
1850 Each attribute in this set specifies an option in the `[WLAN]` section of the unit.
1851 See {manpage}`systemd.netdev(5)` for details.
1852 '';
1853 };
1855 batmanAdvancedConfig = mkOption {
1856 default = {};
1857 example = {
1858 GatewayMode = "server";
1859 RoutingAlgorithm = "batman-v";
1860 };
1861 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionBatmanAdvanced;
1862 description = lib.mdDoc ''
1863 Each attribute in this set specifies an option in the
1864 `[BatmanAdvanced]` section of the unit. See
1865 {manpage}`systemd.netdev(5)` for details.
1866 '';
1867 };
1869 };
1871 addressOptions = {
1872 options = {
1873 addressConfig = mkOption {
1874 example = { Address = "192.168.0.100/24"; };
1875 type = types.addCheck (types.attrsOf unitOption) check.network.sectionAddress;
1876 description = lib.mdDoc ''
1877 Each attribute in this set specifies an option in the
1878 `[Address]` section of the unit. See
1879 {manpage}`systemd.network(5)` for details.
1880 '';
1881 };
1882 };
1883 };
1885 routingPolicyRulesOptions = {
1886 options = {
1887 routingPolicyRuleConfig = mkOption {
1888 default = { };
1889 example = { Table = 10; IncomingInterface = "eth1"; Family = "both"; };
1890 type = types.addCheck (types.attrsOf unitOption) check.network.sectionRoutingPolicyRule;
1891 description = lib.mdDoc ''
1892 Each attribute in this set specifies an option in the
1893 `[RoutingPolicyRule]` section of the unit. See
1894 {manpage}`systemd.network(5)` for details.
1895 '';
1896 };
1897 };
1898 };
1900 routeOptions = {
1901 options = {
1902 routeConfig = mkOption {
1903 default = {};
1904 example = { Gateway = "192.168.0.1"; };
1905 type = types.addCheck (types.attrsOf unitOption) check.network.sectionRoute;
1906 description = lib.mdDoc ''
1907 Each attribute in this set specifies an option in the
1908 `[Route]` section of the unit. See
1909 {manpage}`systemd.network(5)` for details.
1910 '';
1911 };
1912 };
1913 };
1915 ipv6PrefixOptions = {
1916 options = {
1917 ipv6PrefixConfig = mkOption {
1918 default = {};
1919 example = { Prefix = "fd00::/64"; };
1920 type = types.addCheck (types.attrsOf unitOption) check.network.sectionIPv6Prefix;
1921 description = lib.mdDoc ''
1922 Each attribute in this set specifies an option in the
1923 `[IPv6Prefix]` section of the unit. See
1924 {manpage}`systemd.network(5)` for details.
1925 '';
1926 };
1927 };
1928 };
1930 ipv6RoutePrefixOptions = {
1931 options = {
1932 ipv6RoutePrefixConfig = mkOption {
1933 default = {};
1934 example = { Route = "fd00::/64"; };
1935 type = types.addCheck (types.attrsOf unitOption) check.network.sectionIPv6RoutePrefix;
1936 description = lib.mdDoc ''
1937 Each attribute in this set specifies an option in the
1938 `[IPv6RoutePrefix]` section of the unit. See
1939 {manpage}`systemd.network(5)` for details.
1940 '';
1941 };
1942 };
1943 };
1945 dhcpServerStaticLeaseOptions = {
1946 options = {
1947 dhcpServerStaticLeaseConfig = mkOption {
1948 default = {};
1949 example = { MACAddress = "65:43:4a:5b:d8:5f"; Address = "192.168.1.42"; };
1950 type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPServerStaticLease;
1951 description = lib.mdDoc ''
1952 Each attribute in this set specifies an option in the
1953 `[DHCPServerStaticLease]` section of the unit. See
1954 {manpage}`systemd.network(5)` for details.
1956 Make sure to configure the corresponding client interface to use
1957 `ClientIdentifier=mac`.
1958 '';
1959 };
1960 };
1961 };
1963 bridgeFDBOptions = {
1964 options = {
1965 bridgeFDBConfig = mkOption {
1966 default = {};
1967 example = { MACAddress = "65:43:4a:5b:d8:5f"; Destination = "192.168.1.42"; VNI = 20; };
1968 type = types.addCheck (types.attrsOf unitOption) check.network.sectionBridgeFDB;
1969 description = lib.mdDoc ''
1970 Each attribute in this set specifies an option in the
1971 `[BridgeFDB]` section of the unit. See
1972 {manpage}`systemd.network(5)` for details.
1973 '';
1974 };
1975 };
1976 };
1978 bridgeMDBOptions = {
1979 options = {
1980 bridgeMDBConfig = mkOption {
1981 default = {};
1982 example = { MulticastGroupAddress = "ff02::1:2:3:4"; VLANId = 10; };
1983 type = types.addCheck (types.attrsOf unitOption) check.network.sectionBridgeMDB;
1984 description = lib.mdDoc ''
1985 Each attribute in this set specifies an option in the
1986 `[BridgeMDB]` section of the unit. See
1987 {manpage}`systemd.network(5)` for details.
1988 '';
1989 };
1990 };
1991 };
1993 bridgeVLANOptions = {
1994 options = {
1995 bridgeVLANConfig = mkOption {
1996 default = {};
1997 example = { VLAN = 20; };
1998 type = types.addCheck (types.attrsOf unitOption) check.network.sectionBridgeVLAN;
1999 description = lib.mdDoc ''
2000 Each attribute in this set specifies an option in the
2001 `[BridgeVLAN]` section of the unit. See
2002 {manpage}`systemd.network(5)` for details.
2003 '';
2004 };
2005 };
2006 };
2008 networkOptions = commonNetworkOptions // {
2010 linkConfig = mkOption {
2011 default = {};
2012 example = { Unmanaged = true; };
2013 type = types.addCheck (types.attrsOf unitOption) check.network.sectionLink;
2014 description = lib.mdDoc ''
2015 Each attribute in this set specifies an option in the
2016 `[Link]` section of the unit. See
2017 {manpage}`systemd.network(5)` for details.
2018 '';
2019 };
2021 networkConfig = mkOption {
2022 default = {};
2023 example = { Description = "My Network"; };
2024 type = types.addCheck (types.attrsOf unitOption) check.network.sectionNetwork;
2025 description = lib.mdDoc ''
2026 Each attribute in this set specifies an option in the
2027 `[Network]` section of the unit. See
2028 {manpage}`systemd.network(5)` for details.
2029 '';
2030 };
2032 # systemd.network.networks.*.dhcpConfig has been deprecated in favor of ….dhcpV4Config
2033 # Produce a nice warning message so users know it is gone.
2034 dhcpConfig = mkOption {
2035 visible = false;
2036 apply = _: throw "The option `systemd.network.networks.*.dhcpConfig` can no longer be used since it's been removed. Please use `systemd.network.networks.*.dhcpV4Config` instead.";
2037 };
2039 dhcpV4Config = mkOption {
2040 default = {};
2041 example = { UseDNS = true; UseRoutes = true; };
2042 type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPv4;
2043 description = lib.mdDoc ''
2044 Each attribute in this set specifies an option in the
2045 `[DHCPv4]` section of the unit. See
2046 {manpage}`systemd.network(5)` for details.
2047 '';
2048 };
2050 dhcpV6Config = mkOption {
2051 default = {};
2052 example = { UseDNS = true; };
2053 type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPv6;
2054 description = lib.mdDoc ''
2055 Each attribute in this set specifies an option in the
2056 `[DHCPv6]` section of the unit. See
2057 {manpage}`systemd.network(5)` for details.
2058 '';
2059 };
2061 dhcpV6PrefixDelegationConfig = mkOption {
2062 visible = false;
2063 apply = _: throw "The option `systemd.network.networks.<name>.dhcpV6PrefixDelegationConfig` has been renamed to `systemd.network.networks.<name>.dhcpPrefixDelegationConfig`.";
2064 };
2066 dhcpPrefixDelegationConfig = mkOption {
2067 default = {};
2068 example = { SubnetId = "auto"; Announce = true; };
2069 type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPPrefixDelegation;
2070 description = lib.mdDoc ''
2071 Each attribute in this set specifies an option in the
2072 `[DHCPPrefixDelegation]` section of the unit. See
2073 {manpage}`systemd.network(5)` for details.
2074 '';
2075 };
2077 ipv6AcceptRAConfig = mkOption {
2078 default = {};
2079 example = { UseDNS = true; DHCPv6Client = "always"; };
2080 type = types.addCheck (types.attrsOf unitOption) check.network.sectionIPv6AcceptRA;
2081 description = lib.mdDoc ''
2082 Each attribute in this set specifies an option in the
2083 `[IPv6AcceptRA]` section of the unit. See
2084 {manpage}`systemd.network(5)` for details.
2085 '';
2086 };
2088 dhcpServerConfig = mkOption {
2089 default = {};
2090 example = { PoolOffset = 50; EmitDNS = false; };
2091 type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPServer;
2092 description = lib.mdDoc ''
2093 Each attribute in this set specifies an option in the
2094 `[DHCPServer]` section of the unit. See
2095 {manpage}`systemd.network(5)` for details.
2096 '';
2097 };
2099 # systemd.network.networks.*.ipv6PrefixDelegationConfig has been deprecated
2100 # in 247 in favor of systemd.network.networks.*.ipv6SendRAConfig.
2101 ipv6PrefixDelegationConfig = mkOption {
2102 visible = false;
2103 apply = _: throw "The option `systemd.network.networks.*.ipv6PrefixDelegationConfig` has been replaced by `systemd.network.networks.*.ipv6SendRAConfig`.";
2104 };
2106 ipv6SendRAConfig = mkOption {
2107 default = {};
2108 example = { EmitDNS = true; Managed = true; OtherInformation = true; };
2109 type = types.addCheck (types.attrsOf unitOption) check.network.sectionIPv6SendRA;
2110 description = lib.mdDoc ''
2111 Each attribute in this set specifies an option in the
2112 `[IPv6SendRA]` section of the unit. See
2113 {manpage}`systemd.network(5)` for details.
2114 '';
2115 };
2117 dhcpServerStaticLeases = mkOption {
2118 default = [];
2119 example = [ { dhcpServerStaticLeaseConfig = { MACAddress = "65:43:4a:5b:d8:5f"; Address = "192.168.1.42"; }; } ];
2120 type = with types; listOf (submodule dhcpServerStaticLeaseOptions);
2121 description = lib.mdDoc ''
2122 A list of DHCPServerStaticLease sections to be added to the unit. See
2123 {manpage}`systemd.network(5)` for details.
2124 '';
2125 };
2127 ipv6Prefixes = mkOption {
2128 default = [];
2129 example = [ { ipv6PrefixConfig = { AddressAutoconfiguration = true; OnLink = true; }; } ];
2130 type = with types; listOf (submodule ipv6PrefixOptions);
2131 description = lib.mdDoc ''
2132 A list of ipv6Prefix sections to be added to the unit. See
2133 {manpage}`systemd.network(5)` for details.
2134 '';
2135 };
2137 ipv6RoutePrefixes = mkOption {
2138 default = [];
2139 example = [ { ipv6RoutePrefixConfig = { Route = "fd00::/64"; LifetimeSec = 3600; }; } ];
2140 type = with types; listOf (submodule ipv6RoutePrefixOptions);
2141 description = lib.mdDoc ''
2142 A list of ipv6RoutePrefix sections to be added to the unit. See
2143 {manpage}`systemd.network(5)` for details.
2144 '';
2145 };
2147 bridgeConfig = mkOption {
2148 default = {};
2149 example = { MulticastFlood = false; Cost = 20; };
2150 type = types.addCheck (types.attrsOf unitOption) check.network.sectionBridge;
2151 description = lib.mdDoc ''
2152 Each attribute in this set specifies an option in the
2153 `[Bridge]` section of the unit. See
2154 {manpage}`systemd.network(5)` for details.
2155 '';
2156 };
2158 bridgeFDBs = mkOption {
2159 default = [];
2160 example = [ { bridgeFDBConfig = { MACAddress = "90:e2:ba:43:fc:71"; Destination = "192.168.100.4"; VNI = 3600; }; } ];
2161 type = with types; listOf (submodule bridgeFDBOptions);
2162 description = lib.mdDoc ''
2163 A list of BridgeFDB sections to be added to the unit. See
2164 {manpage}`systemd.network(5)` for details.
2165 '';
2166 };
2168 bridgeMDBs = mkOption {
2169 default = [];
2170 example = [ { bridgeMDBConfig = { MulticastGroupAddress = "ff02::1:2:3:4"; VLANId = 10; } ; } ];
2171 type = with types; listOf (submodule bridgeMDBOptions);
2172 description = lib.mdDoc ''
2173 A list of BridgeMDB sections to be added to the unit. See
2174 {manpage}`systemd.network(5)` for details.
2175 '';
2176 };
2178 lldpConfig = mkOption {
2179 default = {};
2180 example = { MUDURL = "https://things.example.org/product_abc123/v5"; };
2181 type = types.addCheck (types.attrsOf unitOption) check.network.sectionLLDP;
2182 description = lib.mdDoc ''
2183 Each attribute in this set specifies an option in the
2184 `[LLDP]` section of the unit. See
2185 {manpage}`systemd.network(5)` for details.
2186 '';
2187 };
2189 canConfig = mkOption {
2190 default = {};
2191 example = { };
2192 type = types.addCheck (types.attrsOf unitOption) check.network.sectionCAN;
2193 description = lib.mdDoc ''
2194 Each attribute in this set specifies an option in the
2195 `[CAN]` section of the unit. See
2196 {manpage}`systemd.network(5)` for details.
2197 '';
2198 };
2200 ipoIBConfig = mkOption {
2201 default = {};
2202 example = { };
2203 type = types.addCheck (types.attrsOf unitOption) check.network.sectionIPoIB;
2204 description = lib.mdDoc ''
2205 Each attribute in this set specifies an option in the
2206 `[IPoIB]` section of the unit. See
2207 {manpage}`systemd.network(5)` for details.
2208 '';
2209 };
2211 qdiscConfig = mkOption {
2212 default = {};
2213 example = { Parent = "ingress"; };
2214 type = types.addCheck (types.attrsOf unitOption) check.network.sectionQDisc;
2215 description = lib.mdDoc ''
2216 Each attribute in this set specifies an option in the
2217 `[QDisc]` section of the unit. See
2218 {manpage}`systemd.network(5)` for details.
2219 '';
2220 };
2222 networkEmulatorConfig = mkOption {
2223 default = {};
2224 example = { Parent = "ingress"; DelaySec = "20msec"; };
2225 type = types.addCheck (types.attrsOf unitOption) check.network.sectionNetworkEmulator;
2226 description = lib.mdDoc ''
2227 Each attribute in this set specifies an option in the
2228 `[NetworkEmulator]` section of the unit. See
2229 {manpage}`systemd.network(5)` for details.
2230 '';
2231 };
2233 tokenBucketFilterConfig = mkOption {
2234 default = {};
2235 example = { Parent = "ingress"; Rate = "100k"; };
2236 type = types.addCheck (types.attrsOf unitOption) check.network.sectionTokenBucketFilter;
2237 description = lib.mdDoc ''
2238 Each attribute in this set specifies an option in the
2239 `[TokenBucketFilter]` section of the unit. See
2240 {manpage}`systemd.network(5)` for details.
2241 '';
2242 };
2244 pieConfig = mkOption {
2245 default = {};
2246 example = { Parent = "ingress"; PacketLimit = "3847"; };
2247 type = types.addCheck (types.attrsOf unitOption) check.network.sectionPIE;
2248 description = lib.mdDoc ''
2249 Each attribute in this set specifies an option in the
2250 `[PIE]` section of the unit. See
2251 {manpage}`systemd.network(5)` for details.
2252 '';
2253 };
2255 flowQueuePIEConfig = mkOption {
2256 default = {};
2257 example = { Parent = "ingress"; PacketLimit = "3847"; };
2258 type = types.addCheck (types.attrsOf unitOption) check.network.sectionFlowQueuePIE;
2259 description = lib.mdDoc ''
2260 Each attribute in this set specifies an option in the
2261 `[FlowQueuePIE]` section of the unit. See
2262 {manpage}`systemd.network(5)` for details.
2263 '';
2264 };
2266 stochasticFairBlueConfig = mkOption {
2267 default = {};
2268 example = { Parent = "ingress"; PacketLimit = "3847"; };
2269 type = types.addCheck (types.attrsOf unitOption) check.network.sectionStochasticFairBlue;
2270 description = lib.mdDoc ''
2271 Each attribute in this set specifies an option in the
2272 `[StochasticFairBlue]` section of the unit. See
2273 {manpage}`systemd.network(5)` for details.
2274 '';
2275 };
2277 stochasticFairnessQueueingConfig = mkOption {
2278 default = {};
2279 example = { Parent = "ingress"; PerturbPeriodSec = "30"; };
2280 type = types.addCheck (types.attrsOf unitOption) check.network.sectionStochasticFairnessQueueing;
2281 description = lib.mdDoc ''
2282 Each attribute in this set specifies an option in the
2283 `[StochasticFairnessQueueing]` section of the unit. See
2284 {manpage}`systemd.network(5)` for details.
2285 '';
2286 };
2288 bfifoConfig = mkOption {
2289 default = {};
2290 example = { Parent = "ingress"; LimitBytes = "20K"; };
2291 type = types.addCheck (types.attrsOf unitOption) check.network.sectionBFIFO;
2292 description = lib.mdDoc ''
2293 Each attribute in this set specifies an option in the
2294 `[BFIFO]` section of the unit. See
2295 {manpage}`systemd.network(5)` for details.
2296 '';
2297 };
2299 pfifoConfig = mkOption {
2300 default = {};
2301 example = { Parent = "ingress"; PacketLimit = "300"; };
2302 type = types.addCheck (types.attrsOf unitOption) check.network.sectionPFIFO;
2303 description = lib.mdDoc ''
2304 Each attribute in this set specifies an option in the
2305 `[PFIFO]` section of the unit. See
2306 {manpage}`systemd.network(5)` for details.
2307 '';
2308 };
2310 pfifoHeadDropConfig = mkOption {
2311 default = {};
2312 example = { Parent = "ingress"; PacketLimit = "300"; };
2313 type = types.addCheck (types.attrsOf unitOption) check.network.sectionPFIFOHeadDrop;
2314 description = lib.mdDoc ''
2315 Each attribute in this set specifies an option in the
2316 `[PFIFOHeadDrop]` section of the unit. See
2317 {manpage}`systemd.network(5)` for details.
2318 '';
2319 };
2321 pfifoFastConfig = mkOption {
2322 default = {};
2323 example = { Parent = "ingress"; };
2324 type = types.addCheck (types.attrsOf unitOption) check.network.sectionPFIFOFast;
2325 description = lib.mdDoc ''
2326 Each attribute in this set specifies an option in the
2327 `[PFIFOFast]` section of the unit. See
2328 {manpage}`systemd.network(5)` for details.
2329 '';
2330 };
2332 cakeConfig = mkOption {
2333 default = {};
2334 example = { Bandwidth = "40M"; OverheadBytes = 8; CompensationMode = "ptm"; };
2335 type = types.addCheck (types.attrsOf unitOption) check.network.sectionCAKE;
2336 description = lib.mdDoc ''
2337 Each attribute in this set specifies an option in the
2338 `[CAKE]` section of the unit. See
2339 {manpage}`systemd.network(5)` for details.
2340 '';
2341 };
2343 controlledDelayConfig = mkOption {
2344 default = {};
2345 example = { Parent = "ingress"; TargetSec = "20msec"; };
2346 type = types.addCheck (types.attrsOf unitOption) check.network.sectionControlledDelay;
2347 description = lib.mdDoc ''
2348 Each attribute in this set specifies an option in the
2349 `[ControlledDelay]` section of the unit. See
2350 {manpage}`systemd.network(5)` for details.
2351 '';
2352 };
2354 deficitRoundRobinSchedulerConfig = mkOption {
2355 default = {};
2356 example = { Parent = "root"; };
2357 type = types.addCheck (types.attrsOf unitOption) check.network.sectionDeficitRoundRobinScheduler;
2358 description = lib.mdDoc ''
2359 Each attribute in this set specifies an option in the
2360 `[DeficitRoundRobinScheduler]` section of the unit. See
2361 {manpage}`systemd.network(5)` for details.
2362 '';
2363 };
2365 deficitRoundRobinSchedulerClassConfig = mkOption {
2366 default = {};
2367 example = { Parent = "root"; QuantumBytes = "300k"; };
2368 type = types.addCheck (types.attrsOf unitOption) check.network.sectionDeficitRoundRobinSchedulerClass;
2369 description = lib.mdDoc ''
2370 Each attribute in this set specifies an option in the
2371 `[DeficitRoundRobinSchedulerClass]` section of the unit. See
2372 {manpage}`systemd.network(5)` for details.
2373 '';
2374 };
2376 enhancedTransmissionSelectionConfig = mkOption {
2377 default = {};
2378 example = { Parent = "root"; QuantumBytes = "300k"; Bands = 3; PriorityMap = "100 200 300"; };
2379 type = types.addCheck (types.attrsOf unitOption) check.network.sectionEnhancedTransmissionSelection;
2380 description = lib.mdDoc ''
2381 Each attribute in this set specifies an option in the
2382 `[EnhancedTransmissionSelection]` section of the unit. See
2383 {manpage}`systemd.network(5)` for details.
2384 '';
2385 };
2387 genericRandomEarlyDetectionConfig = mkOption {
2388 default = {};
2389 example = { Parent = "root"; VirtualQueues = 5; DefaultVirtualQueue = 3; };
2390 type = types.addCheck (types.attrsOf unitOption) check.network.sectionGenericRandomEarlyDetection;
2391 description = lib.mdDoc ''
2392 Each attribute in this set specifies an option in the
2393 `[GenericRandomEarlyDetection]` section of the unit. See
2394 {manpage}`systemd.network(5)` for details.
2395 '';
2396 };
2398 fairQueueingControlledDelayConfig = mkOption {
2399 default = {};
2400 example = { Parent = "root"; Flows = 5; };
2401 type = types.addCheck (types.attrsOf unitOption) check.network.sectionFairQueueingControlledDelay;
2402 description = lib.mdDoc ''
2403 Each attribute in this set specifies an option in the
2404 `[FairQueueingControlledDelay]` section of the unit. See
2405 {manpage}`systemd.network(5)` for details.
2406 '';
2407 };
2409 fairQueueingConfig = mkOption {
2410 default = {};
2411 example = { Parent = "root"; FlowLimit = 5; };
2412 type = types.addCheck (types.attrsOf unitOption) check.network.sectionFairQueueing;
2413 description = lib.mdDoc ''
2414 Each attribute in this set specifies an option in the
2415 `[FairQueueing]` section of the unit. See
2416 {manpage}`systemd.network(5)` for details.
2417 '';
2418 };
2420 trivialLinkEqualizerConfig = mkOption {
2421 default = {};
2422 example = { Parent = "root"; Id = 0; };
2423 type = types.addCheck (types.attrsOf unitOption) check.network.sectionTrivialLinkEqualizer;
2424 description = lib.mdDoc ''
2425 Each attribute in this set specifies an option in the
2426 `[TrivialLinkEqualizer]` section of the unit. See
2427 {manpage}`systemd.network(5)` for details.
2428 '';
2429 };
2431 hierarchyTokenBucketConfig = mkOption {
2432 default = {};
2433 example = { Parent = "root"; };
2434 type = types.addCheck (types.attrsOf unitOption) check.network.sectionHierarchyTokenBucket;
2435 description = lib.mdDoc ''
2436 Each attribute in this set specifies an option in the
2437 `[HierarchyTokenBucket]` section of the unit. See
2438 {manpage}`systemd.network(5)` for details.
2439 '';
2440 };
2442 hierarchyTokenBucketClassConfig = mkOption {
2443 default = {};
2444 example = { Parent = "root"; Rate = "10M"; };
2445 type = types.addCheck (types.attrsOf unitOption) check.network.sectionHierarchyTokenBucketClass;
2446 description = lib.mdDoc ''
2447 Each attribute in this set specifies an option in the
2448 `[HierarchyTokenBucketClass]` section of the unit. See
2449 {manpage}`systemd.network(5)` for details.
2450 '';
2451 };
2453 heavyHitterFilterConfig = mkOption {
2454 default = {};
2455 example = { Parent = "root"; PacketLimit = 10000; };
2456 type = types.addCheck (types.attrsOf unitOption) check.network.sectionHeavyHitterFilter;
2457 description = lib.mdDoc ''
2458 Each attribute in this set specifies an option in the
2459 `[HeavyHitterFilter]` section of the unit. See
2460 {manpage}`systemd.network(5)` for details.
2461 '';
2462 };
2464 quickFairQueueingConfig = mkOption {
2465 default = {};
2466 example = { Parent = "root"; };
2467 type = types.addCheck (types.attrsOf unitOption) check.network.sectionQuickFairQueueing;
2468 description = lib.mdDoc ''
2469 Each attribute in this set specifies an option in the
2470 `[QuickFairQueueing]` section of the unit. See
2471 {manpage}`systemd.network(5)` for details.
2472 '';
2473 };
2475 quickFairQueueingConfigClass = mkOption {
2476 default = {};
2477 example = { Parent = "root"; Weight = 133; };
2478 type = types.addCheck (types.attrsOf unitOption) check.network.sectionQuickFairQueueingClass;
2479 description = lib.mdDoc ''
2480 Each attribute in this set specifies an option in the
2481 `[QuickFairQueueingClass]` section of the unit. See
2482 {manpage}`systemd.network(5)` for details.
2483 '';
2484 };
2486 bridgeVLANs = mkOption {
2487 default = [];
2488 example = [ { bridgeVLANConfig = { VLAN = "10-20"; }; } ];
2489 type = with types; listOf (submodule bridgeVLANOptions);
2490 description = lib.mdDoc ''
2491 A list of BridgeVLAN sections to be added to the unit. See
2492 {manpage}`systemd.network(5)` for details.
2493 '';
2494 };
2496 name = mkOption {
2497 type = types.nullOr types.str;
2498 default = null;
2499 description = lib.mdDoc ''
2500 The name of the network interface to match against.
2501 '';
2502 };
2504 DHCP = mkOption {
2505 type = types.nullOr types.str;
2506 default = null;
2507 description = lib.mdDoc ''
2508 Whether to enable DHCP on the interfaces matched.
2509 '';
2510 };
2512 domains = mkOption {
2513 type = types.nullOr (types.listOf types.str);
2514 default = null;
2515 description = lib.mdDoc ''
2516 A list of domains to pass to the network config.
2517 '';
2518 };
2520 address = mkOption {
2521 default = [ ];
2522 type = types.listOf types.str;
2523 description = lib.mdDoc ''
2524 A list of addresses to be added to the network section of the
2525 unit. See {manpage}`systemd.network(5)` for details.
2526 '';
2527 };
2529 gateway = mkOption {
2530 default = [ ];
2531 type = types.listOf types.str;
2532 description = lib.mdDoc ''
2533 A list of gateways to be added to the network section of the
2534 unit. See {manpage}`systemd.network(5)` for details.
2535 '';
2536 };
2538 dns = mkOption {
2539 default = [ ];
2540 type = types.listOf types.str;
2541 description = lib.mdDoc ''
2542 A list of dns servers to be added to the network section of the
2543 unit. See {manpage}`systemd.network(5)` for details.
2544 '';
2545 };
2547 ntp = mkOption {
2548 default = [ ];
2549 type = types.listOf types.str;
2550 description = lib.mdDoc ''
2551 A list of ntp servers to be added to the network section of the
2552 unit. See {manpage}`systemd.network(5)` for details.
2553 '';
2554 };
2556 bridge = mkOption {
2557 default = [ ];
2558 type = types.listOf types.str;
2559 description = lib.mdDoc ''
2560 A list of bridge interfaces to be added to the network section of the
2561 unit. See {manpage}`systemd.network(5)` for details.
2562 '';
2563 };
2565 bond = mkOption {
2566 default = [ ];
2567 type = types.listOf types.str;
2568 description = lib.mdDoc ''
2569 A list of bond interfaces to be added to the network section of the
2570 unit. See {manpage}`systemd.network(5)` for details.
2571 '';
2572 };
2574 vrf = mkOption {
2575 default = [ ];
2576 type = types.listOf types.str;
2577 description = lib.mdDoc ''
2578 A list of vrf interfaces to be added to the network section of the
2579 unit. See {manpage}`systemd.network(5)` for details.
2580 '';
2581 };
2583 vlan = mkOption {
2584 default = [ ];
2585 type = types.listOf types.str;
2586 description = lib.mdDoc ''
2587 A list of vlan interfaces to be added to the network section of the
2588 unit. See {manpage}`systemd.network(5)` for details.
2589 '';
2590 };
2592 macvlan = mkOption {
2593 default = [ ];
2594 type = types.listOf types.str;
2595 description = lib.mdDoc ''
2596 A list of macvlan interfaces to be added to the network section of the
2597 unit. See {manpage}`systemd.network(5)` for details.
2598 '';
2599 };
2601 macvtap = mkOption {
2602 default = [ ];
2603 type = types.listOf types.str;
2604 description = lib.mdDoc ''
2605 A list of macvtap interfaces to be added to the network section of the
2606 unit. See {manpage}`systemd.network(5)` for details.
2607 '';
2608 };
2610 vxlan = mkOption {
2611 default = [ ];
2612 type = types.listOf types.str;
2613 description = lib.mdDoc ''
2614 A list of vxlan interfaces to be added to the network section of the
2615 unit. See {manpage}`systemd.network(5)` for details.
2616 '';
2617 };
2619 tunnel = mkOption {
2620 default = [ ];
2621 type = types.listOf types.str;
2622 description = lib.mdDoc ''
2623 A list of tunnel interfaces to be added to the network section of the
2624 unit. See {manpage}`systemd.network(5)` for details.
2625 '';
2626 };
2628 xfrm = mkOption {
2629 default = [ ];
2630 type = types.listOf types.str;
2631 description = lib.mdDoc ''
2632 A list of xfrm interfaces to be added to the network section of the
2633 unit. See {manpage}`systemd.network(5)` for details.
2634 '';
2635 };
2637 addresses = mkOption {
2638 default = [ ];
2639 type = with types; listOf (submodule addressOptions);
2640 description = lib.mdDoc ''
2641 A list of address sections to be added to the unit. See
2642 {manpage}`systemd.network(5)` for details.
2643 '';
2644 };
2646 routingPolicyRules = mkOption {
2647 default = [ ];
2648 type = with types; listOf (submodule routingPolicyRulesOptions);
2649 description = lib.mdDoc ''
2650 A list of routing policy rules sections to be added to the unit. See
2651 {manpage}`systemd.network(5)` for details.
2652 '';
2653 };
2655 routes = mkOption {
2656 default = [ ];
2657 type = with types; listOf (submodule routeOptions);
2658 description = lib.mdDoc ''
2659 A list of route sections to be added to the unit. See
2660 {manpage}`systemd.network(5)` for details.
2661 '';
2662 };
2664 };
2666 networkConfig = { config, ... }: {
2667 config = {
2668 matchConfig = optionalAttrs (config.name != null) {
2669 Name = config.name;
2670 };
2671 networkConfig = optionalAttrs (config.DHCP != null) {
2672 DHCP = config.DHCP;
2673 } // optionalAttrs (config.domains != null) {
2674 Domains = concatStringsSep " " config.domains;
2675 };
2676 };
2677 };
2679 networkdConfig = { config, ... }: {
2680 options = {
2681 routeTables = mkOption {
2682 default = {};
2683 example = { foo = 27; };
2684 type = with types; attrsOf int;
2685 description = lib.mdDoc ''
2686 Defines route table names as an attrset of name to number.
2687 See {manpage}`networkd.conf(5)` for details.
2688 '';
2689 };
2691 addRouteTablesToIPRoute2 = mkOption {
2692 default = true;
2693 example = false;
2694 type = types.bool;
2695 description = lib.mdDoc ''
2696 If true and routeTables are set, then the specified route tables
2697 will also be installed into /etc/iproute2/rt_tables.
2698 '';
2699 };
2700 };
2702 config = {
2703 networkConfig = optionalAttrs (config.routeTables != { }) {
2704 RouteTable = mapAttrsToList
2705 (name: number: "${name}:${toString number}")
2706 config.routeTables;
2707 };
2708 };
2709 };
2711 renderConfig = def:
2712 { text = ''
2713 [Network]
2714 ${attrsToSection def.networkConfig}
2715 ''
2716 + optionalString (def.dhcpV4Config != { }) ''
2717 [DHCPv4]
2718 ${attrsToSection def.dhcpV4Config}
2719 ''
2720 + optionalString (def.dhcpV6Config != { }) ''
2721 [DHCPv6]
2722 ${attrsToSection def.dhcpV6Config}
2723 ''; };
2725 mkUnitFiles = prefix: cfg: listToAttrs (map (name: {
2726 name = "${prefix}systemd/network/${name}";
2727 value.source = "${cfg.units.${name}.unit}/${name}";
2728 }) (attrNames cfg.units));
2730 commonOptions = visible: {
2732 enable = mkOption {
2733 default = false;
2734 type = types.bool;
2735 description = lib.mdDoc ''
2736 Whether to enable networkd or not.
2737 '';
2738 };
2740 links = mkOption {
2741 default = {};
2742 inherit visible;
2743 type = with types; attrsOf (submodule [ { options = linkOptions; } ]);
2744 description = lib.mdDoc "Definition of systemd network links.";
2745 };
2747 netdevs = mkOption {
2748 default = {};
2749 inherit visible;
2750 type = with types; attrsOf (submodule [ { options = netdevOptions; } ]);
2751 description = lib.mdDoc "Definition of systemd network devices.";
2752 };
2754 networks = mkOption {
2755 default = {};
2756 inherit visible;
2757 type = with types; attrsOf (submodule [ { options = networkOptions; } networkConfig ]);
2758 description = lib.mdDoc "Definition of systemd networks.";
2759 };
2761 config = mkOption {
2762 default = {};
2763 inherit visible;
2764 type = with types; submodule [ { options = networkdOptions; } networkdConfig ];
2765 description = lib.mdDoc "Definition of global systemd network config.";
2766 };
2768 units = mkOption {
2769 description = lib.mdDoc "Definition of networkd units.";
2770 default = {};
2771 internal = true;
2772 type = with types; attrsOf (submodule (
2773 { name, config, ... }:
2774 { options = mapAttrs (_: x: x // { internal = true; }) concreteUnitOptions;
2775 config = {
2776 unit = mkDefault (makeUnit name config);
2777 };
2778 }));
2779 };
2781 wait-online = {
2782 enable = mkOption {
2783 type = types.bool;
2784 default = true;
2785 example = false;
2786 description = lib.mdDoc ''
2787 Whether to enable the systemd-networkd-wait-online service.
2789 systemd-networkd-wait-online can timeout and fail if there are no network interfaces
2790 available for it to manage. When systemd-networkd is enabled but a different service is
2791 responsible for managing the system's internet connection (for example, NetworkManager or
2792 connman are used to manage WiFi connections), this service is unnecessary and can be
2793 disabled.
2794 '';
2795 };
2796 anyInterface = mkOption {
2797 description = lib.mdDoc ''
2798 Whether to consider the network online when any interface is online, as opposed to all of them.
2799 This is useful on portable machines with a wired and a wireless interface, for example.
2801 This is on by default if {option}`networking.useDHCP` is enabled.
2802 '';
2803 type = types.bool;
2804 defaultText = "config.networking.useDHCP";
2805 default = config.networking.useDHCP;
2806 };
2808 ignoredInterfaces = mkOption {
2809 description = lib.mdDoc ''
2810 Network interfaces to be ignored when deciding if the system is online.
2811 '';
2812 type = with types; listOf str;
2813 default = [];
2814 example = [ "wg0" ];
2815 };
2817 timeout = mkOption {
2818 description = lib.mdDoc ''
2819 Time to wait for the network to come online, in seconds. Set to 0 to disable.
2820 '';
2821 type = types.ints.unsigned;
2822 default = 120;
2823 example = 0;
2824 };
2826 extraArgs = mkOption {
2827 description = lib.mdDoc ''
2828 Extra command-line arguments to pass to systemd-networkd-wait-online.
2829 These also affect per-interface `systemd-network-wait-online@` services.
2831 See {manpage}`systemd-networkd-wait-online.service(8)` for all available options.
2832 '';
2833 type = with types; listOf str;
2834 default = [];
2835 };
2836 };
2838 };
2840 commonConfig = config: let
2841 cfg = config.systemd.network;
2842 mkUnit = f: def: { inherit (def) enable; text = f def; };
2843 in mkMerge [
2845 # .link units are honored by udev, no matter if systemd-networkd is enabled or not.
2846 {
2847 systemd.network.units = mapAttrs' (n: v: nameValuePair "${n}.link" (mkUnit linkToUnit v)) cfg.links;
2849 systemd.network.wait-online.extraArgs =
2850 [ "--timeout=${toString cfg.wait-online.timeout}" ]
2851 ++ optional cfg.wait-online.anyInterface "--any"
2852 ++ map (i: "--ignore=${i}") cfg.wait-online.ignoredInterfaces;
2853 }
2855 (mkIf config.systemd.network.enable {
2857 systemd.network.units = mapAttrs' (n: v: nameValuePair "${n}.netdev" (mkUnit netdevToUnit v)) cfg.netdevs
2858 // mapAttrs' (n: v: nameValuePair "${n}.network" (mkUnit networkToUnit v)) cfg.networks;
2860 # systemd-networkd is socket-activated by kernel netlink route change
2861 # messages. It is important to have systemd buffer those on behalf of
2862 # networkd.
2863 systemd.sockets.systemd-networkd.wantedBy = [ "sockets.target" ];
2865 systemd.services.systemd-networkd-wait-online = {
2866 inherit (cfg.wait-online) enable;
2867 wantedBy = [ "network-online.target" ];
2868 serviceConfig.ExecStart = [
2869 ""
2870 "${config.systemd.package}/lib/systemd/systemd-networkd-wait-online ${utils.escapeSystemdExecArgs cfg.wait-online.extraArgs}"
2871 ];
2872 };
2874 systemd.services."systemd-network-wait-online@" = {
2875 description = "Wait for Network Interface %I to be Configured";
2876 conflicts = [ "shutdown.target" ];
2877 requisite = [ "systemd-networkd.service" ];
2878 after = [ "systemd-networkd.service" ];
2879 serviceConfig = {
2880 Type = "oneshot";
2881 RemainAfterExit = true;
2882 ExecStart = "${config.systemd.package}/lib/systemd/systemd-networkd-wait-online -i %I ${utils.escapeSystemdExecArgs cfg.wait-online.extraArgs}";
2883 };
2884 };
2886 })
2887 ];
2889 stage2Config = let
2890 cfg = config.systemd.network;
2891 unitFiles = mkUnitFiles "" cfg;
2892 in mkMerge [
2893 (commonConfig config)
2895 { environment.etc = unitFiles; }
2897 (mkIf config.systemd.network.enable {
2899 users.users.systemd-network.group = "systemd-network";
2901 systemd.additionalUpstreamSystemUnits = [
2902 "systemd-networkd-wait-online.service"
2903 "systemd-networkd.service"
2904 "systemd-networkd.socket"
2905 ];
2907 environment.etc."systemd/networkd.conf" = renderConfig cfg.config;
2909 systemd.services.systemd-networkd = let
2910 isReloadableUnitFileName = unitFileName: strings.hasSuffix ".network" unitFileName;
2911 reloadableUnitFiles = attrsets.filterAttrs (k: v: isReloadableUnitFileName k) unitFiles;
2912 nonReloadableUnitFiles = attrsets.filterAttrs (k: v: !isReloadableUnitFileName k) unitFiles;
2913 unitFileSources = unitFiles: map (x: x.source) (attrValues unitFiles);
2914 in {
2915 wantedBy = [ "multi-user.target" ];
2916 reloadTriggers = unitFileSources reloadableUnitFiles;
2917 restartTriggers = unitFileSources nonReloadableUnitFiles ++ [
2918 config.environment.etc."systemd/networkd.conf".source
2919 ];
2920 aliases = [ "dbus-org.freedesktop.network1.service" ];
2921 };
2923 networking.iproute2 = mkIf (cfg.config.addRouteTablesToIPRoute2 && cfg.config.routeTables != { }) {
2924 enable = mkDefault true;
2925 rttablesExtraConfig = ''
2927 # Extra tables defined in NixOS systemd.networkd.config.routeTables.
2928 ${concatStringsSep "\n" (mapAttrsToList (name: number: "${toString number} ${name}") cfg.config.routeTables)}
2929 '';
2930 };
2932 services.resolved.enable = mkDefault true;
2934 })
2935 ];
2937 stage1Options = {
2938 options.boot.initrd.systemd.network.networks = mkOption {
2939 type = with types; attrsOf (submodule {
2940 # Default in initrd is dhcp-on-stop, which is correct if flushBeforeStage2 = false
2941 config = mkIf config.boot.initrd.network.flushBeforeStage2 {
2942 networkConfig.KeepConfiguration = mkDefault false;
2943 };
2944 });
2945 };
2946 };
2948 stage1Config = let
2949 cfg = config.boot.initrd.systemd.network;
2950 in mkMerge [
2951 (commonConfig config.boot.initrd)
2953 {
2954 systemd.network.enable = mkDefault config.boot.initrd.network.enable;
2955 systemd.contents = mkUnitFiles "/etc/" cfg;
2957 # Networkd link files are used early by udev to set up interfaces early.
2958 # This must be done in stage 1 to avoid race conditions between udev and
2959 # network daemons.
2960 systemd.network.units = lib.filterAttrs (n: _: hasSuffix ".link" n) config.systemd.network.units;
2961 systemd.storePaths = ["${config.boot.initrd.systemd.package}/lib/systemd/network/99-default.link"];
2962 }
2964 (mkIf cfg.enable {
2966 # For networkctl
2967 systemd.dbus.enable = mkDefault true;
2969 systemd.additionalUpstreamUnits = [
2970 "systemd-networkd-wait-online.service"
2971 "systemd-networkd.service"
2972 "systemd-networkd.socket"
2973 "systemd-network-generator.service"
2974 "network-online.target"
2975 "network-pre.target"
2976 "network.target"
2977 "nss-lookup.target"
2978 "nss-user-lookup.target"
2979 "remote-fs-pre.target"
2980 "remote-fs.target"
2981 ];
2982 systemd.users.systemd-network = {};
2983 systemd.groups.systemd-network = {};
2985 systemd.contents."/etc/systemd/networkd.conf" = renderConfig cfg.config;
2987 systemd.services.systemd-networkd = {
2988 wantedBy = [ "initrd.target" ];
2989 # These before and conflicts lines can be removed when this PR makes it into a release:
2990 # https://github.com/systemd/systemd/pull/27791
2991 before = ["initrd-switch-root.target"];
2992 conflicts = ["initrd-switch-root.target"];
2993 };
2994 systemd.sockets.systemd-networkd = {
2995 wantedBy = [ "initrd.target" ];
2996 before = ["initrd-switch-root.target"];
2997 conflicts = ["initrd-switch-root.target"];
2998 };
3000 systemd.services.systemd-network-generator.wantedBy = [ "sysinit.target" ];
3002 systemd.storePaths = [
3003 "${config.boot.initrd.systemd.package}/lib/systemd/systemd-networkd"
3004 "${config.boot.initrd.systemd.package}/lib/systemd/systemd-networkd-wait-online"
3005 "${config.boot.initrd.systemd.package}/lib/systemd/systemd-network-generator"
3006 ];
3007 kernelModules = [ "af_packet" ];
3009 })
3010 ];
3012 in
3014 {
3015 imports = [ stage1Options ];
3017 options = {
3018 systemd.network = commonOptions true;
3019 boot.initrd.systemd.network = commonOptions "shallow";
3020 };
3022 config = mkMerge [
3023 stage2Config
3024 (mkIf config.boot.initrd.systemd.enable {
3025 assertions = [{
3026 assertion = !config.boot.initrd.network.udhcpc.enable && config.boot.initrd.network.udhcpc.extraArgs == [];
3027 message = ''
3028 systemd stage 1 networking does not support 'boot.initrd.network.udhcpc'. Configure
3029 DHCP with 'networking.*' options or with 'boot.initrd.systemd.network' options.
3030 '';
3031 }];
3033 boot.initrd = stage1Config;
3034 })
3035 ];
3036 }