| blob | 6a63808cf2e449f6703cc77339e1aa01ab9d8d60 |
1 { config, lib, pkgs, utils, ... }:
3 with utils.systemdUtils.unitOptions;
4 with utils.systemdUtils.lib;
5 with utils.systemdUtils.network.units;
6 with lib;
8 let
10 check = {
12 global = {
13 sectionNetwork = checkUnitConfig "Network" [
14 (assertOnlyFields [
15 "SpeedMeter"
16 "SpeedMeterIntervalSec"
17 "ManageForeignRoutingPolicyRules"
18 "ManageForeignRoutes"
19 "RouteTable"
20 "IPv6PrivacyExtensions"
21 "IPv4Forwarding"
22 "IPv6Forwarding"
23 "UseDomains"
24 ])
25 (assertValueOneOf "SpeedMeter" boolValues)
26 (assertInt "SpeedMeterIntervalSec")
27 (assertValueOneOf "ManageForeignRoutingPolicyRules" boolValues)
28 (assertValueOneOf "ManageForeignRoutes" boolValues)
29 (assertValueOneOf "IPv6PrivacyExtensions" (boolValues ++ ["prefer-public" "kernel"]))
30 (assertValueOneOf "IPv4Forwarding" boolValues)
31 (assertValueOneOf "IPv6Forwarding" boolValues)
32 (assertValueOneOf "UseDomains" (boolValues ++ ["route"]))
33 ];
35 sectionDHCPv4 = checkUnitConfig "DHCPv4" [
36 (assertOnlyFields [
37 "ClientIdentifier"
38 "DUIDType"
39 "DUIDRawData"
40 ])
41 (assertValueOneOf "ClientIdentifier" ["mac" "duid" "duid-only"])
42 ];
44 sectionDHCPv6 = checkUnitConfig "DHCPv6" [
45 (assertOnlyFields [
46 "DUIDType"
47 "DUIDRawData"
48 ])
49 ];
50 };
52 link = {
54 sectionLink = checkUnitConfig "Link" [
55 (assertOnlyFields [
56 "Description"
57 "Alias"
58 "MACAddressPolicy"
59 "MACAddress"
60 "NamePolicy"
61 "Name"
62 "AlternativeNamesPolicy"
63 "AlternativeName"
64 "MTUBytes"
65 "BitsPerSecond"
66 "Duplex"
67 "AutoNegotiation"
68 "WakeOnLan"
69 "Port"
70 "Advertise"
71 "ReceiveChecksumOffload"
72 "TransmitChecksumOffload"
73 "TCPSegmentationOffload"
74 "TCP6SegmentationOffload"
75 "GenericSegmentationOffload"
76 "GenericReceiveOffload"
77 "LargeReceiveOffload"
78 "RxChannels"
79 "TxChannels"
80 "OtherChannels"
81 "CombinedChannels"
82 "RxBufferSize"
83 "TxBufferSize"
84 "ReceiveQueues"
85 "TransmitQueues"
86 "TransmitQueueLength"
87 ])
88 (assertValueOneOf "MACAddressPolicy" ["persistent" "random" "none"])
89 (assertMacAddress "MACAddress")
90 (assertByteFormat "MTUBytes")
91 (assertByteFormat "BitsPerSecond")
92 (assertValueOneOf "Duplex" ["half" "full"])
93 (assertValueOneOf "AutoNegotiation" boolValues)
94 (assertValuesSomeOfOr "WakeOnLan" ["phy" "unicast" "multicast" "broadcast" "arp" "magic" "secureon"] "off")
95 (assertValueOneOf "Port" ["tp" "aui" "bnc" "mii" "fibre"])
96 (assertValueOneOf "ReceiveChecksumOffload" boolValues)
97 (assertValueOneOf "TransmitChecksumOffload" boolValues)
98 (assertValueOneOf "TCPSegmentationOffload" boolValues)
99 (assertValueOneOf "TCP6SegmentationOffload" boolValues)
100 (assertValueOneOf "GenericSegmentationOffload" boolValues)
101 (assertValueOneOf "GenericReceiveOffload" boolValues)
102 (assertValueOneOf "LargeReceiveOffload" boolValues)
103 (assertInt "RxChannels")
104 (assertRange "RxChannels" 1 4294967295)
105 (assertInt "TxChannels")
106 (assertRange "TxChannels" 1 4294967295)
107 (assertInt "OtherChannels")
108 (assertRange "OtherChannels" 1 4294967295)
109 (assertInt "CombinedChannels")
110 (assertRange "CombinedChannels" 1 4294967295)
111 (assertInt "RxBufferSize")
112 (assertInt "TxBufferSize")
113 (assertRange "ReceiveQueues" 1 4096)
114 (assertRange "TransmitQueues" 1 4096)
115 (assertRange "TransmitQueueLength" 1 4294967294)
116 ];
117 };
119 netdev = let
121 tunChecks = [
122 (assertOnlyFields [
123 "MultiQueue"
124 "PacketInfo"
125 "VNetHeader"
126 "User"
127 "Group"
128 "KeepCarrier"
129 ])
130 (assertValueOneOf "MultiQueue" boolValues)
131 (assertValueOneOf "PacketInfo" boolValues)
132 (assertValueOneOf "VNetHeader" boolValues)
133 (assertValueOneOf "KeepCarrier" boolValues)
134 ];
136 # See https://www.freedesktop.org/software/systemd/man/latest/systemd.netdev.html#%5BIPVTAP%5D%20Section%20Options
137 ipVlanVtapChecks = [
138 (assertOnlyFields [
139 "Mode"
140 "Flags"
141 ])
142 (assertValueOneOf "Mode" ["L2" "L3" "L3S" ])
143 (assertValueOneOf "Flags" ["private" "vepa" "bridge" ])
144 ];
145 in {
147 sectionNetdev = checkUnitConfig "Netdev" [
148 (assertOnlyFields [
149 "Description"
150 "Name"
151 "Kind"
152 "MTUBytes"
153 "MACAddress"
154 ])
155 (assertHasField "Name")
156 (assertHasField "Kind")
157 (assertValueOneOf "Kind" [
158 "bond"
159 "bridge"
160 "dummy"
161 "gre"
162 "gretap"
163 "erspan"
164 "ip6gre"
165 "ip6tnl"
166 "ip6gretap"
167 "ipip"
168 "ipvlan"
169 "ipvtap"
170 "macvlan"
171 "macvtap"
172 "sit"
173 "tap"
174 "tun"
175 "veth"
176 "vlan"
177 "vti"
178 "vti6"
179 "vxlan"
180 "geneve"
181 "l2tp"
182 "macsec"
183 "wlan"
184 "vrf"
185 "vcan"
186 "vxcan"
187 "wireguard"
188 "netdevsim"
189 "nlmon"
190 "fou"
191 "xfrm"
192 "ifb"
193 "batadv"
194 ])
195 (assertByteFormat "MTUBytes")
196 (assertNetdevMacAddress "MACAddress")
197 ];
199 sectionBridge = checkUnitConfig "Bridge" [
200 (assertOnlyFields [
201 "HelloTimeSec"
202 "MaxAgeSec"
203 "ForwardDelaySec"
204 "AgeingTimeSec"
205 "Priority"
206 "GroupForwardMask"
207 "DefaultPVID"
208 "MulticastQuerier"
209 "MulticastSnooping"
210 "VLANFiltering"
211 "VLANProtocol"
212 "STP"
213 "MulticastIGMPVersion"
214 ])
215 (assertInt "HelloTimeSec")
216 (assertInt "MaxAgeSec")
217 (assertInt "ForwardDelaySec")
218 (assertInt "AgeingTimeSec")
219 (assertRange "Priority" 0 65535)
220 (assertRange "GroupForwardMask" 0 65535)
221 (assertRangeOrOneOf "DefaultPVID" 0 4094 ["none"])
222 (assertValueOneOf "MulticastQuerier" boolValues)
223 (assertValueOneOf "MulticastSnooping" boolValues)
224 (assertValueOneOf "VLANFiltering" boolValues)
225 (assertValueOneOf "VLANProtocol" ["802.1q" "802.ad"])
226 (assertValueOneOf "STP" boolValues)
227 (assertValueOneOf "MulticastIGMPVersion" [2 3])
228 ];
230 sectionVLAN = checkUnitConfig "VLAN" [
231 (assertOnlyFields [
232 "Id"
233 "GVRP"
234 "MVRP"
235 "LooseBinding"
236 "ReorderHeader"
237 ])
238 (assertInt "Id")
239 (assertRange "Id" 0 4094)
240 (assertValueOneOf "GVRP" boolValues)
241 (assertValueOneOf "MVRP" boolValues)
242 (assertValueOneOf "LooseBinding" boolValues)
243 (assertValueOneOf "ReorderHeader" boolValues)
244 ];
246 sectionIPVLAN = checkUnitConfig "IPVLAN" ipVlanVtapChecks;
248 sectionIPVTAP = checkUnitConfig "IPVTAP" ipVlanVtapChecks;
250 sectionMACVLAN = checkUnitConfig "MACVLAN" [
251 (assertOnlyFields [
252 "Mode"
253 ])
254 (assertValueOneOf "Mode" ["private" "vepa" "bridge" "passthru"])
255 ];
257 sectionVXLAN = checkUnitConfig "VXLAN" [
258 (assertOnlyFields [
259 "VNI"
260 "Remote"
261 "Local"
262 "Group"
263 "TOS"
264 "TTL"
265 "MacLearning"
266 "FDBAgeingSec"
267 "MaximumFDBEntries"
268 "ReduceARPProxy"
269 "L2MissNotification"
270 "L3MissNotification"
271 "RouteShortCircuit"
272 "UDPChecksum"
273 "UDP6ZeroChecksumTx"
274 "UDP6ZeroChecksumRx"
275 "RemoteChecksumTx"
276 "RemoteChecksumRx"
277 "GroupPolicyExtension"
278 "GenericProtocolExtension"
279 "DestinationPort"
280 "PortRange"
281 "FlowLabel"
282 "IPDoNotFragment"
283 "Independent"
284 ])
285 (assertInt "VNI")
286 (assertRange "VNI" 1 16777215)
287 (assertValueOneOf "MacLearning" boolValues)
288 (assertInt "MaximumFDBEntries")
289 (assertValueOneOf "ReduceARPProxy" boolValues)
290 (assertValueOneOf "L2MissNotification" boolValues)
291 (assertValueOneOf "L3MissNotification" boolValues)
292 (assertValueOneOf "RouteShortCircuit" boolValues)
293 (assertValueOneOf "UDPChecksum" boolValues)
294 (assertValueOneOf "UDP6ZeroChecksumTx" boolValues)
295 (assertValueOneOf "UDP6ZeroChecksumRx" boolValues)
296 (assertValueOneOf "RemoteChecksumTx" boolValues)
297 (assertValueOneOf "RemoteChecksumRx" boolValues)
298 (assertValueOneOf "GroupPolicyExtension" boolValues)
299 (assertValueOneOf "GenericProtocolExtension" boolValues)
300 (assertInt "FlowLabel")
301 (assertRange "FlowLabel" 0 1048575)
302 (assertValueOneOf "IPDoNotFragment" (boolValues + ["inherit"]))
303 (assertValueOneOf "Independent" boolValues)
304 ];
306 sectionTunnel = checkUnitConfig "Tunnel" [
307 (assertOnlyFields [
308 "Local"
309 "Remote"
310 "TOS"
311 "TTL"
312 "DiscoverPathMTU"
313 "IPv6FlowLabel"
314 "CopyDSCP"
315 "EncapsulationLimit"
316 "Key"
317 "InputKey"
318 "OutputKey"
319 "Mode"
320 "Independent"
321 "AssignToLoopback"
322 "AllowLocalRemote"
323 "FooOverUDP"
324 "FOUDestinationPort"
325 "FOUSourcePort"
326 "Encapsulation"
327 "IPv6RapidDeploymentPrefix"
328 "ISATAP"
329 "SerializeTunneledPackets"
330 "ERSPANIndex"
331 ])
332 (assertInt "TTL")
333 (assertRange "TTL" 0 255)
334 (assertValueOneOf "DiscoverPathMTU" boolValues)
335 (assertValueOneOf "CopyDSCP" boolValues)
336 (assertValueOneOf "Mode" ["ip6ip6" "ipip6" "any"])
337 (assertValueOneOf "Independent" boolValues)
338 (assertValueOneOf "AssignToLoopback" boolValues)
339 (assertValueOneOf "AllowLocalRemote" boolValues)
340 (assertValueOneOf "FooOverUDP" boolValues)
341 (assertPort "FOUDestinationPort")
342 (assertPort "FOUSourcePort")
343 (assertValueOneOf "Encapsulation" ["FooOverUDP" "GenericUDPEncapsulation"])
344 (assertValueOneOf "ISATAP" boolValues)
345 (assertValueOneOf "SerializeTunneledPackets" boolValues)
346 (assertInt "ERSPANIndex")
347 (assertRange "ERSPANIndex" 1 1048575)
348 ];
350 sectionFooOverUDP = checkUnitConfig "FooOverUDP" [
351 (assertOnlyFields [
352 "Port"
353 "Encapsulation"
354 "Protocol"
355 ])
356 (assertPort "Port")
357 (assertValueOneOf "Encapsulation" ["FooOverUDP" "GenericUDPEncapsulation"])
358 ];
360 sectionPeer = checkUnitConfig "Peer" [
361 (assertOnlyFields [
362 "Name"
363 "MACAddress"
364 ])
365 (assertMacAddress "MACAddress")
366 ];
368 sectionTun = checkUnitConfig "Tun" tunChecks;
370 sectionTap = checkUnitConfig "Tap" tunChecks;
372 sectionL2TP = checkUnitConfig "L2TP" [
373 (assertOnlyFields [
374 "TunnelId"
375 "PeerTunnelId"
376 "Remote"
377 "Local"
378 "EncapsulationType"
379 "UDPSourcePort"
380 "UDPDestinationPort"
381 "UDPChecksum"
382 "UDP6ZeroChecksumTx"
383 "UDP6ZeroChecksumRx"
384 ])
385 (assertInt "TunnelId")
386 (assertRange "TunnelId" 1 4294967295)
387 (assertInt "PeerTunnelId")
388 (assertRange "PeerTunnelId" 1 4294967295)
389 (assertValueOneOf "EncapsulationType" [ "ip" "udp" ])
390 (assertPort "UDPSourcePort")
391 (assertPort "UDPDestinationPort")
392 (assertValueOneOf "UDPChecksum" boolValues)
393 (assertValueOneOf "UDP6ZeroChecksumTx" boolValues)
394 (assertValueOneOf "UDP6ZeroChecksumRx" boolValues)
395 ];
397 sectionL2TPSession = checkUnitConfigWithLegacyKey "l2tpSessionConfig" "L2TPSession" [
398 (assertOnlyFields [
399 "Name"
400 "SessionId"
401 "PeerSessionId"
402 "Layer2SpecificHeader"
403 ])
404 (assertHasField "Name")
405 (assertHasField "SessionId")
406 (assertInt "SessionId")
407 (assertRange "SessionId" 1 4294967295)
408 (assertHasField "PeerSessionId")
409 (assertInt "PeerSessionId")
410 (assertRange "PeerSessionId" 1 4294967295)
411 (assertValueOneOf "Layer2SpecificHeader" [ "none" "default" ])
412 ];
414 # NOTE Check whether the key starts with an @, in which case it is
415 # interpreted as the name of the credential from which the actual key
416 # shall be read by systemd-creds.
417 # Do not remove this check as the nix store is world-readable.
418 sectionWireGuard = checkUnitConfig "WireGuard" [
419 (assertKeyIsSystemdCredential "PrivateKey")
420 (assertOnlyFields [
421 "PrivateKey"
422 "PrivateKeyFile"
423 "ListenPort"
424 "FirewallMark"
425 "RouteTable"
426 "RouteMetric"
427 ])
428 (assertInt "FirewallMark")
429 (assertRange "FirewallMark" 1 4294967295)
430 ];
432 # NOTE Check whether the key starts with an @, in which case it is
433 # interpreted as the name of the credential from which the actual key
434 # shall be read by systemd-creds.
435 # Do not remove this check as the nix store is world-readable.
436 sectionWireGuardPeer = checkUnitConfigWithLegacyKey "wireguardPeerConfig" "WireGuardPeer" [
437 (assertKeyIsSystemdCredential "PresharedKey")
438 (assertOnlyFields [
439 "PublicKey"
440 "PresharedKey"
441 "PresharedKeyFile"
442 "AllowedIPs"
443 "Endpoint"
444 "PersistentKeepalive"
445 "RouteTable"
446 "RouteMetric"
447 ])
448 (assertInt "PersistentKeepalive")
449 (assertRange "PersistentKeepalive" 0 65535)
450 ];
452 sectionBond = checkUnitConfig "Bond" [
453 (assertOnlyFields [
454 "Mode"
455 "TransmitHashPolicy"
456 "LACPTransmitRate"
457 "MIIMonitorSec"
458 "UpDelaySec"
459 "DownDelaySec"
460 "LearnPacketIntervalSec"
461 "AdSelect"
462 "AdActorSystemPriority"
463 "AdUserPortKey"
464 "AdActorSystem"
465 "FailOverMACPolicy"
466 "ARPValidate"
467 "ARPIntervalSec"
468 "ARPIPTargets"
469 "ARPAllTargets"
470 "PrimaryReselectPolicy"
471 "ResendIGMP"
472 "PacketsPerSlave"
473 "GratuitousARP"
474 "AllSlavesActive"
475 "DynamicTransmitLoadBalancing"
476 "MinLinks"
477 ])
478 (assertValueOneOf "Mode" [
479 "balance-rr"
480 "active-backup"
481 "balance-xor"
482 "broadcast"
483 "802.3ad"
484 "balance-tlb"
485 "balance-alb"
486 ])
487 (assertValueOneOf "TransmitHashPolicy" [
488 "layer2"
489 "layer3+4"
490 "layer2+3"
491 "encap2+3"
492 "encap3+4"
493 ])
494 (assertValueOneOf "LACPTransmitRate" ["slow" "fast"])
495 (assertValueOneOf "AdSelect" ["stable" "bandwidth" "count"])
496 (assertInt "AdActorSystemPriority")
497 (assertRange "AdActorSystemPriority" 1 65535)
498 (assertInt "AdUserPortKey")
499 (assertRange "AdUserPortKey" 0 1023)
500 (assertValueOneOf "FailOverMACPolicy" ["none" "active" "follow"])
501 (assertValueOneOf "ARPValidate" ["none" "active" "backup" "all"])
502 (assertValueOneOf "ARPAllTargets" ["any" "all"])
503 (assertValueOneOf "PrimaryReselectPolicy" ["always" "better" "failure"])
504 (assertInt "ResendIGMP")
505 (assertRange "ResendIGMP" 0 255)
506 (assertInt "PacketsPerSlave")
507 (assertRange "PacketsPerSlave" 0 65535)
508 (assertInt "GratuitousARP")
509 (assertRange "GratuitousARP" 0 255)
510 (assertValueOneOf "AllSlavesActive" boolValues)
511 (assertValueOneOf "DynamicTransmitLoadBalancing" boolValues)
512 (assertInt "MinLinks")
513 (assertMinimum "MinLinks" 0)
514 ];
516 sectionXfrm = checkUnitConfig "Xfrm" [
517 (assertOnlyFields [
518 "InterfaceId"
519 "Independent"
520 ])
521 (assertInt "InterfaceId")
522 (assertRange "InterfaceId" 1 4294967295)
523 (assertValueOneOf "Independent" boolValues)
524 ];
526 sectionVRF = checkUnitConfig "VRF" [
527 (assertOnlyFields [
528 "Table"
529 ])
530 (assertInt "Table")
531 (assertMinimum "Table" 0)
532 ];
534 sectionWLAN = checkUnitConfig "WLAN" [
535 (assertOnlyFields [
536 "PhysicalDevice" # systemd supports both strings ("phy0") and indexes (0) here.
537 "Type"
538 "WDS"
539 ])
540 # See https://github.com/systemd/systemd/blob/main/src/basic/linux/nl80211.h#L3382
541 (assertValueOneOf "Type" [
542 "ad-hoc"
543 "station"
544 "ap"
545 "ap-vlan"
546 "wds"
547 "monitor"
548 "mesh-point"
549 "p2p-client"
550 "p2p-go"
551 "p2p-device"
552 "ocb"
553 "nan"
554 ])
555 (assertValueOneOf "WDS" boolValues)
556 ];
558 sectionBatmanAdvanced = checkUnitConfig "BatmanAdvanced" [
559 (assertOnlyFields [
560 "GatewayMode"
561 "Aggregation"
562 "BridgeLoopAvoidance"
563 "DistributedArpTable"
564 "Fragmentation"
565 "HopPenalty"
566 "OriginatorIntervalSec"
567 "GatewayBandwithDown"
568 "GatewayBandwithUp"
569 "RoutingAlgorithm"
570 ])
571 (assertValueOneOf "GatewayMode" ["off" "client" "server"])
572 (assertValueOneOf "Aggregation" boolValues)
573 (assertValueOneOf "BridgeLoopAvoidance" boolValues)
574 (assertValueOneOf "DistributedArpTable" boolValues)
575 (assertValueOneOf "Fragmentation" boolValues)
576 (assertInt "HopPenalty")
577 (assertRange "HopPenalty" 0 255)
578 (assertValueOneOf "RoutingAlgorithm" ["batman-v" "batman-iv"])
579 ];
580 };
582 network = {
584 sectionLink = checkUnitConfig "Link" [
585 (assertOnlyFields [
586 "MACAddress"
587 "MTUBytes"
588 "ARP"
589 "Multicast"
590 "AllMulticast"
591 "Unmanaged"
592 "Group"
593 "RequiredForOnline"
594 "RequiredFamilyForOnline"
595 "ActivationPolicy"
596 "Promiscuous"
597 ])
598 (assertMacAddress "MACAddress")
599 (assertByteFormat "MTUBytes")
600 (assertValueOneOf "ARP" boolValues)
601 (assertValueOneOf "Multicast" boolValues)
602 (assertValueOneOf "AllMulticast" boolValues)
603 (assertValueOneOf "Promiscuous" boolValues)
604 (assertValueOneOf "Unmanaged" boolValues)
605 (assertInt "Group")
606 (assertRange "Group" 0 2147483647)
607 (assertValueOneOf "RequiredForOnline" (boolValues ++ (
608 let
609 # https://freedesktop.org/software/systemd/man/networkctl.html#missing
610 operationalStates = [
611 "missing"
612 "off"
613 "no-carrier"
614 "dormant"
615 "degraded-carrier"
616 "carrier"
617 "degraded"
618 "enslaved"
619 "routable"
620 ];
621 operationalStateRanges = concatLists (imap0 (i: min: map (max: "${min}:${max}") (drop i operationalStates)) operationalStates);
622 in
623 operationalStates ++ operationalStateRanges
624 )))
625 (assertValueOneOf "RequiredFamilyForOnline" [
626 "ipv4"
627 "ipv6"
628 "both"
629 "any"
630 ])
631 (assertValueOneOf "ActivationPolicy" ([
632 "up"
633 "always-up"
634 "manual"
635 "always-down"
636 "down"
637 "bound"
638 ]))
639 ];
641 sectionNetwork = checkUnitConfig "Network" [
642 (assertOnlyFields [
643 "Description"
644 "DHCP"
645 "DHCPServer"
646 "LinkLocalAddressing"
647 "IPv6LinkLocalAddressGenerationMode"
648 "IPv6StableSecretAddress"
649 "IPv4LLStartAddress"
650 "IPv4LLRoute"
651 "DefaultRouteOnDevice"
652 "LLMNR"
653 "MulticastDNS"
654 "DNSOverTLS"
655 "DNSSEC"
656 "DNSSECNegativeTrustAnchors"
657 "LLDP"
658 "EmitLLDP"
659 "BindCarrier"
660 "Address"
661 "Gateway"
662 "DNS"
663 "UseDomains"
664 "Domains"
665 "DNSDefaultRoute"
666 "NTP"
667 "IPForward"
668 "IPv4Forwarding"
669 "IPv6Forwarding"
670 "IPMasquerade"
671 "IPv6PrivacyExtensions"
672 "IPv6AcceptRA"
673 "IPv6DuplicateAddressDetection"
674 "IPv6HopLimit"
675 "IPv6RetransmissionTimeSec"
676 "IPv4ReversePathFilter"
677 "IPv4AcceptLocal"
678 "IPv4RouteLocalnet"
679 "IPv4ProxyARP"
680 "IPv4ProxyARPPrivateVLAN"
681 "IPv6ProxyNDP"
682 "IPv6ProxyNDPAddress"
683 "IPv6SendRA"
684 "DHCPPrefixDelegation"
685 "IPv6MTUBytes"
686 "KeepMaster"
687 "Bridge"
688 "Bond"
689 "VRF"
690 "VLAN"
691 "IPVLAN"
692 "IPVTAP"
693 "MACVLAN"
694 "MACVTAP"
695 "VXLAN"
696 "Tunnel"
697 "MACsec"
698 "ActiveSlave"
699 "PrimarySlave"
700 "ConfigureWithoutCarrier"
701 "IgnoreCarrierLoss"
702 "Xfrm"
703 "KeepConfiguration"
704 "BatmanAdvanced"
705 ])
706 # Note: For DHCP the values both, none, v4, v6 are deprecated
707 (assertValueOneOf "DHCP" (boolValues ++ ["ipv4" "ipv6"]))
708 (assertValueOneOf "DHCPServer" boolValues)
709 (assertValueOneOf "LinkLocalAddressing" (boolValues ++ ["ipv4" "ipv6" "fallback" "ipv4-fallback"]))
710 (assertValueOneOf "IPv6LinkLocalAddressGenerationMode" ["eui64" "none" "stable-privacy" "random"])
711 (assertValueOneOf "IPv4LLRoute" boolValues)
712 (assertValueOneOf "DefaultRouteOnDevice" boolValues)
713 (assertValueOneOf "LLMNR" (boolValues ++ ["resolve"]))
714 (assertValueOneOf "MulticastDNS" (boolValues ++ ["resolve"]))
715 (assertValueOneOf "DNSOverTLS" (boolValues ++ ["opportunistic"]))
716 (assertValueOneOf "DNSSEC" (boolValues ++ ["allow-downgrade"]))
717 (assertValueOneOf "LLDP" (boolValues ++ ["routers-only"]))
718 (assertValueOneOf "EmitLLDP" (boolValues ++ ["nearest-bridge" "non-tpmr-bridge" "customer-bridge"]))
719 (assertValueOneOf "UseDomains" (boolValues ++ ["route"]))
720 (assertValueOneOf "DNSDefaultRoute" boolValues)
721 (assertRemoved "IPForward" "IPv4Forwarding and IPv6Forwarding in systemd.network(5) and networkd.conf(5). Please note that setting these options on multiple interfaces may lead to unintended results, see https://github.com/systemd/systemd/issues/33414 or the relevant sections in systemd.network(5).")
722 (assertValueOneOf "IPv4Forwarding" boolValues)
723 (assertValueOneOf "IPv6Forwarding" boolValues)
724 (assertValueOneOf "IPMasquerade" (boolValues ++ ["ipv4" "ipv6" "both"]))
725 (assertValueOneOf "IPv6PrivacyExtensions" (boolValues ++ ["prefer-public" "kernel"]))
726 (assertValueOneOf "IPv6AcceptRA" boolValues)
727 (assertInt "IPv6DuplicateAddressDetection")
728 (assertMinimum "IPv6DuplicateAddressDetection" 0)
729 (assertInt "IPv6HopLimit")
730 (assertMinimum "IPv6HopLimit" 0)
731 (assertInt "IPv6RetransmissionTimeSec")
732 (assertValueOneOf "IPv4ReversePathFilter" ["no" "strict" "loose"])
733 (assertValueOneOf "IPv4AcceptLocal" boolValues)
734 (assertValueOneOf "IPv4RouteLocalnet" boolValues)
735 (assertValueOneOf "IPv4ProxyARP" boolValues)
736 (assertValueOneOf "IPv4ProxyARPPrivateVLAN" boolValues)
737 (assertValueOneOf "IPv6ProxyNDP" boolValues)
738 (assertValueOneOf "IPv6SendRA" boolValues)
739 (assertValueOneOf "DHCPPrefixDelegation" boolValues)
740 (assertByteFormat "IPv6MTUBytes")
741 (assertValueOneOf "KeepMaster" boolValues)
742 (assertValueOneOf "ActiveSlave" boolValues)
743 (assertValueOneOf "PrimarySlave" boolValues)
744 (assertValueOneOf "ConfigureWithoutCarrier" boolValues)
745 (assertValueOneOf "KeepConfiguration" (boolValues ++ ["static" "dhcp-on-stop" "dhcp"]))
746 ];
748 sectionAddress = checkUnitConfigWithLegacyKey "addressConfig" "Address" [
749 (assertOnlyFields [
750 "Address"
751 "Peer"
752 "Broadcast"
753 "Label"
754 "PreferredLifetime"
755 "Scope"
756 "RouteMetric"
757 "HomeAddress"
758 "DuplicateAddressDetection"
759 "ManageTemporaryAddress"
760 "AddPrefixRoute"
761 "AutoJoin"
762 "NetLabel"
763 "NFTSet"
764 ])
765 (assertHasField "Address")
766 (assertValueOneOf "PreferredLifetime" ["forever" "infinity" "0" 0])
767 (assertInt "RouteMetric")
768 (assertValueOneOf "HomeAddress" boolValues)
769 (assertValueOneOf "DuplicateAddressDetection" ["ipv4" "ipv6" "both" "none"])
770 (assertValueOneOf "ManageTemporaryAddress" boolValues)
771 (assertValueOneOf "AddPrefixRoute" boolValues)
772 (assertValueOneOf "AutoJoin" boolValues)
773 ];
775 sectionRoutingPolicyRule = checkUnitConfigWithLegacyKey "routingPolicyRuleConfig" "RoutingPolicyRule" [
776 (assertOnlyFields [
777 "TypeOfService"
778 "From"
779 "To"
780 "FirewallMark"
781 "Table"
782 "Priority"
783 "IncomingInterface"
784 "OutgoingInterface"
785 "L3MasterDevice"
786 "SourcePort"
787 "DestinationPort"
788 "IPProtocol"
789 "InvertRule"
790 "Family"
791 "User"
792 "SuppressPrefixLength"
793 "Type"
794 "SuppressInterfaceGroup"
795 ])
796 (assertInt "TypeOfService")
797 (assertRange "TypeOfService" 0 255)
798 (assertRangeWithOptionalMask "FirewallMark" 1 4294967295)
799 (assertInt "Priority")
800 (assertValueOneOf "L3MasterDevice" boolValues)
801 (assertPortOrPortRange "SourcePort")
802 (assertPortOrPortRange "DestinationPort")
803 (assertValueOneOf "InvertRule" boolValues)
804 (assertValueOneOf "Family" ["ipv4" "ipv6" "both"])
805 (assertInt "SuppressPrefixLength")
806 (assertRange "SuppressPrefixLength" 0 128)
807 (assertValueOneOf "Type" ["blackhole" "unreachable" "prohibit"])
808 (assertRange "SuppressInterfaceGroup" 0 2147483647)
809 ];
811 sectionRoute = checkUnitConfigWithLegacyKey "routeConfig" "Route" [
812 (assertOnlyFields [
813 "Gateway"
814 "GatewayOnLink"
815 "Destination"
816 "Source"
817 "Metric"
818 "IPv6Preference"
819 "Scope"
820 "PreferredSource"
821 "Table"
822 "Protocol"
823 "Type"
824 "InitialCongestionWindow"
825 "InitialAdvertisedReceiveWindow"
826 "QuickAck"
827 "FastOpenNoCookie"
828 "TTLPropagate"
829 "MTUBytes"
830 "IPServiceType"
831 "MultiPathRoute"
832 ])
833 (assertValueOneOf "GatewayOnLink" boolValues)
834 (assertInt "Metric")
835 (assertValueOneOf "IPv6Preference" ["low" "medium" "high"])
836 (assertValueOneOf "Scope" ["global" "site" "link" "host" "nowhere"])
837 (assertValueOneOf "Type" [
838 "unicast"
839 "local"
840 "broadcast"
841 "anycast"
842 "multicast"
843 "blackhole"
844 "unreachable"
845 "prohibit"
846 "throw"
847 "nat"
848 "xresolve"
849 ])
850 (assertValueOneOf "QuickAck" boolValues)
851 (assertValueOneOf "FastOpenNoCookie" boolValues)
852 (assertValueOneOf "TTLPropagate" boolValues)
853 (assertByteFormat "MTUBytes")
854 (assertValueOneOf "IPServiceType" ["CS6" "CS4"])
855 ];
857 sectionDHCPv4 = checkUnitConfig "DHCPv4" [
858 (assertOnlyFields [
859 "UseDNS"
860 "RoutesToDNS"
861 "UseNTP"
862 "UseSIP"
863 "UseMTU"
864 "Anonymize"
865 "SendHostname"
866 "UseHostname"
867 "Hostname"
868 "UseDomains"
869 "UseGateway"
870 "UseRoutes"
871 "UseTimezone"
872 "IPv6OnlyMode"
873 "ClientIdentifier"
874 "VendorClassIdentifier"
875 "UserClass"
876 "MaxAttempts"
877 "DUIDType"
878 "DUIDRawData"
879 "IAID"
880 "RequestAddress"
881 "RequestBroadcast"
882 "RouteMetric"
883 "RapidCommit"
884 "RouteTable"
885 "RouteMTUBytes"
886 "ListenPort"
887 "SendRelease"
888 "SendDecline"
889 "BlackList"
890 "RequestOptions"
891 "SendOption"
892 "FallbackLeaseLifetimeSec"
893 "Label"
894 "Use6RD"
895 "NetLabel"
896 "NFTSet"
897 ])
898 (assertValueOneOf "UseDNS" boolValues)
899 (assertValueOneOf "RoutesToDNS" boolValues)
900 (assertValueOneOf "UseNTP" boolValues)
901 (assertValueOneOf "UseSIP" boolValues)
902 (assertValueOneOf "UseMTU" boolValues)
903 (assertValueOneOf "Anonymize" boolValues)
904 (assertValueOneOf "SendHostname" boolValues)
905 (assertValueOneOf "UseHostname" boolValues)
906 (assertValueOneOf "UseDomains" (boolValues ++ ["route"]))
907 (assertValueOneOf "UseGateway" boolValues)
908 (assertValueOneOf "UseRoutes" boolValues)
909 (assertValueOneOf "UseTimezone" boolValues)
910 (assertValueOneOf "IPv6OnlyMode" boolValues)
911 (assertValueOneOf "ClientIdentifier" ["mac" "duid" "duid-only"])
912 (assertInt "IAID")
913 (assertValueOneOf "RequestBroadcast" boolValues)
914 (assertInt "RouteMetric")
915 (assertValueOneOf "RapidCommit" boolValues)
916 (assertInt "RouteTable")
917 (assertRange "RouteTable" 0 4294967295)
918 (assertByteFormat "RouteMTUBytes")
919 (assertPort "ListenPort")
920 (assertValueOneOf "SendRelease" boolValues)
921 (assertValueOneOf "SendDecline" boolValues)
922 (assertValueOneOf "FallbackLeaseLifetimeSec" ["forever" "infinity"])
923 (assertValueOneOf "Use6RD" boolValues)
924 ];
926 sectionDHCPv6 = checkUnitConfig "DHCPv6" [
927 (assertOnlyFields [
928 "UseAddress"
929 "UseDNS"
930 "UseNTP"
931 "SendHostname"
932 "UseHostname"
933 "Hostname"
934 "UseDomains"
935 "RouteMetric"
936 "RapidCommit"
937 "MUDURL"
938 "RequestOptions"
939 "SendVendorOption"
940 "PrefixDelegationHint"
941 "WithoutRA"
942 "SendOption"
943 "UserClass"
944 "VendorClass"
945 "DUIDType"
946 "DUIDRawData"
947 "IAID"
948 "UseDelegatedPrefix"
949 "SendRelease"
950 "NetLabel"
951 "NFTSet"
952 ])
953 (assertValueOneOf "UseAddress" boolValues)
954 (assertValueOneOf "UseDNS" boolValues)
955 (assertValueOneOf "UseNTP" boolValues)
956 (assertValueOneOf "SendHostname" boolValues)
957 (assertValueOneOf "UseHostname" boolValues)
958 (assertValueOneOf "UseDomains" (boolValues ++ ["route"]))
959 (assertInt "RouteMetric")
960 (assertValueOneOf "RapidCommit" boolValues)
961 (assertValueOneOf "WithoutRA" ["no" "solicit" "information-request"])
962 (assertRange "SendOption" 1 65536)
963 (assertInt "IAID")
964 (assertValueOneOf "UseDelegatedPrefix" boolValues)
965 (assertValueOneOf "SendRelease" boolValues)
966 ];
968 sectionDHCPPrefixDelegation = checkUnitConfig "DHCPPrefixDelegation" [
969 (assertOnlyFields [
970 "UplinkInterface"
971 "SubnetId"
972 "Announce"
973 "Assign"
974 "Token"
975 "ManageTemporaryAddress"
976 "RouteMetric"
977 "NetLabel"
978 "NFTSet"
979 ])
980 (assertValueOneOf "Announce" boolValues)
981 (assertValueOneOf "Assign" boolValues)
982 (assertValueOneOf "ManageTemporaryAddress" boolValues)
983 (assertRange "RouteMetric" 0 4294967295)
984 ];
986 sectionIPv6AcceptRA = checkUnitConfig "IPv6AcceptRA" [
987 (assertOnlyFields [
988 "UseDNS"
989 "UseDomains"
990 "RouteTable"
991 "UseAutonomousPrefix"
992 "UseOnLinkPrefix"
993 "RouterDenyList"
994 "RouterAllowList"
995 "PrefixDenyList"
996 "PrefixAllowList"
997 "RouteDenyList"
998 "RouteAllowList"
999 "DHCPv6Client"
1000 "RouteMetric"
1001 "UseMTU"
1002 "UseGateway"
1003 "UseRoutePrefix"
1004 "Token"
1005 "UsePREF64"
1006 "NetLabel"
1007 "NFTSet"
1008 ])
1009 (assertValueOneOf "UseDNS" boolValues)
1010 (assertValueOneOf "UseDomains" (boolValues ++ ["route"]))
1011 (assertRange "RouteTable" 0 4294967295)
1012 (assertValueOneOf "UseAutonomousPrefix" boolValues)
1013 (assertValueOneOf "UseOnLinkPrefix" boolValues)
1014 (assertValueOneOf "DHCPv6Client" (boolValues ++ ["always"]))
1015 (assertValueOneOf "UseMTU" boolValues)
1016 (assertValueOneOf "UseGateway" boolValues)
1017 (assertValueOneOf "UseRoutePrefix" boolValues)
1018 (assertValueOneOf "UsePREF64" boolValues)
1019 ];
1021 sectionDHCPServer = checkUnitConfig "DHCPServer" [
1022 (assertOnlyFields [
1023 "ServerAddress"
1024 "PoolOffset"
1025 "PoolSize"
1026 "DefaultLeaseTimeSec"
1027 "MaxLeaseTimeSec"
1028 "UplinkInterface"
1029 "EmitDNS"
1030 "DNS"
1031 "EmitNTP"
1032 "NTP"
1033 "EmitSIP"
1034 "SIP"
1035 "EmitPOP3"
1036 "POP3"
1037 "EmitSMTP"
1038 "SMTP"
1039 "EmitLPR"
1040 "LPR"
1041 "EmitRouter"
1042 "Router"
1043 "EmitTimezone"
1044 "Timezone"
1045 "SendOption"
1046 "SendVendorOption"
1047 "BindToInterface"
1048 "RelayTarget"
1049 "RelayAgentCircuitId"
1050 "RelayAgentRemoteId"
1051 "BootServerAddress"
1052 "BootServerName"
1053 "BootFilename"
1054 "IPv6OnlyPreferredSec"
1055 "PersistLeases"
1056 ])
1057 (assertInt "PoolOffset")
1058 (assertMinimum "PoolOffset" 0)
1059 (assertInt "PoolSize")
1060 (assertMinimum "PoolSize" 0)
1061 (assertValueOneOf "EmitDNS" boolValues)
1062 (assertValueOneOf "EmitNTP" boolValues)
1063 (assertValueOneOf "EmitSIP" boolValues)
1064 (assertValueOneOf "EmitPOP3" boolValues)
1065 (assertValueOneOf "EmitSMTP" boolValues)
1066 (assertValueOneOf "EmitLPR" boolValues)
1067 (assertValueOneOf "EmitRouter" boolValues)
1068 (assertValueOneOf "EmitTimezone" boolValues)
1069 (assertValueOneOf "BindToInterface" boolValues)
1070 (assertValueOneOf "PersistLeases" boolValues)
1071 ];
1073 sectionIPv6SendRA = checkUnitConfig "IPv6SendRA" [
1074 (assertOnlyFields [
1075 "Managed"
1076 "OtherInformation"
1077 "RouterLifetimeSec"
1078 "RetransmitSec"
1079 "RouterPreference"
1080 "HopLimit"
1081 "UplinkInterface"
1082 "EmitDNS"
1083 "DNS"
1084 "EmitDomains"
1085 "Domains"
1086 "DNSLifetimeSec"
1087 "HomeAgent"
1088 "HomeAgentLifetimeSec"
1089 "HomeAgentPreference"
1090 ])
1091 (assertValueOneOf "Managed" boolValues)
1092 (assertValueOneOf "OtherInformation" boolValues)
1093 (assertValueOneOf "RouterPreference" ["high" "medium" "low" "normal" "default"])
1094 (assertInt "HopLimit")
1095 (assertValueOneOf "EmitDNS" boolValues)
1096 (assertValueOneOf "EmitDomains" boolValues)
1097 (assertValueOneOf "HomeAgent" boolValues)
1098 (assertInt "HomeAgentPreference")
1099 ];
1101 sectionIPv6PREF64Prefix = checkUnitConfigWithLegacyKey "ipv6PREF64PrefixConfig" "IPv6PREF64Prefix" [
1102 (assertOnlyFields [
1103 "Prefix"
1104 "LifetimeSec"
1105 ])
1106 (assertInt "LifetimeSec")
1107 ];
1109 sectionIPv6Prefix = checkUnitConfigWithLegacyKey "ipv6PrefixConfig" "IPv6Prefix" [
1110 (assertOnlyFields [
1111 "AddressAutoconfiguration"
1112 "OnLink"
1113 "Prefix"
1114 "PreferredLifetimeSec"
1115 "ValidLifetimeSec"
1116 "Assign"
1117 "Token"
1118 ])
1119 (assertValueOneOf "AddressAutoconfiguration" boolValues)
1120 (assertValueOneOf "OnLink" boolValues)
1121 (assertValueOneOf "Assign" boolValues)
1122 ];
1124 sectionIPv6RoutePrefix = checkUnitConfigWithLegacyKey "ipv6RoutePrefixConfig" "IPv6RoutePrefix" [
1125 (assertOnlyFields [
1126 "Route"
1127 "LifetimeSec"
1128 ])
1129 (assertHasField "Route")
1130 (assertInt "LifetimeSec")
1131 ];
1133 sectionDHCPServerStaticLease = checkUnitConfigWithLegacyKey "dhcpServerStaticLeaseConfig" "DHCPServerStaticLease" [
1134 (assertOnlyFields [
1135 "MACAddress"
1136 "Address"
1137 ])
1138 (assertHasField "MACAddress")
1139 (assertHasField "Address")
1140 (assertMacAddress "MACAddress")
1141 ];
1143 sectionBridge = checkUnitConfig "Bridge" [
1144 (assertOnlyFields [
1145 "UnicastFlood"
1146 "MulticastFlood"
1147 "MulticastToUnicast"
1148 "NeighborSuppression"
1149 "Learning"
1150 "HairPin"
1151 "Isolated"
1152 "UseBPDU"
1153 "FastLeave"
1154 "AllowPortToBeRoot"
1155 "ProxyARP"
1156 "ProxyARPWiFi"
1157 "MulticastRouter"
1158 "Cost"
1159 "Priority"
1160 ])
1161 (assertValueOneOf "UnicastFlood" boolValues)
1162 (assertValueOneOf "MulticastFlood" boolValues)
1163 (assertValueOneOf "MulticastToUnicast" boolValues)
1164 (assertValueOneOf "NeighborSuppression" boolValues)
1165 (assertValueOneOf "Learning" boolValues)
1166 (assertValueOneOf "HairPin" boolValues)
1167 (assertValueOneOf "Isolated" boolValues)
1168 (assertValueOneOf "UseBPDU" boolValues)
1169 (assertValueOneOf "FastLeave" boolValues)
1170 (assertValueOneOf "AllowPortToBeRoot" boolValues)
1171 (assertValueOneOf "ProxyARP" boolValues)
1172 (assertValueOneOf "ProxyARPWiFi" boolValues)
1173 (assertValueOneOf "MulticastRouter" [ "no" "query" "permanent" "temporary" ])
1174 (assertInt "Cost")
1175 (assertRange "Cost" 1 65535)
1176 (assertInt "Priority")
1177 (assertRange "Priority" 0 63)
1178 ];
1180 sectionBridgeFDB = checkUnitConfigWithLegacyKey "bridgeFDBConfig" "BridgeFDB" [
1181 (assertOnlyFields [
1182 "MACAddress"
1183 "Destination"
1184 "VLANId"
1185 "VNI"
1186 "AssociatedWith"
1187 "OutgoingInterface"
1188 ])
1189 (assertHasField "MACAddress")
1190 (assertInt "VLANId")
1191 (assertRange "VLANId" 0 4094)
1192 (assertInt "VNI")
1193 (assertRange "VNI" 1 16777215)
1194 (assertValueOneOf "AssociatedWith" [ "use" "self" "master" "router" ])
1195 ];
1197 sectionBridgeMDB = checkUnitConfigWithLegacyKey "bridgeMDBConfig" "BridgeMDB" [
1198 (assertOnlyFields [
1199 "MulticastGroupAddress"
1200 "VLANId"
1201 ])
1202 (assertHasField "MulticastGroupAddress")
1203 (assertInt "VLANId")
1204 (assertRange "VLANId" 0 4094)
1205 ];
1207 sectionLLDP = checkUnitConfig "LLDP" [
1208 (assertOnlyFields [
1209 "MUDURL"
1210 ])
1211 ];
1213 sectionCAN = checkUnitConfig "CAN" [
1214 (assertOnlyFields [
1215 "BitRate"
1216 "SamplePoint"
1217 "TimeQuantaNSec"
1218 "PropagationSegment"
1219 "PhaseBufferSegment1"
1220 "PhaseBufferSegment2"
1221 "SyncJumpWidth"
1222 "DataBitRate"
1223 "DataSamplePoint"
1224 "DataTimeQuantaNSec"
1225 "DataPropagationSegment"
1226 "DataPhaseBufferSegment1"
1227 "DataPhaseBufferSegment2"
1228 "DataSyncJumpWidth"
1229 "FDMode"
1230 "FDNonISO"
1231 "RestartSec"
1232 "Termination"
1233 "TripleSampling"
1234 "BusErrorReporting"
1235 "ListenOnly"
1236 "Loopback"
1237 "OneShot"
1238 "PresumeAck"
1239 "ClassicDataLengthCode"
1240 ])
1241 (assertInt "TimeQuantaNSec" )
1242 (assertRange "TimeQuantaNSec" 0 4294967295 )
1243 (assertInt "PropagationSegment" )
1244 (assertRange "PropagationSegment" 0 4294967295 )
1245 (assertInt "PhaseBufferSegment1" )
1246 (assertRange "PhaseBufferSegment1" 0 4294967295 )
1247 (assertInt "PhaseBufferSegment2" )
1248 (assertRange "PhaseBufferSegment2" 0 4294967295 )
1249 (assertInt "SyncJumpWidth" )
1250 (assertRange "SyncJumpWidth" 0 4294967295 )
1251 (assertInt "DataTimeQuantaNSec" )
1252 (assertRange "DataTimeQuantaNSec" 0 4294967295 )
1253 (assertInt "DataPropagationSegment" )
1254 (assertRange "DataPropagationSegment" 0 4294967295 )
1255 (assertInt "DataPhaseBufferSegment1" )
1256 (assertRange "DataPhaseBufferSegment1" 0 4294967295 )
1257 (assertInt "DataPhaseBufferSegment2" )
1258 (assertRange "DataPhaseBufferSegment2" 0 4294967295 )
1259 (assertInt "DataSyncJumpWidth" )
1260 (assertRange "DataSyncJumpWidth" 0 4294967295 )
1261 (assertValueOneOf "FDMode" boolValues)
1262 (assertValueOneOf "FDNonISO" boolValues)
1263 (assertValueOneOf "TripleSampling" boolValues)
1264 (assertValueOneOf "BusErrorReporting" boolValues)
1265 (assertValueOneOf "ListenOnly" boolValues)
1266 (assertValueOneOf "Loopback" boolValues)
1267 (assertValueOneOf "OneShot" boolValues)
1268 (assertValueOneOf "PresumeAck" boolValues)
1269 (assertValueOneOf "ClassicDataLengthCode" boolValues)
1270 ];
1272 sectionIPoIB = checkUnitConfig "IPoIB" [
1273 (assertOnlyFields [
1274 "Mode"
1275 "IgnoreUserspaceMulticastGroup"
1276 ])
1277 (assertValueOneOf "Mode" [ "datagram" "connected" ])
1278 (assertValueOneOf "IgnoreUserspaceMulticastGroup" boolValues)
1279 ];
1281 sectionQDisc = checkUnitConfig "QDisc" [
1282 (assertOnlyFields [
1283 "Parent"
1284 "Handle"
1285 ])
1286 (assertValueOneOf "Parent" [ "clsact" "ingress" ])
1287 ];
1289 sectionNetworkEmulator = checkUnitConfig "NetworkEmulator" [
1290 (assertOnlyFields [
1291 "Parent"
1292 "Handle"
1293 "DelaySec"
1294 "DelayJitterSec"
1295 "PacketLimit"
1296 "LossRate"
1297 "DuplicateRate"
1298 ])
1299 (assertInt "PacketLimit")
1300 (assertRange "PacketLimit" 0 4294967294)
1301 ];
1303 sectionTokenBucketFilter = checkUnitConfig "TokenBucketFilter" [
1304 (assertOnlyFields [
1305 "Parent"
1306 "Handle"
1307 "LatencySec"
1308 "LimitBytes"
1309 "BurstBytes"
1310 "Rate"
1311 "MPUBytes"
1312 "PeakRate"
1313 "MTUBytes"
1314 ])
1315 ];
1317 sectionPIE = checkUnitConfig "PIE" [
1318 (assertOnlyFields [
1319 "Parent"
1320 "Handle"
1321 "PacketLimit"
1322 ])
1323 (assertInt "PacketLimit")
1324 (assertRange "PacketLimit" 1 4294967294)
1325 ];
1327 sectionFlowQueuePIE = checkUnitConfig "FlowQueuePIE" [
1328 (assertOnlyFields [
1329 "Parent"
1330 "Handle"
1331 "PacketLimit"
1332 ])
1333 (assertInt "PacketLimit")
1334 (assertRange "PacketLimit" 1 4294967294)
1335 ];
1337 sectionStochasticFairBlue = checkUnitConfig "StochasticFairBlue" [
1338 (assertOnlyFields [
1339 "Parent"
1340 "Handle"
1341 "PacketLimit"
1342 ])
1343 (assertInt "PacketLimit")
1344 (assertRange "PacketLimit" 1 4294967294)
1345 ];
1347 sectionStochasticFairnessQueueing = checkUnitConfig "StochasticFairnessQueueing" [
1348 (assertOnlyFields [
1349 "Parent"
1350 "Handle"
1351 "PerturbPeriodSec"
1352 ])
1353 (assertInt "PerturbPeriodSec")
1354 ];
1356 sectionBFIFO = checkUnitConfig "BFIFO" [
1357 (assertOnlyFields [
1358 "Parent"
1359 "Handle"
1360 "LimitBytes"
1361 ])
1362 ];
1364 sectionPFIFO = checkUnitConfig "PFIFO" [
1365 (assertOnlyFields [
1366 "Parent"
1367 "Handle"
1368 "PacketLimit"
1369 ])
1370 (assertInt "PacketLimit")
1371 (assertRange "PacketLimit" 0 4294967294)
1372 ];
1374 sectionPFIFOHeadDrop = checkUnitConfig "PFIFOHeadDrop" [
1375 (assertOnlyFields [
1376 "Parent"
1377 "Handle"
1378 "PacketLimit"
1379 ])
1380 (assertInt "PacketLimit")
1381 (assertRange "PacketLimit" 0 4294967294)
1382 ];
1384 sectionPFIFOFast = checkUnitConfig "PFIFOFast" [
1385 (assertOnlyFields [
1386 "Parent"
1387 "Handle"
1388 ])
1389 ];
1391 sectionCAKE = checkUnitConfig "CAKE" [
1392 (assertOnlyFields [
1393 "Parent"
1394 "Handle"
1395 "Bandwidth"
1396 "AutoRateIngress"
1397 "OverheadBytes"
1398 "MPUBytes"
1399 "CompensationMode"
1400 "UseRawPacketSize"
1401 "FlowIsolationMode"
1402 "NAT"
1403 "PriorityQueueingPreset"
1404 "FirewallMark"
1405 "Wash"
1406 "SplitGSO"
1407 "AckFilter"
1408 "RTTSec"
1409 ])
1410 (assertValueOneOf "AutoRateIngress" boolValues)
1411 (assertInt "OverheadBytes")
1412 (assertRange "OverheadBytes" (-64) 256)
1413 (assertInt "MPUBytes")
1414 (assertRange "MPUBytes" 1 256)
1415 (assertValueOneOf "CompensationMode" [ "none" "atm" "ptm" ])
1416 (assertValueOneOf "UseRawPacketSize" boolValues)
1417 (assertValueOneOf "FlowIsolationMode"
1418 [
1419 "none"
1420 "src-host"
1421 "dst-host"
1422 "hosts"
1423 "flows"
1424 "dual-src-host"
1425 "dual-dst-host"
1426 "triple"
1427 ])
1428 (assertValueOneOf "NAT" boolValues)
1429 (assertValueOneOf "PriorityQueueingPreset"
1430 [
1431 "besteffort"
1432 "precedence"
1433 "diffserv8"
1434 "diffserv4"
1435 "diffserv3"
1436 ])
1437 (assertInt "FirewallMark")
1438 (assertRange "FirewallMark" 1 4294967295)
1439 (assertValueOneOf "Wash" boolValues)
1440 (assertValueOneOf "SplitGSO" boolValues)
1441 (assertValueOneOf "AckFilter" (boolValues ++ ["aggressive"]))
1442 ];
1444 sectionControlledDelay = checkUnitConfig "ControlledDelay" [
1445 (assertOnlyFields [
1446 "Parent"
1447 "Handle"
1448 "PacketLimit"
1449 "TargetSec"
1450 "IntervalSec"
1451 "ECN"
1452 "CEThresholdSec"
1453 ])
1454 (assertValueOneOf "ECN" boolValues)
1455 ];
1457 sectionDeficitRoundRobinScheduler = checkUnitConfig "DeficitRoundRobinScheduler" [
1458 (assertOnlyFields [
1459 "Parent"
1460 "Handle"
1461 ])
1462 ];
1464 sectionDeficitRoundRobinSchedulerClass = checkUnitConfig "DeficitRoundRobinSchedulerClass" [
1465 (assertOnlyFields [
1466 "Parent"
1467 "Handle"
1468 "QuantumBytes"
1469 ])
1470 ];
1472 sectionEnhancedTransmissionSelection = checkUnitConfig "EnhancedTransmissionSelection" [
1473 (assertOnlyFields [
1474 "Parent"
1475 "Handle"
1476 "Bands"
1477 "StrictBands"
1478 "QuantumBytes"
1479 "PriorityMap"
1480 ])
1481 (assertInt "Bands")
1482 (assertRange "Bands" 1 16)
1483 (assertInt "StrictBands")
1484 (assertRange "StrictBands" 1 16)
1485 ];
1487 sectionGenericRandomEarlyDetection = checkUnitConfig "GenericRandomEarlyDetection" [
1488 (assertOnlyFields [
1489 "Parent"
1490 "Handle"
1491 "VirtualQueues"
1492 "DefaultVirtualQueue"
1493 "GenericRIO"
1494 ])
1495 (assertInt "VirtualQueues")
1496 (assertRange "VirtualQueues" 1 16)
1497 (assertInt "DefaultVirtualQueue")
1498 (assertRange "DefaultVirtualQueue" 1 16)
1499 (assertValueOneOf "GenericRIO" boolValues)
1500 ];
1502 sectionFairQueueingControlledDelay = checkUnitConfig "FairQueueingControlledDelay" [
1503 (assertOnlyFields [
1504 "Parent"
1505 "Handle"
1506 "PacketLimit"
1507 "MemoryLimitBytes"
1508 "Flows"
1509 "TargetSec"
1510 "IntervalSec"
1511 "QuantumBytes"
1512 "ECN"
1513 "CEThresholdSec"
1514 ])
1515 (assertInt "PacketLimit")
1516 (assertInt "Flows")
1517 (assertValueOneOf "ECN" boolValues)
1518 ];
1520 sectionFairQueueing = checkUnitConfig "FairQueueing" [
1521 (assertOnlyFields [
1522 "Parent"
1523 "Handle"
1524 "PacketLimit"
1525 "FlowLimit"
1526 "QuantumBytes"
1527 "InitualQuantumBytes"
1528 "MaximumRate"
1529 "Buckets"
1530 "OrphanMask"
1531 "Pacing"
1532 "CEThresholdSec"
1533 ])
1534 (assertInt "PacketLimit")
1535 (assertInt "FlowLimit")
1536 (assertInt "OrphanMask")
1537 (assertValueOneOf "Pacing" boolValues)
1538 ];
1540 sectionTrivialLinkEqualizer = checkUnitConfig "TrivialLinkEqualizer" [
1541 (assertOnlyFields [
1542 "Parent"
1543 "Handle"
1544 "Id"
1545 ])
1546 ];
1548 sectionHierarchyTokenBucket = checkUnitConfig "HierarchyTokenBucket" [
1549 (assertOnlyFields [
1550 "Parent"
1551 "Handle"
1552 "DefaultClass"
1553 "RateToQuantum"
1554 ])
1555 (assertInt "RateToQuantum")
1556 ];
1558 sectionHierarchyTokenBucketClass = checkUnitConfig "HierarchyTokenBucketClass" [
1559 (assertOnlyFields [
1560 "Parent"
1561 "ClassId"
1562 "Priority"
1563 "QuantumBytes"
1564 "MTUBytes"
1565 "OverheadBytes"
1566 "Rate"
1567 "CeilRate"
1568 "BufferBytes"
1569 "CeilBufferBytes"
1570 ])
1571 ];
1573 sectionHeavyHitterFilter = checkUnitConfig "HeavyHitterFilter" [
1574 (assertOnlyFields [
1575 "Parent"
1576 "Handle"
1577 "PacketLimit"
1578 ])
1579 (assertInt "PacketLimit")
1580 (assertRange "PacketLimit" 0 4294967294)
1581 ];
1583 sectionQuickFairQueueing = checkUnitConfig "QuickFairQueueing" [
1584 (assertOnlyFields [
1585 "Parent"
1586 "Handle"
1587 ])
1588 ];
1590 sectionQuickFairQueueingClass = checkUnitConfig "QuickFairQueueingClass" [
1591 (assertOnlyFields [
1592 "Parent"
1593 "ClassId"
1594 "Weight"
1595 "MaxPacketBytes"
1596 ])
1597 (assertInt "Weight")
1598 (assertRange "Weight" 1 1023)
1599 ];
1601 sectionBridgeVLAN = checkUnitConfigWithLegacyKey "bridgeVLANConfig" "BridgeVLAN" [
1602 (assertOnlyFields [
1603 "VLAN"
1604 "EgressUntagged"
1605 "PVID"
1606 ])
1607 (assertInt "PVID")
1608 (assertRange "PVID" 0 4094)
1609 ];
1610 };
1611 };
1613 commonNetworkOptions = {
1615 enable = mkOption {
1616 default = true;
1617 type = types.bool;
1618 description = ''
1619 Whether to manage network configuration using {command}`systemd-network`.
1621 This also enables {option}`systemd.networkd.enable`.
1622 '';
1623 };
1625 matchConfig = mkOption {
1626 default = {};
1627 example = { Name = "eth0"; };
1628 type = types.attrsOf unitOption;
1629 description = ''
1630 Each attribute in this set specifies an option in the
1631 `[Match]` section of the unit. See
1632 {manpage}`systemd.link(5)`
1633 {manpage}`systemd.netdev(5)`
1634 {manpage}`systemd.network(5)`
1635 for details.
1636 '';
1637 };
1639 extraConfig = mkOption {
1640 default = "";
1641 type = types.lines;
1642 description = "Extra configuration append to unit";
1643 };
1644 };
1646 networkdOptions = {
1647 networkConfig = mkOption {
1648 default = {};
1649 example = { SpeedMeter = true; ManageForeignRoutingPolicyRules = false; };
1650 type = types.addCheck (types.attrsOf unitOption) check.global.sectionNetwork;
1651 description = ''
1652 Each attribute in this set specifies an option in the
1653 `[Network]` section of the networkd config.
1654 See {manpage}`networkd.conf(5)` for details.
1655 '';
1656 };
1658 dhcpV4Config = mkOption {
1659 default = {};
1660 example = { DUIDType = "vendor"; };
1661 type = types.addCheck (types.attrsOf unitOption) check.global.sectionDHCPv4;
1662 description = ''
1663 Each attribute in this set specifies an option in the
1664 `[DHCPv4]` section of the networkd config.
1665 See {manpage}`networkd.conf(5)` for details.
1666 '';
1667 };
1669 dhcpV6Config = mkOption {
1670 default = {};
1671 example = { DUIDType = "vendor"; };
1672 type = types.addCheck (types.attrsOf unitOption) check.global.sectionDHCPv6;
1673 description = ''
1674 Each attribute in this set specifies an option in the
1675 `[DHCPv6]` section of the networkd config.
1676 See {manpage}`networkd.conf(5)` for details.
1677 '';
1678 };
1679 };
1681 linkOptions = commonNetworkOptions // {
1682 # overwrite enable option from above
1683 enable = mkOption {
1684 default = true;
1685 type = types.bool;
1686 description = ''
1687 Whether to enable this .link unit. It's handled by udev no matter if {command}`systemd-networkd` is enabled or not
1688 '';
1689 };
1691 linkConfig = mkOption {
1692 default = {};
1693 example = { MACAddress = "00:ff:ee:aa:cc:dd"; };
1694 type = types.addCheck (types.attrsOf unitOption) check.link.sectionLink;
1695 description = ''
1696 Each attribute in this set specifies an option in the
1697 `[Link]` section of the unit. See
1698 {manpage}`systemd.link(5)` for details.
1699 '';
1700 };
1702 };
1704 mkSubsectionType = oldKey: checkF:
1705 let
1706 type = types.addCheck (types.attrsOf unitOption) checkF;
1707 in type // {
1708 merge = loc: defs:
1709 let
1710 final = type.merge loc defs;
1711 in
1712 if final?${oldKey}
1713 then warn
1714 "Using '${oldKey}' is deprecated! Move all attributes inside one level up and remove it."
1715 final.${oldKey}
1716 else
1717 final;
1718 };
1720 netdevOptions = commonNetworkOptions // {
1722 netdevConfig = mkOption {
1723 example = { Name = "mybridge"; Kind = "bridge"; };
1724 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionNetdev;
1725 description = ''
1726 Each attribute in this set specifies an option in the
1727 `[Netdev]` section of the unit. See
1728 {manpage}`systemd.netdev(5)` for details.
1729 '';
1730 };
1732 bridgeConfig = mkOption {
1733 default = {};
1734 example = { STP = true; };
1735 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionBridge;
1736 description = ''
1737 Each attribute in this set specifies an option in the
1738 `[Bridge]` section of the unit. See
1739 {manpage}`systemd.netdev(5)` for details.
1740 '';
1741 };
1743 vlanConfig = mkOption {
1744 default = {};
1745 example = { Id = 4; };
1746 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionVLAN;
1747 description = ''
1748 Each attribute in this set specifies an option in the
1749 `[VLAN]` section of the unit. See
1750 {manpage}`systemd.netdev(5)` for details.
1751 '';
1752 };
1754 ipvlanConfig = mkOption {
1755 default = {};
1756 example = { Mode = "L2"; Flags = "private"; };
1757 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionIPVLAN;
1758 description = ''
1759 Each attribute in this set specifies an option in the `[IPVLAN]` section of the unit.
1760 See {manpage}`systemd.netdev(5)` for details.
1761 '';
1762 };
1764 ipvtapConfig = mkOption {
1765 default = {};
1766 example = { Mode = "L3"; Flags = "vepa"; };
1767 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionIPVTAP;
1768 description = ''
1769 Each attribute in this set specifies an option in the `[IPVTAP]` section of the unit.
1770 See {manpage}`systemd.netdev(5)` for details.
1771 '';
1772 };
1774 macvlanConfig = mkOption {
1775 default = {};
1776 example = { Mode = "private"; };
1777 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionMACVLAN;
1778 description = ''
1779 Each attribute in this set specifies an option in the
1780 `[MACVLAN]` section of the unit. See
1781 {manpage}`systemd.netdev(5)` for details.
1782 '';
1783 };
1785 vxlanConfig = mkOption {
1786 default = {};
1787 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionVXLAN;
1788 description = ''
1789 Each attribute in this set specifies an option in the
1790 `[VXLAN]` section of the unit. See
1791 {manpage}`systemd.netdev(5)` for details.
1792 '';
1793 };
1795 tunnelConfig = mkOption {
1796 default = {};
1797 example = { Remote = "192.168.1.1"; };
1798 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionTunnel;
1799 description = ''
1800 Each attribute in this set specifies an option in the
1801 `[Tunnel]` section of the unit. See
1802 {manpage}`systemd.netdev(5)` for details.
1803 '';
1804 };
1806 fooOverUDPConfig = mkOption {
1807 default = { };
1808 example = { Port = 9001; };
1809 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionFooOverUDP;
1810 description = ''
1811 Each attribute in this set specifies an option in the
1812 `[FooOverUDP]` section of the unit. See
1813 {manpage}`systemd.netdev(5)` for details.
1814 '';
1815 };
1817 peerConfig = mkOption {
1818 default = {};
1819 example = { Name = "veth2"; };
1820 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionPeer;
1821 description = ''
1822 Each attribute in this set specifies an option in the
1823 `[Peer]` section of the unit. See
1824 {manpage}`systemd.netdev(5)` for details.
1825 '';
1826 };
1828 tunConfig = mkOption {
1829 default = {};
1830 example = { User = "openvpn"; };
1831 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionTun;
1832 description = ''
1833 Each attribute in this set specifies an option in the
1834 `[Tun]` section of the unit. See
1835 {manpage}`systemd.netdev(5)` for details.
1836 '';
1837 };
1839 tapConfig = mkOption {
1840 default = {};
1841 example = { User = "openvpn"; };
1842 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionTap;
1843 description = ''
1844 Each attribute in this set specifies an option in the
1845 `[Tap]` section of the unit. See
1846 {manpage}`systemd.netdev(5)` for details.
1847 '';
1848 };
1850 l2tpConfig = mkOption {
1851 default = {};
1852 example = {
1853 TunnelId = 10;
1854 PeerTunnelId = 12;
1855 Local = "static";
1856 Remote = "192.168.30.101";
1857 EncapsulationType = "ip";
1858 };
1859 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionL2TP;
1860 description = ''
1861 Each attribute in this set specifies an option in the
1862 `[L2TP]` section of the unit. See
1863 {manpage}`systemd.netdev(5)` for details.
1864 '';
1865 };
1867 l2tpSessions = mkOption {
1868 default = [];
1869 example = [ {
1870 SessionId = 25;
1871 PeerSessionId = 26;
1872 Name = "l2tp-sess";
1873 }];
1874 type = types.listOf (mkSubsectionType "l2tpSessionConfig" check.netdev.sectionL2TPSession);
1875 description = ''
1876 Each item in this array specifies an option in the
1877 `[L2TPSession]` section of the unit. See
1878 {manpage}`systemd.netdev(5)` for details.
1879 '';
1880 };
1882 wireguardConfig = mkOption {
1883 default = {};
1884 example = {
1885 PrivateKeyFile = "/etc/wireguard/secret.key";
1886 ListenPort = 51820;
1887 FirewallMark = 42;
1888 };
1889 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionWireGuard;
1890 description = ''
1891 Each attribute in this set specifies an option in the
1892 `[WireGuard]` section of the unit. See
1893 {manpage}`systemd.netdev(5)` for details.
1894 Use `PrivateKeyFile` instead of
1895 `PrivateKey`: the nix store is
1896 world-readable.
1897 '';
1898 };
1900 wireguardPeers = mkOption {
1901 default = [];
1902 example = [ {
1903 Endpoint = "192.168.1.1:51820";
1904 PublicKey = "27s0OvaBBdHoJYkH9osZpjpgSOVNw+RaKfboT/Sfq0g=";
1905 PresharedKeyFile = "/etc/wireguard/psk.key";
1906 AllowedIPs = [ "10.0.0.1/32" ];
1907 PersistentKeepalive = 15;
1908 } ];
1909 type = types.listOf (mkSubsectionType "wireguardPeerConfig" check.netdev.sectionWireGuardPeer);
1910 description = ''
1911 Each item in this array specifies an option in the
1912 `[WireGuardPeer]` section of the unit. See
1913 {manpage}`systemd.netdev(5)` for details.
1914 Use `PresharedKeyFile` instead of
1915 `PresharedKey`: the nix store is
1916 world-readable.
1917 '';
1918 };
1920 bondConfig = mkOption {
1921 default = {};
1922 example = { Mode = "802.3ad"; };
1923 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionBond;
1924 description = ''
1925 Each attribute in this set specifies an option in the
1926 `[Bond]` section of the unit. See
1927 {manpage}`systemd.netdev(5)` for details.
1928 '';
1929 };
1931 xfrmConfig = mkOption {
1932 default = {};
1933 example = { InterfaceId = 1; };
1934 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionXfrm;
1935 description = ''
1936 Each attribute in this set specifies an option in the
1937 `[Xfrm]` section of the unit. See
1938 {manpage}`systemd.netdev(5)` for details.
1939 '';
1940 };
1942 vrfConfig = mkOption {
1943 default = {};
1944 example = { Table = 2342; };
1945 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionVRF;
1946 description = ''
1947 Each attribute in this set specifies an option in the
1948 `[VRF]` section of the unit. See
1949 {manpage}`systemd.netdev(5)` for details.
1950 A detailed explanation about how VRFs work can be found in the
1951 [kernel docs](https://www.kernel.org/doc/Documentation/networking/vrf.txt).
1952 '';
1953 };
1955 wlanConfig = mkOption {
1956 default = {};
1957 example = { PhysicalDevice = 0; Type = "station"; };
1958 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionWLAN;
1959 description = ''
1960 Each attribute in this set specifies an option in the `[WLAN]` section of the unit.
1961 See {manpage}`systemd.netdev(5)` for details.
1962 '';
1963 };
1965 batmanAdvancedConfig = mkOption {
1966 default = {};
1967 example = {
1968 GatewayMode = "server";
1969 RoutingAlgorithm = "batman-v";
1970 };
1971 type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionBatmanAdvanced;
1972 description = ''
1973 Each attribute in this set specifies an option in the
1974 `[BatmanAdvanced]` section of the unit. See
1975 {manpage}`systemd.netdev(5)` for details.
1976 '';
1977 };
1979 };
1981 networkOptions = commonNetworkOptions // {
1983 linkConfig = mkOption {
1984 default = {};
1985 example = { Unmanaged = true; };
1986 type = types.addCheck (types.attrsOf unitOption) check.network.sectionLink;
1987 description = ''
1988 Each attribute in this set specifies an option in the
1989 `[Link]` section of the unit. See
1990 {manpage}`systemd.network(5)` for details.
1991 '';
1992 };
1994 networkConfig = mkOption {
1995 default = {};
1996 example = { Description = "My Network"; };
1997 type = types.addCheck (types.attrsOf unitOption) check.network.sectionNetwork;
1998 description = ''
1999 Each attribute in this set specifies an option in the
2000 `[Network]` section of the unit. See
2001 {manpage}`systemd.network(5)` for details.
2002 '';
2003 };
2005 # systemd.network.networks.*.dhcpConfig has been deprecated in favor of ….dhcpV4Config
2006 # Produce a nice warning message so users know it is gone.
2007 dhcpConfig = mkOption {
2008 visible = false;
2009 apply = _: throw "The option `systemd.network.networks.*.dhcpConfig` can no longer be used since it's been removed. Please use `systemd.network.networks.*.dhcpV4Config` instead.";
2010 };
2012 dhcpV4Config = mkOption {
2013 default = {};
2014 example = { UseDNS = true; UseRoutes = true; };
2015 type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPv4;
2016 description = ''
2017 Each attribute in this set specifies an option in the
2018 `[DHCPv4]` section of the unit. See
2019 {manpage}`systemd.network(5)` for details.
2020 '';
2021 };
2023 dhcpV6Config = mkOption {
2024 default = {};
2025 example = { UseDNS = true; };
2026 type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPv6;
2027 description = ''
2028 Each attribute in this set specifies an option in the
2029 `[DHCPv6]` section of the unit. See
2030 {manpage}`systemd.network(5)` for details.
2031 '';
2032 };
2034 dhcpV6PrefixDelegationConfig = mkOption {
2035 visible = false;
2036 apply = _: throw "The option `systemd.network.networks.<name>.dhcpV6PrefixDelegationConfig` has been renamed to `systemd.network.networks.<name>.dhcpPrefixDelegationConfig`.";
2037 };
2039 dhcpPrefixDelegationConfig = mkOption {
2040 default = {};
2041 example = { SubnetId = "auto"; Announce = true; };
2042 type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPPrefixDelegation;
2043 description = ''
2044 Each attribute in this set specifies an option in the
2045 `[DHCPPrefixDelegation]` section of the unit. See
2046 {manpage}`systemd.network(5)` for details.
2047 '';
2048 };
2050 ipv6AcceptRAConfig = mkOption {
2051 default = {};
2052 example = { UseDNS = true; DHCPv6Client = "always"; };
2053 type = types.addCheck (types.attrsOf unitOption) check.network.sectionIPv6AcceptRA;
2054 description = ''
2055 Each attribute in this set specifies an option in the
2056 `[IPv6AcceptRA]` section of the unit. See
2057 {manpage}`systemd.network(5)` for details.
2058 '';
2059 };
2061 dhcpServerConfig = mkOption {
2062 default = {};
2063 example = { PoolOffset = 50; EmitDNS = false; };
2064 type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPServer;
2065 description = ''
2066 Each attribute in this set specifies an option in the
2067 `[DHCPServer]` section of the unit. See
2068 {manpage}`systemd.network(5)` for details.
2069 '';
2070 };
2072 # systemd.network.networks.*.ipv6PrefixDelegationConfig has been deprecated
2073 # in 247 in favor of systemd.network.networks.*.ipv6SendRAConfig.
2074 ipv6PrefixDelegationConfig = mkOption {
2075 visible = false;
2076 apply = _: throw "The option `systemd.network.networks.*.ipv6PrefixDelegationConfig` has been replaced by `systemd.network.networks.*.ipv6SendRAConfig`.";
2077 };
2079 ipv6SendRAConfig = mkOption {
2080 default = {};
2081 example = { EmitDNS = true; Managed = true; OtherInformation = true; };
2082 type = types.addCheck (types.attrsOf unitOption) check.network.sectionIPv6SendRA;
2083 description = ''
2084 Each attribute in this set specifies an option in the
2085 `[IPv6SendRA]` section of the unit. See
2086 {manpage}`systemd.network(5)` for details.
2087 '';
2088 };
2090 ipv6PREF64Prefixes = mkOption {
2091 default = [];
2092 example = [ { Prefix = "64:ff9b::/96"; } ];
2093 type = types.listOf (mkSubsectionType "ipv6PREF64PrefixConfig" check.network.sectionIPv6PREF64Prefix);
2094 description = ''
2095 A list of IPv6PREF64Prefix sections to be added to the unit. See
2096 {manpage}`systemd.network(5)` for details.
2097 '';
2098 };
2100 dhcpServerStaticLeases = mkOption {
2101 default = [];
2102 example = [ { MACAddress = "65:43:4a:5b:d8:5f"; Address = "192.168.1.42"; } ];
2103 type = types.listOf (mkSubsectionType "dhcpServerStaticLeaseConfig" check.network.sectionDHCPServerStaticLease);
2104 description = ''
2105 A list of DHCPServerStaticLease sections to be added to the unit. See
2106 {manpage}`systemd.network(5)` for details.
2107 '';
2108 };
2110 ipv6Prefixes = mkOption {
2111 default = [];
2112 example = [ { AddressAutoconfiguration = true; OnLink = true; } ];
2113 type = types.listOf (mkSubsectionType "ipv6PrefixConfig" check.network.sectionIPv6Prefix);
2114 description = ''
2115 A list of ipv6Prefix sections to be added to the unit. See
2116 {manpage}`systemd.network(5)` for details.
2117 '';
2118 };
2120 ipv6RoutePrefixes = mkOption {
2121 default = [];
2122 example = [ { Route = "fd00::/64"; LifetimeSec = 3600; } ];
2123 type = types.listOf (mkSubsectionType "ipv6RoutePrefixConfig" check.network.sectionIPv6RoutePrefix);
2124 description = ''
2125 A list of ipv6RoutePrefix sections to be added to the unit. See
2126 {manpage}`systemd.network(5)` for details.
2127 '';
2128 };
2130 bridgeConfig = mkOption {
2131 default = {};
2132 example = { MulticastFlood = false; Cost = 20; };
2133 type = types.addCheck (types.attrsOf unitOption) check.network.sectionBridge;
2134 description = ''
2135 Each attribute in this set specifies an option in the
2136 `[Bridge]` section of the unit. See
2137 {manpage}`systemd.network(5)` for details.
2138 '';
2139 };
2141 bridgeFDBs = mkOption {
2142 default = [];
2143 example = [ { MACAddress = "90:e2:ba:43:fc:71"; Destination = "192.168.100.4"; VNI = 3600; } ];
2144 type = types.listOf (mkSubsectionType "bridgeFDBConfig" check.network.sectionBridgeFDB);
2145 description = ''
2146 A list of BridgeFDB sections to be added to the unit. See
2147 {manpage}`systemd.network(5)` for details.
2148 '';
2149 };
2151 bridgeMDBs = mkOption {
2152 default = [];
2153 example = [ { MulticastGroupAddress = "ff02::1:2:3:4"; VLANId = 10; } ];
2154 type = types.listOf (mkSubsectionType "bridgeMDBConfig" check.network.sectionBridgeMDB);
2155 description = ''
2156 A list of BridgeMDB sections to be added to the unit. See
2157 {manpage}`systemd.network(5)` for details.
2158 '';
2159 };
2161 lldpConfig = mkOption {
2162 default = {};
2163 example = { MUDURL = "https://things.example.org/product_abc123/v5"; };
2164 type = types.addCheck (types.attrsOf unitOption) check.network.sectionLLDP;
2165 description = ''
2166 Each attribute in this set specifies an option in the
2167 `[LLDP]` section of the unit. See
2168 {manpage}`systemd.network(5)` for details.
2169 '';
2170 };
2172 canConfig = mkOption {
2173 default = {};
2174 example = { };
2175 type = types.addCheck (types.attrsOf unitOption) check.network.sectionCAN;
2176 description = ''
2177 Each attribute in this set specifies an option in the
2178 `[CAN]` section of the unit. See
2179 {manpage}`systemd.network(5)` for details.
2180 '';
2181 };
2183 ipoIBConfig = mkOption {
2184 default = {};
2185 example = { };
2186 type = types.addCheck (types.attrsOf unitOption) check.network.sectionIPoIB;
2187 description = ''
2188 Each attribute in this set specifies an option in the
2189 `[IPoIB]` section of the unit. See
2190 {manpage}`systemd.network(5)` for details.
2191 '';
2192 };
2194 qdiscConfig = mkOption {
2195 default = {};
2196 example = { Parent = "ingress"; };
2197 type = types.addCheck (types.attrsOf unitOption) check.network.sectionQDisc;
2198 description = ''
2199 Each attribute in this set specifies an option in the
2200 `[QDisc]` section of the unit. See
2201 {manpage}`systemd.network(5)` for details.
2202 '';
2203 };
2205 networkEmulatorConfig = mkOption {
2206 default = {};
2207 example = { Parent = "ingress"; DelaySec = "20msec"; };
2208 type = types.addCheck (types.attrsOf unitOption) check.network.sectionNetworkEmulator;
2209 description = ''
2210 Each attribute in this set specifies an option in the
2211 `[NetworkEmulator]` section of the unit. See
2212 {manpage}`systemd.network(5)` for details.
2213 '';
2214 };
2216 tokenBucketFilterConfig = mkOption {
2217 default = {};
2218 example = { Parent = "ingress"; Rate = "100k"; };
2219 type = types.addCheck (types.attrsOf unitOption) check.network.sectionTokenBucketFilter;
2220 description = ''
2221 Each attribute in this set specifies an option in the
2222 `[TokenBucketFilter]` section of the unit. See
2223 {manpage}`systemd.network(5)` for details.
2224 '';
2225 };
2227 pieConfig = mkOption {
2228 default = {};
2229 example = { Parent = "ingress"; PacketLimit = "3847"; };
2230 type = types.addCheck (types.attrsOf unitOption) check.network.sectionPIE;
2231 description = ''
2232 Each attribute in this set specifies an option in the
2233 `[PIE]` section of the unit. See
2234 {manpage}`systemd.network(5)` for details.
2235 '';
2236 };
2238 flowQueuePIEConfig = mkOption {
2239 default = {};
2240 example = { Parent = "ingress"; PacketLimit = "3847"; };
2241 type = types.addCheck (types.attrsOf unitOption) check.network.sectionFlowQueuePIE;
2242 description = ''
2243 Each attribute in this set specifies an option in the
2244 `[FlowQueuePIE]` section of the unit. See
2245 {manpage}`systemd.network(5)` for details.
2246 '';
2247 };
2249 stochasticFairBlueConfig = mkOption {
2250 default = {};
2251 example = { Parent = "ingress"; PacketLimit = "3847"; };
2252 type = types.addCheck (types.attrsOf unitOption) check.network.sectionStochasticFairBlue;
2253 description = ''
2254 Each attribute in this set specifies an option in the
2255 `[StochasticFairBlue]` section of the unit. See
2256 {manpage}`systemd.network(5)` for details.
2257 '';
2258 };
2260 stochasticFairnessQueueingConfig = mkOption {
2261 default = {};
2262 example = { Parent = "ingress"; PerturbPeriodSec = "30"; };
2263 type = types.addCheck (types.attrsOf unitOption) check.network.sectionStochasticFairnessQueueing;
2264 description = ''
2265 Each attribute in this set specifies an option in the
2266 `[StochasticFairnessQueueing]` section of the unit. See
2267 {manpage}`systemd.network(5)` for details.
2268 '';
2269 };
2271 bfifoConfig = mkOption {
2272 default = {};
2273 example = { Parent = "ingress"; LimitBytes = "20K"; };
2274 type = types.addCheck (types.attrsOf unitOption) check.network.sectionBFIFO;
2275 description = ''
2276 Each attribute in this set specifies an option in the
2277 `[BFIFO]` section of the unit. See
2278 {manpage}`systemd.network(5)` for details.
2279 '';
2280 };
2282 pfifoConfig = mkOption {
2283 default = {};
2284 example = { Parent = "ingress"; PacketLimit = "300"; };
2285 type = types.addCheck (types.attrsOf unitOption) check.network.sectionPFIFO;
2286 description = ''
2287 Each attribute in this set specifies an option in the
2288 `[PFIFO]` section of the unit. See
2289 {manpage}`systemd.network(5)` for details.
2290 '';
2291 };
2293 pfifoHeadDropConfig = mkOption {
2294 default = {};
2295 example = { Parent = "ingress"; PacketLimit = "300"; };
2296 type = types.addCheck (types.attrsOf unitOption) check.network.sectionPFIFOHeadDrop;
2297 description = ''
2298 Each attribute in this set specifies an option in the
2299 `[PFIFOHeadDrop]` section of the unit. See
2300 {manpage}`systemd.network(5)` for details.
2301 '';
2302 };
2304 pfifoFastConfig = mkOption {
2305 default = {};
2306 example = { Parent = "ingress"; };
2307 type = types.addCheck (types.attrsOf unitOption) check.network.sectionPFIFOFast;
2308 description = ''
2309 Each attribute in this set specifies an option in the
2310 `[PFIFOFast]` section of the unit. See
2311 {manpage}`systemd.network(5)` for details.
2312 '';
2313 };
2315 cakeConfig = mkOption {
2316 default = {};
2317 example = { Bandwidth = "40M"; OverheadBytes = 8; CompensationMode = "ptm"; };
2318 type = types.addCheck (types.attrsOf unitOption) check.network.sectionCAKE;
2319 description = ''
2320 Each attribute in this set specifies an option in the
2321 `[CAKE]` section of the unit. See
2322 {manpage}`systemd.network(5)` for details.
2323 '';
2324 };
2326 controlledDelayConfig = mkOption {
2327 default = {};
2328 example = { Parent = "ingress"; TargetSec = "20msec"; };
2329 type = types.addCheck (types.attrsOf unitOption) check.network.sectionControlledDelay;
2330 description = ''
2331 Each attribute in this set specifies an option in the
2332 `[ControlledDelay]` section of the unit. See
2333 {manpage}`systemd.network(5)` for details.
2334 '';
2335 };
2337 deficitRoundRobinSchedulerConfig = mkOption {
2338 default = {};
2339 example = { Parent = "root"; };
2340 type = types.addCheck (types.attrsOf unitOption) check.network.sectionDeficitRoundRobinScheduler;
2341 description = ''
2342 Each attribute in this set specifies an option in the
2343 `[DeficitRoundRobinScheduler]` section of the unit. See
2344 {manpage}`systemd.network(5)` for details.
2345 '';
2346 };
2348 deficitRoundRobinSchedulerClassConfig = mkOption {
2349 default = {};
2350 example = { Parent = "root"; QuantumBytes = "300k"; };
2351 type = types.addCheck (types.attrsOf unitOption) check.network.sectionDeficitRoundRobinSchedulerClass;
2352 description = ''
2353 Each attribute in this set specifies an option in the
2354 `[DeficitRoundRobinSchedulerClass]` section of the unit. See
2355 {manpage}`systemd.network(5)` for details.
2356 '';
2357 };
2359 enhancedTransmissionSelectionConfig = mkOption {
2360 default = {};
2361 example = { Parent = "root"; QuantumBytes = "300k"; Bands = 3; PriorityMap = "100 200 300"; };
2362 type = types.addCheck (types.attrsOf unitOption) check.network.sectionEnhancedTransmissionSelection;
2363 description = ''
2364 Each attribute in this set specifies an option in the
2365 `[EnhancedTransmissionSelection]` section of the unit. See
2366 {manpage}`systemd.network(5)` for details.
2367 '';
2368 };
2370 genericRandomEarlyDetectionConfig = mkOption {
2371 default = {};
2372 example = { Parent = "root"; VirtualQueues = 5; DefaultVirtualQueue = 3; };
2373 type = types.addCheck (types.attrsOf unitOption) check.network.sectionGenericRandomEarlyDetection;
2374 description = ''
2375 Each attribute in this set specifies an option in the
2376 `[GenericRandomEarlyDetection]` section of the unit. See
2377 {manpage}`systemd.network(5)` for details.
2378 '';
2379 };
2381 fairQueueingControlledDelayConfig = mkOption {
2382 default = {};
2383 example = { Parent = "root"; Flows = 5; };
2384 type = types.addCheck (types.attrsOf unitOption) check.network.sectionFairQueueingControlledDelay;
2385 description = ''
2386 Each attribute in this set specifies an option in the
2387 `[FairQueueingControlledDelay]` section of the unit. See
2388 {manpage}`systemd.network(5)` for details.
2389 '';
2390 };
2392 fairQueueingConfig = mkOption {
2393 default = {};
2394 example = { Parent = "root"; FlowLimit = 5; };
2395 type = types.addCheck (types.attrsOf unitOption) check.network.sectionFairQueueing;
2396 description = ''
2397 Each attribute in this set specifies an option in the
2398 `[FairQueueing]` section of the unit. See
2399 {manpage}`systemd.network(5)` for details.
2400 '';
2401 };
2403 trivialLinkEqualizerConfig = mkOption {
2404 default = {};
2405 example = { Parent = "root"; Id = 0; };
2406 type = types.addCheck (types.attrsOf unitOption) check.network.sectionTrivialLinkEqualizer;
2407 description = ''
2408 Each attribute in this set specifies an option in the
2409 `[TrivialLinkEqualizer]` section of the unit. See
2410 {manpage}`systemd.network(5)` for details.
2411 '';
2412 };
2414 hierarchyTokenBucketConfig = mkOption {
2415 default = {};
2416 example = { Parent = "root"; };
2417 type = types.addCheck (types.attrsOf unitOption) check.network.sectionHierarchyTokenBucket;
2418 description = ''
2419 Each attribute in this set specifies an option in the
2420 `[HierarchyTokenBucket]` section of the unit. See
2421 {manpage}`systemd.network(5)` for details.
2422 '';
2423 };
2425 hierarchyTokenBucketClassConfig = mkOption {
2426 default = {};
2427 example = { Parent = "root"; Rate = "10M"; };
2428 type = types.addCheck (types.attrsOf unitOption) check.network.sectionHierarchyTokenBucketClass;
2429 description = ''
2430 Each attribute in this set specifies an option in the
2431 `[HierarchyTokenBucketClass]` section of the unit. See
2432 {manpage}`systemd.network(5)` for details.
2433 '';
2434 };
2436 heavyHitterFilterConfig = mkOption {
2437 default = {};
2438 example = { Parent = "root"; PacketLimit = 10000; };
2439 type = types.addCheck (types.attrsOf unitOption) check.network.sectionHeavyHitterFilter;
2440 description = ''
2441 Each attribute in this set specifies an option in the
2442 `[HeavyHitterFilter]` section of the unit. See
2443 {manpage}`systemd.network(5)` for details.
2444 '';
2445 };
2447 quickFairQueueingConfig = mkOption {
2448 default = {};
2449 example = { Parent = "root"; };
2450 type = types.addCheck (types.attrsOf unitOption) check.network.sectionQuickFairQueueing;
2451 description = ''
2452 Each attribute in this set specifies an option in the
2453 `[QuickFairQueueing]` section of the unit. See
2454 {manpage}`systemd.network(5)` for details.
2455 '';
2456 };
2458 quickFairQueueingConfigClass = mkOption {
2459 default = {};
2460 example = { Parent = "root"; Weight = 133; };
2461 type = types.addCheck (types.attrsOf unitOption) check.network.sectionQuickFairQueueingClass;
2462 description = ''
2463 Each attribute in this set specifies an option in the
2464 `[QuickFairQueueingClass]` section of the unit. See
2465 {manpage}`systemd.network(5)` for details.
2466 '';
2467 };
2469 bridgeVLANs = mkOption {
2470 default = [];
2471 example = [ { VLAN = "10-20"; } ];
2472 type = types.listOf (mkSubsectionType "bridgeVLANConfig" check.network.sectionBridgeVLAN);
2473 description = ''
2474 A list of BridgeVLAN sections to be added to the unit. See
2475 {manpage}`systemd.network(5)` for details.
2476 '';
2477 };
2479 name = mkOption {
2480 type = types.nullOr types.str;
2481 default = null;
2482 description = ''
2483 The name of the network interface to match against.
2484 '';
2485 };
2487 DHCP = mkOption {
2488 type = types.nullOr types.str;
2489 default = null;
2490 description = ''
2491 Whether to enable DHCP on the interfaces matched.
2492 '';
2493 };
2495 domains = mkOption {
2496 type = types.nullOr (types.listOf types.str);
2497 default = null;
2498 description = ''
2499 A list of domains to pass to the network config.
2500 '';
2501 };
2503 address = mkOption {
2504 default = [ ];
2505 type = types.listOf types.str;
2506 description = ''
2507 A list of addresses to be added to the network section of the
2508 unit. See {manpage}`systemd.network(5)` for details.
2509 '';
2510 };
2512 gateway = mkOption {
2513 default = [ ];
2514 type = types.listOf types.str;
2515 description = ''
2516 A list of gateways to be added to the network section of the
2517 unit. See {manpage}`systemd.network(5)` for details.
2518 '';
2519 };
2521 dns = mkOption {
2522 default = [ ];
2523 type = types.listOf types.str;
2524 description = ''
2525 A list of dns servers to be added to the network section of the
2526 unit. See {manpage}`systemd.network(5)` for details.
2527 '';
2528 };
2530 ntp = mkOption {
2531 default = [ ];
2532 type = types.listOf types.str;
2533 description = ''
2534 A list of ntp servers to be added to the network section of the
2535 unit. See {manpage}`systemd.network(5)` for details.
2536 '';
2537 };
2539 bridge = mkOption {
2540 default = [ ];
2541 type = types.listOf types.str;
2542 description = ''
2543 A list of bridge interfaces to be added to the network section of the
2544 unit. See {manpage}`systemd.network(5)` for details.
2545 '';
2546 };
2548 bond = mkOption {
2549 default = [ ];
2550 type = types.listOf types.str;
2551 description = ''
2552 A list of bond interfaces to be added to the network section of the
2553 unit. See {manpage}`systemd.network(5)` for details.
2554 '';
2555 };
2557 vrf = mkOption {
2558 default = [ ];
2559 type = types.listOf types.str;
2560 description = ''
2561 A list of vrf interfaces to be added to the network section of the
2562 unit. See {manpage}`systemd.network(5)` for details.
2563 '';
2564 };
2566 vlan = mkOption {
2567 default = [ ];
2568 type = types.listOf types.str;
2569 description = ''
2570 A list of vlan interfaces to be added to the network section of the
2571 unit. See {manpage}`systemd.network(5)` for details.
2572 '';
2573 };
2575 macvlan = mkOption {
2576 default = [ ];
2577 type = types.listOf types.str;
2578 description = ''
2579 A list of macvlan interfaces to be added to the network section of the
2580 unit. See {manpage}`systemd.network(5)` for details.
2581 '';
2582 };
2584 macvtap = mkOption {
2585 default = [ ];
2586 type = types.listOf types.str;
2587 description = ''
2588 A list of macvtap interfaces to be added to the network section of the
2589 unit. See {manpage}`systemd.network(5)` for details.
2590 '';
2591 };
2593 vxlan = mkOption {
2594 default = [ ];
2595 type = types.listOf types.str;
2596 description = ''
2597 A list of vxlan interfaces to be added to the network section of the
2598 unit. See {manpage}`systemd.network(5)` for details.
2599 '';
2600 };
2602 tunnel = mkOption {
2603 default = [ ];
2604 type = types.listOf types.str;
2605 description = ''
2606 A list of tunnel interfaces to be added to the network section of the
2607 unit. See {manpage}`systemd.network(5)` for details.
2608 '';
2609 };
2611 xfrm = mkOption {
2612 default = [ ];
2613 type = types.listOf types.str;
2614 description = ''
2615 A list of xfrm interfaces to be added to the network section of the
2616 unit. See {manpage}`systemd.network(5)` for details.
2617 '';
2618 };
2620 addresses = mkOption {
2621 default = [ ];
2622 example = [ { Address = "192.168.0.100/24"; } ];
2623 type = types.listOf (mkSubsectionType "addressConfig" check.network.sectionAddress);
2624 description = ''
2625 A list of address sections to be added to the unit. See
2626 {manpage}`systemd.network(5)` for details.
2627 '';
2628 };
2630 routingPolicyRules = mkOption {
2631 default = [ ];
2632 example = [ { Table = 10; IncomingInterface = "eth1"; Family = "both"; } ];
2633 type = types.listOf (mkSubsectionType "routingPolicyRuleConfig" check.network.sectionRoutingPolicyRule);
2634 description = ''
2635 A list of routing policy rules sections to be added to the unit. See
2636 {manpage}`systemd.network(5)` for details.
2637 '';
2638 };
2640 routes = mkOption {
2641 default = [ ];
2642 example = [ { Gateway = "192.168.0.1"; } ];
2643 type = types.listOf (mkSubsectionType "routeConfig" check.network.sectionRoute);
2644 description = ''
2645 A list of route sections to be added to the unit. See
2646 {manpage}`systemd.network(5)` for details.
2647 '';
2648 };
2650 };
2652 networkConfig = { config, ... }: {
2653 config = {
2654 matchConfig = optionalAttrs (config.name != null) {
2655 Name = config.name;
2656 };
2657 networkConfig = optionalAttrs (config.DHCP != null) {
2658 DHCP = config.DHCP;
2659 } // optionalAttrs (config.domains != null) {
2660 Domains = concatStringsSep " " config.domains;
2661 };
2662 };
2663 };
2665 networkdConfig = { config, ... }: {
2666 options = {
2667 routeTables = mkOption {
2668 default = {};
2669 example = { foo = 27; };
2670 type = with types; attrsOf int;
2671 description = ''
2672 Defines route table names as an attrset of name to number.
2673 See {manpage}`networkd.conf(5)` for details.
2674 '';
2675 };
2677 addRouteTablesToIPRoute2 = mkOption {
2678 default = true;
2679 example = false;
2680 type = types.bool;
2681 description = ''
2682 If true and routeTables are set, then the specified route tables
2683 will also be installed into /etc/iproute2/rt_tables.
2684 '';
2685 };
2686 };
2688 config = {
2689 networkConfig = optionalAttrs (config.routeTables != { }) {
2690 RouteTable = mapAttrsToList
2691 (name: number: "${name}:${toString number}")
2692 config.routeTables;
2693 };
2694 };
2695 };
2697 renderConfig = def:
2698 { text = ''
2699 [Network]
2700 ${attrsToSection def.networkConfig}
2701 ''
2702 + optionalString (def.dhcpV4Config != { }) ''
2703 [DHCPv4]
2704 ${attrsToSection def.dhcpV4Config}
2705 ''
2706 + optionalString (def.dhcpV6Config != { }) ''
2707 [DHCPv6]
2708 ${attrsToSection def.dhcpV6Config}
2709 ''; };
2711 mkUnitFiles = prefix: cfg: listToAttrs (map (name: {
2712 name = "${prefix}systemd/network/${name}";
2713 value.source = "${cfg.units.${name}.unit}/${name}";
2714 }) (attrNames cfg.units));
2716 commonOptions = visible: {
2718 enable = mkOption {
2719 default = false;
2720 type = types.bool;
2721 description = ''
2722 Whether to enable networkd or not.
2723 '';
2724 };
2726 links = mkOption {
2727 default = {};
2728 inherit visible;
2729 type = with types; attrsOf (submodule [ { options = linkOptions; } ]);
2730 description = "Definition of systemd network links.";
2731 };
2733 netdevs = mkOption {
2734 default = {};
2735 inherit visible;
2736 type = with types; attrsOf (submodule [ { options = netdevOptions; } ]);
2737 description = "Definition of systemd network devices.";
2738 };
2740 networks = mkOption {
2741 default = {};
2742 inherit visible;
2743 type = with types; attrsOf (submodule [ { options = networkOptions; } networkConfig ]);
2744 description = "Definition of systemd networks.";
2745 };
2747 config = mkOption {
2748 default = {};
2749 inherit visible;
2750 type = with types; submodule [ { options = networkdOptions; } networkdConfig ];
2751 description = "Definition of global systemd network config.";
2752 };
2754 units = mkOption {
2755 description = "Definition of networkd units.";
2756 default = {};
2757 internal = true;
2758 type = with types; attrsOf (submodule (
2759 { name, config, ... }:
2760 { options = mapAttrs (_: x: x // { internal = true; }) concreteUnitOptions;
2761 config = {
2762 unit = mkDefault (makeUnit name config);
2763 };
2764 }));
2765 };
2767 wait-online = {
2768 enable = mkOption {
2769 type = types.bool;
2770 default = true;
2771 example = false;
2772 description = ''
2773 Whether to enable the systemd-networkd-wait-online service.
2775 systemd-networkd-wait-online can timeout and fail if there are no network interfaces
2776 available for it to manage. When systemd-networkd is enabled but a different service is
2777 responsible for managing the system's internet connection (for example, NetworkManager or
2778 connman are used to manage WiFi connections), this service is unnecessary and can be
2779 disabled.
2780 '';
2781 };
2782 anyInterface = mkOption {
2783 description = ''
2784 Whether to consider the network online when any interface is online, as opposed to all of them.
2785 This is useful on portable machines with a wired and a wireless interface, for example.
2787 This is on by default if {option}`networking.useDHCP` is enabled.
2788 '';
2789 type = types.bool;
2790 defaultText = "config.networking.useDHCP";
2791 default = config.networking.useDHCP;
2792 };
2794 ignoredInterfaces = mkOption {
2795 description = ''
2796 Network interfaces to be ignored when deciding if the system is online.
2797 '';
2798 type = with types; listOf str;
2799 default = [];
2800 example = [ "wg0" ];
2801 };
2803 timeout = mkOption {
2804 description = ''
2805 Time to wait for the network to come online, in seconds. Set to 0 to disable.
2806 '';
2807 type = types.ints.unsigned;
2808 default = 120;
2809 example = 0;
2810 };
2812 extraArgs = mkOption {
2813 description = ''
2814 Extra command-line arguments to pass to systemd-networkd-wait-online.
2815 These also affect per-interface `systemd-network-wait-online@` services.
2817 See {manpage}`systemd-networkd-wait-online.service(8)` for all available options.
2818 '';
2819 type = with types; listOf str;
2820 default = [];
2821 };
2822 };
2824 };
2826 commonConfig = config: let
2827 cfg = config.systemd.network;
2828 mkUnit = f: def: { inherit (def) enable; text = f def; };
2829 in mkMerge [
2831 # .link units are honored by udev, no matter if systemd-networkd is enabled or not.
2832 {
2833 systemd.network.units = mapAttrs' (n: v: nameValuePair "${n}.link" (mkUnit linkToUnit v)) cfg.links;
2835 systemd.network.wait-online.extraArgs =
2836 [ "--timeout=${toString cfg.wait-online.timeout}" ]
2837 ++ optional cfg.wait-online.anyInterface "--any"
2838 ++ map (i: "--ignore=${i}") cfg.wait-online.ignoredInterfaces;
2839 }
2841 (mkIf config.systemd.network.enable {
2843 systemd.network.units = mapAttrs' (n: v: nameValuePair "${n}.netdev" (mkUnit netdevToUnit v)) cfg.netdevs
2844 // mapAttrs' (n: v: nameValuePair "${n}.network" (mkUnit networkToUnit v)) cfg.networks;
2846 # systemd-networkd is socket-activated by kernel netlink route change
2847 # messages. It is important to have systemd buffer those on behalf of
2848 # networkd.
2849 systemd.sockets.systemd-networkd.wantedBy = [ "sockets.target" ];
2851 systemd.services.systemd-networkd-wait-online = {
2852 inherit (cfg.wait-online) enable;
2853 wantedBy = [ "network-online.target" ];
2854 serviceConfig.ExecStart = [
2855 ""
2856 "${config.systemd.package}/lib/systemd/systemd-networkd-wait-online ${utils.escapeSystemdExecArgs cfg.wait-online.extraArgs}"
2857 ];
2858 };
2860 systemd.services."systemd-networkd-wait-online@" = {
2861 serviceConfig.ExecStart = [
2862 ""
2863 "${config.systemd.package}/lib/systemd/systemd-networkd-wait-online -i %i ${utils.escapeSystemdExecArgs cfg.wait-online.extraArgs}"
2864 ];
2865 };
2867 })
2868 ];
2870 stage2Config = let
2871 cfg = config.systemd.network;
2872 unitFiles = mkUnitFiles "" cfg;
2873 in mkMerge [
2874 (commonConfig config)
2876 { environment.etc = unitFiles; }
2878 (mkIf config.systemd.network.enable {
2880 users.users.systemd-network.group = "systemd-network";
2882 systemd.additionalUpstreamSystemUnits = [
2883 "systemd-networkd-wait-online.service"
2884 "systemd-networkd-wait-online@.service"
2885 "systemd-networkd.service"
2886 "systemd-networkd.socket"
2887 "systemd-networkd-persistent-storage.service"
2888 ];
2890 environment.etc."systemd/networkd.conf" = renderConfig cfg.config;
2892 systemd.services.systemd-networkd = let
2893 isReloadableUnitFileName = unitFileName: strings.hasSuffix ".network" unitFileName;
2894 reloadableUnitFiles = attrsets.filterAttrs (k: v: isReloadableUnitFileName k) unitFiles;
2895 nonReloadableUnitFiles = attrsets.filterAttrs (k: v: !isReloadableUnitFileName k) unitFiles;
2896 unitFileSources = unitFiles: map (x: x.source) (attrValues unitFiles);
2897 in {
2898 wantedBy = [ "multi-user.target" ];
2899 reloadTriggers = unitFileSources reloadableUnitFiles;
2900 restartTriggers = unitFileSources nonReloadableUnitFiles ++ [
2901 config.environment.etc."systemd/networkd.conf".source
2902 ];
2903 aliases = [ "dbus-org.freedesktop.network1.service" ];
2904 notSocketActivated = true;
2905 stopIfChanged = false;
2906 };
2908 networking.iproute2 = mkIf (cfg.config.addRouteTablesToIPRoute2 && cfg.config.routeTables != { }) {
2909 enable = mkDefault true;
2910 rttablesExtraConfig = ''
2912 # Extra tables defined in NixOS systemd.networkd.config.routeTables.
2913 ${concatStringsSep "\n" (mapAttrsToList (name: number: "${toString number} ${name}") cfg.config.routeTables)}
2914 '';
2915 };
2917 services.resolved.enable = mkDefault true;
2919 })
2920 ];
2922 stage1Options = {
2923 options.boot.initrd.systemd.network.networks = mkOption {
2924 type = with types; attrsOf (submodule {
2925 # Default in initrd is dhcp-on-stop, which is correct if flushBeforeStage2 = false
2926 config = mkIf config.boot.initrd.network.flushBeforeStage2 {
2927 networkConfig.KeepConfiguration = mkDefault false;
2928 };
2929 });
2930 };
2931 };
2933 stage1Config = let
2934 cfg = config.boot.initrd.systemd.network;
2935 in mkMerge [
2936 (commonConfig config.boot.initrd)
2938 {
2939 systemd.network.enable = mkDefault config.boot.initrd.network.enable;
2940 systemd.contents = mkUnitFiles "/etc/" cfg;
2942 # Networkd link files are used early by udev to set up interfaces early.
2943 # This must be done in stage 1 to avoid race conditions between udev and
2944 # network daemons.
2945 systemd.network.units = lib.filterAttrs (n: _: hasSuffix ".link" n) config.systemd.network.units;
2946 systemd.storePaths = ["${config.boot.initrd.systemd.package}/lib/systemd/network/99-default.link"];
2947 }
2949 (mkIf cfg.enable {
2951 # For networkctl
2952 systemd.dbus.enable = mkDefault true;
2954 systemd.additionalUpstreamUnits = [
2955 "systemd-networkd-wait-online.service"
2956 "systemd-networkd.service"
2957 "systemd-networkd.socket"
2958 "systemd-network-generator.service"
2959 "network-online.target"
2960 "network-pre.target"
2961 "network.target"
2962 "nss-lookup.target"
2963 "nss-user-lookup.target"
2964 "remote-fs-pre.target"
2965 "remote-fs.target"
2966 ];
2967 systemd.users.systemd-network = {};
2968 systemd.groups.systemd-network = {};
2970 systemd.contents."/etc/systemd/networkd.conf" = renderConfig cfg.config;
2972 systemd.services.systemd-networkd = {
2973 wantedBy = [ "initrd.target" ];
2974 };
2975 systemd.sockets.systemd-networkd = {
2976 wantedBy = [ "initrd.target" ];
2977 };
2979 systemd.services.systemd-network-generator.wantedBy = [ "sysinit.target" ];
2981 systemd.storePaths = [
2982 "${config.boot.initrd.systemd.package}/lib/systemd/systemd-networkd"
2983 "${config.boot.initrd.systemd.package}/lib/systemd/systemd-networkd-wait-online"
2984 "${config.boot.initrd.systemd.package}/lib/systemd/systemd-network-generator"
2985 ];
2986 kernelModules = [ "af_packet" ];
2988 })
2989 ];
2991 in
2993 {
2994 imports = [ stage1Options ];
2996 options = {
2997 systemd.network = commonOptions true;
2998 boot.initrd.systemd.network = commonOptions "shallow";
2999 };
3001 config = mkMerge [
3002 stage2Config
3003 (mkIf config.boot.initrd.systemd.enable {
3004 assertions = [{
3005 assertion = !config.boot.initrd.network.udhcpc.enable && config.boot.initrd.network.udhcpc.extraArgs == [];
3006 message = ''
3007 systemd stage 1 networking does not support 'boot.initrd.network.udhcpc'. Configure
3008 DHCP with 'networking.*' options or with 'boot.initrd.systemd.network' options.
3009 '';
3010 }];
3012 boot.initrd = stage1Config;
3013 })
3014 ];
3015 }