Unverified Commit 7ddf2675 authored by Florian Klink's avatar Florian Klink Committed by GitHub
Browse files

nixos/network-interfaces: Add iplvan support (#493244)

parents 0d2e8a14 40b42e9f

nixos/doc/manual/release-notes/rl-2605.section.md

+2 −0
Original line number Diff line number Diff line
@@ -235,6 +235,8 @@ See <https://github.com/NixOS/nixpkgs/issues/481673>. 


- `services.openssh` now supports generating host SSH keys by setting `services.openssh.generateHostKeys = true` while leaving `services.openssh.enable` disabled.  This is particularly useful for systems that have no need of an SSH daemon but want SSH host keys for other purposes such as using agenix or sops-nix.



- IPVLAN interfaces can now be configured through the `networking.ipvlans` option in the networking module.



- `services.caddy` now supports setting `httpPort` and `httpsPort` and opening them in the firewall via `openFirewall`.



- The latest available version of Nextcloud is v33 (available as `pkgs.nextcloud33`). The installation logic is as follows:

nixos/lib/systemd-network-units.nix

+3 −0
Original line number Diff line number Diff line
@@ -153,6 +153,9 @@ in 
    + optionalString (def.macvlan != [ ]) ''

      ${concatStringsSep "\n" (map (s: "MACVLAN=${s}") def.macvlan)}

    ''

    + optionalString (def.ipvlan != [ ]) ''

      ${concatStringsSep "\n" (map (s: "IPVLAN=${s}") def.ipvlan)}

    ''

    + optionalString (def.macvtap != [ ]) ''

      ${concatStringsSep "\n" (map (s: "MACVTAP=${s}") def.macvtap)}

    ''

nixos/modules/system/boot/networkd.nix

+9 −0
Original line number Diff line number Diff line
@@ -3037,6 +3037,15 @@ let 
      '';

    };



    ipvlan = mkOption {

      default = [ ];

      type = types.listOf types.str;

      description = ''

        A list of ipvlan interfaces to be added to the network section of the

        unit.  See {manpage}`systemd.network(5)` for details.

      '';

    };



    macvtap = mkOption {

      default = [ ];

      type = types.listOf types.str;

nixos/modules/tasks/network-interfaces-scripted.nix

+36 −0
Original line number Diff line number Diff line
@@ -21,6 +21,7 @@ let 
      attrValues cfg.vswitches

    )

    ++ concatMap (i: [ i.interface ]) (attrValues cfg.macvlans)

    ++ concatMap (i: [ i.interface ]) (attrValues cfg.ipvlans)

    ++ concatMap (i: [ i.interface ]) (attrValues cfg.vlans);



  # We must escape interfaces due to the systemd interpretation
@@ -106,6 +107,7 @@ let 
            || (hasAttr dev cfg.bridges)

            || (hasAttr dev cfg.bonds)

            || (hasAttr dev cfg.macvlans)

            || (hasAttr dev cfg.ipvlans)

            || (hasAttr dev cfg.sits)

            || (hasAttr dev cfg.ipips)

            || (hasAttr dev cfg.vlans)
@@ -590,6 +592,39 @@ let 
            }

          );



        createIpvlanDevice =

          n: v:

          nameValuePair "${n}-netdev" (

            let

              deps = deviceDependency v.interface;

            in

            {

              description = "IPVLAN Interface ${n}";

              wantedBy = [

                "network.target"

                "network-setup.service"

                (subsystemDevice n)

              ];

              bindsTo = deps;

              after = [ "network-pre.target" ] ++ deps;

              before = [ "network-setup.service" ];

              serviceConfig.Type = "oneshot";

              serviceConfig.RemainAfterExit = true;

              path = [ pkgs.iproute2 ];

              script = ''

                # Remove Dead Interfaces

                ip link show dev "${n}" >/dev/null 2>&1 && ip link delete dev "${n}"

                ip link add link "${v.interface}" name "${n}" type ipvlan \

                  ${optionalString (v.mode != null) "mode ${v.mode}"} \

                  ${optionalString (v.flags != null) "${v.flags}"}

                ip link set dev "${n}" up

              '';

              postStop = ''

                ip link delete dev "${n}" || true

              '';

            }

          );



        createFouEncapsulation =

          n: v:

          nameValuePair "${n}-fou-encap" (
@@ -803,6 +838,7 @@ let 
      // mapAttrs' createVswitchDevice cfg.vswitches

      // mapAttrs' createBondDevice cfg.bonds

      // mapAttrs' createMacvlanDevice cfg.macvlans

      // mapAttrs' createIpvlanDevice cfg.ipvlans

      // mapAttrs' createFouEncapsulation cfg.fooOverUDP

      // mapAttrs' createSitDevice cfg.sits

      // mapAttrs' createIpipDevice cfg.ipips

nixos/modules/tasks/network-interfaces-systemd.nix

+18 −0
Original line number Diff line number Diff line
@@ -396,6 +396,24 @@ in 
            }

          )

        ))

        (mkMerge (

          flip mapAttrsToList cfg.ipvlans (

            name: ipvlan: {

              netdevs."40-${name}" = {

                netdevConfig = {

                  Name = name;

                  Kind = "ipvlan";

                };

                ipvlanConfig =

                  optionalAttrs (ipvlan.mode != null) { Mode = lib.toUpper ipvlan.mode; }

                  // optionalAttrs (ipvlan.flags != null) { Flags = ipvlan.flags; };

              };

              networks."40-${ipvlan.interface}" = {

                ipvlan = [ name ];

              };

            }

          )

        ))

        (mkMerge (

          flip mapAttrsToList cfg.fooOverUDP (

            name: fou: {