nixos/networkd: get rid of *Config attributes in lists

  in if errors == [] then true

     else trace (concatStringsSep "\n" errors) false;

  checkUnitConfigWithLegacyKey = legacyKey: group: checks: attrs:

    let

      dump = lib.generators.toPretty { }

        (lib.generators.withRecursion { depthLimit = 2; throwOnDepthLimit = false; } attrs);

      attrs' =

        if legacyKey == null

          then attrs

        else if ! attrs?${legacyKey}

          then attrs

        else if removeAttrs attrs [ legacyKey ] == {}

          then attrs.${legacyKey}

        else throw ''

          The declaration

          ${dump}

          must not mix unit options with the legacy key '${legacyKey}'.

          This can be fixed by moving all settings from within ${legacyKey}

          one level up.

        '';

    in

    checkUnitConfig group checks attrs';

  toOption = x:

    if x == true then "true"

    else if x == false then "false"

      ${attrsToSection def.l2tpConfig}

    '' + flip concatMapStrings def.l2tpSessions (x: ''

      [L2TPSession]

      ${attrsToSection x.l2tpSessionConfig}

      ${attrsToSection x}

    '') + optionalString (def.wireguardConfig != { }) ''

      [WireGuard]

      ${attrsToSection def.wireguardConfig}

    '' + flip concatMapStrings def.wireguardPeers (x: ''

      [WireGuardPeer]

      ${attrsToSection x.wireguardPeerConfig}

      ${attrsToSection x}

    '') + optionalString (def.bondConfig != { }) ''

      [Bond]

      ${attrsToSection def.bondConfig}

      ${concatStringsSep "\n" (map (s: "Xfrm=${s}") def.xfrm)}

    '' + "\n" + flip concatMapStrings def.addresses (x: ''

      [Address]

      ${attrsToSection x.addressConfig}

      ${attrsToSection x}

    '') + flip concatMapStrings def.routingPolicyRules (x: ''

      [RoutingPolicyRule]

      ${attrsToSection x.routingPolicyRuleConfig}

      ${attrsToSection x}

    '') + flip concatMapStrings def.routes (x: ''

      [Route]

      ${attrsToSection x.routeConfig}

      ${attrsToSection x}

    '') + optionalString (def.dhcpV4Config != { }) ''

      [DHCPv4]

      ${attrsToSection def.dhcpV4Config}

      ${attrsToSection def.ipv6SendRAConfig}

    '' + flip concatMapStrings def.ipv6Prefixes (x: ''

      [IPv6Prefix]

      ${attrsToSection x.ipv6PrefixConfig}

      ${attrsToSection x}

    '') + flip concatMapStrings def.ipv6RoutePrefixes (x: ''

      [IPv6RoutePrefix]

      ${attrsToSection x.ipv6RoutePrefixConfig}

      ${attrsToSection x}

    '') + flip concatMapStrings def.dhcpServerStaticLeases (x: ''

      [DHCPServerStaticLease]

      ${attrsToSection x.dhcpServerStaticLeaseConfig}

      ${attrsToSection x}

    '') + optionalString (def.bridgeConfig != { }) ''

      [Bridge]

      ${attrsToSection def.bridgeConfig}

    '' + flip concatMapStrings def.bridgeFDBs (x: ''

      [BridgeFDB]

      ${attrsToSection x.bridgeFDBConfig}

      ${attrsToSection x}

    '') + flip concatMapStrings def.bridgeMDBs (x: ''

      [BridgeMDB]

      ${attrsToSection x.bridgeMDBConfig}

      ${attrsToSection x}

    '') + optionalString (def.lldpConfig != { }) ''

      [LLDP]

      ${attrsToSection def.lldpConfig}

      ${attrsToSection def.quickFairQueueingConfigClass}

    '' + flip concatMapStrings def.bridgeVLANs (x: ''

      [BridgeVLAN]

      ${attrsToSection x.bridgeVLANConfig}

      ${attrsToSection x}

    '') + def.extraConfig;

}

            relevant = config.systemd.network.enable;

            root = config.systemd.network.netdevs;

            peer = (x: x.wireguardPeers);

            key = (x: if x.wireguardPeerConfig ? PublicKey then x.wireguardPeerConfig.PublicKey else null);

            description = "${options.systemd.network.netdevs}.\"<name>\".wireguardPeers.*.wireguardPeerConfig.PublicKey";

            key = x: x.PublicKey or null;

            description = "${options.systemd.network.netdevs}.\"<name>\".wireguardPeers.*.PublicKey";

          }

          {

            relevant = config.networking.wireguard.enable;

        (assertValueOneOf "UDP6ZeroChecksumRx" boolValues)

      ];

      sectionL2TPSession = checkUnitConfig "L2TPSession" [

      sectionL2TPSession = checkUnitConfigWithLegacyKey "l2tpSessionConfig" "L2TPSession" [

        (assertOnlyFields [

          "Name"

          "SessionId"

      # NOTE The PresharedKey directive is missing on purpose here, please

      # do not add it to this list. The nix store is world-readable,let's

      # refrain ourselves from providing a footgun.

      sectionWireGuardPeer = checkUnitConfig "WireGuardPeer" [

      sectionWireGuardPeer = checkUnitConfigWithLegacyKey "wireguardPeerConfig" "WireGuardPeer" [

        (assertOnlyFields [

          "PublicKey"

          "PresharedKeyFile"

        (assertValueOneOf "KeepConfiguration" (boolValues ++ ["static" "dhcp-on-stop" "dhcp"]))

      ];

      sectionAddress = checkUnitConfig "Address" [

      sectionAddress = checkUnitConfigWithLegacyKey "addressConfig" "Address" [

        (assertOnlyFields [

          "Address"

          "Peer"

        (assertValueOneOf "AutoJoin" boolValues)

      ];

      sectionRoutingPolicyRule = checkUnitConfig "RoutingPolicyRule" [

      sectionRoutingPolicyRule = checkUnitConfigWithLegacyKey "routingPolicyRuleConfig" "RoutingPolicyRule" [

        (assertOnlyFields [

          "TypeOfService"

          "From"

        (assertRange "SuppressInterfaceGroup" 0 2147483647)

      ];

      sectionRoute = checkUnitConfig "Route" [

      sectionRoute = checkUnitConfigWithLegacyKey "routeConfig" "Route" [

        (assertOnlyFields [

          "Gateway"

          "GatewayOnLink"

        (assertValueOneOf "EmitDomains" boolValues)

      ];

      sectionIPv6Prefix = checkUnitConfig "IPv6Prefix" [

      sectionIPv6Prefix = checkUnitConfigWithLegacyKey "ipv6PrefixConfig" "IPv6Prefix" [

        (assertOnlyFields [

          "AddressAutoconfiguration"

          "OnLink"

        (assertValueOneOf "Assign" boolValues)

      ];

      sectionIPv6RoutePrefix = checkUnitConfig "IPv6RoutePrefix" [

      sectionIPv6RoutePrefix = checkUnitConfigWithLegacyKey "ipv6RoutePrefixConfig" "IPv6RoutePrefix" [

        (assertOnlyFields [

          "Route"

          "LifetimeSec"

        (assertInt "LifetimeSec")

      ];

      sectionDHCPServerStaticLease = checkUnitConfig "DHCPServerStaticLease" [

      sectionDHCPServerStaticLease = checkUnitConfigWithLegacyKey "dhcpServerStaticLeaseConfig" "DHCPServerStaticLease" [

        (assertOnlyFields [

          "MACAddress"

          "Address"

        (assertRange "Priority" 0 63)

      ];

      sectionBridgeFDB = checkUnitConfig "BridgeFDB" [

      sectionBridgeFDB = checkUnitConfigWithLegacyKey "bridgeFDBConfig" "BridgeFDB" [

        (assertOnlyFields [

          "MACAddress"

          "Destination"

        (assertValueOneOf "AssociatedWith" [ "use" "self" "master" "router" ])

      ];

      sectionBridgeMDB = checkUnitConfig "BridgeMDB" [

      sectionBridgeMDB = checkUnitConfigWithLegacyKey "bridgeMDBConfig" "BridgeMDB" [

        (assertOnlyFields [

          "MulticastGroupAddress"

          "VLANId"

        (assertRange "Weight" 1 1023)

      ];

      sectionBridgeVLAN = checkUnitConfig "BridgeVLAN" [

      sectionBridgeVLAN = checkUnitConfigWithLegacyKey "bridgeVLANConfig" "BridgeVLAN" [

        (assertOnlyFields [

          "VLAN"

          "EgressUntagged"

  };

  l2tpSessionOptions = {

    options = {

      l2tpSessionConfig = mkOption {

        default = {};

        type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionL2TPSession;

        description = ''

          Each attribute in this set specifies an option in the

          `[L2TPSession]` section of the unit.  See

          {manpage}`systemd.netdev(5)` for details.

        '';

      };

    };

  };

  wireguardPeerOptions = {

    options = {

      wireguardPeerConfig = mkOption {

        default = {};

        type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionWireGuardPeer;

        description = ''

          Each attribute in this set specifies an option in the

          `[WireGuardPeer]` section of the unit.  See

          {manpage}`systemd.netdev(5)` for details.

        '';

      };

    };

  mkSubsectionType = oldKey: checkF:

    let

      type = types.addCheck (types.attrsOf unitOption) checkF;

    in type // {

      merge = loc: defs:

        let

          final = type.merge loc defs;

        in

        if final?${oldKey}

          then warn

            "Using '${oldKey}' is deprecated! Move all attributes inside one level up and remove it."

            final.${oldKey}

        else

          final;

    };

  netdevOptions = commonNetworkOptions // {

    l2tpSessions = mkOption {

      default = [];

      example = [ { l2tpSessionConfig={

      example = [ {

        SessionId = 25;

        PeerSessionId = 26;

        Name = "l2tp-sess";

      };}];

      type = with types; listOf (submodule l2tpSessionOptions);

      }];

      type = types.listOf (mkSubsectionType "l2tpSessionConfig" check.netdev.sectionL2TPSession);

      description = ''

        Each item in this array specifies an option in the

        `[L2TPSession]` section of the unit. See

    wireguardPeers = mkOption {

      default = [];

      example = [ { wireguardPeerConfig={

      example = [ {

        Endpoint = "192.168.1.1:51820";

        PublicKey = "27s0OvaBBdHoJYkH9osZpjpgSOVNw+RaKfboT/Sfq0g=";

        PresharedKeyFile = "/etc/wireguard/psk.key";

        AllowedIPs = [ "10.0.0.1/32" ];

        PersistentKeepalive = 15;

      };}];

      type = with types; listOf (submodule wireguardPeerOptions);

      } ];

      type = types.listOf (mkSubsectionType "wireguardPeerConfig" check.netdev.sectionWireGuardPeer);

      description = ''

        Each item in this array specifies an option in the

        `[WireGuardPeer]` section of the unit. See

  };

  addressOptions = {

    options = {

      addressConfig = mkOption {

        example = { Address = "192.168.0.100/24"; };

        type = types.addCheck (types.attrsOf unitOption) check.network.sectionAddress;

        description = ''

          Each attribute in this set specifies an option in the

          `[Address]` section of the unit.  See

          {manpage}`systemd.network(5)` for details.

        '';

      };

    };

  };

  routingPolicyRulesOptions = {

    options = {

      routingPolicyRuleConfig = mkOption {

        default = { };

        example = { Table = 10; IncomingInterface = "eth1"; Family = "both"; };

        type = types.addCheck (types.attrsOf unitOption) check.network.sectionRoutingPolicyRule;

        description = ''

          Each attribute in this set specifies an option in the

          `[RoutingPolicyRule]` section of the unit.  See

          {manpage}`systemd.network(5)` for details.

        '';

      };

    };

  };

  routeOptions = {

    options = {

      routeConfig = mkOption {

        default = {};

        example = { Gateway = "192.168.0.1"; };

        type = types.addCheck (types.attrsOf unitOption) check.network.sectionRoute;

        description = ''

          Each attribute in this set specifies an option in the

          `[Route]` section of the unit.  See

          {manpage}`systemd.network(5)` for details.

        '';

      };

    };

  };

  ipv6PrefixOptions = {

    options = {

      ipv6PrefixConfig = mkOption {

        default = {};

        example = { Prefix = "fd00::/64"; };

        type = types.addCheck (types.attrsOf unitOption) check.network.sectionIPv6Prefix;

        description = ''

          Each attribute in this set specifies an option in the

          `[IPv6Prefix]` section of the unit.  See

          {manpage}`systemd.network(5)` for details.

        '';

      };

    };

  };

  ipv6RoutePrefixOptions = {

    options = {

      ipv6RoutePrefixConfig = mkOption {

        default = {};

        example = { Route = "fd00::/64"; };

        type = types.addCheck (types.attrsOf unitOption) check.network.sectionIPv6RoutePrefix;

        description = ''

          Each attribute in this set specifies an option in the

          `[IPv6RoutePrefix]` section of the unit.  See

          {manpage}`systemd.network(5)` for details.

        '';

      };

    };

  };

  dhcpServerStaticLeaseOptions = {

    options = {

      dhcpServerStaticLeaseConfig = mkOption {

        default = {};

        example = { MACAddress = "65:43:4a:5b:d8:5f"; Address = "192.168.1.42"; };

        type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPServerStaticLease;

        description = ''

          Each attribute in this set specifies an option in the

          `[DHCPServerStaticLease]` section of the unit.  See

          {manpage}`systemd.network(5)` for details.

          Make sure to configure the corresponding client interface to use

          `ClientIdentifier=mac`.

        '';

      };

    };

  };

  bridgeFDBOptions = {

    options = {

      bridgeFDBConfig = mkOption {

        default = {};

        example = { MACAddress = "65:43:4a:5b:d8:5f"; Destination = "192.168.1.42"; VNI = 20; };

        type = types.addCheck (types.attrsOf unitOption) check.network.sectionBridgeFDB;

        description = ''

          Each attribute in this set specifies an option in the

          `[BridgeFDB]` section of the unit.  See

          {manpage}`systemd.network(5)` for details.

        '';

      };

    };

  };

  bridgeMDBOptions = {

    options = {

      bridgeMDBConfig = mkOption {

        default = {};

        example = { MulticastGroupAddress = "ff02::1:2:3:4"; VLANId = 10; };

        type = types.addCheck (types.attrsOf unitOption) check.network.sectionBridgeMDB;

        description = ''

          Each attribute in this set specifies an option in the

          `[BridgeMDB]` section of the unit.  See

          {manpage}`systemd.network(5)` for details.

        '';

      };

    };

  };

  bridgeVLANOptions = {

    options = {

      bridgeVLANConfig = mkOption {

        default = {};

        example = { VLAN = 20; };

        type = types.addCheck (types.attrsOf unitOption) check.network.sectionBridgeVLAN;

        description = ''

          Each attribute in this set specifies an option in the

          `[BridgeVLAN]` section of the unit.  See

          {manpage}`systemd.network(5)` for details.

        '';

      };

    };

  };

  networkOptions = commonNetworkOptions // {

    linkConfig = mkOption {

    dhcpServerStaticLeases = mkOption {

      default = [];

      example = [ { dhcpServerStaticLeaseConfig = { MACAddress = "65:43:4a:5b:d8:5f"; Address = "192.168.1.42"; }; } ];

      type = with types; listOf (submodule dhcpServerStaticLeaseOptions);

      example = [ { MACAddress = "65:43:4a:5b:d8:5f"; Address = "192.168.1.42"; } ];

      type = types.listOf (mkSubsectionType "dhcpServerStaticLeaseConfig" check.network.sectionDHCPServerStaticLease);

      description = ''

        A list of DHCPServerStaticLease sections to be added to the unit.  See

        {manpage}`systemd.network(5)` for details.

    ipv6Prefixes = mkOption {

      default = [];

      example = [ { ipv6PrefixConfig = { AddressAutoconfiguration = true; OnLink = true; }; } ];

      type = with types; listOf (submodule ipv6PrefixOptions);

      example = [ { AddressAutoconfiguration = true; OnLink = true; } ];

      type = types.listOf (mkSubsectionType "ipv6PrefixConfig" check.network.sectionIPv6Prefix);

      description = ''

        A list of ipv6Prefix sections to be added to the unit.  See

        {manpage}`systemd.network(5)` for details.

    ipv6RoutePrefixes = mkOption {

      default = [];

      example = [ { ipv6RoutePrefixConfig = { Route = "fd00::/64"; LifetimeSec = 3600; }; } ];

      type = with types; listOf (submodule ipv6RoutePrefixOptions);

      example = [ { Route = "fd00::/64"; LifetimeSec = 3600; } ];

      type = types.listOf (mkSubsectionType "ipv6RoutePrefixConfig" check.network.sectionIPv6RoutePrefix);

      description = ''

        A list of ipv6RoutePrefix sections to be added to the unit.  See

        {manpage}`systemd.network(5)` for details.

    bridgeFDBs = mkOption {

      default = [];

      example = [ { bridgeFDBConfig = { MACAddress = "90:e2:ba:43:fc:71"; Destination = "192.168.100.4"; VNI = 3600; }; } ];

      type = with types; listOf (submodule bridgeFDBOptions);

      example = [ { MACAddress = "90:e2:ba:43:fc:71"; Destination = "192.168.100.4"; VNI = 3600; } ];

      type = types.listOf (mkSubsectionType "bridgeFDBConfig" check.network.sectionBridgeFDB);

      description = ''

        A list of BridgeFDB sections to be added to the unit.  See

        {manpage}`systemd.network(5)` for details.

    bridgeMDBs = mkOption {

      default = [];

      example = [ { bridgeMDBConfig = { MulticastGroupAddress = "ff02::1:2:3:4"; VLANId = 10; } ; } ];

      type = with types; listOf (submodule bridgeMDBOptions);

      example = [ { MulticastGroupAddress = "ff02::1:2:3:4"; VLANId = 10; } ];

      type = types.listOf (mkSubsectionType "bridgeMDBConfig" check.network.sectionBridgeMDB);

      description = ''

        A list of BridgeMDB sections to be added to the unit.  See

        {manpage}`systemd.network(5)` for details.

    bridgeVLANs = mkOption {

      default = [];

      example = [ { bridgeVLANConfig = { VLAN = "10-20"; }; } ];

      type = with types; listOf (submodule bridgeVLANOptions);

      example = [ { VLAN = "10-20"; } ];

      type = types.listOf (mkSubsectionType "bridgeVLANConfig" check.network.sectionBridgeVLAN);

      description = ''

        A list of BridgeVLAN sections to be added to the unit.  See

        {manpage}`systemd.network(5)` for details.

    addresses = mkOption {

      default = [ ];

      type = with types; listOf (submodule addressOptions);

      example = [ { Address = "192.168.0.100/24"; } ];

      type = types.listOf (mkSubsectionType "addressConfig" check.network.sectionAddress);

      description = ''

        A list of address sections to be added to the unit.  See

        {manpage}`systemd.network(5)` for details.

    routingPolicyRules = mkOption {

      default = [ ];

      type = with types; listOf (submodule routingPolicyRulesOptions);

      example = [ { Table = 10; IncomingInterface = "eth1"; Family = "both"; } ];

      type = types.listOf (mkSubsectionType "routingPolicyRuleConfig" check.network.sectionRoutingPolicyRule);

      description = ''

        A list of routing policy rules sections to be added to the unit.  See

        {manpage}`systemd.network(5)` for details.

    routes = mkOption {

      default = [ ];

      type = with types; listOf (submodule routeOptions);

      example = [ { Gateway = "192.168.0.1"; } ];

      type = types.listOf (mkSubsectionType "routeConfig" check.network.sectionRoute);

      description = ''

        A list of route sections to be added to the unit.  See

        {manpage}`systemd.network(5)` for details.

    optionalAttrs (gateway != null && gateway.interface != null) {

      networks."40-${gateway.interface}" = {

        matchConfig.Name = gateway.interface;

        routes = [{

          routeConfig = {

        routes = [

          ({

            Gateway = gateway.address;

          } // optionalAttrs (gateway.metric != null) {

            Metric = gateway.metric;

          };

        }];

          })

        ];

      };

    }

  ));

      address = forEach (interfaceIps i)

        (ip: "${ip.address}/${toString ip.prefixLength}");

      routes = forEach (interfaceRoutes i)

        (route: {

        (route:

          # Most of these route options have not been tested.

          # Please fix or report any mistakes you may find.

          routeConfig =

          optionalAttrs (route.address != null && route.prefixLength != null) {

            Destination = "${route.address}/${toString route.prefixLength}";

          } //

          } //

          optionalAttrs (route.options ? ttl-propagate) {

            TTLPropagate = route.options.ttl-propagate == "enabled";

            };

          });

      networkConfig.IPv6PrivacyExtensions = "kernel";

      linkConfig = optionalAttrs (i.macAddress != null) {