diff options
| author | Félix Baylac-Jacqué <felix@alternativebit.fr> | 2020-02-29 18:17:27 +0100 |
|---|---|---|
| committer | Florian Klink <flokli@flokli.de> | 2020-03-01 14:52:36 -0800 |
| commit | 611d765b76d7e97f2618cb04a5d1c1604496cac9 (patch) | |
| tree | ed38bbb3f9ad9d7701ed83bc867d323d132fb8cf /nixos/modules/system/boot | |
| parent | 0a8af284e50ceac53fc65bba196c91a55f2d794c (diff) | |
| download | nixpkgs-611d765b76d7e97f2618cb04a5d1c1604496cac9.tar nixpkgs-611d765b76d7e97f2618cb04a5d1c1604496cac9.tar.gz nixpkgs-611d765b76d7e97f2618cb04a5d1c1604496cac9.tar.bz2 nixpkgs-611d765b76d7e97f2618cb04a5d1c1604496cac9.tar.lz nixpkgs-611d765b76d7e97f2618cb04a5d1c1604496cac9.tar.xz nixpkgs-611d765b76d7e97f2618cb04a5d1c1604496cac9.tar.zst nixpkgs-611d765b76d7e97f2618cb04a5d1c1604496cac9.zip | |
nixos/networkd: Add the RoutingPolicyRule-related options
Diffstat (limited to 'nixos/modules/system/boot')
| -rw-r--r-- | nixos/modules/system/boot/networkd.nix | 46 | ||||
| -rw-r--r-- | nixos/modules/system/boot/systemd-lib.nix | 5 |
2 files changed, 51 insertions, 0 deletions
diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index a77dbc609f4..44550b2f09c 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -235,6 +235,21 @@ let (assertValueOneOf "AutoJoin" boolValues) ]; + checkRoutingPolicyRule = checkUnitConfig "RoutingPolicyRule" [ + (assertOnlyFields [ + "TypeOfService" "From" "To" "FirewallMark" "Table" "Priority" + "IncomingInterface" "OutgoingInterface" "SourcePort" "DestinationPort" + "IPProtocol" "InvertRule" "Family" + ]) + (assertRange "TypeOfService" 0 255) + (assertRange "FirewallMark" 1 4294967295) + (assertInt "Priority") + (assertPort "SourcePort") + (assertPort "DestinationPort") + (assertValueOneOf "InvertRule" boolValues) + (assertValueOneOf "Family" ["ipv4" "ipv6" "both"]) + ]; + checkRoute = checkUnitConfig "Route" [ (assertOnlyFields [ "Gateway" "GatewayOnLink" "Destination" "Source" "Metric" @@ -535,6 +550,22 @@ let }; }; + routingPolicyRulesOptions = { + options = { + routingPolicyRuleConfig = mkOption { + default = { }; + example = { routingPolicyRuleConfig = { Table = 10; IncomingInterface = "eth1"; } ;}; + type = types.addCheck (types.attrsOf unitOption) checkRoutingPolicyRule; + description = '' + Each attribute in this set specifies an option in the + <literal>[RoutingPolicyRule]</literal> section of the unit. See + <citerefentry><refentrytitle>systemd.network</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> for details. + ''; + }; + }; + }; + routeOptions = { options = { routeConfig = mkOption { @@ -772,6 +803,16 @@ let ''; }; + routingPolicyRules = mkOption { + default = [ ]; + type = with types; listOf (submodule routingPolicyRulesOptions); + description = '' + A list of routing policy rules sections to be added to the unit. See + <citerefentry><refentrytitle>systemd.network</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> for details. + ''; + }; + routes = mkOption { default = [ ]; type = with types; listOf (submodule routeOptions); @@ -929,6 +970,11 @@ let ${attrsToSection x.routeConfig} '')} + ${flip concatMapStrings def.routingPolicyRules (x: '' + [RoutingPolicyRule] + ${attrsToSection x.routingPolicyRuleConfig} + + '')} ${def.extraConfig} ''; }; diff --git a/nixos/modules/system/boot/systemd-lib.nix b/nixos/modules/system/boot/systemd-lib.nix index fd1a5b9f62c..a3360291586 100644 --- a/nixos/modules/system/boot/systemd-lib.nix +++ b/nixos/modules/system/boot/systemd-lib.nix @@ -59,6 +59,11 @@ in rec { optional (attr ? ${name} && ! isMacAddress attr.${name}) "Systemd ${group} field `${name}' must be a valid mac address."; + isPort = i: i >= 0 && i <= 65535; + + assertPort = name: group: attr: + optional (attr ? ${name} && ! isPort attr.${name}) + "Error on the systemd ${group} field `${name}': ${attr.name} is not a valid port number."; assertValueOneOf = name: values: group: attr: optional (attr ? ${name} && !elem attr.${name} values) |