diff options
author | Robin Gloster <mail@glob.in> | 2019-09-23 16:37:58 +0200 |
---|---|---|
committer | Robin Gloster <mail@glob.in> | 2019-09-24 10:20:16 +0200 |
commit | c26c6241eae93985c33590401fda971d7574c136 (patch) | |
tree | 1f8817c8c1420940050eb0cff117ff6595eb985c /nixos | |
parent | 5426932f7c664a8765d6904af20ef21310e95d4f (diff) | |
download | nixpkgs-c26c6241eae93985c33590401fda971d7574c136.tar nixpkgs-c26c6241eae93985c33590401fda971d7574c136.tar.gz nixpkgs-c26c6241eae93985c33590401fda971d7574c136.tar.bz2 nixpkgs-c26c6241eae93985c33590401fda971d7574c136.tar.lz nixpkgs-c26c6241eae93985c33590401fda971d7574c136.tar.xz nixpkgs-c26c6241eae93985c33590401fda971d7574c136.tar.zst nixpkgs-c26c6241eae93985c33590401fda971d7574c136.zip |
networking.useDHCP: disallow for networkd
This setting will be removed with the switch to systemd-networkd. The use of per interface config is encouraged instead.
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/tasks/network-interfaces-systemd.nix | 12 | ||||
-rw-r--r-- | nixos/tests/networking.nix | 23 | ||||
-rw-r--r-- | nixos/tests/predictable-interface-names.nix | 1 | ||||
-rw-r--r-- | nixos/tests/systemd-networkd-wireguard.nix | 1 |
4 files changed, 28 insertions, 9 deletions
diff --git a/nixos/modules/tasks/network-interfaces-systemd.nix b/nixos/modules/tasks/network-interfaces-systemd.nix index 34e27066715..605d00de58f 100644 --- a/nixos/modules/tasks/network-interfaces-systemd.nix +++ b/nixos/modules/tasks/network-interfaces-systemd.nix @@ -38,6 +38,12 @@ in } { assertion = cfg.defaultGateway6 == null || cfg.defaultGateway6.interface == null; message = "networking.defaultGateway6.interface is not supported by networkd."; + } { + assertion = cfg.useDHCP == false; + message = '' + networking.useDHCP is not supported by networkd. + Please use per interface configuration and set the global option to false. + ''; } ] ++ flip mapAttrsToList cfg.bridges (n: { rstp, ... }: { assertion = !rstp; message = "networking.bridges.${n}.rstp is not supported by networkd."; @@ -56,9 +62,7 @@ in genericNetwork = override: let gateway = optional (cfg.defaultGateway != null) cfg.defaultGateway.address ++ optional (cfg.defaultGateway6 != null) cfg.defaultGateway6.address; - in { - DHCP = override (dhcpStr cfg.useDHCP); - } // optionalAttrs (gateway != [ ]) { + in optionalAttrs (gateway != [ ]) { routes = override [ { routeConfig = { @@ -97,7 +101,7 @@ in networks."40-${i.name}" = mkMerge [ (genericNetwork mkDefault) { name = mkDefault i.name; DHCP = mkForce (dhcpStr - (if i.useDHCP != null then i.useDHCP else cfg.useDHCP && interfaceIps i == [ ])); + (if i.useDHCP != null then i.useDHCP else false)); address = forEach (interfaceIps i) (ip: "${ip.address}/${toString ip.prefixLength}"); networkConfig.IPv6PrivacyExtensions = "kernel"; diff --git a/nixos/tests/networking.nix b/nixos/tests/networking.nix index 7452768033a..f12a5fc9ae5 100644 --- a/nixos/tests/networking.nix +++ b/nixos/tests/networking.nix @@ -72,6 +72,7 @@ let testCases = { loopback = { name = "Loopback"; + machine.networking.useDHCP = false; machine.networking.useNetworkd = networkd; testScript = '' startAll; @@ -139,14 +140,16 @@ let virtualisation.vlans = [ 1 2 ]; networking = { useNetworkd = networkd; - useDHCP = true; + useDHCP = false; interfaces.eth1 = { ipv4.addresses = mkOverride 0 [ ]; ipv6.addresses = mkOverride 0 [ ]; + useDHCP = true; }; interfaces.eth2 = { ipv4.addresses = mkOverride 0 [ ]; ipv6.addresses = mkOverride 0 [ ]; + useDHCP = true; }; }; }; @@ -320,13 +323,19 @@ let virtualisation.vlans = [ 1 ]; networking = { useNetworkd = networkd; + useDHCP = false; firewall.logReversePathDrops = true; # to debug firewall rules # reverse path filtering rules for the macvlan interface seem # to be incorrect, causing the test to fail. Disable temporarily. firewall.checkReversePath = false; - useDHCP = true; macvlans.macvlan.interface = "eth1"; - interfaces.eth1.ipv4.addresses = mkOverride 0 [ ]; + interfaces.eth1 = { + ipv4.addresses = mkOverride 0 [ ]; + useDHCP = true; + }; + interfaces.macvlan = { + useDHCP = true; + }; }; }; testScript = { ... }: @@ -440,6 +449,7 @@ let virtual = { name = "Virtual"; machine = { + networking.useNetworkd = networkd; networking.interfaces.tap0 = { ipv4.addresses = [ { address = "192.168.1.1"; prefixLength = 24; } ]; ipv6.addresses = [ { address = "2001:1470:fffd:2096::"; prefixLength = 64; } ]; @@ -489,6 +499,7 @@ let boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = true; networking = { useNetworkd = networkd; + useDHCP = false; interfaces.eth1.ipv6.addresses = singleton { address = "fd00:1234:5678:1::1"; prefixLength = 64; @@ -514,11 +525,12 @@ let virtualisation.vlans = [ 1 ]; networking = { useNetworkd = networkd; - useDHCP = true; + useDHCP = false; interfaces.eth1 = { preferTempAddress = true; ipv4.addresses = mkOverride 0 [ ]; ipv6.addresses = mkOverride 0 [ ]; + useDHCP = true; }; }; }; @@ -526,11 +538,12 @@ let virtualisation.vlans = [ 1 ]; networking = { useNetworkd = networkd; - useDHCP = true; + useDHCP = false; interfaces.eth1 = { preferTempAddress = false; ipv4.addresses = mkOverride 0 [ ]; ipv6.addresses = mkOverride 0 [ ]; + useDHCP = true; }; }; }; diff --git a/nixos/tests/predictable-interface-names.nix b/nixos/tests/predictable-interface-names.nix index 85047f66f23..194b4dafa77 100644 --- a/nixos/tests/predictable-interface-names.nix +++ b/nixos/tests/predictable-interface-names.nix @@ -16,6 +16,7 @@ in pkgs.lib.listToAttrs (pkgs.lib.crossLists (predictable: withNetworkd: { networking.usePredictableInterfaceNames = lib.mkForce predictable; networking.useNetworkd = withNetworkd; networking.dhcpcd.enable = !withNetworkd; + networking.useDHCP = !withNetworkd; }; testScript = '' diff --git a/nixos/tests/systemd-networkd-wireguard.nix b/nixos/tests/systemd-networkd-wireguard.nix index f1ce1e791ce..aa0ac54e796 100644 --- a/nixos/tests/systemd-networkd-wireguard.nix +++ b/nixos/tests/systemd-networkd-wireguard.nix @@ -2,6 +2,7 @@ let generateNodeConf = { lib, pkgs, config, privkpath, pubk, peerId, nodeId, ... imports = [ common/user-account.nix ]; systemd.services.systemd-networkd.environment.SYSTEMD_LOG_LEVEL = "debug"; networking.useNetworkd = true; + networking.useDHCP = false; networking.firewall.enable = false; virtualisation.vlans = [ 1 ]; environment.systemPackages = with pkgs; [ wireguard-tools ]; |