| Commit message (Collapse) | Author | Age |
|
|
|
| |
'bcachefs' is included in the linux kernel since 6.7-rc1
|
| |
|
|\ |
|
| | |
|
|\| |
|
| | |
|
|\| |
|
| |\
| | |
| | |
| | |
| | | |
ElvishJerricco/systemd-stage-1-bcachefs-decryption
systemd-stage-1: bcachefs decryption
|
| | | |
|
|\| | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When using iproute2's ip binary, you can omit the dev parameter, e.g. ip link set up eth0 instead of ip link set up dev eth0.
This breaks if for some reason your device is named e.g. he, hel, … because it is interpreted as ip link set up help.
I just encountered this bug using networking.bridges trying to create an interface named he.
I used a grep on nixpkgs to try to find iproute2 invocations using variables without the dev keyword, and found a few, and fixed them by providing the dev keyword.
I merely fixed what I found, but the use of abbreviated commands makes it a bit hard to be sure everything has been found (e.g. ip l set … up instead of ip link set … up).
|
|\| | |
|
| | |
| | |
| | |
| | | |
needs nettools in path
|
|\| | |
|
| |\ \
| | | |
| | | |
| | | |
| | | | |
ElvishJerricco/systemd-stage-1-filesystems-encrypted
systemd-stage-1: Enable more encrypted installer tests
|
| | | | |
|
|\| | | |
|
| |\ \ \
| | | | |
| | | | | |
Replace simple activationScripts
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The hostname is already set by systemd
https://www.freedesktop.org/software/systemd/man/latest/hostname.html#Hostname%20semantics
Create a separate service that registers the domainname.
|
|\| | | | |
|
| | |/ /
| |/| | |
|
|\| | | |
|
| |\ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
ElvishJerricco/systemd-stage-1-zfs-sysusr-dependency
systemd 254: ZFS /usr fix with systemd-stage-1
|
| | | | | |
|
|\| | | | |
|
| |\ \ \ \
| | |_|/ /
| |/| | |
| | | | |
| | | | | |
ElvishJerricco/systemd-stage-1-specific-fs-packages
systemd-stage-1: Use specific fs packages
|
| | | |/
| | |/| |
|
|\| | | |
|
| |\ \ \
| | |/ /
| |/| | |
nixos/network-interfaces: stop wrapping ping with cap_net_raw
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
From systemd 243 release note[1]:
This release enables unprivileged programs (i.e. requiring neither
setuid nor file capabilities) to send ICMP Echo (i.e. ping) requests
by turning on the "net.ipv4.ping_group_range" sysctl of the Linux
kernel for the whole UNIX group range, i.e. all processes.
So this wrapper is not needed any more.
See also [2] and [3].
This patch also removes:
- apparmor profiles in NixOS for ping itself and the wrapped one
- other references for the wrapped ping
[1]: https://github.com/systemd/systemd/blob/8e2d9d40b33bc8e8f5d3479fb075d3fab32a4184/NEWS#L6457-L6464
[2]: https://github.com/systemd/systemd/pull/13141
[3]: https://fedoraproject.org/wiki/Changes/EnableSysctlPingGroupRange
|
|\| | | |
|
| |\ \ \
| | | | |
| | | | | |
nixos/network-interfaces-systemd: support and require defaultGateway.interface
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The logic for configuring a gateway without an interface specified adds
a route with Gateway= to *every interface* configured by NixOS for
networkd. This leads to nonsensical configurations like the following:
[Network]
DHCP=no
Address=192.168.0.1/24
[Route]
Gateway=10.0.0.1
GatewayOnLink=false
We remove this logic and make defaultGateway.interface required to
configure a default gateway when using networkd.
We can ignore the removal of GatewayOnLink because systemd defaults it
to "no" anyway.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
When interface and address are both specified, we can set Gateway= on
the named interface. The existing logic assumes interface is not set
(since it's guarded by assertion) so we now disable it when interface
has a value.
As a bonus, we now support the defaultGateway.metric option when
interface is set.
|
|\| | | | |
|
| |\ \ \ \
| | | | | |
| | | | | | |
nixos/network-interfaces-systemd: fix DHCP setting
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
The networkd backend logic for setting DHCP= on an interface is bugged
and inconsistent with the scripted logic. Consider this simple NixOS
configuration:
{
networking.useNetworkd = true;
networking.interfaces.eth0.wakeOnLan.enable = true;
}
The default value of networking.useDHCP is true, so we expect our eth0
interface to have DHCP enabled. With the scripted backend, this works.
But the networkd backend generates the following 40-eth0.network file:
[Match]
Name=eth0
[Network]
DHCP=no
IPv6PrivacyExtensions=kernel
This is happening because the wakeOnLan configuration creates a key in
networking.interfaces, and the networkd backend erroneously checks that
instead of for explicitly configured IP addresses as in the scripted
backend. The documentation is also inconsistent across various options.
This change aligns the networkd backend and option documentation to the
actual behavior of the scripted backend, and updates a test to account
for this behavior for both backends.
|
|\| | | | | |
|
| |\ \ \ \ \
| | | | | | |
| | | | | | | |
nixos/network-interfaces-systemd: fix WakeOnLan
|
| | | | | | | |
|
| | | |/ / /
| | |/| | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
WakeOnLan= was configured when using the scripted backend but not the
networkd backend. The other link options are set in the .network file
when using networkd, but WakeOnLan= is only available in a .link file.
|
|\| | | | | |
|
| |\ \ \ \ \
| | |/ / / /
| |/| | | | |
nixos/networking: warn when both networkd and dhcpcd can collide
|
| | | |/ /
| | |/| | |
|
|\| | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Conflicts:
pkgs/top-level/linux-kernels.nix
|
| |\ \ \ \
| | |_|/ /
| |/| | | |
nixos/network-interfaces-systemd: don't set network-level domains
|
| | | |/
| | |/|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
systemd.network(5) describes Domains= as a "list of domains which should
be resolved using the DNS servers on this link." This setting is read by
systemd-resolved.service, and it's used to configure both search domains
and DNS query routing.
Adding the search domains from `networking.search` is unnecessary
because these are already configured globally in `resolved.conf` through
the default value of `services.resolved.domains`.
Adding the system's `networking.domain` to each network is unexpected
and probably incorrect. A user may not expect that the domain is in
effect automatically added to the search domains even if not specified
in `networking.search`.
Both of these network-level assignments are problematic in cases where
the NixOS networkd module is not managing every interface on the system.
In that scenario, the managed interfaces will have Domains= set while
the others do not. That will cause systemd-resolved to route DNS queries
for the search domains and the system domain to only those managed
interfaces.
|
|\| | | |
|
| |\ \ \
| | | | |
| | | | | |
Fix: WakeOnLan policy
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Adds an option to configure a custom WakeOnLan policy instead of the
hard-coded "magic" policy. To ensure compatibility with current
behavior, "magic" is kept as default.
|