AtaraxiaDev/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
nixos-config/modules/nixos/networking/networkd.nix

148 lines
3.3 KiB
Nix
Raw Normal View History

feat: network module for configuring networkd with bridge support
2025-03-10 18:44:16 +03:00
{
config,
lib,
pkgs,
...
}:
let
feat: change module import method
2025-06-07 17:07:22 +03:00
inherit (builtins) concatLists filter;
feat: network module for configuring networkd with bridge support
2025-03-10 18:44:16 +03:00
inherit (lib)
feat: change module import method
2025-06-07 17:07:22 +03:00
getExe
feat: network module for configuring networkd with bridge support
2025-03-10 18:44:16 +03:00
mkDefault
mkEnableOption
mkForce
mkIf
mkOption
;
inherit (lib.types)
bool
listOf
nullOr
str
feat: change module import method
2025-06-07 17:07:22 +03:00
submodule
feat: network module for configuring networkd with bridge support
2025-03-10 18:44:16 +03:00
;
feat: change module import method
2025-06-07 17:07:22 +03:00
cfg = config.ataraxia.networkd;
ipAddressType = submodule {
options = {
address = mkOption {
type = str;
};
gateway = mkOption {
type = nullOr str;
default = null;
};
dns = mkOption {
type = listOf str;
default = [ ];
};
gatewayOnLink = mkEnableOption "Enable GatewayOnLink";
};
};
feat: network module for configuring networkd with bridge support
2025-03-10 18:44:16 +03:00
in
{
feat: change module import method
2025-06-07 17:07:22 +03:00
options.ataraxia.networkd = {
feat: network module for configuring networkd with bridge support
2025-03-10 18:44:16 +03:00
enable = mkEnableOption "Enable systemd-networkd bridged network";
feat: change module import method
2025-06-07 17:07:22 +03:00
disableIPv6 = mkEnableOption "Enable IPv6";
feat: network module for configuring networkd with bridge support
2025-03-10 18:44:16 +03:00
domain = mkOption {
type = nullOr str;
default = null;
};
ifname = mkOption {
type = str;
};
mac = mkOption {
type = str;
};
feat: change module import method
2025-06-07 17:07:22 +03:00
# TODO: implement disabling bridge
feat: network module for configuring networkd with bridge support
2025-03-10 18:44:16 +03:00
bridge = {
enable = mkOption {
type = bool;
default = true;
};
name = mkOption {
type = str;
default = "br0";
};
};
feat: change module import method
2025-06-07 17:07:22 +03:00
ipv4 = mkOption {
type = listOf ipAddressType;
default = [ ];
feat: network module for configuring networkd with bridge support
2025-03-10 18:44:16 +03:00
};
feat: change module import method
2025-06-07 17:07:22 +03:00
ipv6 = mkOption {
type = listOf ipAddressType;
default =
if !cfg.disableIPv6 then
[
{
address = "fc00::1/64";
}
]
else
[ ];
feat: network module for configuring networkd with bridge support
2025-03-10 18:44:16 +03:00
};
};
config = mkIf cfg.enable {
services.resolved.enable = true;
networking = {
dhcpcd.enable = false;
feat: change module import method
2025-06-07 17:07:22 +03:00
domain = cfg.domain;
enableIPv6 = !cfg.disableIPv6;
feat: network module for configuring networkd with bridge support
2025-03-10 18:44:16 +03:00
nftables.enable = true;
useDHCP = false;
feat: change module import method
2025-06-07 17:07:22 +03:00
useNetworkd = true;
feat: network module for configuring networkd with bridge support
2025-03-10 18:44:16 +03:00
usePredictableInterfaceNames = mkForce true;
firewall = {
enable = true;
allowedTCPPorts = mkDefault [ ];
allowedUDPPorts = mkDefault [ ];
};
};
systemd.network = {
enable = true;
wait-online.ignoredInterfaces = [ "lo" ];
netdevs = {
"20-${cfg.bridge.name}" = {
netdevConfig = {
Kind = "bridge";
Name = cfg.bridge.name;
MACAddress = cfg.mac;
};
};
};
networks = {
"30-${cfg.ifname}" = {
matchConfig.Name = cfg.ifname;
linkConfig.RequiredForOnline = "enslaved";
networkConfig.Bridge = cfg.bridge.name;
networkConfig.DHCP = "no";
};
"40-${cfg.bridge.name}" = {
matchConfig.Name = cfg.bridge.name;
feat: change module import method
2025-06-07 17:07:22 +03:00
address = map (ip: ip.address) (cfg.ipv4 ++ cfg.ipv6);
dns = concatLists (map (ip: ip.dns) (cfg.ipv4 ++ cfg.ipv6));
feat: network module for configuring networkd with bridge support
2025-03-10 18:44:16 +03:00
networkConfig.LinkLocalAddressing = "no";
linkConfig.RequiredForOnline = "routable";
routes =
feat: change module import method
2025-06-07 17:07:22 +03:00
let
filteredRoutes = filter (ip: ip.gateway != null) (cfg.ipv4 ++ cfg.ipv6);
routes = map (x: {
Gateway = x.gateway;
GatewayOnLink = x.gatewayOnLink;
}) filteredRoutes;
in
routes;
feat: network module for configuring networkd with bridge support
2025-03-10 18:44:16 +03:00
};
};
};
system.activationScripts.udp-gro-forwarding = mkIf cfg.bridge.enable {
text = ''
feat: change module import method
2025-06-07 17:07:22 +03:00
${getExe pkgs.ethtool} -K ${cfg.bridge.name} rx-udp-gro-forwarding on rx-gro-list off
feat: network module for configuring networkd with bridge support
2025-03-10 18:44:16 +03:00
'';
};
};
}
Reference in New Issue Copy Permalink