nixpkgs/nixos/modules/services/networking/flannel.nix

{
  config,
  lib,
  pkgs,
  ...
}:
let
  cfg = config.services.flannel;

  networkConfig =
    (lib.filterAttrs (n: v: v != null) {
      Network = cfg.network;
      SubnetLen = cfg.subnetLen;
      SubnetMin = cfg.subnetMin;
      SubnetMax = cfg.subnetMax;
      Backend = cfg.backend;
    })
    // cfg.extraNetworkConfig;
in
{
  options.services.flannel = {
    enable = lib.mkEnableOption "flannel";

    package = lib.mkPackageOption pkgs "flannel" { };

    publicIp = lib.mkOption {
      description = ''
        IP accessible by other nodes for inter-host communication.
        Defaults to the IP of the interface being used for communication.
      '';
      type = lib.types.nullOr lib.types.str;
      default = null;
    };

    iface = lib.mkOption {
      description = ''
        Interface to use (IP or name) for inter-host communication.
        Defaults to the interface for the default route on the machine.
      '';
      type = lib.types.nullOr lib.types.str;
      default = null;
    };

    etcd = {
      endpoints = lib.mkOption {
        description = "Etcd endpoints";
        type = lib.types.listOf lib.types.str;
        default = [ "http://127.0.0.1:2379" ];
      };

      prefix = lib.mkOption {
        description = "Etcd key prefix";
        type = lib.types.str;
        default = "/coreos.com/network";
      };

      caFile = lib.mkOption {
        description = "Etcd certificate authority file";
        type = lib.types.nullOr lib.types.path;
        default = null;
      };

      certFile = lib.mkOption {
        description = "Etcd cert file";
        type = lib.types.nullOr lib.types.path;
        default = null;
      };

      keyFile = lib.mkOption {
        description = "Etcd key file";
        type = lib.types.nullOr lib.types.path;
        default = null;
      };
    };

    kubeconfig = lib.mkOption {
      description = ''
        Path to kubeconfig to use for storing flannel config using the
        Kubernetes API
      '';
      type = lib.types.nullOr lib.types.path;
      default = null;
    };

    network = lib.mkOption {
      description = " IPv4 network in CIDR format to use for the entire flannel network.";
      type = lib.types.str;
    };

    nodeName = lib.mkOption {
      description = ''
        Needed when running with Kubernetes as backend as this cannot be auto-detected";
      '';
      type = lib.types.nullOr lib.types.str;
      default = config.networking.fqdnOrHostName;
      defaultText = lib.literalExpression "config.networking.fqdnOrHostName";
      example = "node1.example.com";
    };

    storageBackend = lib.mkOption {
      description = "Determines where flannel stores its configuration at runtime";
      type = lib.types.enum [
        "etcd"
        "kubernetes"
      ];
      default = "etcd";
    };

    subnetLen = lib.mkOption {
      description = ''
        The size of the subnet allocated to each host. Defaults to 24 (i.e. /24)
        unless the Network was configured to be smaller than a /24 in which case
        it is one less than the network.
      '';
      type = lib.types.int;
      default = 24;
    };

    subnetMin = lib.mkOption {
      description = ''
        The beginning of IP range which the subnet allocation should start with.
        Defaults to the first subnet of Network.
      '';
      type = lib.types.nullOr lib.types.str;
      default = null;
    };

    subnetMax = lib.mkOption {
      description = ''
        The end of IP range which the subnet allocation should start with.
        Defaults to the last subnet of Network.
      '';
      type = lib.types.nullOr lib.types.str;
      default = null;
    };

    backend = lib.mkOption {
      description = "Type of backend to use and specific configurations for that backend.";
      type = lib.types.attrs;
      default = {
        Type = "vxlan";
      };
    };

    extraNetworkConfig = lib.mkOption {
      description = "Extra configuration to be added to the net-conf.json/etcd-backed network configuration.";
      type = (pkgs.formats.json { }).type;
      default = { };
      example = {
        EnableIPv6 = true;
      };
    };
  };

  config = lib.mkIf cfg.enable {
    systemd.services.flannel = {
      description = "Flannel Service";
      wantedBy = [ "multi-user.target" ];
      after = [ "network.target" ];
      environment =
        {
          FLANNELD_PUBLIC_IP = cfg.publicIp;
          FLANNELD_IFACE = cfg.iface;
        }
        // lib.optionalAttrs (cfg.storageBackend == "etcd") {
          FLANNELD_ETCD_ENDPOINTS = lib.concatStringsSep "," cfg.etcd.endpoints;
          FLANNELD_ETCD_KEYFILE = cfg.etcd.keyFile;
          FLANNELD_ETCD_CERTFILE = cfg.etcd.certFile;
          FLANNELD_ETCD_CAFILE = cfg.etcd.caFile;
          ETCDCTL_CERT = cfg.etcd.certFile;
          ETCDCTL_KEY = cfg.etcd.keyFile;
          ETCDCTL_CACERT = cfg.etcd.caFile;
          ETCDCTL_ENDPOINTS = lib.concatStringsSep "," cfg.etcd.endpoints;
          ETCDCTL_API = "3";
        }
        // lib.optionalAttrs (cfg.storageBackend == "kubernetes") {
          FLANNELD_KUBE_SUBNET_MGR = "true";
          FLANNELD_KUBECONFIG_FILE = cfg.kubeconfig;
          NODE_NAME = cfg.nodeName;
        };
      path = [ pkgs.iptables ];
      preStart = lib.optionalString (cfg.storageBackend == "etcd") ''
        echo "setting network configuration"
        until ${pkgs.etcd}/bin/etcdctl put /coreos.com/network/config '${builtins.toJSON networkConfig}'
        do
          echo "setting network configuration, retry"
          sleep 1
        done
      '';
      serviceConfig = {
        ExecStart = "${cfg.package}/bin/flannel";
        Restart = "always";
        RestartSec = "10s";
        RuntimeDirectory = "flannel";
      };
    };

    boot.kernelModules = [ "br_netfilter" ];

    services.etcd.enable = lib.mkDefault (
      cfg.storageBackend == "etcd" && cfg.etcd.endpoints == [ "http://127.0.0.1:2379" ]
    );

    # for some reason, flannel doesn't let you configure this path
    # see: https://github.com/coreos/flannel/blob/master/Documentation/configuration.md#configuration
    environment.etc."kube-flannel/net-conf.json" = lib.mkIf (cfg.storageBackend == "kubernetes") {
      source = pkgs.writeText "net-conf.json" (builtins.toJSON networkConfig);
    };
  };
}
flannel service: init 2016-09-27 22:56:58 +02:00			`{`
			`config,`
			`lib,`
			`pkgs,`
			`...`
			`}:`
			`let`
			`cfg = config.services.flannel;`

services.flannel: add an extraNetworkConfig configuration, add br_netfilter kernel module 2024-12-15 09:15:44 +01:00			`networkConfig =`
			`(lib.filterAttrs (n: v: v != null) {`
			`Network = cfg.network;`
			`SubnetLen = cfg.subnetLen;`
			`SubnetMin = cfg.subnetMin;`
			`SubnetMax = cfg.subnetMax;`
			`Backend = cfg.backend;`
			`})`
			`// cfg.extraNetworkConfig;`
flannel service: init 2016-09-27 22:56:58 +02:00			`in`
			`{`
			`options.services.flannel = {`
nixos/services.flannel: remove `with lib;` 2024-08-28 21:19:07 +02:00			`enable = lib.mkEnableOption "flannel";`
flannel service: init 2016-09-27 22:56:58 +02:00
nixos/services.flannel: remove `with lib;` 2024-08-28 21:19:07 +02:00			`package = lib.mkPackageOption pkgs "flannel" { };`
flannel service: init 2016-09-27 22:56:58 +02:00
nixos/services.flannel: remove `with lib;` 2024-08-28 21:19:07 +02:00			`publicIp = lib.mkOption {`
flannel service: init 2016-09-27 22:56:58 +02:00			`description = ''`
			`IP accessible by other nodes for inter-host communication.`
			`Defaults to the IP of the interface being used for communication.`
			`'';`
nixos/services.flannel: remove `with lib;` 2024-08-28 21:19:07 +02:00			`type = lib.types.nullOr lib.types.str;`
flannel service: init 2016-09-27 22:56:58 +02:00			`default = null;`
			`};`

nixos/services.flannel: remove `with lib;` 2024-08-28 21:19:07 +02:00			`iface = lib.mkOption {`
flannel service: init 2016-09-27 22:56:58 +02:00			`description = ''`
			`Interface to use (IP or name) for inter-host communication.`
			`Defaults to the interface for the default route on the machine.`
			`'';`
nixos/services.flannel: remove `with lib;` 2024-08-28 21:19:07 +02:00			`type = lib.types.nullOr lib.types.str;`
flannel service: init 2016-09-27 22:56:58 +02:00			`default = null;`
			`};`

			`etcd = {`
nixos/services.flannel: remove `with lib;` 2024-08-28 21:19:07 +02:00			`endpoints = lib.mkOption {`
flannel service: init 2016-09-27 22:56:58 +02:00			`description = "Etcd endpoints";`
nixos/services.flannel: remove `with lib;` 2024-08-28 21:19:07 +02:00			`type = lib.types.listOf lib.types.str;`
flannel service: init 2016-09-27 22:56:58 +02:00			`default = [ "http://127.0.0.1:2379" ];`
			`};`

nixos/services.flannel: remove `with lib;` 2024-08-28 21:19:07 +02:00			`prefix = lib.mkOption {`
flannel service: init 2016-09-27 22:56:58 +02:00			`description = "Etcd key prefix";`
nixos/services.flannel: remove `with lib;` 2024-08-28 21:19:07 +02:00			`type = lib.types.str;`
flannel service: init 2016-09-27 22:56:58 +02:00			`default = "/coreos.com/network";`
			`};`

nixos/services.flannel: remove `with lib;` 2024-08-28 21:19:07 +02:00			`caFile = lib.mkOption {`
flannel service: init 2016-09-27 22:56:58 +02:00			`description = "Etcd certificate authority file";`
nixos/services.flannel: remove `with lib;` 2024-08-28 21:19:07 +02:00			`type = lib.types.nullOr lib.types.path;`
flannel service: init 2016-09-27 22:56:58 +02:00			`default = null;`
			`};`

nixos/services.flannel: remove `with lib;` 2024-08-28 21:19:07 +02:00			`certFile = lib.mkOption {`
flannel service: init 2016-09-27 22:56:58 +02:00			`description = "Etcd cert file";`
nixos/services.flannel: remove `with lib;` 2024-08-28 21:19:07 +02:00			`type = lib.types.nullOr lib.types.path;`
flannel service: init 2016-09-27 22:56:58 +02:00			`default = null;`
			`};`

nixos/services.flannel: remove `with lib;` 2024-08-28 21:19:07 +02:00			`keyFile = lib.mkOption {`
flannel service: init 2016-09-27 22:56:58 +02:00			`description = "Etcd key file";`
nixos/services.flannel: remove `with lib;` 2024-08-28 21:19:07 +02:00			`type = lib.types.nullOr lib.types.path;`
flannel service: init 2016-09-27 22:56:58 +02:00			`default = null;`
			`};`
			`};`

nixos/services.flannel: remove `with lib;` 2024-08-28 21:19:07 +02:00			`kubeconfig = lib.mkOption {`
nixos/flannel: add options to configure kubernetes as config backend for flannel 2019-02-11 13:47:45 +01:00			`description = ''`
			`Path to kubeconfig to use for storing flannel config using the`
			`Kubernetes API`
			`'';`
nixos/services.flannel: remove `with lib;` 2024-08-28 21:19:07 +02:00			`type = lib.types.nullOr lib.types.path;`
nixos/flannel: add options to configure kubernetes as config backend for flannel 2019-02-11 13:47:45 +01:00			`default = null;`
			`};`

nixos/services.flannel: remove `with lib;` 2024-08-28 21:19:07 +02:00			`network = lib.mkOption {`
nixos/*: md-convert hidden plaintext options most of these are hidden because they're either part of a submodule that doesn't have its type rendered (eg because the submodule type is used in an either type) or because they are explicitly hidden. some of them are merely hidden from nix-doc-munge by how their option is put together. 2022-08-29 19:33:50 +02:00			`description = " IPv4 network in CIDR format to use for the entire flannel network.";`
nixos/services.flannel: remove `with lib;` 2024-08-28 21:19:07 +02:00			`type = lib.types.str;`
flannel service: init 2016-09-27 22:56:58 +02:00			`};`

nixos/services.flannel: remove `with lib;` 2024-08-28 21:19:07 +02:00			`nodeName = lib.mkOption {`
nixos/flannel: node name needs to be configured for flannel to work with kubernetes storage backend 2019-02-13 17:17:52 +01:00			`description = ''`
			`Needed when running with Kubernetes as backend as this cannot be auto-detected";`
			`'';`
nixos/services.flannel: remove `with lib;` 2024-08-28 21:19:07 +02:00			`type = lib.types.nullOr lib.types.str;`
nixos/flannel: Refactor to use config.networking.fqdnOrHostName 2022-10-06 16:22:27 +02:00			`default = config.networking.fqdnOrHostName;`
nixos/services.flannel: remove `with lib;` 2024-08-28 21:19:07 +02:00			`defaultText = lib.literalExpression "config.networking.fqdnOrHostName";`
nixos/flannel: node name needs to be configured for flannel to work with kubernetes storage backend 2019-02-13 17:17:52 +01:00			`example = "node1.example.com";`
			`};`

nixos/services.flannel: remove `with lib;` 2024-08-28 21:19:07 +02:00			`storageBackend = lib.mkOption {`
nixos/flannel: add options to configure kubernetes as config backend for flannel 2019-02-11 13:47:45 +01:00			`description = "Determines where flannel stores its configuration at runtime";`
nixos/services.flannel: remove `with lib;` 2024-08-28 21:19:07 +02:00			`type = lib.types.enum [`
			`"etcd"`
			`"kubernetes"`
			`];`
nixos/flannel: add options to configure kubernetes as config backend for flannel 2019-02-11 13:47:45 +01:00			`default = "etcd";`
			`};`

nixos/services.flannel: remove `with lib;` 2024-08-28 21:19:07 +02:00			`subnetLen = lib.mkOption {`
flannel service: init 2016-09-27 22:56:58 +02:00			`description = ''`
			`The size of the subnet allocated to each host. Defaults to 24 (i.e. /24)`
			`unless the Network was configured to be smaller than a /24 in which case`
			`it is one less than the network.`
			`'';`
nixos/services.flannel: remove `with lib;` 2024-08-28 21:19:07 +02:00			`type = lib.types.int;`
flannel service: init 2016-09-27 22:56:58 +02:00			`default = 24;`
			`};`

nixos/services.flannel: remove `with lib;` 2024-08-28 21:19:07 +02:00			`subnetMin = lib.mkOption {`
flannel service: init 2016-09-27 22:56:58 +02:00			`description = ''`
			`The beginning of IP range which the subnet allocation should start with.`
			`Defaults to the first subnet of Network.`
			`'';`
nixos/services.flannel: remove `with lib;` 2024-08-28 21:19:07 +02:00			`type = lib.types.nullOr lib.types.str;`
flannel service: init 2016-09-27 22:56:58 +02:00			`default = null;`
			`};`

nixos/services.flannel: remove `with lib;` 2024-08-28 21:19:07 +02:00			`subnetMax = lib.mkOption {`
flannel service: init 2016-09-27 22:56:58 +02:00			`description = ''`
			`The end of IP range which the subnet allocation should start with.`
			`Defaults to the last subnet of Network.`
			`'';`
nixos/services.flannel: remove `with lib;` 2024-08-28 21:19:07 +02:00			`type = lib.types.nullOr lib.types.str;`
flannel service: init 2016-09-27 22:56:58 +02:00			`default = null;`
			`};`

nixos/services.flannel: remove `with lib;` 2024-08-28 21:19:07 +02:00			`backend = lib.mkOption {`
flannel service: init 2016-09-27 22:56:58 +02:00			`description = "Type of backend to use and specific configurations for that backend.";`
nixos/services.flannel: remove `with lib;` 2024-08-28 21:19:07 +02:00			`type = lib.types.attrs;`
flannel service: init 2016-09-27 22:56:58 +02:00			`default = {`
			`Type = "vxlan";`
			`};`
			`};`
services.flannel: add an extraNetworkConfig configuration, add br_netfilter kernel module 2024-12-15 09:15:44 +01:00
			`extraNetworkConfig = lib.mkOption {`
			`description = "Extra configuration to be added to the net-conf.json/etcd-backed network configuration.";`
			`type = (pkgs.formats.json { }).type;`
			`default = { };`
			`example = {`
			`EnableIPv6 = true;`
			`};`
			`};`
flannel service: init 2016-09-27 22:56:58 +02:00			`};`

nixos/services.flannel: remove `with lib;` 2024-08-28 21:19:07 +02:00			`config = lib.mkIf cfg.enable {`
flannel service: init 2016-09-27 22:56:58 +02:00			`systemd.services.flannel = {`
			`description = "Flannel Service";`
			`wantedBy = [ "multi-user.target" ];`
			`after = [ "network.target" ];`
			`environment =`
			`{`
			`FLANNELD_PUBLIC_IP = cfg.publicIp;`
nixos/flannel: add options to configure kubernetes as config backend for flannel 2019-02-11 13:47:45 +01:00			`FLANNELD_IFACE = cfg.iface;`
nixos/services.flannel: remove `with lib;` 2024-08-28 21:19:07 +02:00			`}`
			`// lib.optionalAttrs (cfg.storageBackend == "etcd") {`
			`FLANNELD_ETCD_ENDPOINTS = lib.concatStringsSep "," cfg.etcd.endpoints;`
flannel service: init 2016-09-27 22:56:58 +02:00			`FLANNELD_ETCD_KEYFILE = cfg.etcd.keyFile;`
			`FLANNELD_ETCD_CERTFILE = cfg.etcd.certFile;`
			`FLANNELD_ETCD_CAFILE = cfg.etcd.caFile;`
nixos/flannel: upgrade to etcdv3 (#180315) 2022-07-19 08:09:42 +02:00			`ETCDCTL_CERT = cfg.etcd.certFile;`
			`ETCDCTL_KEY = cfg.etcd.keyFile;`
			`ETCDCTL_CACERT = cfg.etcd.caFile;`
nixos/services.flannel: remove `with lib;` 2024-08-28 21:19:07 +02:00			`ETCDCTL_ENDPOINTS = lib.concatStringsSep "," cfg.etcd.endpoints;`
nixos/flannel: upgrade to etcdv3 (#180315) 2022-07-19 08:09:42 +02:00			`ETCDCTL_API = "3";`
nixos/services.flannel: remove `with lib;` 2024-08-28 21:19:07 +02:00			`}`
			`// lib.optionalAttrs (cfg.storageBackend == "kubernetes") {`
nixos/flannel: add options to configure kubernetes as config backend for flannel 2019-02-11 13:47:45 +01:00			`FLANNELD_KUBE_SUBNET_MGR = "true";`
			`FLANNELD_KUBECONFIG_FILE = cfg.kubeconfig;`
nixos/flannel: node name needs to be configured for flannel to work with kubernetes storage backend 2019-02-13 17:17:52 +01:00			`NODE_NAME = cfg.nodeName;`
flannel service: init 2016-09-27 22:56:58 +02:00			`};`
nixos/flannel: Add iptables package to service path 2019-03-12 14:58:01 +00:00			`path = [ pkgs.iptables ];`
nixos/services.flannel: remove `with lib;` 2024-08-28 21:19:07 +02:00			`preStart = lib.optionalString (cfg.storageBackend == "etcd") ''`
flannel service: init 2016-09-27 22:56:58 +02:00			`echo "setting network configuration"`
nixos/flannel: upgrade to etcdv3 (#180315) 2022-07-19 08:09:42 +02:00			`until ${pkgs.etcd}/bin/etcdctl put /coreos.com/network/config '${builtins.toJSON networkConfig}'`
flannel service: init 2016-09-27 22:56:58 +02:00			`do`
			`echo "setting network configuration, retry"`
			`sleep 1`
			`done`
			`'';`
nixos/kubernetes: use system.path to handle dependency on flannel subnet.env The current postStart step on flannel causes flannel.service to sometimes hang, even when it's commanded to stop. 2019-02-14 10:28:51 +01:00			`serviceConfig = {`
			`ExecStart = "${cfg.package}/bin/flannel";`
			`Restart = "always";`
			`RestartSec = "10s";`
nixos/kubernetes: docker -> containerd also, nixos/containerd: module init 2021-02-25 16:00:59 +01:00			`RuntimeDirectory = "flannel";`
nixos/kubernetes: use system.path to handle dependency on flannel subnet.env The current postStart step on flannel causes flannel.service to sometimes hang, even when it's commanded to stop. 2019-02-14 10:28:51 +01:00			`};`
flannel service: init 2016-09-27 22:56:58 +02:00			`};`

services.flannel: add an extraNetworkConfig configuration, add br_netfilter kernel module 2024-12-15 09:15:44 +01:00			`boot.kernelModules = [ "br_netfilter" ];`

nixos/services.flannel: remove `with lib;` 2024-08-28 21:19:07 +02:00			`services.etcd.enable = lib.mkDefault (`
			`cfg.storageBackend == "etcd" && cfg.etcd.endpoints == [ "http://127.0.0.1:2379" ]`
			`);`
nixos/flannel: add options to configure kubernetes as config backend for flannel 2019-02-11 13:47:45 +01:00
			`# for some reason, flannel doesn't let you configure this path`
			`# see: https://github.com/coreos/flannel/blob/master/Documentation/configuration.md#configuration`
nixos/services.flannel: remove `with lib;` 2024-08-28 21:19:07 +02:00			`environment.etc."kube-flannel/net-conf.json" = lib.mkIf (cfg.storageBackend == "kubernetes") {`
nixos/flannel: add options to configure kubernetes as config backend for flannel 2019-02-11 13:47:45 +01:00			`source = pkgs.writeText "net-conf.json" (builtins.toJSON networkConfig);`
			`};`
flannel service: init 2016-09-27 22:56:58 +02:00			`};`
			`}`