diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index d1ce3d13ee85..05a667a09efc 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -303,6 +303,48 @@ let sectionTap = checkUnitConfig "Tap" tunChecks; + sectionL2TP = checkUnitConfig "L2TP" [ + (assertOnlyFields [ + "TunnelId" + "PeerTunnelId" + "Remote" + "Local" + "EncapsulationType" + "UDPSourcePort" + "UDPDestinationPort" + "UDPChecksum" + "UDP6ZeroChecksumTx" + "UDP6ZeroChecksumRx" + ]) + (assertInt "TunnelId") + (assertRange "TunnelId" 1 4294967295) + (assertInt "PeerTunnelId") + (assertRange "PeerTunnelId" 1 4294967295) + (assertValueOneOf "EncapsulationType" [ "ip" "udp" ]) + (assertPort "UDPSourcePort") + (assertPort "UDPDestinationPort") + (assertValueOneOf "UDPChecksum" boolValues) + (assertValueOneOf "UDP6ZeroChecksumTx" boolValues) + (assertValueOneOf "UDP6ZeroChecksumRx" boolValues) + ]; + + sectionL2TPSession = checkUnitConfig "L2TPSession" [ + (assertOnlyFields [ + "Name" + "SessionId" + "PeerSessionId" + "Layer2SpecificHeader" + ]) + (assertHasField "Name") + (assertHasField "SessionId") + (assertInt "SessionId") + (assertRange "SessionId" 1 4294967295) + (assertHasField "PeerSessionId") + (assertInt "PeerSessionId") + (assertRange "PeerSessionId" 1 4294967295) + (assertValueOneOf "Layer2SpecificHeader" [ "none" "default" ]) + ]; + # NOTE The PrivateKey directive is missing on purpose here, please # do not add it to this list. The nix store is world-readable let's # refrain ourselves from providing a footgun. @@ -918,6 +960,470 @@ let (assertMacAddress "MACAddress") ]; + sectionBridge = checkUnitConfig "Bridge" [ + (assertOnlyFields [ + "UnicastFlood" + "MulticastFlood" + "MulticastToUnicast" + "NeighborSuppression" + "Learning" + "Hairpin" + "Isolated" + "UseBPDU" + "FastLeave" + "AllowPortToBeRoot" + "ProxyARP" + "ProxyARPWiFi" + "MulticastRouter" + "Cost" + "Priority" + ]) + (assertValueOneOf "UnicastFlood" boolValues) + (assertValueOneOf "MulticastFlood" boolValues) + (assertValueOneOf "MulticastToUnicast" boolValues) + (assertValueOneOf "NeighborSuppression" boolValues) + (assertValueOneOf "Learning" boolValues) + (assertValueOneOf "Hairpin" boolValues) + (assertValueOneOf "Isolated" boolValues) + (assertValueOneOf "UseBPDU" boolValues) + (assertValueOneOf "FastLeave" boolValues) + (assertValueOneOf "AllowPortToBeRoot" boolValues) + (assertValueOneOf "ProxyARP" boolValues) + (assertValueOneOf "ProxyARPWiFi" boolValues) + (assertValueOneOf "MulticastRouter" [ "no" "query" "permanent" "temporary" ]) + (assertInt "Cost") + (assertRange "Cost" 1 65535) + (assertInt "Priority") + (assertRange "Priority" 0 63) + ]; + + sectionBridgeFDB = checkUnitConfig "BridgeFDB" [ + (assertOnlyFields [ + "MACAddress" + "Destination" + "VLANId" + "VNI" + "AssociatedWith" + "OutgoingInterface" + ]) + (assertHasField "MACAddress") + (assertInt "VLANId") + (assertRange "VLANId" 0 4094) + (assertInt "VNI") + (assertRange "VNI" 1 16777215) + (assertValueOneOf "AssociatedWith" [ "use" "self" "master" "router" ]) + ]; + + sectionBridgeMDB = checkUnitConfig "BridgeMDB" [ + (assertOnlyFields [ + "MulticastGroupAddress" + "VLANId" + ]) + (assertHasField "MulticastGroupAddress") + (assertInt "VLANId") + (assertRange "VLANId" 0 4094) + ]; + + sectionLLDP = checkUnitConfig "LLDP" [ + (assertOnlyFields [ + "MUDURL" + ]) + ]; + + sectionCAN = checkUnitConfig "CAN" [ + (assertOnlyFields [ + "BitRate" + "SamplePoint" + "TimeQuantaNSec" + "PropagationSegment" + "PhaseBufferSegment1" + "PhaseBufferSegment2" + "SyncJumpWidth" + "DataBitRate" + "DataSamplePoint" + "DataTimeQuantaNSec" + "DataPropagationSegment" + "DataPhaseBufferSegment1" + "DataPhaseBufferSegment2" + "DataSyncJumpWidth" + "FDMode" + "FDNonISO" + "RestartSec" + "Termination" + "TripleSampling" + "BusErrorReporting" + "ListenOnly" + "Loopback" + "OneShot" + "PresumeAck" + "ClassicDataLengthCode" + ]) + (assertInt "TimeQuantaNSec" ) + (assertRange "TimeQuantaNSec" 0 4294967295 ) + (assertInt "PropagationSegment" ) + (assertRange "PropagationSegment" 0 4294967295 ) + (assertInt "PhaseBufferSegment1" ) + (assertRange "PhaseBufferSegment1" 0 4294967295 ) + (assertInt "PhaseBufferSegment2" ) + (assertRange "PhaseBufferSegment2" 0 4294967295 ) + (assertInt "SyncJumpWidth" ) + (assertRange "SyncJumpWidth" 0 4294967295 ) + (assertInt "DataTimeQuantaNSec" ) + (assertRange "DataTimeQuantaNSec" 0 4294967295 ) + (assertInt "DataPropagationSegment" ) + (assertRange "DataPropagationSegment" 0 4294967295 ) + (assertInt "DataPhaseBufferSegment1" ) + (assertRange "DataPhaseBufferSegment1" 0 4294967295 ) + (assertInt "DataPhaseBufferSegment2" ) + (assertRange "DataPhaseBufferSegment2" 0 4294967295 ) + (assertInt "DataSyncJumpWidth" ) + (assertRange "DataSyncJumpWidth" 0 4294967295 ) + (assertValueOneOf "FDMode" boolValues) + (assertValueOneOf "FDNonISO" boolValues) + (assertValueOneOf "TripleSampling" boolValues) + (assertValueOneOf "BusErrorReporting" boolValues) + (assertValueOneOf "ListenOnly" boolValues) + (assertValueOneOf "Loopback" boolValues) + (assertValueOneOf "OneShot" boolValues) + (assertValueOneOf "PresumeAck" boolValues) + (assertValueOneOf "ClassicDataLengthCode" boolValues) + ]; + + sectionIPoIB = checkUnitConfig "IPoIB" [ + (assertOnlyFields [ + "Mode" + "IgnoreUserspaceMulticastGroup" + ]) + (assertValueOneOf "Mode" [ "datagram" "connected" ]) + (assertValueOneOf "IgnoreUserspaceMulticastGroup" boolValues) + ]; + + sectionQDisc = checkUnitConfig "QDisc" [ + (assertOnlyFields [ + "Parent" + "Handle" + ]) + (assertValueOneOf "Parent" [ "clsact" "ingress" ]) + ]; + + sectionNetworkEmulator = checkUnitConfig "NetworkEmulator" [ + (assertOnlyFields [ + "Parent" + "Handle" + "DelaySec" + "DelayJitterSec" + "PacketLimit" + "LossRate" + "DuplicateRate" + ]) + (assertInt "PacketLimit") + (assertRange "PacketLimit" 0 4294967294) + ]; + + sectionTokenBucketFilter = checkUnitConfig "TokenBucketFilter" [ + (assertOnlyFields [ + "Parent" + "Handle" + "LatencySec" + "LimitBytes" + "BurstBytes" + "Rate" + "MPUBytes" + "PeakRate" + "MTUBytes" + ]) + ]; + + sectionPIE = checkUnitConfig "PIE" [ + (assertOnlyFields [ + "Parent" + "Handle" + "PacketLimit" + ]) + (assertInt "PacketLimit") + (assertRange "PacketLimit" 1 4294967294) + ]; + + sectionFlowQueuePIE = checkUnitConfig "FlowQueuePIE" [ + (assertOnlyFields [ + "Parent" + "Handle" + "PacketLimit" + ]) + (assertInt "PacketLimit") + (assertRange "PacketLimit" 1 4294967294) + ]; + + sectionStochasticFairBlue = checkUnitConfig "StochasticFairBlue" [ + (assertOnlyFields [ + "Parent" + "Handle" + "PacketLimit" + ]) + (assertInt "PacketLimit") + (assertRange "PacketLimit" 1 4294967294) + ]; + + sectionStochasticFairnessQueueing = checkUnitConfig "StochasticFairnessQueueing" [ + (assertOnlyFields [ + "Parent" + "Handle" + "PerturbPeriodSec" + ]) + (assertInt "PerturbPeriodSec") + ]; + + sectionBFIFO = checkUnitConfig "BFIFO" [ + (assertOnlyFields [ + "Parent" + "Handle" + "LimitBytes" + ]) + ]; + + sectionPFIFO = checkUnitConfig "PFIFO" [ + (assertOnlyFields [ + "Parent" + "Handle" + "PacketLimit" + ]) + (assertInt "PacketLimit") + (assertRange "PacketLimit" 0 4294967294) + ]; + + sectionPFIFOHeadDrop = checkUnitConfig "PFIFOHeadDrop" [ + (assertOnlyFields [ + "Parent" + "Handle" + "PacketLimit" + ]) + (assertInt "PacketLimit") + (assertRange "PacketLimit" 0 4294967294) + ]; + + sectionPFIFOFast = checkUnitConfig "PFIFOFast" [ + (assertOnlyFields [ + "Parent" + "Handle" + ]) + ]; + + sectionCAKE = checkUnitConfig "CAKE" [ + (assertOnlyFields [ + "Parent" + "Handle" + "Bandwidth" + "AutoRateIngress" + "OverheadBytes" + "MPUBytes" + "CompensationMode" + "UseRawPacketSize" + "FlowIsolationMode" + "NAT" + "PriorityQueueingPreset" + "FirewallMark" + "Wash" + "SplitGSO" + ]) + (assertValueOneOf "AutoRateIngress" boolValues) + (assertInt "OverheadBytes") + (assertRange "OverheadBytes" (-64) 256) + (assertInt "MPUBytes") + (assertRange "MPUBytes" 1 256) + (assertValueOneOf "CompensationMode" [ "none" "atm" "ptm" ]) + (assertValueOneOf "UseRawPacketSize" boolValues) + (assertValueOneOf "FlowIsolationMode" + [ + "none" + "src-host" + "dst-host" + "hosts" + "flows" + "dual-src-host" + "dual-dst-host" + "triple" + ]) + (assertValueOneOf "NAT" boolValues) + (assertValueOneOf "PriorityQueueingPreset" + [ + "besteffort" + "precedence" + "diffserv8" + "diffserv4" + "diffserv3" + ]) + (assertInt "FirewallMark") + (assertRange "FirewallMark" 1 4294967295) + (assertValueOneOf "Wash" boolValues) + (assertValueOneOf "SplitGSO" boolValues) + ]; + + sectionControlledDelay = checkUnitConfig "ControlledDelay" [ + (assertOnlyFields [ + "Parent" + "Handle" + "PacketLimit" + "TargetSec" + "IntervalSec" + "ECN" + "CEThresholdSec" + ]) + (assertValueOneOf "ECN" boolValues) + ]; + + sectionDeficitRoundRobinScheduler = checkUnitConfig "DeficitRoundRobinScheduler" [ + (assertOnlyFields [ + "Parent" + "Handle" + ]) + ]; + + sectionDeficitRoundRobinSchedulerClass = checkUnitConfig "DeficitRoundRobinSchedulerClass" [ + (assertOnlyFields [ + "Parent" + "Handle" + "QuantumBytes" + ]) + ]; + + sectionEnhancedTransmissionSelection = checkUnitConfig "EnhancedTransmissionSelection" [ + (assertOnlyFields [ + "Parent" + "Handle" + "Bands" + "StrictBands" + "QuantumBytes" + "PriorityMap" + ]) + (assertInt "Bands") + (assertRange "Bands" 1 16) + (assertInt "StrictBands") + (assertRange "StrictBands" 1 16) + ]; + + sectionGenericRandomEarlyDetection = checkUnitConfig "GenericRandomEarlyDetection" [ + (assertOnlyFields [ + "Parent" + "Handle" + "VirtualQueues" + "DefaultVirtualQueue" + "GenericRIO" + ]) + (assertInt "VirtualQueues") + (assertRange "VirtualQueues" 1 16) + (assertInt "DefaultVirtualQueue") + (assertRange "DefaultVirtualQueue" 1 16) + (assertValueOneOf "GenericRIO" boolValues) + ]; + + sectionFairQueueingControlledDelay = checkUnitConfig "FairQueueingControlledDelay" [ + (assertOnlyFields [ + "Parent" + "Handle" + "PacketLimit" + "MemoryLimitBytes" + "Flows" + "TargetSec" + "IntervalSec" + "QuantumBytes" + "ECN" + "CEThresholdSec" + ]) + (assertInt "PacketLimit") + (assertInt "Flows") + (assertValueOneOf "ECN" boolValues) + ]; + + sectionFairQueueing = checkUnitConfig "FairQueueing" [ + (assertOnlyFields [ + "Parent" + "Handle" + "PacketLimit" + "FlowLimit" + "QuantumBytes" + "InitualQuantumBytes" + "MaximumRate" + "Buckets" + "OrphanMask" + "Pacing" + "CEThresholdSec" + ]) + (assertInt "PacketLimit") + (assertInt "FlowLimit") + (assertInt "OrphanMask") + (assertValueOneOf "Pacing" boolValues) + ]; + + sectionTrivialLinkEqualizer = checkUnitConfig "TrivialLinkEqualizer" [ + (assertOnlyFields [ + "Parent" + "Handle" + "Id" + ]) + ]; + + sectionHierarchyTokenBucket = checkUnitConfig "HierarchyTokenBucket" [ + (assertOnlyFields [ + "Parent" + "Handle" + "DefaultClass" + "RateToQuantum" + ]) + (assertInt "RateToQuantum") + ]; + + sectionHierarchyTokenBucketClass = checkUnitConfig "HierarchyTokenBucketClass" [ + (assertOnlyFields [ + "Parent" + "ClassId" + "Priority" + "QuantumBytes" + "MTUBytes" + "OverheadBytes" + "Rate" + "CeilRate" + "BufferBytes" + "CeilBufferBytes" + ]) + ]; + + sectionHeavyHitterFilter = checkUnitConfig "HeavyHitterFilter" [ + (assertOnlyFields [ + "Parent" + "Handle" + "PacketLimit" + ]) + (assertInt "PacketLimit") + (assertRange "PacketLimit" 0 4294967294) + ]; + + sectionQuickFairQueueing = checkUnitConfig "QuickFairQueueing" [ + (assertOnlyFields [ + "Parent" + "Handle" + ]) + ]; + + sectionQuickFairQueueingClass = checkUnitConfig "QuickFairQueueingClass" [ + (assertOnlyFields [ + "Parent" + "ClassId" + "Weight" + "MaxPacketBytes" + ]) + (assertInt "Weight") + (assertRange "Weight" 1 1023) + ]; + + sectionBridgeVLAN = checkUnitConfig "BridgeVLAN" [ + (assertOnlyFields [ + "VLAN" + "EgressUntagged" + "PVID" + ]) + (assertInt "PVID") + (assertRange "PVID" 0 4094) + ]; }; }; @@ -1012,6 +1518,21 @@ let }; + + l2tpSessionOptions = { + options = { + l2tpSessionConfig = mkOption { + default = {}; + type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionL2TPSession; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[L2TPSession]` section of the unit. See + {manpage}`systemd.netdev(5)` for details. + ''; + }; + }; + }; + wireguardPeerOptions = { options = { wireguardPeerConfig = mkOption { @@ -1125,6 +1646,38 @@ let ''; }; + l2tpConfig = mkOption { + default = {}; + example = { + TunnelId = 10; + PeerTunnelId = 12; + Local = "static"; + Remote = "192.168.30.101"; + EncapsulationType = "ip"; + }; + type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionL2TP; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[L2TP]` section of the unit. See + {manpage}`systemd.netdev(5)` for details. + ''; + }; + + l2tpSessions = mkOption { + default = []; + example = [ { l2tpSessionConfig={ + SessionId = 25; + PeerSessionId = 26; + Name = "l2tp-sess"; + };}]; + type = with types; listOf (submodule l2tpSessionOptions); + description = lib.mdDoc '' + Each item in this array specifies an option in the + `[L2TPSession]` section of the unit. See + {manpage}`systemd.netdev(5)` for details. + ''; + }; + wireguardConfig = mkOption { default = {}; example = { @@ -1306,6 +1859,51 @@ let }; }; + bridgeFDBOptions = { + options = { + bridgeFDBConfig = mkOption { + default = {}; + example = { MACAddress = "65:43:4a:5b:d8:5f"; Destination = "192.168.1.42"; VNI = 20; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionBridgeFDB; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[BridgeFDB]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + }; + }; + + bridgeMDBOptions = { + options = { + bridgeMDBConfig = mkOption { + default = {}; + example = { MulticastGroupAddress = "ff02::1:2:3:4"; VLANId = 10; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionBridgeMDB; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[BridgeMDB]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + }; + }; + + bridgeVLANOptions = { + options = { + bridgeMDBConfig = mkOption { + default = {}; + example = { VLAN = 20; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionBridgeVLAN; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[BridgeVLAN]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + }; + }; + networkOptions = commonNetworkOptions // { linkConfig = mkOption { @@ -1445,6 +2043,366 @@ let ''; }; + bridgeConfig = mkOption { + default = {}; + example = { MulticastFlood = false; Cost = 20; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionBridge; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[Bridge]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + + bridgeFDBs = mkOption { + default = []; + example = [ { bridgeFDBConfig = { MACAddress = "90:e2:ba:43:fc:71"; Destination = "192.168.100.4"; VNI = 3600; }; } ]; + type = with types; listOf (submodule bridgeFDBOptions); + description = lib.mdDoc '' + A list of BridgeFDB sections to be added to the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + + bridgeMDBs = mkOption { + default = []; + example = [ { bridgeMDBConfig = { MulticastGroupAddress = "ff02::1:2:3:4"; VLANId = 10; } ; } ]; + type = with types; listOf (submodule bridgeMDBOptions); + description = lib.mdDoc '' + A list of BridgeMDB sections to be added to the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + + lldpConfig = mkOption { + default = {}; + example = { MUDURL = "https://things.example.org/product_abc123/v5"; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionLLDP; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[LLDP]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + + canConfig = mkOption { + default = {}; + example = { }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionCAN; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[CAN]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + + ipoIBConfig = mkOption { + default = {}; + example = { }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionIPoIB; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[IPoIB]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + + qdiscConfig = mkOption { + default = {}; + example = { Parent = "ingress"; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionQDisc; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[QDisc]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + + networkEmulatorConfig = mkOption { + default = {}; + example = { Parent = "ingress"; DelaySec = "20msec"; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionNetworkEmulator; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[NetworkEmulator]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + + tokenBucketFilterConfig = mkOption { + default = {}; + example = { Parent = "ingress"; Rate = "100k"; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionTokenBucketFilter; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[TokenBucketFilter]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + + pieConfig = mkOption { + default = {}; + example = { Parent = "ingress"; PacketLimit = "3847"; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionPIE; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[PIE]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + + flowQueuePIEConfig = mkOption { + default = {}; + example = { Parent = "ingress"; PacketLimit = "3847"; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionFlowQueuePIE; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[FlowQueuePIE]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + + stochasticFairBlueConfig = mkOption { + default = {}; + example = { Parent = "ingress"; PacketLimit = "3847"; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionStochasticFairBlue; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[StochasticFairBlue]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + + stochasticFairnessQueueingConfig = mkOption { + default = {}; + example = { Parent = "ingress"; PerturbPeriodSec = "30"; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionStochasticFairnessQueueing; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[StochasticFairnessQueueing]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + + bfifoConfig = mkOption { + default = {}; + example = { Parent = "ingress"; LimitBytes = "20K"; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionBFIFO; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[BFIFO]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + + pfifoConfig = mkOption { + default = {}; + example = { Parent = "ingress"; PacketLimit = "300"; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionPFIFO; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[PFIFO]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + + pfifoHeadDropConfig = mkOption { + default = {}; + example = { Parent = "ingress"; PacketLimit = "300"; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionPFIFOHeadDrop; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[PFIFOHeadDrop]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + + pfifoFastConfig = mkOption { + default = {}; + example = { Parent = "ingress"; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionPFIFOFast; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[PFIFOFast]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + + cakeConfig = mkOption { + default = {}; + example = { Bandwidth = "40M"; OverheadBytes = 8; CompensationMode = "ptm"; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionCAKE; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[CAKE]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + + controlledDelayConfig = mkOption { + default = {}; + example = { Parent = "ingress"; TargetSec = "20msec"; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionControlledDelay; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[ControlledDelay]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + + deficitRoundRobinSchedulerConfig = mkOption { + default = {}; + example = { Parent = "root"; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionDeficitRoundRobinScheduler; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[DeficitRoundRobinScheduler]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + + deficitRoundRobinSchedulerClassConfig = mkOption { + default = {}; + example = { Parent = "root"; QuantumBytes = "300k"; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionDeficitRoundRobinSchedulerClass; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[DeficitRoundRobinSchedulerClass]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + + enhancedTransmissionSelectionConfig = mkOption { + default = {}; + example = { Parent = "root"; QuantumBytes = "300k"; Bands = 3; PriorityMap = "100 200 300"; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionEnhancedTransmissionSelection; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[EnhancedTransmissionSelection]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + + genericRandomEarlyDetectionConfig = mkOption { + default = {}; + example = { Parent = "root"; VirtualQueues = 5; DefaultVirtualQueue = 3; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionGenericRandomEarlyDetection; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[GenericRandomEarlyDetection]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + + fairQueueingControlledDelayConfig = mkOption { + default = {}; + example = { Parent = "root"; Flows = 5; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionFairQueueingControlledDelay; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[FairQueueingControlledDelay]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + + fairQueueingConfig = mkOption { + default = {}; + example = { Parent = "root"; FlowLimit = 5; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionFairQueueing; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[FairQueueing]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + + trivialLinkEqualizerConfig = mkOption { + default = {}; + example = { Parent = "root"; Id = 0; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionTrivialLinkEqualizer; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[TrivialLinkEqualizer]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + + hierarchyTokenBucketConfig = mkOption { + default = {}; + example = { Parent = "root"; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionHierarchyTokenBucket; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[HierarchyTokenBucket]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + + hierarchyTokenBucketClassConfig = mkOption { + default = {}; + example = { Parent = "root"; Rate = "10M"; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionHierarchyTokenBucketClass; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[HierarchyTokenBucketClass]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + + heavyHitterFilterConfig = mkOption { + default = {}; + example = { Parent = "root"; PacketLimit = 10000; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionHeavyHitterFilter; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[HeavyHitterFilter]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + + quickFairQueueingConfig = mkOption { + default = {}; + example = { Parent = "root"; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionQuickFairQueueing; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[QuickFairQueueing]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + + quickFairQueueingConfigClass = mkOption { + default = {}; + example = { Parent = "root"; Weight = 133; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionQuickFairQueueingClass; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[QuickFairQueueingClass]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + + bridgeVLANConfig = mkOption { + default = {}; + example = { VLAN = "10-20"; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionbridgeVLAN; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[BridgeVLAN]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + + bridgeVLANs = mkOption { + default = []; + example = [ { bridgeVLANConfig = { VLAN = "10-20"; }; } ]; + type = with types; listOf (submodule bridgeVLANOptions); + description = lib.mdDoc '' + A list of BridgeVLAN sections to be added to the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + name = mkOption { type = types.nullOr types.str; default = null; @@ -1705,6 +2663,14 @@ let [Tap] ${attrsToSection def.tapConfig} '' + + optionalString (def.l2tpConfig != { }) '' + [L2TP] + ${attrsToSection def.l2tpConfig} + '' + + flip concatMapStrings def.l2tpSessions (x: '' + [L2TPSession] + ${attrsToSection x.l2tpSessionConfig} + '') + optionalString (def.wireguardConfig != { }) '' [WireGuard] ${attrsToSection def.wireguardConfig} @@ -1844,6 +2810,134 @@ let [DHCPServerStaticLease] ${attrsToSection x.dhcpServerStaticLeaseConfig} '') + + optionalString (def.bridgeConfig != { }) '' + [Bridge] + ${attrsToSection def.bridgeConfig} + '' + + flip concatMapStrings def.bridgeFDBs (x: '' + [BridgeFDB] + ${attrsToSection x.bridgeFDBConfig} + '') + + flip concatMapStrings def.bridgeMDBs (x: '' + [BridgeMDB] + ${attrsToSection x.bridgeMDBConfig} + '') + + optionalString (def.lldpConfig != { }) '' + [LLDP] + ${attrsToSection def.lldpConfig} + '' + + optionalString (def.canConfig != { }) '' + [CAN] + ${attrsToSection def.canConfig} + '' + + optionalString (def.ipoIBConfig != { }) '' + [IPoIB] + ${attrsToSection def.ipoIBConfig} + '' + + optionalString (def.qdiscConfig != { }) '' + [QDisc] + ${attrsToSection def.qdiscConfig} + '' + + optionalString (def.networkEmulatorConfig != { }) '' + [NetworkEmulator] + ${attrsToSection def.networkEmulatorConfig} + '' + + optionalString (def.tokenBucketFilterConfig != { }) '' + [TokenBucketFilter] + ${attrsToSection def.tockenBucketFilterConfig} + '' + + optionalString (def.pieConfig != { }) '' + [PIE] + ${attrsToSection def.pieConfig} + '' + + optionalString (def.flowQueuePIEConfig != { }) '' + [FlowQueuePIE] + ${attrsToSection def.flowQueuePIEConfig} + '' + + optionalString (def.stochasticFairBlueConfig != { }) '' + [StochasticFairBlue] + ${attrsToSection def.stochasticFairBlueConfig} + '' + + optionalString (def.stochasticFairnessQueueingConfig != { }) '' + [StochasticFairnessQueueing] + ${attrsToSection def.stochasticFairnessQueueingConfig} + '' + + optionalString (def.bfifoConfig != { }) '' + [BFIFO] + ${attrsToSection def.bfifoConfig} + '' + + optionalString (def.pfifoConfig != { }) '' + [PFIFO] + ${attrsToSection def.pfifoConfig} + '' + + optionalString (def.pfifoHeadDropConfig != { }) '' + [PFIFOHeadDrop] + ${attrsToSection def.pfifoHeadDropConfig} + '' + + optionalString (def.pfifoFastConfig != { }) '' + [PFIFOFast] + ${attrsToSection def.pfifoFastConfig} + '' + + optionalString (def.cakeConfig != { }) '' + [CAKE] + ${attrsToSection def.cakeConfig} + '' + + optionalString (def.controlledDelayConfig != { }) '' + [ControlledDelay] + ${attrsToSection def.controlledDelayConfig} + '' + + optionalString (def.deficitRoundRobinSchedulerConfig != { }) '' + [DeficitRoundRobinScheduler] + ${attrsToSection def.deficitRoundRobinSchedulerConfig} + '' + + optionalString (def.deficitRoundRobinSchedulerClassConfig != { }) '' + [DeficitRoundRobinSchedulerClass] + ${attrsToSection def.deficitRoundRobinSchedulerClassConfig} + '' + + optionalString (def.enhancedTransmissionSelectionConfig != { }) '' + [EnhancedTransmissionSelection] + ${attrsToSection def.enhancedTransmissionSelectionConfig} + '' + + optionalString (def.genericRandomEarlyDetectionConfig != { }) '' + [GenericRandomEarlyDetection] + ${attrsToSection def.genericRandomEarlyDetectionConfig} + '' + + optionalString (def.fairQueueingControlledDelayConfig != { }) '' + [FairQueueingControlledDelay] + ${attrsToSection def.fairQueueingControlledDelayConfig} + '' + + optionalString (def.fairQueueingConfig != { }) '' + [FairQueueing] + ${attrsToSection def.fairQueueingConfig} + '' + + optionalString (def.trivialLinkEqualizerConfig != { }) '' + [TrivialLinkEqualizer] + ${attrsToSection def.trivialLinkEqualizerConfig} + '' + + optionalString (def.hierarchyTokenBucketConfig != { }) '' + [HierarchyTokenBucket] + ${attrsToSection def.hierarchyTokenBucketConfig} + '' + + optionalString (def.hierarchyTokenBucketClassConfig != { }) '' + [HierarchyTokenBucketClass] + ${attrsToSection def.hierarchyTokenBucketClassConfig} + '' + + optionalString (def.heavyHitterFilterConfig != { }) '' + [HeavyHitterFilter] + ${attrsToSection def.heavyHitterFilterConfig} + '' + + optionalString (def.quickFairQueueingConfig != { }) '' + [QuickFairQueueing] + ${attrsToSection def.quickFairQueueingConfig} + '' + + optionalString (def.quickFairQueueingConfigClass != { }) '' + [QuickFairQueueingClass] + ${attrsToSection def.quickFairQueueingConfigClass} + '' + + flip concatMapStrings def.bridgeVLANs (x: '' + [BridgeVLAN] + ${attrsToSection x.bridgeVLANConfig} + '') + def.extraConfig; };