From 590ccae1f848eef59f8984e98348208eb69cffe1 Mon Sep 17 00:00:00 2001 From: apfelkuchen06 Date: Tue, 28 Feb 2023 00:06:39 +0100 Subject: [PATCH 01/33] nixos/networkd: add L2TP options --- nixos/modules/system/boot/networkd.nix | 97 ++++++++++++++++++++++++++ 1 file changed, 97 insertions(+) diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index 188f2f64dc84..b13e79b5951b 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -303,6 +303,48 @@ let sectionTap = checkUnitConfig "Tap" tunChecks; + sectionL2TP = checkUnitConfig "L2TP" [ + (assertOnlyFields [ + "TunnelId" + "PeerTunnelId" + "Remote" + "Local" + "EncapsulationType" + "UDPSourcePort" + "UDPDestinationPort" + "UDPChecksum" + "UDP6ZeroChecksumTx" + "UDP6ZeroChecksumRx" + ]) + (assertInt "TunnelId") + (assertRange "TunnelId" 1 4294967295) + (assertInt "PeerTunnelId") + (assertRange "PeerTunnelId" 1 4294967295) + (assertValueOneOf "EncapsulationType" [ "ip" "udp" ]) + (assertPort "UDPSourcePort") + (assertPort "UDPDestinationPort") + (assertValueOneOf "UDPChecksum" boolValues) + (assertValueOneOf "UDP6ZeroChecksumTx" boolValues) + (assertValueOneOf "UDP6ZeroChecksumRx" boolValues) + ]; + + sectionL2TPSession = checkUnitConfig "L2TPSession" [ + (assertOnlyFields [ + "Name" + "SessionId" + "PeerSessionId" + "Layer2SpecificHeader" + ]) + (assertHasField "Name") + (assertHasField "SessionId") + (assertInt "SessionId") + (assertRange "SessionId" 1 4294967295) + (assertHasField "PeerSessionId") + (assertInt "PeerSessionId") + (assertRange "PeerSessionId" 1 4294967295) + (assertValueOneOf "Layer2SpecificHeader" [ "none" "default" ]) + ]; + # NOTE The PrivateKey directive is missing on purpose here, please # do not add it to this list. The nix store is world-readable let's # refrain ourselves from providing a footgun. @@ -1012,6 +1054,21 @@ let }; + + l2tpSessionOptions = { + options = { + l2tpSessionConfig = mkOption { + default = {}; + type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionL2TPSession; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[L2TPSession]` section of the unit. See + {manpage}`systemd.netdev(5)` for details. + ''; + }; + }; + }; + wireguardPeerOptions = { options = { wireguardPeerConfig = mkOption { @@ -1125,6 +1182,38 @@ let ''; }; + l2tpConfig = mkOption { + default = {}; + example = { + TunnelId = 10; + PeerTunnelId = 12; + Local = "static"; + Remote = "192.168.30.101"; + EncapsulationType = "ip"; + }; + type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionL2TP; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[L2TP]` section of the unit. See + {manpage}`systemd.netdev(5)` for details. + ''; + }; + + l2tpSessions = mkOption { + default = []; + example = [ { l2tpSessionConfig={ + SessionId = 25; + PeerSessionId = 26; + Name = "l2tp-sess"; + };}]; + type = with types; listOf (submodule l2tpSessionOptions); + description = lib.mdDoc '' + Each item in this array specifies an option in the + `[L2TPSession]` section of the unit. See + {manpage}`systemd.netdev(5)` for details. + ''; + }; + wireguardConfig = mkOption { default = {}; example = { @@ -1705,6 +1794,14 @@ let [Tap] ${attrsToSection def.tapConfig} '' + + optionalString (def.l2tpConfig != { }) '' + [L2TP] + ${attrsToSection def.l2tpConfig} + '' + + flip concatMapStrings def.l2tpSessions (x: '' + [L2TPSession] + ${attrsToSection x.l2tpSessionConfig} + '') + optionalString (def.wireguardConfig != { }) '' [WireGuard] ${attrsToSection def.wireguardConfig} From 28ddd570f70dd9fe160260672ebf687abc5f2585 Mon Sep 17 00:00:00 2001 From: apfelkuchen06 Date: Tue, 28 Feb 2023 00:06:39 +0100 Subject: [PATCH 02/33] nixos/networkd: add Bridge options --- nixos/modules/system/boot/networkd.nix | 51 ++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index b13e79b5951b..7bebe3e28116 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -960,6 +960,42 @@ let (assertMacAddress "MACAddress") ]; + sectionBridge = checkUnitConfig "Bridge" [ + (assertOnlyFields [ + "UnicastFlood" + "MulticastFlood" + "MulticastToUnicast" + "NeighborSuppression" + "Learning" + "Hairpin" + "Isolated" + "UseBPDU" + "FastLeave" + "AllowPortToBeRoot" + "ProxyARP" + "ProxyARPWiFi" + "MulticastRouter" + "Cost" + "Priority" + ]) + (assertValueOneOf "UnicastFlood" boolValues) + (assertValueOneOf "MulticastFlood" boolValues) + (assertValueOneOf "MulticastToUnicast" boolValues) + (assertValueOneOf "NeighborSuppression" boolValues) + (assertValueOneOf "Learning" boolValues) + (assertValueOneOf "Hairpin" boolValues) + (assertValueOneOf "Isolated" boolValues) + (assertValueOneOf "UseBPDU" boolValues) + (assertValueOneOf "FastLeave" boolValues) + (assertValueOneOf "AllowPortToBeRoot" boolValues) + (assertValueOneOf "ProxyARP" boolValues) + (assertValueOneOf "ProxyARPWiFi" boolValues) + (assertValueOneOf "MulticastRouter" [ "no" "query" "permanent" "temporary" ]) + (assertInt "Cost") + (assertRange "Cost" 1 65535) + (assertInt "Priority") + (assertRange "Priority" 0 63) + ]; }; }; @@ -1534,6 +1570,17 @@ let ''; }; + bridgeConfig = mkOption { + default = {}; + example = { MulticastFlood = false; Cost = 20; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionBridge; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[Bridge]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + name = mkOption { type = types.nullOr types.str; default = null; @@ -1941,6 +1988,10 @@ let [DHCPServerStaticLease] ${attrsToSection x.dhcpServerStaticLeaseConfig} '') + + optionalString (def.bridgeConfig != { }) '' + [Bridge] + ${attrsToSection def.bridgeConfig} + '' + def.extraConfig; }; From d646f7c7f2b69ef4d085f79f7805098b80dc8467 Mon Sep 17 00:00:00 2001 From: apfelkuchen06 Date: Tue, 28 Feb 2023 00:06:39 +0100 Subject: [PATCH 03/33] nixos/networkd: add BridgeFDB options --- nixos/modules/system/boot/networkd.nix | 46 ++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index 7bebe3e28116..8b779ebcbf24 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -996,6 +996,23 @@ let (assertInt "Priority") (assertRange "Priority" 0 63) ]; + + sectionBridgeFDB = checkUnitConfig "BridgeFDB" [ + (assertOnlyFields [ + "MACAddress" + "Destination" + "VLANId" + "VNI" + "AssociatedWith" + "OutgoingInterface" + ]) + (assertHasField "MACAddress") + (assertInt "VLANId") + (assertRange "VLANId" 0 4094) + (assertInt "VNI") + (assertRange "VNI" 1 16777215) + (assertValueOneOf "AssociatedWith" [ "use" "self" "master" "router" ]) + ]; }; }; @@ -1431,6 +1448,21 @@ let }; }; + bridgeFDBOptions = { + options = { + bridgeFDBConfig = mkOption { + default = {}; + example = { MACAddress = "65:43:4a:5b:d8:5f"; Destination = "192.168.1.42"; VNI = 20; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionBridgeFDB; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[BridgeFDB]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + }; + }; + networkOptions = commonNetworkOptions // { linkConfig = mkOption { @@ -1581,6 +1613,16 @@ let ''; }; + bridgeFDBs = mkOption { + default = []; + example = [ { bridgeFDBConfig = { MACAddress = "90:e2:ba:43:fc:71"; Destination = "192.168.100.4"; VNI = 3600; }; } ]; + type = with types; listOf (submodule bridgeFDBOptions); + description = lib.mdDoc '' + A list of BridgeFDB sections to be added to the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + name = mkOption { type = types.nullOr types.str; default = null; @@ -1992,6 +2034,10 @@ let [Bridge] ${attrsToSection def.bridgeConfig} '' + + flip concatMapStrings def.bridgeFDBs (x: '' + [BridgeFDB] + ${attrsToSection x.bridgeFDBConfig} + '') + def.extraConfig; }; From ae15b86d4d81ffa3824528f4316c1b5f4ad640d3 Mon Sep 17 00:00:00 2001 From: apfelkuchen06 Date: Tue, 28 Feb 2023 00:06:39 +0100 Subject: [PATCH 04/33] nixos/networkd: add BridgeMDB option --- nixos/modules/system/boot/networkd.nix | 39 ++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index 8b779ebcbf24..02ff09f075c6 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -1013,6 +1013,16 @@ let (assertRange "VNI" 1 16777215) (assertValueOneOf "AssociatedWith" [ "use" "self" "master" "router" ]) ]; + + sectionBridgeMDB = checkUnitConfig "BridgeMDB" [ + (assertOnlyFields [ + "MulticastGroupAddress" + "VLANId" + ]) + (assertHasField "MulticastGroupAddress") + (assertInt "VLANId") + (assertRange "VLANId" 0 4094) + ]; }; }; @@ -1463,6 +1473,21 @@ let }; }; + bridgeMDBOptions = { + options = { + bridgeMDBConfig = mkOption { + default = {}; + example = { MulticastGroupAddress = "ff02::1:2:3:4"; VLANId = 10; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionBridgeMDB; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[BridgeMDB]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + }; + }; + networkOptions = commonNetworkOptions // { linkConfig = mkOption { @@ -1623,6 +1648,16 @@ let ''; }; + bridgeMDBs = mkOption { + default = []; + example = [ { bridgeMDBConfig = { MulticastGroupAddress = "ff02::1:2:3:4"; VLANId = 10; } ; } ]; + type = with types; listOf (submodule bridgeMDBOptions); + description = lib.mdDoc '' + A list of BridgeMDB sections to be added to the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + name = mkOption { type = types.nullOr types.str; default = null; @@ -2038,6 +2073,10 @@ let [BridgeFDB] ${attrsToSection x.bridgeFDBConfig} '') + + flip concatMapStrings def.bridgeMDBs (x: '' + [BridgeMDB] + ${attrsToSection x.bridgeMDBConfig} + '') + def.extraConfig; }; From a7724b8f9177026c4635740812e2b8e291137d0e Mon Sep 17 00:00:00 2001 From: apfelkuchen06 Date: Tue, 28 Feb 2023 00:06:39 +0100 Subject: [PATCH 05/33] nixos/networkd: add LLDP options --- nixos/modules/system/boot/networkd.nix | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index 02ff09f075c6..77895e5d2e06 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -1023,6 +1023,12 @@ let (assertInt "VLANId") (assertRange "VLANId" 0 4094) ]; + + sectionLLDP = checkUnitConfig "LLDP" [ + (assertOnlyFields [ + "MUDURL" + ]) + ]; }; }; @@ -1658,6 +1664,17 @@ let ''; }; + lldpConfig = mkOption { + default = {}; + example = { MUDURL = "https://things.example.org/product_abc123/v5"; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionLLDP; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[LLDP]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + name = mkOption { type = types.nullOr types.str; default = null; @@ -2077,6 +2094,10 @@ let [BridgeMDB] ${attrsToSection x.bridgeMDBConfig} '') + + optionalString (def.lldpConfig != { }) '' + [LLDP] + ${attrsToSection def.lldpConfig} + '' + def.extraConfig; }; From df14953724481b185161aa16c6e154bc04445eb0 Mon Sep 17 00:00:00 2001 From: apfelkuchen06 Date: Tue, 28 Feb 2023 00:06:39 +0100 Subject: [PATCH 06/33] nixos/networkd: add CAN options --- nixos/modules/system/boot/networkd.nix | 74 ++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index 77895e5d2e06..2d5ec7ba1de4 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -1029,6 +1029,65 @@ let "MUDURL" ]) ]; + + sectionCAN = checkUnitConfig "CAN" [ + (assertOnlyFields [ + "BitRate" + "SamplePoint" + "TimeQuantaNSec" + "PropagationSegment" + "PhaseBufferSegment1" + "PhaseBufferSegment2" + "SyncJumpWidth" + "DataBitRate" + "DataSamplePoint" + "DataTimeQuantaNSec" + "DataPropagationSegment" + "DataPhaseBufferSegment1" + "DataPhaseBufferSegment2" + "DataSyncJumpWidth" + "FDMode" + "FDNonISO" + "RestartSec" + "Termination" + "TripleSampling" + "BusErrorReporting" + "ListenOnly" + "Loopback" + "OneShot" + "PresumeAck" + "ClassicDataLengthCode" + ]) + (assertInt "TimeQuantaNSec" ) + (assertRange "TimeQuantaNSec" 0 4294967295 ) + (assertInt "PropagationSegment" ) + (assertRange "PropagationSegment" 0 4294967295 ) + (assertInt "PhaseBufferSegment1" ) + (assertRange "PhaseBufferSegment1" 0 4294967295 ) + (assertInt "PhaseBufferSegment2" ) + (assertRange "PhaseBufferSegment2" 0 4294967295 ) + (assertInt "SyncJumpWidth" ) + (assertRange "SyncJumpWidth" 0 4294967295 ) + (assertInt "DataTimeQuantaNSec" ) + (assertRange "DataTimeQuantaNSec" 0 4294967295 ) + (assertInt "DataPropagationSegment" ) + (assertRange "DataPropagationSegment" 0 4294967295 ) + (assertInt "DataPhaseBufferSegment1" ) + (assertRange "DataPhaseBufferSegment1" 0 4294967295 ) + (assertInt "DataPhaseBufferSegment2" ) + (assertRange "DataPhaseBufferSegment2" 0 4294967295 ) + (assertInt "DataSyncJumpWidth" ) + (assertRange "DataSyncJumpWidth" 0 4294967295 ) + (assertValueOneOf "FDMode" boolValues) + (assertValueOneOf "FDNonISO" boolValues) + (assertValueOneOf "TripleSampling" boolValues) + (assertValueOneOf "BusErrorReporting" boolValues) + (assertValueOneOf "ListenOnly" boolValues) + (assertValueOneOf "Loopback" boolValues) + (assertValueOneOf "OneShot" boolValues) + (assertValueOneOf "PresumeAck" boolValues) + (assertValueOneOf "ClassicDataLengthCode" boolValues) + ]; }; }; @@ -1675,6 +1734,17 @@ let ''; }; + canConfig = mkOption { + default = {}; + example = { }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionCAN; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[CAN]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + name = mkOption { type = types.nullOr types.str; default = null; @@ -2098,6 +2168,10 @@ let [LLDP] ${attrsToSection def.lldpConfig} '' + + optionalString (def.canConfig != { }) '' + [CAN] + ${attrsToSection def.canConfig} + '' + def.extraConfig; }; From 09e745c78405cbd906f8f39cc89376f9f29db1c3 Mon Sep 17 00:00:00 2001 From: apfelkuchen06 Date: Tue, 28 Feb 2023 00:06:39 +0100 Subject: [PATCH 07/33] nixos/networkd: add IPoIB options --- nixos/modules/system/boot/networkd.nix | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index 2d5ec7ba1de4..371c4cb4b9c8 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -1088,6 +1088,15 @@ let (assertValueOneOf "PresumeAck" boolValues) (assertValueOneOf "ClassicDataLengthCode" boolValues) ]; + + sectionIPoIB = checkUnitConfig "IPoIB" [ + (assertOnlyFields [ + "Mode" + "IgnoreUserspaceMulticastGroup" + ]) + (assertValueOneOf "Mode" [ "datagram" "connected" ]) + (assertValueOneOf "IgnoreUserspaceMulticastGroup" boolValues) + ]; }; }; @@ -1745,6 +1754,17 @@ let ''; }; + ipoIBConfig = mkOption { + default = {}; + example = { }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionIPoIB; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[IPoIB]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + name = mkOption { type = types.nullOr types.str; default = null; @@ -2172,6 +2192,10 @@ let [CAN] ${attrsToSection def.canConfig} '' + + optionalString (def.ipoIBConfig != { }) '' + [IPoIB] + ${attrsToSection def.ipoIBConfig} + '' + def.extraConfig; }; From b08e5be98d9eed403a2f334f2459da909114c002 Mon Sep 17 00:00:00 2001 From: apfelkuchen06 Date: Tue, 28 Feb 2023 00:06:39 +0100 Subject: [PATCH 08/33] nixos/networkd: add QDisc options --- nixos/modules/system/boot/networkd.nix | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index 371c4cb4b9c8..905ddf06e99e 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -1097,6 +1097,14 @@ let (assertValueOneOf "Mode" [ "datagram" "connected" ]) (assertValueOneOf "IgnoreUserspaceMulticastGroup" boolValues) ]; + + sectionQDisc = checkUnitConfig "QDisc" [ + (assertOnlyFields [ + "Parent" + "Handle" + ]) + (assertValueOneOf "Parent" [ "clsact" "ingress" ]) + ]; }; }; @@ -1765,6 +1773,17 @@ let ''; }; + qdiscConfig = mkOption { + default = {}; + example = { Parent = "ingress"; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionQDisc; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[QDisc]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + name = mkOption { type = types.nullOr types.str; default = null; @@ -2196,6 +2215,10 @@ let [IPoIB] ${attrsToSection def.ipoIBConfig} '' + + optionalString (def.qdiscConfig != { }) '' + [QDisc] + ${attrsToSection def.qdiscConfig} + '' + def.extraConfig; }; From 55cd970d739f6c0cc60f846aa826e05e322b9559 Mon Sep 17 00:00:00 2001 From: apfelkuchen06 Date: Tue, 28 Feb 2023 00:06:39 +0100 Subject: [PATCH 09/33] nixos/networkd: add NetworkEmulator options --- nixos/modules/system/boot/networkd.nix | 29 ++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index 905ddf06e99e..c52816e876ee 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -1105,6 +1105,20 @@ let ]) (assertValueOneOf "Parent" [ "clsact" "ingress" ]) ]; + + sectionNetworkEmulator = checkUnitConfig "NetworkEmulator" [ + (assertOnlyFields [ + "Parent" + "Handle" + "DelaySec" + "DelayJitterSec" + "PacketLimit" + "LossRate" + "DuplicateRate" + ]) + (assertInt "PacketLimit") + (assertRange "PacketLimit" 0 4294967294) + ]; }; }; @@ -1784,6 +1798,17 @@ let ''; }; + networkEmulatorConfig = mkOption { + default = {}; + example = { Parent = "ingress"; DelaySec = "20msec"; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionNetworkEmulator; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[NetworkEmulator]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + name = mkOption { type = types.nullOr types.str; default = null; @@ -2219,6 +2244,10 @@ let [QDisc] ${attrsToSection def.qdiscConfig} '' + + optionalString (def.networkEmulatorConfig != { }) '' + [NetworkEmulator] + ${attrsToSection def.networkEmulatorConfig} + '' + def.extraConfig; }; From d63035329e6c7c07bf5cd3c4e06f4b8d2e71653f Mon Sep 17 00:00:00 2001 From: apfelkuchen06 Date: Tue, 28 Feb 2023 00:06:39 +0100 Subject: [PATCH 10/33] nixos/networkd: add TokenBucketFilter options --- nixos/modules/system/boot/networkd.nix | 29 ++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index c52816e876ee..573290133f8b 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -1119,6 +1119,20 @@ let (assertInt "PacketLimit") (assertRange "PacketLimit" 0 4294967294) ]; + + sectionTokenBucketFilter = checkUnitConfig "TokenBucketFilter" [ + (assertOnlyFields [ + "Parent" + "Handle" + "LatencySec" + "LimitBytes" + "BurstBytes" + "Rate" + "MPUBytes" + "PeakRate" + "MTUBytes" + ]) + ]; }; }; @@ -1809,6 +1823,17 @@ let ''; }; + tokenBucketFilterConfig = mkOption { + default = {}; + example = { Parent = "ingress"; Rate = "100k"; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionTokenBucketFilter; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[TokenBucketFilter]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + name = mkOption { type = types.nullOr types.str; default = null; @@ -2248,6 +2273,10 @@ let [NetworkEmulator] ${attrsToSection def.networkEmulatorConfig} '' + + optionalString (def.tokenBucketFilterConfig != { }) '' + [TokenBucketFilter] + ${attrsToSection def.tockenBucketFilterConfig} + '' + def.extraConfig; }; From 2784862e410bd07b562e6f537d6ff756fffa66ba Mon Sep 17 00:00:00 2001 From: apfelkuchen06 Date: Tue, 28 Feb 2023 00:06:39 +0100 Subject: [PATCH 11/33] nixos/networkd: add PIE options --- nixos/modules/system/boot/networkd.nix | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index 573290133f8b..d871bc2f3606 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -1133,6 +1133,16 @@ let "MTUBytes" ]) ]; + + sectionPIE = checkUnitConfig "PIE" [ + (assertOnlyFields [ + "Parent" + "Handle" + "PacketLimit" + ]) + (assertInt "PacketLimit") + (assertRange "PacketLimit" 1 4294967294) + ]; }; }; @@ -1834,6 +1844,17 @@ let ''; }; + pieConfig = mkOption { + default = {}; + example = { Parent = "ingress"; PacketLimit = "3847"; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionPIE; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[PIE]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + name = mkOption { type = types.nullOr types.str; default = null; @@ -2277,6 +2298,10 @@ let [TokenBucketFilter] ${attrsToSection def.tockenBucketFilterConfig} '' + + optionalString (def.pieConfig != { }) '' + [PIE] + ${attrsToSection def.pieConfig} + '' + def.extraConfig; }; From 872a4823cf3fdaca4d6bc6c13868ffe8a8097026 Mon Sep 17 00:00:00 2001 From: apfelkuchen06 Date: Tue, 28 Feb 2023 00:06:39 +0100 Subject: [PATCH 12/33] nixos/networkd: add FlowQueuePIE options --- nixos/modules/system/boot/networkd.nix | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index d871bc2f3606..762491abcbe0 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -1143,6 +1143,16 @@ let (assertInt "PacketLimit") (assertRange "PacketLimit" 1 4294967294) ]; + + sectionFlowQueuePIE = checkUnitConfig "FlowQueuePIE" [ + (assertOnlyFields [ + "Parent" + "Handle" + "PacketLimit" + ]) + (assertInt "PacketLimit") + (assertRange "PacketLimit" 1 4294967294) + ]; }; }; @@ -1855,6 +1865,17 @@ let ''; }; + flowQueuePIEConfig = mkOption { + default = {}; + example = { Parent = "ingress"; PacketLimit = "3847"; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionFlowQueuePIE; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[FlowQueuePIE]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + name = mkOption { type = types.nullOr types.str; default = null; @@ -2302,6 +2323,10 @@ let [PIE] ${attrsToSection def.pieConfig} '' + + optionalString (def.flowQueuePIEConfig != { }) '' + [FlowQueuePIE] + ${attrsToSection def.flowQueuePIEConfig} + '' + def.extraConfig; }; From 736650ccf144850bc47587de620ae13efc88cb39 Mon Sep 17 00:00:00 2001 From: apfelkuchen06 Date: Tue, 28 Feb 2023 00:06:40 +0100 Subject: [PATCH 13/33] nixos/networkd: add StochasticFairBlue options --- nixos/modules/system/boot/networkd.nix | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index 762491abcbe0..618e6efe7842 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -1153,6 +1153,16 @@ let (assertInt "PacketLimit") (assertRange "PacketLimit" 1 4294967294) ]; + + sectionStochasticFairBlue = checkUnitConfig "StochasticFairBlue" [ + (assertOnlyFields [ + "Parent" + "Handle" + "PacketLimit" + ]) + (assertInt "PacketLimit") + (assertRange "PacketLimit" 1 4294967294) + ]; }; }; @@ -1876,6 +1886,17 @@ let ''; }; + stochasticFairBlueConfig = mkOption { + default = {}; + example = { Parent = "ingress"; PacketLimit = "3847"; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionStochasticFairBlue; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[StochasticFairBlue]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + name = mkOption { type = types.nullOr types.str; default = null; @@ -2327,6 +2348,10 @@ let [FlowQueuePIE] ${attrsToSection def.flowQueuePIEConfig} '' + + optionalString (def.stochasticFairBlueConfig != { }) '' + [StochasticFairBlue] + ${attrsToSection def.stochasticFairBlueConfig} + '' + def.extraConfig; }; From 51689e86b99ca43b14e5aa307b5e453aa0cb7ae3 Mon Sep 17 00:00:00 2001 From: apfelkuchen06 Date: Tue, 28 Feb 2023 00:06:40 +0100 Subject: [PATCH 14/33] nixos/networkd: add StochasticFairnessQueueing options --- nixos/modules/system/boot/networkd.nix | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index 618e6efe7842..c2b83114c956 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -1163,6 +1163,15 @@ let (assertInt "PacketLimit") (assertRange "PacketLimit" 1 4294967294) ]; + + sectionStochasticFairnessQueueing = checkUnitConfig "StochasticFairnessQueueing" [ + (assertOnlyFields [ + "Parent" + "Handle" + "PerturbPeriodSec" + ]) + (assertInt "PerturbPeriodSec") + ]; }; }; @@ -1897,6 +1906,17 @@ let ''; }; + stochasticFairnessQueueingConfig = mkOption { + default = {}; + example = { Parent = "ingress"; PerturbPeriodSec = "30"; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionStochasticFairnessQueueing; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[StochasticFairnessQueueing]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + name = mkOption { type = types.nullOr types.str; default = null; @@ -2352,6 +2372,10 @@ let [StochasticFairBlue] ${attrsToSection def.stochasticFairBlueConfig} '' + + optionalString (def.stochasticFairnessQueueingConfig != { }) '' + [StochasticFairnessQueueing] + ${attrsToSection def.stochasticFairnessQueueingConfig} + '' + def.extraConfig; }; From f2ca28f6585a3ecad3032e8057ea606402a86e93 Mon Sep 17 00:00:00 2001 From: apfelkuchen06 Date: Tue, 28 Feb 2023 00:06:40 +0100 Subject: [PATCH 15/33] nixos/networkd: add PFIFO options --- nixos/modules/system/boot/networkd.nix | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index c2b83114c956..21dc14be5113 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -1172,6 +1172,16 @@ let ]) (assertInt "PerturbPeriodSec") ]; + + sectionPFIFO = checkUnitConfig "PFIFO" [ + (assertOnlyFields [ + "Parent" + "Handle" + "PacketLimit" + ]) + (assertInt "PacketLimit") + (assertRange "PacketLimit" 0 4294967294) + ]; }; }; @@ -1917,6 +1927,17 @@ let ''; }; + pfifoConfig = mkOption { + default = {}; + example = { Parent = "ingress"; PacketLimit = "300"; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionPFIFO; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[PFIFO]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + name = mkOption { type = types.nullOr types.str; default = null; @@ -2376,6 +2397,10 @@ let [StochasticFairnessQueueing] ${attrsToSection def.stochasticFairnessQueueingConfig} '' + + optionalString (def.pfifoConfig != { }) '' + [PFIFO] + ${attrsToSection def.pfifoConfig} + '' + def.extraConfig; }; From d9e1963a158f38b95a21171a0ed400a2c2575b7a Mon Sep 17 00:00:00 2001 From: apfelkuchen06 Date: Tue, 28 Feb 2023 00:06:40 +0100 Subject: [PATCH 16/33] nixos/networkd: add BFIFO options --- nixos/modules/system/boot/networkd.nix | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index 21dc14be5113..99c72e845198 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -1173,6 +1173,14 @@ let (assertInt "PerturbPeriodSec") ]; + sectionBFIFO = checkUnitConfig "BFIFO" [ + (assertOnlyFields [ + "Parent" + "Handle" + "LimitBytes" + ]) + ]; + }; sectionPFIFO = checkUnitConfig "PFIFO" [ (assertOnlyFields [ "Parent" @@ -1927,6 +1935,17 @@ let ''; }; + bfifoConfig = mkOption { + default = {}; + example = { Parent = "ingress"; LimitBytes = "20K"; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionBFIFO; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[BFIFO]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + pfifoConfig = mkOption { default = {}; example = { Parent = "ingress"; PacketLimit = "300"; }; @@ -2397,6 +2416,10 @@ let [StochasticFairnessQueueing] ${attrsToSection def.stochasticFairnessQueueingConfig} '' + + optionalString (def.bfifoConfig != { }) '' + [BFIFO] + ${attrsToSection def.bfifoConfig} + '' + optionalString (def.pfifoConfig != { }) '' [PFIFO] ${attrsToSection def.pfifoConfig} From f75ec30feea0d0e0f1bddcf07cfa89dea795b5d3 Mon Sep 17 00:00:00 2001 From: apfelkuchen06 Date: Tue, 28 Feb 2023 00:06:40 +0100 Subject: [PATCH 17/33] nixos/networkd: add PFIFOHeadDrop options --- nixos/modules/system/boot/networkd.nix | 27 +++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index 99c72e845198..4516c481bff5 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -1180,7 +1180,7 @@ let "LimitBytes" ]) ]; - }; + sectionPFIFO = checkUnitConfig "PFIFO" [ (assertOnlyFields [ "Parent" @@ -1190,6 +1190,16 @@ let (assertInt "PacketLimit") (assertRange "PacketLimit" 0 4294967294) ]; + + sectionPFIFOHeadDrop = checkUnitConfig "PFIFOHeadDrop" [ + (assertOnlyFields [ + "Parent" + "Handle" + "PacketLimit" + ]) + (assertInt "PacketLimit") + (assertRange "PacketLimit" 0 4294967294) + ]; }; }; @@ -1957,6 +1967,17 @@ let ''; }; + pfifoHeadDropConfig = mkOption { + default = {}; + example = { Parent = "ingress"; PacketLimit = "300"; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionPFIFOHeadDrop; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[PFIFOHeadDrop]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + name = mkOption { type = types.nullOr types.str; default = null; @@ -2424,6 +2445,10 @@ let [PFIFO] ${attrsToSection def.pfifoConfig} '' + + optionalString (def.pfifoHeadDropConfig != { }) '' + [PFIFOHeadDrop] + ${attrsToSection def.pfifoHeadDropConfig} + '' + def.extraConfig; }; From 7a6cae0e155ec8952fcaa0add1b6f6d712e8d721 Mon Sep 17 00:00:00 2001 From: apfelkuchen06 Date: Tue, 28 Feb 2023 00:06:40 +0100 Subject: [PATCH 18/33] nixos/networkd: add PFIFOFast options --- nixos/modules/system/boot/networkd.nix | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index 4516c481bff5..00d32083378b 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -1200,6 +1200,13 @@ let (assertInt "PacketLimit") (assertRange "PacketLimit" 0 4294967294) ]; + + sectionPFIFOFast = checkUnitConfig "PFIFOFast" [ + (assertOnlyFields [ + "Parent" + "Handle" + ]) + ]; }; }; @@ -1978,6 +1985,17 @@ let ''; }; + pfifoFastConfig = mkOption { + default = {}; + example = { Parent = "ingress"; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionPFIFOFast; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[PFIFOFast]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + name = mkOption { type = types.nullOr types.str; default = null; @@ -2449,6 +2467,10 @@ let [PFIFOHeadDrop] ${attrsToSection def.pfifoHeadDropConfig} '' + + optionalString (def.pfifoFastConfig != { }) '' + [PFIFOFast] + ${attrsToSection def.pfifoFastConfig} + '' + def.extraConfig; }; From 728108555e0d21b7fb0d5f4884e7b893e746adb0 Mon Sep 17 00:00:00 2001 From: apfelkuchen06 Date: Tue, 28 Feb 2023 00:06:40 +0100 Subject: [PATCH 19/33] nixos/networkd: add CAKE options --- nixos/modules/system/boot/networkd.nix | 65 ++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index 00d32083378b..cb04eb2668e6 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -1207,6 +1207,56 @@ let "Handle" ]) ]; + + sectionCAKE = checkUnitConfig "CAKE" [ + (assertOnlyFields [ + "Parent" + "Handle" + "Bandwidth" + "AutoRateIngress" + "OverheadBytes" + "MPUBytes" + "CompensationMode" + "UseRawPacketSize" + "FlowIsolationMode" + "NAT" + "PriorityQueueingPreset" + "FirewallMark" + "Wash" + "SplitGSO" + ]) + (assertValueOneOf "AutoRateIngress" boolValues) + (assertInt "OverheadBytes") + (assertRange "OverheadBytes" (-64) 256) + (assertInt "MPUBytes") + (assertRange "MPUBytes" 1 256) + (assertValueOneOf "CompensationMode" [ "none" "atm" "ptm" ]) + (assertValueOneOf "UseRawPacketSize" boolValues) + (assertValueOneOf "FlowIsolationMode" + [ + "none" + "src-host" + "dst-host" + "hosts" + "flows" + "dual-src-host" + "dual-dst-host" + "triple" + ]) + (assertValueOneOf "NAT" boolValues) + (assertValueOneOf "PriorityQueueingPreset" + [ + "besteffort" + "precedence" + "diffserv8" + "diffserv4" + "diffserv3" + ]) + (assertInt "FirewallMark") + (assertRange "FirewallMark" 1 4294967295) + (assertValueOneOf "Wash" boolValues) + (assertValueOneOf "SplitGSO" boolValues) + ]; }; }; @@ -1996,6 +2046,17 @@ let ''; }; + cakeConfig = mkOption { + default = {}; + example = { Bandwidth = "40M"; OverheadBytes = 8; CompensationMode = "ptm"; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionCAKE; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[CAKE]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + name = mkOption { type = types.nullOr types.str; default = null; @@ -2471,6 +2532,10 @@ let [PFIFOFast] ${attrsToSection def.pfifoFastConfig} '' + + optionalString (def.cakeConfig != { }) '' + [CAKE] + ${attrsToSection def.cakeConfig} + '' + def.extraConfig; }; From 49df6bc66997d29d1addb0424a898c745082fe40 Mon Sep 17 00:00:00 2001 From: apfelkuchen06 Date: Tue, 28 Feb 2023 00:06:40 +0100 Subject: [PATCH 20/33] nixos/networkd: add ControlledDelay options --- nixos/modules/system/boot/networkd.nix | 28 ++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index cb04eb2668e6..010053187d5d 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -1257,6 +1257,19 @@ let (assertValueOneOf "Wash" boolValues) (assertValueOneOf "SplitGSO" boolValues) ]; + + sectionControlledDelay = checkUnitConfig "ControlledDelay" [ + (assertOnlyFields [ + "Parent" + "Handle" + "PacketLimit" + "TargetSec" + "IntervalSec" + "ECN" + "CEThresholdSec" + ]) + (assertValueOneOf "ECN" boolValues) + ]; }; }; @@ -2057,6 +2070,17 @@ let ''; }; + controlledDelayConfig = mkOption { + default = {}; + example = { Parent = "ingress"; TargetSec = "20msec"; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionControlledDelay; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[ControlledDelay]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + name = mkOption { type = types.nullOr types.str; default = null; @@ -2536,6 +2560,10 @@ let [CAKE] ${attrsToSection def.cakeConfig} '' + + optionalString (def.controlledDelayConfig != { }) '' + [ControlledDelay] + ${attrsToSection def.controlledDelayConfig} + '' + def.extraConfig; }; From 0d06e8599699ef5629995a6ce46329baa2f3abad Mon Sep 17 00:00:00 2001 From: apfelkuchen06 Date: Tue, 28 Feb 2023 00:06:40 +0100 Subject: [PATCH 21/33] nixos/networkd: add DeficitRoundRobinScheduler options --- nixos/modules/system/boot/networkd.nix | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index 010053187d5d..b57154a763b4 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -1270,6 +1270,13 @@ let ]) (assertValueOneOf "ECN" boolValues) ]; + + sectionDeficitRoundRobinScheduler = checkUnitConfig "DeficitRoundRobinScheduler" [ + (assertOnlyFields [ + "Parent" + "Handle" + ]) + ]; }; }; @@ -2081,6 +2088,17 @@ let ''; }; + deficitRoundRobinSchedulerConfig = mkOption { + default = {}; + example = { Parent = "root"; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionDeficitRoundRobinScheduler; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[DeficitRoundRobinScheduler]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + name = mkOption { type = types.nullOr types.str; default = null; @@ -2564,6 +2582,10 @@ let [ControlledDelay] ${attrsToSection def.controlledDelayConfig} '' + + optionalString (def.deficitRoundRobinSchedulerConfig != { }) '' + [DeficitRoundRobinScheduler] + ${attrsToSection def.deficitRoundRobinSchedulerConfig} + '' + def.extraConfig; }; From 3cde7aaa36a3089f7881c9f65e7c37bf65f9177d Mon Sep 17 00:00:00 2001 From: apfelkuchen06 Date: Tue, 28 Feb 2023 00:06:40 +0100 Subject: [PATCH 22/33] nixos/networkd: add DeficitRoundRobinSchedulerClass options --- nixos/modules/system/boot/networkd.nix | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index b57154a763b4..490bcb6e4fc8 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -1277,6 +1277,14 @@ let "Handle" ]) ]; + + sectionDeficitRoundRobinSchedulerClass = checkUnitConfig "DeficitRoundRobinSchedulerClass" [ + (assertOnlyFields [ + "Parent" + "Handle" + "QuantumBytes" + ]) + ]; }; }; @@ -2099,6 +2107,17 @@ let ''; }; + deficitRoundRobinSchedulerClassConfig = mkOption { + default = {}; + example = { Parent = "root"; QuantumBytes = "300k"; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionDeficitRoundRobinSchedulerClass; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[DeficitRoundRobinSchedulerClass]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + name = mkOption { type = types.nullOr types.str; default = null; @@ -2586,6 +2605,10 @@ let [DeficitRoundRobinScheduler] ${attrsToSection def.deficitRoundRobinSchedulerConfig} '' + + optionalString (def.deficitRoundRobinSchedulerClassConfig != { }) '' + [DeficitRoundRobinSchedulerClass] + ${attrsToSection def.deficitRoundRobinSchedulerClassConfig} + '' + def.extraConfig; }; From ca496f87548eb194280d2a3a4489380b94d088eb Mon Sep 17 00:00:00 2001 From: apfelkuchen06 Date: Tue, 28 Feb 2023 00:06:40 +0100 Subject: [PATCH 23/33] nixos/networkd: add EnhancedTransmissionSelection options --- nixos/modules/system/boot/networkd.nix | 30 ++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index 490bcb6e4fc8..87e70d48a757 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -1285,6 +1285,21 @@ let "QuantumBytes" ]) ]; + + sectionEnhancedTransmissionSelection = checkUnitConfig "EnhancedTransmissionSelection" [ + (assertOnlyFields [ + "Parent" + "Handle" + "Bands" + "StrictBands" + "QuantumBytes" + "PriorityMap" + ]) + (assertInt "Bands") + (assertRange "Bands" 1 16) + (assertInt "StrictBands") + (assertRange "StrictBands" 1 16) + ]; }; }; @@ -2118,6 +2133,17 @@ let ''; }; + enhancedTransmissionSelectionConfig = mkOption { + default = {}; + example = { Parent = "root"; QuantumBytes = "300k"; Bands = 3; PriorityMap = "100 200 300"; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionEnhancedTransmissionSelection; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[EnhancedTransmissionSelection]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + name = mkOption { type = types.nullOr types.str; default = null; @@ -2609,6 +2635,10 @@ let [DeficitRoundRobinSchedulerClass] ${attrsToSection def.deficitRoundRobinSchedulerClassConfig} '' + + optionalString (def.enhancedTransmissionSelectionConfig != { }) '' + [EnhancedTransmissionSelection] + ${attrsToSection def.enhancedTransmissionSelectionConfig} + '' + def.extraConfig; }; From 5b5c79c6a0c94586cc392a1a476397b44912e820 Mon Sep 17 00:00:00 2001 From: apfelkuchen06 Date: Tue, 28 Feb 2023 00:06:40 +0100 Subject: [PATCH 24/33] nixos/networkd: add GenericRandomEarlyDetection options --- nixos/modules/system/boot/networkd.nix | 30 ++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index 87e70d48a757..886096f067b2 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -1300,6 +1300,21 @@ let (assertInt "StrictBands") (assertRange "StrictBands" 1 16) ]; + + sectionGenericRandomEarlyDetection = checkUnitConfig "GenericRandomEarlyDetection" [ + (assertOnlyFields [ + "Parent" + "Handle" + "VirtualQueues" + "DefaultVirtualQueue" + "GenericRIO" + ]) + (assertInt "VirtualQueues") + (assertRange "VirtualQueues" 1 16) + (assertInt "DefaultVirtualQueue") + (assertRange "DefaultVirtualQueue" 1 16) + (assertValueOneOf "GenericRIO" boolValues) + ]; }; }; @@ -2144,6 +2159,17 @@ let ''; }; + genericRandomEarlyDetectionConfig = mkOption { + default = {}; + example = { Parent = "root"; VirtualQueues = 5; DefaultVirtualQueue = 3; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionGenericRandomEarlyDetection; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[GenericRandomEarlyDetection]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + name = mkOption { type = types.nullOr types.str; default = null; @@ -2639,6 +2665,10 @@ let [EnhancedTransmissionSelection] ${attrsToSection def.enhancedTransmissionSelectionConfig} '' + + optionalString (def.genericRandomEarlyDetectionConfig != { }) '' + [GenericRandomEarlyDetection] + ${attrsToSection def.genericRandomEarlyDetectionConfig} + '' + def.extraConfig; }; From dbc14e5a441beebc3c01b60f22e1f3cadf2acdad Mon Sep 17 00:00:00 2001 From: apfelkuchen06 Date: Tue, 28 Feb 2023 00:06:40 +0100 Subject: [PATCH 25/33] nixos/networkd: add FairQueueingControlledDelay options --- nixos/modules/system/boot/networkd.nix | 33 ++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index 886096f067b2..ec2d7b10824a 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -1315,6 +1315,24 @@ let (assertRange "DefaultVirtualQueue" 1 16) (assertValueOneOf "GenericRIO" boolValues) ]; + + sectionFairQueueingControlledDelay = checkUnitConfig "FairQueueingControlledDelay" [ + (assertOnlyFields [ + "Parent" + "Handle" + "PacketLimit" + "MemoryLimitBytes" + "Flows" + "TargetSec" + "IntervalSec" + "QuantumBytes" + "ECN" + "CEThresholdSec" + ]) + (assertInt "PacketLimit") + (assertInt "Flows") + (assertValueOneOf "ECN" boolValues) + ]; }; }; @@ -2170,6 +2188,17 @@ let ''; }; + fairQueueingControlledDelayConfig = mkOption { + default = {}; + example = { Parent = "root"; Flows = 5; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionFairQueueingControlledDelay; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[FairQueueingControlledDelay]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + name = mkOption { type = types.nullOr types.str; default = null; @@ -2669,6 +2698,10 @@ let [GenericRandomEarlyDetection] ${attrsToSection def.genericRandomEarlyDetectionConfig} '' + + optionalString (def.fairQueueingControlledDelayConfig != { }) '' + [FairQueueingControlledDelay] + ${attrsToSection def.fairQueueingControlledDelayConfig} + '' + def.extraConfig; }; From cf470ebd88c4b9e8d4b7ae875ffaebbef6b2b02e Mon Sep 17 00:00:00 2001 From: apfelkuchen06 Date: Tue, 28 Feb 2023 00:06:40 +0100 Subject: [PATCH 26/33] nixos/networkd: add FairQueueing options --- nixos/modules/system/boot/networkd.nix | 35 ++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index ec2d7b10824a..ce23c59895cb 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -1333,6 +1333,26 @@ let (assertInt "Flows") (assertValueOneOf "ECN" boolValues) ]; + + sectionFairQueueing = checkUnitConfig "FairQueueing" [ + (assertOnlyFields [ + "Parent" + "Handle" + "PacketLimit" + "FlowLimit" + "QuantumBytes" + "InitualQuantumBytes" + "MaximumRate" + "Buckets" + "OrphanMask" + "Pacing" + "CEThresholdSec" + ]) + (assertInt "PacketLimit") + (assertInt "FlowLimit") + (assertInt "OrphanMask") + (assertValueOneOf "Pacing" boolValues) + ]; }; }; @@ -2199,6 +2219,17 @@ let ''; }; + fairQueueingConfig = mkOption { + default = {}; + example = { Parent = "root"; FlowLimit = 5; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionFairQueueing; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[FairQueueing]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + name = mkOption { type = types.nullOr types.str; default = null; @@ -2702,6 +2733,10 @@ let [FairQueueingControlledDelay] ${attrsToSection def.fairQueueingControlledDelayConfig} '' + + optionalString (def.fairQueueingConfig != { }) '' + [FairQueueing] + ${attrsToSection def.fairQueueingConfig} + '' + def.extraConfig; }; From 29e54519636578683070f9c778ac207fedf1e56a Mon Sep 17 00:00:00 2001 From: apfelkuchen06 Date: Tue, 28 Feb 2023 00:06:40 +0100 Subject: [PATCH 27/33] nixos/networkd: add TrivialLinkEqualizer options --- nixos/modules/system/boot/networkd.nix | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index ce23c59895cb..1efe840acf20 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -1353,6 +1353,14 @@ let (assertInt "OrphanMask") (assertValueOneOf "Pacing" boolValues) ]; + + sectionTrivialLinkEqualizer = checkUnitConfig "TrivialLinkEqualizer" [ + (assertOnlyFields [ + "Parent" + "Handle" + "Id" + ]) + ]; }; }; @@ -2230,6 +2238,17 @@ let ''; }; + trivialLinkEqualizerConfig = mkOption { + default = {}; + example = { Parent = "root"; Id = 0; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionTrivialLinkEqualizer; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[TrivialLinkEqualizer]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + name = mkOption { type = types.nullOr types.str; default = null; @@ -2737,6 +2756,10 @@ let [FairQueueing] ${attrsToSection def.fairQueueingConfig} '' + + optionalString (def.trivialLinkEqualizerConfig != { }) '' + [TrivialLinkEqualizer] + ${attrsToSection def.trivialLinkEqualizerConfig} + '' + def.extraConfig; }; From 24df07c786d0818731af5a3056b786ba83731dab Mon Sep 17 00:00:00 2001 From: apfelkuchen06 Date: Tue, 28 Feb 2023 00:06:41 +0100 Subject: [PATCH 28/33] nixos/networkd: add HierarchyTokenBucket options --- nixos/modules/system/boot/networkd.nix | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index 1efe840acf20..ef81771312e6 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -1361,6 +1361,16 @@ let "Id" ]) ]; + + sectionHierarchyTokenBucket = checkUnitConfig "HierarchyTokenBucket" [ + (assertOnlyFields [ + "Parent" + "Handle" + "DefaultClass" + "RateToQuantum" + ]) + (assertInt "RateToQuantum") + ]; }; }; @@ -2249,6 +2259,17 @@ let ''; }; + hierarchyTokenBucketConfig = mkOption { + default = {}; + example = { Parent = "root"; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionHierarchyTokenBucket; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[HierarchyTokenBucket]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + name = mkOption { type = types.nullOr types.str; default = null; @@ -2760,6 +2781,10 @@ let [TrivialLinkEqualizer] ${attrsToSection def.trivialLinkEqualizerConfig} '' + + optionalString (def.hierarchyTokenBucketConfig != { }) '' + [HierarchyTokenBucket] + ${attrsToSection def.hierarchyTokenBucketConfig} + '' + def.extraConfig; }; From 88d99a36305d9387383baf7eb88c86e02541f703 Mon Sep 17 00:00:00 2001 From: apfelkuchen06 Date: Tue, 28 Feb 2023 00:06:41 +0100 Subject: [PATCH 29/33] nixos/networkd: add HierarchyTokenBucketClass options --- nixos/modules/system/boot/networkd.nix | 30 ++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index ef81771312e6..de94668bb246 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -1371,6 +1371,21 @@ let ]) (assertInt "RateToQuantum") ]; + + sectionHierarchyTokenBucketClass = checkUnitConfig "HierarchyTokenBucketClass" [ + (assertOnlyFields [ + "Parent" + "ClassId" + "Priority" + "QuantumBytes" + "MTUBytes" + "OverheadBytes" + "Rate" + "CeilRate" + "BufferBytes" + "CeilBufferBytes" + ]) + ]; }; }; @@ -2270,6 +2285,17 @@ let ''; }; + hierarchyTokenBucketClassConfig = mkOption { + default = {}; + example = { Parent = "root"; Rate = "10M"; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionHierarchyTokenBucketClass; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[HierarchyTokenBucketClass]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + name = mkOption { type = types.nullOr types.str; default = null; @@ -2785,6 +2811,10 @@ let [HierarchyTokenBucket] ${attrsToSection def.hierarchyTokenBucketConfig} '' + + optionalString (def.hierarchyTokenBucketClassConfig != { }) '' + [HierarchyTokenBucketClass] + ${attrsToSection def.hierarchyTokenBucketClassConfig} + '' + def.extraConfig; }; From 493ed754187177260848764e3a0c5ea5515984e3 Mon Sep 17 00:00:00 2001 From: apfelkuchen06 Date: Tue, 28 Feb 2023 00:06:41 +0100 Subject: [PATCH 30/33] nixos/networkd: add HeavyHitterFilter options --- nixos/modules/system/boot/networkd.nix | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index de94668bb246..31f4f11616a6 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -1386,6 +1386,16 @@ let "CeilBufferBytes" ]) ]; + + sectionHeavyHitterFilter = checkUnitConfig "HeavyHitterFilter" [ + (assertOnlyFields [ + "Parent" + "Handle" + "PacketLimit" + ]) + (assertInt "PacketLimit") + (assertRange "PacketLimit" 0 4294967294) + ]; }; }; @@ -2296,6 +2306,17 @@ let ''; }; + heavyHitterFilterConfig = mkOption { + default = {}; + example = { Parent = "root"; PacketLimit = 10000; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionHeavyHitterFilter; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[HeavyHitterFilter]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + name = mkOption { type = types.nullOr types.str; default = null; @@ -2815,6 +2836,10 @@ let [HierarchyTokenBucketClass] ${attrsToSection def.hierarchyTokenBucketClassConfig} '' + + optionalString (def.heavyHitterFilterConfig != { }) '' + [HeavyHitterFilter] + ${attrsToSection def.heavyHitterFilterConfig} + '' + def.extraConfig; }; From fde806d5a5b07f98dde0eb03be56814baae1131e Mon Sep 17 00:00:00 2001 From: apfelkuchen06 Date: Tue, 28 Feb 2023 00:06:41 +0100 Subject: [PATCH 31/33] nixos/networkd: add QuickFairQueueing options --- nixos/modules/system/boot/networkd.nix | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index 31f4f11616a6..5c1807578fc7 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -1396,6 +1396,13 @@ let (assertInt "PacketLimit") (assertRange "PacketLimit" 0 4294967294) ]; + + sectionQuickFairQueueing = checkUnitConfig "QuickFairQueueing" [ + (assertOnlyFields [ + "Parent" + "Handle" + ]) + ]; }; }; @@ -2317,6 +2324,17 @@ let ''; }; + quickFairQueueingConfig = mkOption { + default = {}; + example = { Parent = "root"; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionQuickFairQueueing; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[QuickFairQueueing]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + name = mkOption { type = types.nullOr types.str; default = null; @@ -2840,6 +2858,10 @@ let [HeavyHitterFilter] ${attrsToSection def.heavyHitterFilterConfig} '' + + optionalString (def.quickFairQueueingConfig != { }) '' + [QuickFairQueueing] + ${attrsToSection def.quickFairQueueingConfig} + '' + def.extraConfig; }; From cd650b3fa303a88e6ab842dd110871b50d0bd9d1 Mon Sep 17 00:00:00 2001 From: apfelkuchen06 Date: Tue, 28 Feb 2023 00:06:41 +0100 Subject: [PATCH 32/33] nixos/networkd: add QuickFairQueueingClass options --- nixos/modules/system/boot/networkd.nix | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index 5c1807578fc7..c4a40f0fcfc7 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -1403,6 +1403,17 @@ let "Handle" ]) ]; + + sectionQuickFairQueueingClass = checkUnitConfig "QuickFairQueueingClass" [ + (assertOnlyFields [ + "Parent" + "ClassId" + "Weight" + "MaxPacketBytes" + ]) + (assertInt "Weight") + (assertRange "Weight" 1 1023) + ]; }; }; @@ -2335,6 +2346,17 @@ let ''; }; + quickFairQueueingConfigClass = mkOption { + default = {}; + example = { Parent = "root"; Weight = 133; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionQuickFairQueueingClass; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[QuickFairQueueingClass]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + name = mkOption { type = types.nullOr types.str; default = null; @@ -2862,6 +2884,10 @@ let [QuickFairQueueing] ${attrsToSection def.quickFairQueueingConfig} '' + + optionalString (def.quickFairQueueingConfigClass != { }) '' + [QuickFairQueueingClass] + ${attrsToSection def.quickFairQueueingConfigClass} + '' + def.extraConfig; }; From 0ddfb0a5dfc45a495bf862fe90a630325efecb32 Mon Sep 17 00:00:00 2001 From: apfelkuchen06 Date: Tue, 28 Feb 2023 00:06:41 +0100 Subject: [PATCH 33/33] nixos/networkd: add BridgeVLAN options --- nixos/modules/system/boot/networkd.nix | 50 ++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index c4a40f0fcfc7..e9144fbbf15e 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -1414,6 +1414,16 @@ let (assertInt "Weight") (assertRange "Weight" 1 1023) ]; + + sectionBridgeVLAN = checkUnitConfig "BridgeVLAN" [ + (assertOnlyFields [ + "VLAN" + "EgressUntagged" + "PVID" + ]) + (assertInt "PVID") + (assertRange "PVID" 0 4094) + ]; }; }; @@ -1879,6 +1889,21 @@ let }; }; + bridgeVLANOptions = { + options = { + bridgeMDBConfig = mkOption { + default = {}; + example = { VLAN = 20; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionBridgeVLAN; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[BridgeVLAN]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + }; + }; + networkOptions = commonNetworkOptions // { linkConfig = mkOption { @@ -2357,6 +2382,27 @@ let ''; }; + bridgeVLANConfig = mkOption { + default = {}; + example = { VLAN = "10-20"; }; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionbridgeVLAN; + description = lib.mdDoc '' + Each attribute in this set specifies an option in the + `[BridgeVLAN]` section of the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + + bridgeVLANs = mkOption { + default = []; + example = [ { bridgeVLANConfig = { VLAN = "10-20"; }; } ]; + type = with types; listOf (submodule bridgeVLANOptions); + description = lib.mdDoc '' + A list of BridgeVLAN sections to be added to the unit. See + {manpage}`systemd.network(5)` for details. + ''; + }; + name = mkOption { type = types.nullOr types.str; default = null; @@ -2888,6 +2934,10 @@ let [QuickFairQueueingClass] ${attrsToSection def.quickFairQueueingConfigClass} '' + + flip concatMapStrings def.bridgeVLANs (x: '' + [BridgeVLAN] + ${attrsToSection x.bridgeVLANConfig} + '') + def.extraConfig; };