From 1c08efb8ab258856c6b2cb8794bdc03c96c2b8c9 Mon Sep 17 00:00:00 2001
From: "William A. Kennington III" <william@wkennington.com>
Date: Sat, 23 Aug 2014 18:38:29 -0700
Subject: [PATCH 1/3] nixos/network-interfaces: Allow explicit virtual
 interface type setting

---
 nixos/modules/tasks/network-interfaces.nix | 32 ++++++++++++++++------
 1 file changed, 23 insertions(+), 9 deletions(-)

diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix
index ac3a55332e4e..985e76cd7086 100644
--- a/nixos/modules/tasks/network-interfaces.nix
+++ b/nixos/modules/tasks/network-interfaces.nix
@@ -138,8 +138,6 @@ let
           Whether this interface is virtual and should be created by tunctl.
           This is mainly useful for creating bridges between a host a virtual
           network such as VPN or a virtual machine.
-
-          Defaults to tap device, unless interface contains "tun" in its name.
         '';
       };
 
@@ -151,6 +149,15 @@ let
         '';
       };
 
+      virtualType = mkOption {
+        default = null;
+        type = types.nullOr (types.addCheck types.str (v: v == "tun" || v == "tap"));
+        description = ''
+          The explicit type of interface to create. Accepts tun or tap strings.
+          Also accepts null to implicitly detect the type of device.
+        '';
+      };
+
       proxyARP = mkOption {
         default = false;
         type = types.bool;
@@ -673,18 +680,25 @@ in
                 '');
           };
 
-        createTunDevice = i: nameValuePair "${i.name}"
+        createTunDevice = i: nameValuePair "${i.name}-tun"
           { description = "Virtual Network Interface ${i.name}";
             requires = [ "dev-net-tun.device" ];
             after = [ "dev-net-tun.device" ];
             wantedBy = [ "network.target" ];
             requiredBy = [ "sys-subsystem-net-devices-${i.name}.device" ];
-            serviceConfig =
-              { Type = "oneshot";
-                RemainAfterExit = true;
-                ExecStart = "${pkgs.tunctl}/bin/tunctl -t '${i.name}' -u '${i.virtualOwner}'";
-                ExecStop = "${pkgs.tunctl}/bin/tunctl -d '${i.name}'";
-              };
+            path = [ pkgs.iproute ];
+            serviceConfig = {
+              Type = "oneshot";
+              RemainAfterExit = true;
+            };
+            script = ''
+              ip tuntap add dev "${i.name}" \
+              ${optionalString (i.virtualType != null) "mode ${i.virtualType}"} \
+              user "${i.virtualOwner}"
+            '';
+            postStop = ''
+              ip link del ${i.name}
+            '';
           };
 
         createBridgeDevice = n: v:

From ed6040fc8dd833c31c67fadb54de320934e9668c Mon Sep 17 00:00:00 2001
From: "William A. Kennington III" <william@wkennington.com>
Date: Sun, 24 Aug 2014 15:16:47 -0700
Subject: [PATCH 2/3] nixos/network-interface: Append -netdev for all device
 units

Currently, device units are named directly after the name the user
specifies for the device. A bridge device named lan will be defined
within lan.service. This becomes a problem if you want your interface
named nginx but also want to run the nginx service.

This patch fixes the issue by appending netdev to all virtually created
network device units. Therefore, the lan bridge -> lan-netdev.service.
This naming convention is used for all types of network devices in order
to ensure that all network devices are unique.
---
 nixos/modules/tasks/network-interfaces.nix | 34 +++++++++++-----------
 1 file changed, 17 insertions(+), 17 deletions(-)

diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix
index 985e76cd7086..14bf96ced7a3 100644
--- a/nixos/modules/tasks/network-interfaces.nix
+++ b/nixos/modules/tasks/network-interfaces.nix
@@ -680,7 +680,7 @@ in
                 '');
           };
 
-        createTunDevice = i: nameValuePair "${i.name}-tun"
+        createTunDevice = i: nameValuePair "${i.name}-netdev"
           { description = "Virtual Network Interface ${i.name}";
             requires = [ "dev-net-tun.device" ];
             after = [ "dev-net-tun.device" ];
@@ -701,8 +701,8 @@ in
             '';
           };
 
-        createBridgeDevice = n: v:
-          let
+        createBridgeDevice = n: v: nameValuePair "${n}-netdev"
+          (let
             deps = map (i: "sys-subsystem-net-devices-${i}.device") v.interfaces;
           in
           { description = "Bridge Interface ${n}";
@@ -739,10 +739,10 @@ in
                 ip link set "${n}" down
                 brctl delbr "${n}"
               '';
-          };
+          });
 
-        createBondDevice = n: v:
-          let
+        createBondDevice = n: v: nameValuePair "${n}-netdev"
+          (let
             deps = map (i: "sys-subsystem-net-devices-${i}.device") v.interfaces;
           in
           { description = "Bond Interface ${n}";
@@ -778,10 +778,10 @@ in
               ifenslave -d "${n}"
               ip link delete "${n}"
             '';
-          };
+          });
 
-        createSitDevice = n: v:
-          let
+        createSitDevice = n: v: nameValuePair "${n}-netdev"
+          (let
             deps = optional (v.dev != null) "sys-subsystem-net-devices-${v.dev}.device";
           in
           { description = "6-to-4 Tunnel Interface ${n}";
@@ -804,10 +804,10 @@ in
             postStop = ''
               ip link delete "${n}"
             '';
-          };
+          });
 
-        createVlanDevice = n: v:
-          let
+        createVlanDevice = n: v: nameValuePair "${n}-netdev"
+          (let
             deps = [ "sys-subsystem-net-devices-${v.interface}.device" ];
           in
           { description = "Vlan Interface ${n}";
@@ -826,15 +826,15 @@ in
             postStop = ''
               ip link delete "${n}"
             '';
-          };
+          });
 
       in listToAttrs (
            map configureInterface interfaces ++
            map createTunDevice (filter (i: i.virtual) interfaces))
-         // mapAttrs createBridgeDevice cfg.bridges
-         // mapAttrs createBondDevice cfg.bonds
-         // mapAttrs createSitDevice cfg.sits
-         // mapAttrs createVlanDevice cfg.vlans
+         // mapAttrs' createBridgeDevice cfg.bridges
+         // mapAttrs' createBondDevice cfg.bonds
+         // mapAttrs' createSitDevice cfg.sits
+         // mapAttrs' createVlanDevice cfg.vlans
          // { "network-setup" = networkSetup; };
 
     # Set the host and domain names in the activation script.  Don't

From ef92afe0da4ad622026c07a768f0b9e8b29447c9 Mon Sep 17 00:00:00 2001
From: "William A. Kennington III" <william@wkennington.com>
Date: Sun, 24 Aug 2014 15:56:37 -0700
Subject: [PATCH 3/3] nixos/network-interfaces: Fix vlan device coming up
 during switch

---
 nixos/modules/tasks/network-interfaces.nix | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix
index 14bf96ced7a3..1163c729c9b8 100644
--- a/nixos/modules/tasks/network-interfaces.nix
+++ b/nixos/modules/tasks/network-interfaces.nix
@@ -684,8 +684,7 @@ in
           { description = "Virtual Network Interface ${i.name}";
             requires = [ "dev-net-tun.device" ];
             after = [ "dev-net-tun.device" ];
-            wantedBy = [ "network.target" ];
-            requiredBy = [ "sys-subsystem-net-devices-${i.name}.device" ];
+            wantedBy = [ "network.target" "sys-subsystem-net-devices-${i.name}.device" ];
             path = [ pkgs.iproute ];
             serviceConfig = {
               Type = "oneshot";