forked from mirrors/nixpkgs
nixos/network-interfaces: Sanitize sys-subsystem device names
Currently, nixos will allow for interface names with special characters such as the hyphen to be used. This presents a problem when using systemd device names as the namespace paths are separated using hyphens. Within systemd, if a device name has a hyphen it should be replaced with the escape sequence \x2d. This patch sanitizes all interface names before they are used in a systemd device string.
This commit is contained in:
parent
c3e7588367
commit
d48a7a17df
|
@ -1,6 +1,7 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
{ config, lib, pkgs, utils, ... }:
|
||||
|
||||
with lib;
|
||||
with utils;
|
||||
|
||||
let
|
||||
|
||||
|
@ -10,6 +11,10 @@ let
|
|||
hasSits = cfg.sits != { };
|
||||
hasBonds = cfg.bonds != { };
|
||||
|
||||
# We must escape interfaces due to the systemd interpretation
|
||||
subsystemDevice = interface:
|
||||
"sys-subsystem-net-devices-${escapeSystemdPath interface}.device";
|
||||
|
||||
addrOpts = v:
|
||||
assert v == 4 || v == 6;
|
||||
{
|
||||
|
@ -603,8 +608,8 @@ in
|
|||
nameValuePair "${i.name}-cfg"
|
||||
{ description = "Configuration of ${i.name}";
|
||||
wantedBy = [ "network-interfaces.target" ];
|
||||
bindsTo = [ "sys-subsystem-net-devices-${i.name}.device" ];
|
||||
after = [ "sys-subsystem-net-devices-${i.name}.device" ];
|
||||
bindsTo = [ (subsystemDevice i.name) ];
|
||||
after = [ (subsystemDevice i.name) ];
|
||||
serviceConfig.Type = "oneshot";
|
||||
serviceConfig.RemainAfterExit = true;
|
||||
path = [ pkgs.iproute pkgs.gawk ];
|
||||
|
@ -684,7 +689,7 @@ in
|
|||
{ description = "Virtual Network Interface ${i.name}";
|
||||
requires = [ "dev-net-tun.device" ];
|
||||
after = [ "dev-net-tun.device" ];
|
||||
wantedBy = [ "network.target" "sys-subsystem-net-devices-${i.name}.device" ];
|
||||
wantedBy = [ "network.target" (subsystemDevice i.name) ];
|
||||
path = [ pkgs.iproute ];
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
|
@ -702,10 +707,10 @@ in
|
|||
|
||||
createBridgeDevice = n: v: nameValuePair "${n}-netdev"
|
||||
(let
|
||||
deps = map (i: "sys-subsystem-net-devices-${i}.device") v.interfaces;
|
||||
deps = map subsystemDevice v.interfaces;
|
||||
in
|
||||
{ description = "Bridge Interface ${n}";
|
||||
wantedBy = [ "network.target" "sys-subsystem-net-devices-${n}.device" ];
|
||||
wantedBy = [ "network.target" (subsystemDevice n) ];
|
||||
bindsTo = deps;
|
||||
after = deps;
|
||||
serviceConfig.Type = "oneshot";
|
||||
|
@ -742,10 +747,10 @@ in
|
|||
|
||||
createBondDevice = n: v: nameValuePair "${n}-netdev"
|
||||
(let
|
||||
deps = map (i: "sys-subsystem-net-devices-${i}.device") v.interfaces;
|
||||
deps = map subsystemDevice v.interfaces;
|
||||
in
|
||||
{ description = "Bond Interface ${n}";
|
||||
wantedBy = [ "network.target" "sys-subsystem-net-devices-${n}.device" ];
|
||||
wantedBy = [ "network.target" (subsystemDevice n) ];
|
||||
bindsTo = deps;
|
||||
after = deps;
|
||||
serviceConfig.Type = "oneshot";
|
||||
|
@ -781,10 +786,10 @@ in
|
|||
|
||||
createSitDevice = n: v: nameValuePair "${n}-netdev"
|
||||
(let
|
||||
deps = optional (v.dev != null) "sys-subsystem-net-devices-${v.dev}.device";
|
||||
deps = optional (v.dev != null) (subsystemDevice v.dev);
|
||||
in
|
||||
{ description = "6-to-4 Tunnel Interface ${n}";
|
||||
wantedBy = [ "network.target" "sys-subsystem-net-devices-${n}.device" ];
|
||||
wantedBy = [ "network.target" (subsystemDevice n) ];
|
||||
bindsTo = deps;
|
||||
after = deps;
|
||||
serviceConfig.Type = "oneshot";
|
||||
|
@ -807,10 +812,10 @@ in
|
|||
|
||||
createVlanDevice = n: v: nameValuePair "${n}-netdev"
|
||||
(let
|
||||
deps = [ "sys-subsystem-net-devices-${v.interface}.device" ];
|
||||
deps = [ (subsystemDevice v.interface) ];
|
||||
in
|
||||
{ description = "Vlan Interface ${n}";
|
||||
wantedBy = [ "network.target" "sys-subsystem-net-devices-${n}.device" ];
|
||||
wantedBy = [ "network.target" (subsystemDevice n) ];
|
||||
bindsTo = deps;
|
||||
after = deps;
|
||||
serviceConfig.Type = "oneshot";
|
||||
|
|
Loading…
Reference in a new issue