From 2307d2454481d26e22a02456a8e988c7b1196a27 Mon Sep 17 00:00:00 2001
From: Christian Albrecht <christian.albrecht@mayflower.de>
Date: Wed, 23 Dec 2015 06:02:59 +0100
Subject: [PATCH 1/2] networkd: add IPForward and IPMasquerade options

to Network config section
---
 nixos/modules/system/boot/networkd.nix | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix
index 34eea9af83b1..b9fb4b12e7d2 100644
--- a/nixos/modules/system/boot/networkd.nix
+++ b/nixos/modules/system/boot/networkd.nix
@@ -93,11 +93,13 @@ let
 
   checkNetwork = checkUnitConfig "Network" [
     (assertOnlyFields [
-      "Description" "DHCP" "DHCPServer" "IPv4LL" "IPv4LLRoute"
+      "Description" "DHCP" "DHCPServer" "IPForward" "IPMasquerade" "IPv4LL" "IPv4LLRoute"
       "LLMNR" "Domains" "Bridge" "Bond"
     ])
     (assertValueOneOf "DHCP" ["both" "none" "v4" "v6"])
     (assertValueOneOf "DHCPServer" boolValues)
+    (assertValueOneOf "IPForward" ["yes" "no" "ipv4" "ipv6"])
+    (assertValueOneOf "IPMasquerade" boolValues)
     (assertValueOneOf "IPv4LL" boolValues)
     (assertValueOneOf "IPv4LLRoute" boolValues)
     (assertValueOneOf "LLMNR" boolValues)

From 83a64cecc9fbe62d187428535774b2a1293afeaf Mon Sep 17 00:00:00 2001
From: Christian Albrecht <christian.albrecht@mayflower.de>
Date: Wed, 23 Dec 2015 06:04:39 +0100
Subject: [PATCH 2/2] networkd: add DHCPServer config section

---
 nixos/modules/system/boot/networkd.nix | 27 ++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix
index b9fb4b12e7d2..ab7485500261 100644
--- a/nixos/modules/system/boot/networkd.nix
+++ b/nixos/modules/system/boot/networkd.nix
@@ -131,6 +131,16 @@ let
     (assertValueOneOf "RequestBroadcast" boolValues)
   ];
 
+  checkDhcpServer = checkUnitConfig "DHCPServer" [
+    (assertOnlyFields [
+      "PoolOffset" "PoolSize" "DefaultLeaseTimeSec" "MaxLeaseTimeSec"
+      "EmitDNS" "DNS" "EmitNTP" "NTP" "EmitTimezone" "Timezone"
+    ])
+    (assertValueOneOf "EmitDNS" boolValues)
+    (assertValueOneOf "EmitNTP" boolValues)
+    (assertValueOneOf "EmitTimezone" boolValues)
+  ];
+
   commonNetworkOptions = {
 
     enable = mkOption {
@@ -343,6 +353,18 @@ let
       '';
     };
 
+    dhcpServerConfig = mkOption {
+      default = {};
+      example = { PoolOffset = 50; EmitDNS = false; };
+      type = types.addCheck (types.attrsOf unitOption) checkDhcpServer;
+      description = ''
+        Each attribute in this set specifies an option in the
+        <literal>[DHCPServer]</literal> section of the unit.  See
+        <citerefentry><refentrytitle>systemd.network</refentrytitle>
+        <manvolnum>5</manvolnum></citerefentry> for details.
+      '';
+    };
+
     name = mkOption {
       type = types.nullOr types.str;
       default = null;
@@ -567,6 +589,11 @@ let
             [DHCP]
             ${attrsToSection def.dhcpConfig}
 
+          ''}
+          ${optionalString (def.dhcpServerConfig != { }) ''
+            [DHCPServer]
+            ${attrsToSection def.dhcpServerConfig}
+
           ''}
           ${flip concatMapStrings def.addresses (x: ''
             [Address]