3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

176 commits

Author SHA1 Message Date
Artturi a0d4895e9d
Merge pull request #146709 from Artturin/underscorename 2021-11-21 03:12:31 +02:00
Artturin 2077956e78 nixos/network-interfaces: add a warning for underscores in hostname
until the issues in https://github.com/NixOS/nixpkgs/pull/138978
have been resolved
2021-11-21 01:39:39 +02:00
Artturin 31759dc4b7 nixos/networkmanager: remove redundant ipv6.ip6-privacy
this setting was added in 2016 in commit
bcdd81d9e1

the posibility to preferTempAddress was added to
nixos/network-interface in 2018 in commit
1fec496f38

preferTempAddress was renamed to tempAddress
in 2020 in commit 2485e6399e

therefore this setting is redundant since nm will use the sysctl option

nixos/network-interfaces: add default to sysctl so that the value for it
is set

networkmanager falls back to it
https://man.archlinux.org/man/NetworkManager.conf.5
2021-11-19 01:12:25 +02:00
pennae c1f5155471 nixos/networking: support FOU encapsulation for sits 2021-10-16 20:48:03 -04:00
pennae f29ea2d15d nixos/networking: add foo-over-udp endpoint support
allows configuration of foo-over-udp decapsulation endpoints. sadly networkd
seems to lack the features necessary to support local and peer address
configuration, so those are only supported when using scripted configuration.
2021-10-16 20:48:03 -04:00
Michele Guerini Rocco 46b2a2594a
Merge pull request #140779 from legendofmiracles/wol
nixos/wakeonlan: switch to systemd.link and to nixos/networking
2021-10-09 10:34:26 +02:00
legendofmiracles bb3ea37eee
nixos/networking: add the wakeonlan option 2021-10-07 14:15:17 -06:00
Naïm Favier 2ddc335e6f
nixos/doc: clean up defaults and examples 2021-10-04 12:47:20 +02:00
Samuel Dionne-Riel 110165b784 Provide submodule to security.wrappers for older kernels
Fixes a regression from #126289
2021-09-29 16:10:27 -04:00
rnhmjoj fedd7cd690
nixos: explicitely set security.wrappers ownership
This is slightly more verbose and inconvenient, but it forces you
to think about what the wrapper ownership and permissions will be.
2021-09-13 13:48:13 +02:00
John Whitman 8d3527aa88 nixos/network-interfaces: Fix wlan interface mac 2021-09-01 21:46:26 -04:00
github-actions[bot] 1ae6d3d02f
Merge master into staging-next 2021-05-07 18:24:29 +00:00
Linus Heckemann 4c4ac4bb20 nixos/network: allow configuring tempaddr for undeclared interfaces 2021-04-27 16:43:30 +02:00
Julien Moutinho 05d334cfe2 Revert "Revert "apparmor: fix and improve the service""
This reverts commit 420f89ceb2.
2021-04-23 07:17:55 +02:00
ajs124 c6d4dae35d treewide: fix eval without aliases after 9378fdf87e 2021-04-08 13:33:09 +02:00
Sandro Jäckel 9378fdf87e
iproute: deprecate alias 2021-04-04 01:43:46 +02:00
Florian Klink b2f3bd4d79
Merge pull request #100155 from primeos/nixos-add-fqdn-option
nixos/networking: Add a read-only option for the FQDN
2021-01-25 16:45:45 +01:00
Julien Moutinho 2263fa5698 nixos/network-interfaces: fix typo in udev rule syntax 2020-11-24 04:21:44 +01:00
Florian Klink 13be37662d kernel config: explicitly enable CONFIG_IPV6
We currently build CONFIG_IPV6=m.

This seems to be not really well-supported in mainline kernels - see
https://lore.kernel.org/netdev/20201115224509.2020651-1-flokli@flokli.de/T/#u

Compiling it as a module doesn't give too much benefit - even for people
who did explicitly set `enableIPv6` to false, the `ipv6` module was
still loaded, as soon as another module was loaded that requires it
(bridge,br_netfilter,wireguard,ip6table_mangle,sctp,…).

By compiling it in, we only loose the possibility to not add it to
`boot.kernelModules` anymore (as it's part of the kernel directly). The
space savings are negligible.

People wanting to disable IPv6 still get the appropriate sysctls and
options set (while having the kernel code loaded), nothing is really
changing here.
2020-11-16 13:07:49 +01:00
Michael Weiss 971f0b45ef
nixos/networking: Add a read-only option for the FQDN
This is a convenience option that can be used to quickly obtain the
configured FQDN.
2020-10-12 15:27:31 +02:00
Michael Weiss 4a600af1b1 doc: Document a workaround for using an FQDN as hostname
Since #76542 this workaround is required to use a FQDN as hostname. See
#94011 and #94022 for the related discussion. Due to some
potential/unresolved issues (legacy software, backward compatibility,
etc.) we're documenting this workaround [0].

[0]: https://github.com/NixOS/nixpkgs/issues/94011#issuecomment-705952300
2020-10-10 10:48:54 -07:00
Michael Weiss 826ed96c10
nixos/networking: Switch to home.arpa as an example for the domain
The special-use domain "home.arpa." is designated for non-unique use in
residential home networks [0] and registered as such [1]. Therefore it
is more appropriate than "home." which could cause conflicts or result
in queries that leak out and reach the root name servers.

[0]: https://tools.ietf.org/html/rfc8375
[1]: https://www.iana.org/assignments/special-use-domain-names/special-use-domain-names.xhtml
2020-10-10 17:41:42 +02:00
Vladimír Čunát 420f89ceb2
Revert "apparmor: fix and improve the service"
This reverts commit fb6d63f3fd.

I really hope this finally fixes #99236: evaluation on Hydra.
This time I really did check basically the same commit on Hydra:
https://hydra.nixos.org/eval/1618011

Right now I don't have energy to find what exactly is wrong in the
commit, and it doesn't seem important in comparison to nixos-unstable
channel being stuck on a commit over one week old.
2020-10-07 12:22:18 +02:00
0x4A6F c232d4b587
nixos: Conform with RFC 1123 in networking.hostName
Conform to RFC 1123 [0], specifically to "2.1 Host Names and Numbers",
which allow starting host name with alphanumerical instead of alphabetical characters.
RFC 1123 updates RFC 952 [1], which is referenced in "man 5 hosts".

[0]: https://tools.ietf.org/html/rfc1123
[1]: https://tools.ietf.org/html/rfc952
2020-10-01 22:06:00 +00:00
Julien Moutinho fb6d63f3fd apparmor: fix and improve the service 2020-09-06 07:43:03 +02:00
WORLDofPEACE 18348c7829
Merge pull request #96042 from rnhmjoj/loaOf
treewide: completely remove types.loaOf
2020-09-02 08:45:37 -04:00
rnhmjoj 20d491a317
treewide: completely remove types.loaOf 2020-09-02 00:42:50 +02:00
V b63b5eda68 rfkill: remove
rfkill was subsumed by util-linux in 2017 [1], and the upstream has not
been updated in over 5 years [2]. This package shadows the rfkill from
util-linux, so it can be completely removed with no breaking changes,
because util-linux is in the base package set in nixos/system-path.

[1] d17fb726b5
[2] https://git.sipsolutions.net/rfkill.git/log/
2020-08-24 02:49:27 +02:00
asdf8dfafjk 8e52c2a63e
nixos/networking: Enhance hostId description (#94800)
Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
2020-08-08 20:30:50 +01:00
Michael Weiss a6afdbb70b
nixos: Allow empty hostnames again
This fixes a regression from 993baa587c which requires
networking.hostName to be a valid DNS label [0].
Unfortunately we missed the fact that the hostnames may also be empty,
if the user wants to obtain it from a DHCP server. This is even required
by a few modules/images (e.g. Amazon EC2, Azure, and Google Compute).

[0]: https://github.com/NixOS/nixpkgs/pull/76542#issuecomment-638138666
2020-06-03 15:23:37 +02:00
Florian Klink 4cd605f3ca
Merge pull request #62671 from kfiz/networking-proxy_arp-fix
tasks/network-interfaces.nix: Enable ip_forwarding for ipv4 and p…
2020-05-31 22:22:49 +02:00
Doro Rose 5d3a72f683 networking-interfaces.nix: remove broken NDP bits from proxyARP
The `networking.interfaces.<name?>.proxyARP` option previously mentioned it would also enable IPv6 forwarding and `proxy_ndp`.

However, the `proxy_ndp` option was never actually set (the non-existing `net.ipv6.conf.proxy_arp` sysctl was set
instead). In addition `proxy_ndp` also needs individual entries for each ip to proxy for.

Proxy ARP and Proxy NDP are two different concepts, and enabling the latter
should be a conscious decision.

This commit removes the broken NDP support, and disables explicitly
enabling IPv6 forwarding (which is the default in most cases anyways)

Fixes #62339.
2020-05-26 00:53:10 +02:00
Michael Weiss 993baa587c
nixos: Require networking.hostName to be a valid DNS label
This also means that the hostname must not contain the domain name part
anymore (i.e. must not be a FQDN).
See RFC 1035 [0], "man 5 hostname", or the kernel documentation [1].
Note: For legacy reasons we also allow underscores inside of the label
but this is not recommended and intentionally left undocumented.

[0]: https://tools.ietf.org/html/rfc1035
[1]: https://www.kernel.org/doc/html/latest/admin-guide/sysctl/kernel.html#domainname-hostname

Co-authored-by: zimbatm <zimbatm@zimbatm.com>
2020-05-25 18:13:39 +02:00
Florian Klink 532528190b nixos/networking: move network-link-${i.name} to scripted networking
The unit sets MTU and MAC Address even with networkd enabled, which
isn't necessary anymore, as networkd handles this by itself.
2020-04-13 22:03:35 +02:00
Florian Klink ca391c8a4f nixos/networking: add assertion catching setting mac addresses on tun devices
Setting a MAC Address on a tun interface isn't supported, and invoking
the corresponding command fails.
2020-04-13 22:03:35 +02:00
David Costa 2e4a45c921 nixos/network-interfaces: fix examples types
make literalExample receive string arguments.
Fix nixos/nixos-homepage#255
2020-03-29 01:00:59 +01:00
Jörg Thalheim 1ddb140d95
Merge pull request #53033 from netixx/openvswitch-improved-systemd
openvswitch: better integration with systemd
2020-02-21 08:24:49 +00:00
rnhmjoj 2485e6399e
nixos/networking-interfaces: change preferTempAddress to allow disabling temp addresses 2020-02-01 11:38:40 +01:00
Netix (Espinet François) cd3597b486
openvswitch: better integration with systemd
Systemd dependencies for scripted mode
were refactored according to analysis in #34586.

networking.vswitches can now be used with systemd-networkd,
although they are not supported by the daemon, a nixos receipe
creates the switch and attached required interfaces (just like
the scripted version).

Vlans and internal interfaces are implemented following the
  template format i.e. each interface is
described using an attributeSet (vlan and type at the moment).
If vlan is present, then interface is added to the vswitch with
given tag (access mode). Type internal enabled vswitch to create
interfaces (see openvswitch docs).

Added configuration for configuring supported openFlow version on
the vswitch

This commit is a split from the original PR #35127.
2019-12-15 21:16:26 +01:00
Linus Heckemann 0b754fbe54
Merge pull request #69302 from mayflower/networkd-disallow-dhcp
networkd: disallow useDHCP
2019-10-07 11:29:04 +02:00
Silvan Mosberger c75a18fea6
mkRemovedOptionModule: assert on removed options (#69419)
mkRemovedOptionModule: assert on removed options
2019-09-30 16:39:40 +02:00
Robin Gloster b08b0bcbbe mkRemovedOptionModule: assert on removed options
We don't want to ignore config that can mess up machines. In general
this should always fail evaluation, as you think you are changing
behaviour and don't, which can easily create run-time errors we can
catch early.
2019-09-30 12:07:13 +02:00
Vladimír Čunát 4c07c0fdf0
nixos network-interfaces.nix: fixup after the last change
TL;DR: ipv6 tests were broken (probably the privacy-extension stuff)
https://github.com/NixOS/nixpkgs/pull/68227#issuecomment-536159177
2019-09-28 19:33:44 +02:00
Robin Gloster e862dd6373
networking.useDHCP: add release notes and docs 2019-09-24 10:20:17 +02:00
volth 8b93e5c8a4
'udev' needs absolute path to 'echo' 2019-09-06 21:27:10 +00:00
volth efccc442d9
network-interfaces.nix: escape '.' in interface names passed to sysctl 2019-09-06 21:13:28 +00:00
Vladimír Čunát f21211ebfe
Merge branch 'master' into staging 2019-09-02 23:25:24 +02:00
Silvan Mosberger 478e7184f8
nixos/modules: Remove all usages of types.string
And replace them with a more appropriate type

Also fix up some minor module problems along the way
2019-08-31 18:19:00 +02:00
Frederik Rietdijk 5061fe0c2c Merge staging-next into staging 2019-08-28 08:26:42 +02:00
volth 35d68ef143 treewide: remove redundant quotes 2019-08-26 21:40:19 +00:00