From c26c6241eae93985c33590401fda971d7574c136 Mon Sep 17 00:00:00 2001 From: Robin Gloster Date: Mon, 23 Sep 2019 16:37:58 +0200 Subject: [PATCH 1/3] networking.useDHCP: disallow for networkd This setting will be removed with the switch to systemd-networkd. The use of per interface config is encouraged instead. --- .../tasks/network-interfaces-systemd.nix | 12 ++++++---- nixos/tests/networking.nix | 23 +++++++++++++++---- nixos/tests/predictable-interface-names.nix | 1 + nixos/tests/systemd-networkd-wireguard.nix | 1 + 4 files changed, 28 insertions(+), 9 deletions(-) diff --git a/nixos/modules/tasks/network-interfaces-systemd.nix b/nixos/modules/tasks/network-interfaces-systemd.nix index 34e270667151..605d00de58f2 100644 --- a/nixos/modules/tasks/network-interfaces-systemd.nix +++ b/nixos/modules/tasks/network-interfaces-systemd.nix @@ -38,6 +38,12 @@ in } { assertion = cfg.defaultGateway6 == null || cfg.defaultGateway6.interface == null; message = "networking.defaultGateway6.interface is not supported by networkd."; + } { + assertion = cfg.useDHCP == false; + message = '' + networking.useDHCP is not supported by networkd. + Please use per interface configuration and set the global option to false. + ''; } ] ++ flip mapAttrsToList cfg.bridges (n: { rstp, ... }: { assertion = !rstp; message = "networking.bridges.${n}.rstp is not supported by networkd."; @@ -56,9 +62,7 @@ in genericNetwork = override: let gateway = optional (cfg.defaultGateway != null) cfg.defaultGateway.address ++ optional (cfg.defaultGateway6 != null) cfg.defaultGateway6.address; - in { - DHCP = override (dhcpStr cfg.useDHCP); - } // optionalAttrs (gateway != [ ]) { + in optionalAttrs (gateway != [ ]) { routes = override [ { routeConfig = { @@ -97,7 +101,7 @@ in networks."40-${i.name}" = mkMerge [ (genericNetwork mkDefault) { name = mkDefault i.name; DHCP = mkForce (dhcpStr - (if i.useDHCP != null then i.useDHCP else cfg.useDHCP && interfaceIps i == [ ])); + (if i.useDHCP != null then i.useDHCP else false)); address = forEach (interfaceIps i) (ip: "${ip.address}/${toString ip.prefixLength}"); networkConfig.IPv6PrivacyExtensions = "kernel"; diff --git a/nixos/tests/networking.nix b/nixos/tests/networking.nix index 7452768033ab..f12a5fc9ae57 100644 --- a/nixos/tests/networking.nix +++ b/nixos/tests/networking.nix @@ -72,6 +72,7 @@ let testCases = { loopback = { name = "Loopback"; + machine.networking.useDHCP = false; machine.networking.useNetworkd = networkd; testScript = '' startAll; @@ -139,14 +140,16 @@ let virtualisation.vlans = [ 1 2 ]; networking = { useNetworkd = networkd; - useDHCP = true; + useDHCP = false; interfaces.eth1 = { ipv4.addresses = mkOverride 0 [ ]; ipv6.addresses = mkOverride 0 [ ]; + useDHCP = true; }; interfaces.eth2 = { ipv4.addresses = mkOverride 0 [ ]; ipv6.addresses = mkOverride 0 [ ]; + useDHCP = true; }; }; }; @@ -320,13 +323,19 @@ let virtualisation.vlans = [ 1 ]; networking = { useNetworkd = networkd; + useDHCP = false; firewall.logReversePathDrops = true; # to debug firewall rules # reverse path filtering rules for the macvlan interface seem # to be incorrect, causing the test to fail. Disable temporarily. firewall.checkReversePath = false; - useDHCP = true; macvlans.macvlan.interface = "eth1"; - interfaces.eth1.ipv4.addresses = mkOverride 0 [ ]; + interfaces.eth1 = { + ipv4.addresses = mkOverride 0 [ ]; + useDHCP = true; + }; + interfaces.macvlan = { + useDHCP = true; + }; }; }; testScript = { ... }: @@ -440,6 +449,7 @@ let virtual = { name = "Virtual"; machine = { + networking.useNetworkd = networkd; networking.interfaces.tap0 = { ipv4.addresses = [ { address = "192.168.1.1"; prefixLength = 24; } ]; ipv6.addresses = [ { address = "2001:1470:fffd:2096::"; prefixLength = 64; } ]; @@ -489,6 +499,7 @@ let boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = true; networking = { useNetworkd = networkd; + useDHCP = false; interfaces.eth1.ipv6.addresses = singleton { address = "fd00:1234:5678:1::1"; prefixLength = 64; @@ -514,11 +525,12 @@ let virtualisation.vlans = [ 1 ]; networking = { useNetworkd = networkd; - useDHCP = true; + useDHCP = false; interfaces.eth1 = { preferTempAddress = true; ipv4.addresses = mkOverride 0 [ ]; ipv6.addresses = mkOverride 0 [ ]; + useDHCP = true; }; }; }; @@ -526,11 +538,12 @@ let virtualisation.vlans = [ 1 ]; networking = { useNetworkd = networkd; - useDHCP = true; + useDHCP = false; interfaces.eth1 = { preferTempAddress = false; ipv4.addresses = mkOverride 0 [ ]; ipv6.addresses = mkOverride 0 [ ]; + useDHCP = true; }; }; }; diff --git a/nixos/tests/predictable-interface-names.nix b/nixos/tests/predictable-interface-names.nix index 85047f66f23c..194b4dafa772 100644 --- a/nixos/tests/predictable-interface-names.nix +++ b/nixos/tests/predictable-interface-names.nix @@ -16,6 +16,7 @@ in pkgs.lib.listToAttrs (pkgs.lib.crossLists (predictable: withNetworkd: { networking.usePredictableInterfaceNames = lib.mkForce predictable; networking.useNetworkd = withNetworkd; networking.dhcpcd.enable = !withNetworkd; + networking.useDHCP = !withNetworkd; }; testScript = '' diff --git a/nixos/tests/systemd-networkd-wireguard.nix b/nixos/tests/systemd-networkd-wireguard.nix index f1ce1e791ce3..aa0ac54e7969 100644 --- a/nixos/tests/systemd-networkd-wireguard.nix +++ b/nixos/tests/systemd-networkd-wireguard.nix @@ -2,6 +2,7 @@ let generateNodeConf = { lib, pkgs, config, privkpath, pubk, peerId, nodeId, ... imports = [ common/user-account.nix ]; systemd.services.systemd-networkd.environment.SYSTEMD_LOG_LEVEL = "debug"; networking.useNetworkd = true; + networking.useDHCP = false; networking.firewall.enable = false; virtualisation.vlans = [ 1 ]; environment.systemPackages = with pkgs; [ wireguard-tools ]; From e862dd637350ddd1812a6c1fb5811c6464e74ff5 Mon Sep 17 00:00:00 2001 From: Robin Gloster Date: Tue, 24 Sep 2019 09:36:49 +0200 Subject: [PATCH 2/3] networking.useDHCP: add release notes and docs --- nixos/doc/manual/release-notes/rl-1909.xml | 8 ++++++++ nixos/modules/tasks/network-interfaces.nix | 5 +++++ 2 files changed, 13 insertions(+) diff --git a/nixos/doc/manual/release-notes/rl-1909.xml b/nixos/doc/manual/release-notes/rl-1909.xml index 58ab7207f533..012c2e4f9929 100644 --- a/nixos/doc/manual/release-notes/rl-1909.xml +++ b/nixos/doc/manual/release-notes/rl-1909.xml @@ -484,6 +484,14 @@ (citrix_workspace). + + + The option is unsupported in combination with + in anticipation of defaulting to it by default. + It has to be set to false and enabled per + interface with + + diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix index 5bf7b0d227f0..834ce758410d 100644 --- a/nixos/modules/tasks/network-interfaces.nix +++ b/nixos/modules/tasks/network-interfaces.nix @@ -903,6 +903,11 @@ in Whether to use DHCP to obtain an IP address and other configuration for all network interfaces that are not manually configured. + + Using this option is highly discouraged and also incompatible with + . Please use + instead + and set this to false. ''; }; From 5ee383ea8c31cd7c8489c2b076aac9c51f63b55c Mon Sep 17 00:00:00 2001 From: Robin Gloster Date: Tue, 24 Sep 2019 11:41:12 +0200 Subject: [PATCH 3/3] nixos-generate-config: add useDHCP per interface This sets networking.useDHCP to false and for all interfaces found the per-interface useDHCP to true. This replicates the current default behaviour and prepares for the switch to networkd. --- .../installer/tools/nixos-generate-config.pl | 20 +++++++++++++++++++ nixos/modules/installer/tools/tools.nix | 1 + 2 files changed, 21 insertions(+) diff --git a/nixos/modules/installer/tools/nixos-generate-config.pl b/nixos/modules/installer/tools/nixos-generate-config.pl index cfdbdaabf5c5..f2ffe61c42cb 100644 --- a/nixos/modules/installer/tools/nixos-generate-config.pl +++ b/nixos/modules/installer/tools/nixos-generate-config.pl @@ -563,6 +563,24 @@ $fsAndSwap ${\join "", (map { " $_\n" } (uniq @attrs))}} EOF +sub generateNetworkingDhcpConfig { + my $config = <