make script clearer and add documentation

This commit is contained in:
Alex 2023-04-05 13:44:38 +02:00
parent dec4ea479d
commit bb25797d2f

View file

@ -40,13 +40,13 @@ in
staticIPv6.defaultGateway = mkOption { staticIPv6.defaultGateway = mkOption {
description = '' description = ''
IPv6 address of the default route on the local network interface. IPv6 address of the default route on the local network interface.
IPv6 Router Advertisements (RA) will be totally disabled. IPv6 Router Advertisements (RA) will be totally disabled if this is set.
''; '';
type = nullOr str; type = nullOr str;
default = null; default = null;
}; };
staticIPv6.prefixLength = mkOption { staticIPv6.prefixLength = mkOption {
description = "IPv6 prefix length"; description = "IPv6 prefix length, used only when router advertisements are disabled.";
type = int; type = int;
default = 64; default = 64;
}; };
@ -148,24 +148,30 @@ in
networking.useNetworkd = true; networking.useNetworkd = true;
systemd.network.networks."10-uplink" = systemd.network.networks."10-uplink" =
let let
dyn_v4 = cfg.staticIPv4.address == null || cfg.staticIPv4.defaultGateway == null; # IPv4 configuration is obtained by DHCP by default,
dyn_v6 = cfg.staticIPv6.defaultGateway == null; # unless a static v4 address and default gateway are given
noDHCP = cfg.staticIPv4.address != null && cfg.staticIPv4.defaultGateway != null;
# IPv6 configuration is obtained through router advertisements
# (RA), using a static token to ensure a static IPv6,
# unless defaultGateway is specified, in which case RAs are
# disabled entirely
noRA = cfg.staticIPv6.defaultGateway != null;
in in
{ {
matchConfig.Name = "en* eth*"; matchConfig.Name = "en* eth*";
address = address =
optional (!dyn_v4) "${cfg.staticIPv4.address}" optional noDHCP "${cfg.staticIPv4.address}"
++ optional (!dyn_v6) "${cfg.staticIPv6.address}/${toString cfg.staticIPv6.prefixLength}"; ++ optional noRA "${cfg.staticIPv6.address}/${toString cfg.staticIPv6.prefixLength}";
routes = routes =
optional (!dyn_v4) { optional noDHCP {
routeConfig = { routeConfig = {
Gateway = cfg.staticIPv4.defaultGateway; Gateway = cfg.staticIPv4.defaultGateway;
# GatewayOnLink - Takes a boolean. If set to true, the kernel does not have to check if the gateway is reachable directly by the current machine (i.e., attached to the local network), so that we can insert the route in the kernel table without it being complained about. Defaults to "no". # GatewayOnLink - Takes a boolean. If set to true, the kernel does not have to check if the gateway is reachable directly by the current machine (i.e., attached to the local network), so that we can insert the route in the kernel table without it being complained about. Defaults to "no".
GatewayOnLink = true; GatewayOnLink = true;
}; };
} ++ optional (!dyn_v6) { } ++ optional noRA {
routeConfig = { routeConfig = {
Gateway = cfg.staticIPv6.defaultGateway; Gateway = cfg.staticIPv6.defaultGateway;
GatewayOnLink = true; GatewayOnLink = true;
@ -173,18 +179,18 @@ in
}; };
# Dynamic IPv4: enable DHCP but not for DNS servers # Dynamic IPv4: enable DHCP but not for DNS servers
networkConfig.DHCP = mkIf dyn_v4 "ipv4"; networkConfig.DHCP = mkIf (!noDHCP) "ipv4";
dhcpV4Config.UseDNS = mkIf dyn_v4 false; dhcpV4Config.UseDNS = mkIf (!noDHCP) false;
# Dynamic IPv6: only fetch default route, use static # Dynamic IPv6: only fetch default route, use static
# address and no DNS servers # address and no DNS servers
ipv6AcceptRAConfig.Token = mkIf dyn_v6 "static:${cfg.staticIPv6.address}"; ipv6AcceptRAConfig.Token = mkIf (!noRA) "static:${cfg.staticIPv6.address}";
ipv6AcceptRAConfig.UseDNS = mkIf dyn_v6 false; ipv6AcceptRAConfig.UseDNS = mkIf (!noRA) false;
# Static IPv6: disable all router advertisements and # Static IPv6: disable all router advertisements and
# link-local addresses # link-local addresses
networkConfig.IPv6AcceptRA = mkIf (!dyn_v6) false; networkConfig.IPv6AcceptRA = mkIf noRA false;
networkConfig.LinkLocalAddressing = mkIf (!dyn_v6) "no"; networkConfig.LinkLocalAddressing = mkIf noRA "no";
}; };
# Configure Unbound as a central DNS server for everything # Configure Unbound as a central DNS server for everything