liminix/modules/network/default.nix

## Network
## =======
##
## Basic network services for creating hardware ethernet devices
## and adding addresses

{
  lib,
  pkgs,
  config,
  ...
}:
let
  inherit (lib) mkOption types;
  inherit (pkgs) liminix;
  inherit (pkgs.liminix.services) bundle;
in
{
  options = {
    system.service.network = {
      link = mkOption {
        description = "hardware network interface";
        type = liminix.lib.types.serviceDefn;
      };
      address = mkOption {
        description = "network interface address";
        type = liminix.lib.types.serviceDefn;
      };
      route = mkOption {
        type = liminix.lib.types.serviceDefn;
      };
      forward = mkOption {
        type = liminix.lib.types.serviceDefn;
      };
      dhcp = {
        client = mkOption {
          # this needs to move to its own service as it has
          # busybox config
          description = "DHCP v4 client";
          type = liminix.lib.types.serviceDefn;
        };
      };
    };
  };
  config = {
    hardware.networkInterfaces = {
      lo =
        let
          net = config.system.service.network;
          iface = net.link.build { ifname = "lo"; };
        in
        bundle {
          name = "loopback";
          contents = [
            (net.address.build {
              interface = iface;
              family = "inet";
              address = "127.0.0.1";
              prefixLength = 8;
            })
            (net.address.build {
              interface = iface;
              family = "inet6";
              address = "::1";
              prefixLength = 128;
            })
          ];
        };
    };
    services.loopback = config.hardware.networkInterfaces.lo;

    system.service.network = {
      link = config.system.callService ./link.nix {
        ifname = mkOption {
          type = types.str;
          example = "eth0";
          description = ''
            Device name as used by the kernel (as seen in "ip link"
            or "ifconfig" output). If devpath is also specified, the
            device will be renamed to the name provided.
          '';
        };
        devpath = mkOption {
          type = types.nullOr types.str;
          default = null;
          example = "/devices/platform/soc/soc:internal-regs/f1070000.ethernet";
          description = ''
            Path to the sysfs node of the device. If you provide this
            and the ifname option, the device will be renamed to the
            name given by ifname.
          '';
        };
        # other "ip link add" options could go here as well
        mtu = mkOption {
          type = types.nullOr types.int;
          example = 1480;
        };
      };
      address = config.system.callService ./address.nix {
        interface = mkOption {
          type = liminix.lib.types.service;
        };
        family = mkOption {
          type = types.enum [
            "inet"
            "inet6"
          ];
        };
        address = mkOption {
          type = types.str;
        };
        prefixLength = mkOption {
          type = types.ints.between 0 128;
        };
      };

      route = config.system.callService ./route.nix {
        interface = mkOption {
          type = types.nullOr liminix.lib.types.interface;
          default = null;
          description = "Interface to route through. May be omitted if it can be inferred from \"via\"";
        };
        target = mkOption {
          type = types.str;
          description = "host or network to add route to";
        };
        via = mkOption {
          type = types.str;
          description = "address of next hop";
        };
        metric = mkOption {
          type = types.int;
          description = "route metric";
          default = 100;
        };
      };

      forward = config.system.callService ./forward.nix {
        enableIPv4 = mkOption {
          type = types.bool;
          default = true;
        };
        enableIPv6 = mkOption {
          type = types.bool;
          default = true;
        };
      };

      dhcp.client = config.system.callService ./dhcpc.nix {
        interface = mkOption {
          type = liminix.lib.types.service;
        };
      };

    };
  };
}
convert network link/address to module-based-service ... and make bridge use it. We also had to convert bridge back into a pair of services. Downstreams want to depend on the bridge it self being configured even if not necessarily all the members are up. e.g. don't want to break ssh on lan if there's a misconfigured wlan device 2023-08-27 22:45:27 +00:00			`## Network`
			`## =======`
			`##`
			`## Basic network services for creating hardware ethernet devices`
			`## and adding addresses`

nixfmt-rfc-style There is nothing in this commit except for the changes made by nix-shell -p nixfmt-rfc-style --run "nixfmt ." If this has mucked up your open branches then sorry about that. You can probably nixfmt them to match before merging 2025-02-10 21:55:08 +00:00			`{`
			`lib,`
			`pkgs,`
			`config,`
			`...`
			`}:`
convert network link/address to module-based-service ... and make bridge use it. We also had to convert bridge back into a pair of services. Downstreams want to depend on the bridge it self being configured even if not necessarily all the members are up. e.g. don't want to break ssh on lan if there's a misconfigured wlan device 2023-08-27 22:45:27 +00:00			`let`
			`inherit (lib) mkOption types;`
			`inherit (pkgs) liminix;`
move loopback config from base to netowrk module 2023-08-31 17:28:35 +00:00			`inherit (pkgs.liminix.services) bundle;`
nixfmt-rfc-style There is nothing in this commit except for the changes made by nix-shell -p nixfmt-rfc-style --run "nixfmt ." If this has mucked up your open branches then sorry about that. You can probably nixfmt them to match before merging 2025-02-10 21:55:08 +00:00			`in`
			`{`
convert network link/address to module-based-service ... and make bridge use it. We also had to convert bridge back into a pair of services. Downstreams want to depend on the bridge it self being configured even if not necessarily all the members are up. e.g. don't want to break ssh on lan if there's a misconfigured wlan device 2023-08-27 22:45:27 +00:00			`options = {`
			`system.service.network = {`
			`link = mkOption {`
			`description = "hardware network interface";`
			`type = liminix.lib.types.serviceDefn;`
			`};`
			`address = mkOption {`
			`description = "network interface address";`
			`type = liminix.lib.types.serviceDefn;`
			`};`
implement route as module-based-service 2023-08-31 22:24:23 +00:00			`route = mkOption {`
			`type = liminix.lib.types.serviceDefn;`
			`};`
add service to enable packet forwarding might be worth looking into adding RA config to this 2023-09-01 16:34:47 +00:00			`forward = mkOption {`
			`type = liminix.lib.types.serviceDefn;`
			`};`
add service fir dhcp v4 client 2023-08-28 14:10:53 +00:00			`dhcp = {`
			`client = mkOption {`
			`# this needs to move to its own service as it has`
			`# busybox config`
			`description = "DHCP v4 client";`
			`type = liminix.lib.types.serviceDefn;`
			`};`
			`};`
convert network link/address to module-based-service ... and make bridge use it. We also had to convert bridge back into a pair of services. Downstreams want to depend on the bridge it self being configured even if not necessarily all the members are up. e.g. don't want to break ssh on lan if there's a misconfigured wlan device 2023-08-27 22:45:27 +00:00			`};`
			`};`
			`config = {`
move loopback config from base to netowrk module 2023-08-31 17:28:35 +00:00			`hardware.networkInterfaces = {`
			`lo =`
			`let`
			`net = config.system.service.network;`
nixfmt-rfc-style There is nothing in this commit except for the changes made by nix-shell -p nixfmt-rfc-style --run "nixfmt ." If this has mucked up your open branches then sorry about that. You can probably nixfmt them to match before merging 2025-02-10 21:55:08 +00:00			`iface = net.link.build { ifname = "lo"; };`
			`in`
			`bundle {`
move loopback config from base to netowrk module 2023-08-31 17:28:35 +00:00			`name = "loopback";`
			`contents = [`
nixfmt-rfc-style There is nothing in this commit except for the changes made by nix-shell -p nixfmt-rfc-style --run "nixfmt ." If this has mucked up your open branches then sorry about that. You can probably nixfmt them to match before merging 2025-02-10 21:55:08 +00:00			`(net.address.build {`
move loopback config from base to netowrk module 2023-08-31 17:28:35 +00:00			`interface = iface;`
			`family = "inet";`
nixfmt-rfc-style There is nothing in this commit except for the changes made by nix-shell -p nixfmt-rfc-style --run "nixfmt ." If this has mucked up your open branches then sorry about that. You can probably nixfmt them to match before merging 2025-02-10 21:55:08 +00:00			`address = "127.0.0.1";`
move loopback config from base to netowrk module 2023-08-31 17:28:35 +00:00			`prefixLength = 8;`
			`})`
nixfmt-rfc-style There is nothing in this commit except for the changes made by nix-shell -p nixfmt-rfc-style --run "nixfmt ." If this has mucked up your open branches then sorry about that. You can probably nixfmt them to match before merging 2025-02-10 21:55:08 +00:00			`(net.address.build {`
move loopback config from base to netowrk module 2023-08-31 17:28:35 +00:00			`interface = iface;`
			`family = "inet6";`
			`address = "::1";`
			`prefixLength = 128;`
			`})`
			`];`
			`};`
			`};`
reinstate loopback network (oops) 2023-08-31 22:29:30 +00:00			`services.loopback = config.hardware.networkInterfaces.lo;`
move loopback config from base to netowrk module 2023-08-31 17:28:35 +00:00
convert network link/address to module-based-service ... and make bridge use it. We also had to convert bridge back into a pair of services. Downstreams want to depend on the bridge it self being configured even if not necessarily all the members are up. e.g. don't want to break ssh on lan if there's a misconfigured wlan device 2023-08-27 22:45:27 +00:00			`system.service.network = {`
finish moving pkgs.linimix.callService to config.system 2024-07-15 18:00:08 +00:00			`link = config.system.callService ./link.nix {`
convert network link/address to module-based-service ... and make bridge use it. We also had to convert bridge back into a pair of services. Downstreams want to depend on the bridge it self being configured even if not necessarily all the members are up. e.g. don't want to break ssh on lan if there's a misconfigured wlan device 2023-08-27 22:45:27 +00:00			`ifname = mkOption {`
			`type = types.str;`
			`example = "eth0";`
support setting network device names this means that net devices in devices/foo/default.nix can be specified by their sysfs paths (instead of by "eth0" and "eth1" that may change from one kernel version to the next) and given mnenomic names that are helpful for the hardware. Like "wan" and "lan[1..4]" 2023-11-26 23:15:28 +00:00			`description = ''`
			`Device name as used by the kernel (as seen in "ip link"`
			`or "ifconfig" output). If devpath is also specified, the`
			`device will be renamed to the name provided.`
			`'';`
convert network link/address to module-based-service ... and make bridge use it. We also had to convert bridge back into a pair of services. Downstreams want to depend on the bridge it self being configured even if not necessarily all the members are up. e.g. don't want to break ssh on lan if there's a misconfigured wlan device 2023-08-27 22:45:27 +00:00			`};`
support setting network device names this means that net devices in devices/foo/default.nix can be specified by their sysfs paths (instead of by "eth0" and "eth1" that may change from one kernel version to the next) and given mnenomic names that are helpful for the hardware. Like "wan" and "lan[1..4]" 2023-11-26 23:15:28 +00:00			`devpath = mkOption {`
			`type = types.nullOr types.str;`
			`default = null;`
			`example = "/devices/platform/soc/soc:internal-regs/f1070000.ethernet";`
			`description = ''`
			`Path to the sysfs node of the device. If you provide this`
			`and the ifname option, the device will be renamed to the`
			`name given by ifname.`
nixfmt-rfc-style There is nothing in this commit except for the changes made by nix-shell -p nixfmt-rfc-style --run "nixfmt ." If this has mucked up your open branches then sorry about that. You can probably nixfmt them to match before merging 2025-02-10 21:55:08 +00:00			`'';`
			`};`
convert network link/address to module-based-service ... and make bridge use it. We also had to convert bridge back into a pair of services. Downstreams want to depend on the bridge it self being configured even if not necessarily all the members are up. e.g. don't want to break ssh on lan if there's a misconfigured wlan device 2023-08-27 22:45:27 +00:00			`# other "ip link add" options could go here as well`
			`mtu = mkOption {`
			`type = types.nullOr types.int;`
			`example = 1480;`
			`};`
			`};`
finish moving pkgs.linimix.callService to config.system 2024-07-15 18:00:08 +00:00			`address = config.system.callService ./address.nix {`
convert network link/address to module-based-service ... and make bridge use it. We also had to convert bridge back into a pair of services. Downstreams want to depend on the bridge it self being configured even if not necessarily all the members are up. e.g. don't want to break ssh on lan if there's a misconfigured wlan device 2023-08-27 22:45:27 +00:00			`interface = mkOption {`
			`type = liminix.lib.types.service;`
			`};`
			`family = mkOption {`
nixfmt-rfc-style There is nothing in this commit except for the changes made by nix-shell -p nixfmt-rfc-style --run "nixfmt ." If this has mucked up your open branches then sorry about that. You can probably nixfmt them to match before merging 2025-02-10 21:55:08 +00:00			`type = types.enum [`
			`"inet"`
			`"inet6"`
			`];`
convert network link/address to module-based-service ... and make bridge use it. We also had to convert bridge back into a pair of services. Downstreams want to depend on the bridge it self being configured even if not necessarily all the members are up. e.g. don't want to break ssh on lan if there's a misconfigured wlan device 2023-08-27 22:45:27 +00:00			`};`
			`address = mkOption {`
			`type = types.str;`
			`};`
			`prefixLength = mkOption {`
			`type = types.ints.between 0 128;`
			`};`
			`};`
implement route as module-based-service 2023-08-31 22:24:23 +00:00
finish moving pkgs.linimix.callService to config.system 2024-07-15 18:00:08 +00:00			`route = config.system.callService ./route.nix {`
implement route as module-based-service 2023-08-31 22:24:23 +00:00			`interface = mkOption {`
			`type = types.nullOr liminix.lib.types.interface;`
			`default = null;`
			`description = "Interface to route through. May be omitted if it can be inferred from \"via\"";`
			`};`
			`target = mkOption {`
			`type = types.str;`
			`description = "host or network to add route to";`
			`};`
			`via = mkOption {`
			`type = types.str;`
			`description = "address of next hop";`
			`};`
			`metric = mkOption {`
			`type = types.int;`
			`description = "route metric";`
			`default = 100;`
			`};`
			`};`

finish moving pkgs.linimix.callService to config.system 2024-07-15 18:00:08 +00:00			`forward = config.system.callService ./forward.nix {`
add service to enable packet forwarding might be worth looking into adding RA config to this 2023-09-01 16:34:47 +00:00			`enableIPv4 = mkOption {`
			`type = types.bool;`
			`default = true;`
			`};`
			`enableIPv6 = mkOption {`
			`type = types.bool;`
			`default = true;`
			`};`
			`};`

finish moving pkgs.linimix.callService to config.system 2024-07-15 18:00:08 +00:00			`dhcp.client = config.system.callService ./dhcpc.nix {`
add service fir dhcp v4 client 2023-08-28 14:10:53 +00:00			`interface = mkOption {`
			`type = liminix.lib.types.service;`
			`};`
			`};`

convert network link/address to module-based-service ... and make bridge use it. We also had to convert bridge back into a pair of services. Downstreams want to depend on the bridge it self being configured even if not necessarily all the members are up. e.g. don't want to break ssh on lan if there's a misconfigured wlan device 2023-08-27 22:45:27 +00:00			`};`
			`};`
			`}`