nixos/networkd: add vrfConfig option to netdevs

2020-01-25 16:46:39 +01:00 · 2020-01-25 16:46:39 +01:00 · bc130855a7
parent 21ae4ae879
commit bc130855a7
1 changed files with 25 additions and 0 deletions
--- a/nixos/modules/system/boot/networkd.nix
+++ b/nixos/modules/system/boot/networkd.nix
@ -55,6 +55,11 @@ let
    (assertMacAddress "MACAddress")
  ];

+  checkVRF = checkUnitConfig "VRF" [
+    (assertOnlyFields [ "Table" ])
+    (assertMinimum "Table" 0)
+  ];
+
  # NOTE The PrivateKey directive is missing on purpose here, please
  # do not add it to this list. The nix store is world-readable let's
  # refrain ourselves from providing a footgun.
@ -349,6 +354,21 @@ let
      '';
    };

+    vrfConfig = mkOption {
+      default = {};
+      example = { Table = 2342; };
+      type = types.addCheck (types.attrsOf unitOption) checkVRF;
+      description = ''
+        Each attribute in this set specifies an option in the
+        <literal>[VRF]</literal> section of the unit. See
+        <citerefentry><refentrytitle>systemd.netdev</refentrytitle>
+        <manvolnum>5</manvolnum></citerefentry> for details.
+        A detailed explanation about how VRFs work can be found in the
+        <link xlink:href="https://www.kernel.org/doc/Documentation/networking/vrf.txt">kernel
+        docs</link>.
+      '';
+    };
+
    wireguardConfig = mkOption {
      default = {};
      example = {
@ -844,6 +864,11 @@ let
            [Xfrm]
            ${attrsToSection def.xfrmConfig}

+          ''}
+          ${optionalString (def.vrfConfig != { }) ''
+            [VRF]
+            ${attrsToSection def.vrfConfig}
+
          ''}
          ${optionalString (def.wireguardConfig != { }) ''
            [WireGuard]