From f75ec30feea0d0e0f1bddcf07cfa89dea795b5d3 Mon Sep 17 00:00:00 2001
From: apfelkuchen06 <apfelkuchen@hrnz.li>
Date: Tue, 28 Feb 2023 00:06:40 +0100
Subject: [PATCH] nixos/networkd: add PFIFOHeadDrop options

---
 nixos/modules/system/boot/networkd.nix | 27 +++++++++++++++++++++++++-
 1 file changed, 26 insertions(+), 1 deletion(-)

diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix
index 99c72e84519..4516c481bff 100644
--- a/nixos/modules/system/boot/networkd.nix
+++ b/nixos/modules/system/boot/networkd.nix
@@ -1180,7 +1180,7 @@ let
           "LimitBytes"
         ])
       ];
-    };
+
       sectionPFIFO = checkUnitConfig "PFIFO" [
         (assertOnlyFields [
           "Parent"
@@ -1190,6 +1190,16 @@ let
         (assertInt "PacketLimit")
         (assertRange "PacketLimit" 0 4294967294)
       ];
+
+      sectionPFIFOHeadDrop = checkUnitConfig "PFIFOHeadDrop" [
+        (assertOnlyFields [
+          "Parent"
+          "Handle"
+          "PacketLimit"
+        ])
+        (assertInt "PacketLimit")
+        (assertRange "PacketLimit" 0 4294967294)
+      ];
     };
   };
 
@@ -1957,6 +1967,17 @@ let
       '';
     };
 
+    pfifoHeadDropConfig = mkOption {
+      default = {};
+      example = { Parent = "ingress"; PacketLimit = "300"; };
+      type = types.addCheck (types.attrsOf unitOption) check.network.sectionPFIFOHeadDrop;
+      description = lib.mdDoc ''
+        Each attribute in this set specifies an option in the
+        `[PFIFOHeadDrop]` section of the unit.  See
+        {manpage}`systemd.network(5)` for details.
+      '';
+    };
+
     name = mkOption {
       type = types.nullOr types.str;
       default = null;
@@ -2424,6 +2445,10 @@ let
           [PFIFO]
           ${attrsToSection def.pfifoConfig}
         ''
+        + optionalString (def.pfifoHeadDropConfig != { }) ''
+          [PFIFOHeadDrop]
+          ${attrsToSection def.pfifoHeadDropConfig}
+        ''
         + def.extraConfig;
     };