nixos/network-interfaces: improve IPv6 support (#417150)

2025-07-23 16:51:24 +02:00
parent bad69252a3 632c8f720e
commit 6424dede0c
6 changed files with 538 additions and 77 deletions
--- a/nixos/modules/tasks/network-interfaces-systemd.nix
+++ b/nixos/modules/tasks/network-interfaces-systemd.nix
@@ -24,6 +24,7 @@ let
    concatLists (map (bond: bond.interfaces) (attrValues cfg.bonds))
    ++ concatLists (map (bridge: bridge.interfaces) (attrValues cfg.bridges))
    ++ map (sit: sit.dev) (attrValues cfg.sits)
+    ++ map (ipip: ipip.dev) (attrValues cfg.ipips)
    ++ map (gre: gre.dev) (attrValues cfg.greTunnels)
    ++ map (vlan: vlan.interface) (attrValues cfg.vlans)
    # add dependency to physical or independently created vswitch member interface
@@ -46,6 +47,9 @@ let
              // optionalAttrs (gateway.metric != null) {
                Metric = gateway.metric;
              }
+              // optionalAttrs (gateway.source != null) {
+                PreferredSource = gateway.source;
+              }
            )
          ];
        };
@@ -435,7 +439,7 @@ in
                  // (optionalAttrs (sit.ttl != null) {
                    TTL = sit.ttl;
                  })
-                  // (optionalAttrs (sit.encapsulation != null) (
+                  // (optionalAttrs (sit.encapsulation.type != "6in4") (
                    {
                      FooOverUDP = true;
                      Encapsulation = if sit.encapsulation.type == "fou" then "FooOverUDP" else "GenericUDPEncapsulation";
@@ -454,6 +458,38 @@ in
            }
          )
        ))
+        (mkMerge (
+          flip mapAttrsToList cfg.ipips (
+            name: ipip: {
+              netdevs."40-${name}" = {
+                netdevConfig = {
+                  Name = name;
+                  Kind = if ipip.encapsulation.type == "ipip" then "ipip" else "ip6tnl";
+                };
+                tunnelConfig =
+                  (optionalAttrs (ipip.remote != null) {
+                    Remote = ipip.remote;
+                  })
+                  // (optionalAttrs (ipip.local != null) {
+                    Local = ipip.local;
+                  })
+                  // (optionalAttrs (ipip.ttl != null) {
+                    TTL = ipip.ttl;
+                  })
+                  // (optionalAttrs (ipip.encapsulation.type != "ipip") {
+                    # IPv6 tunnel options
+                    Mode = if ipip.encapsulation.type == "4in6" then "ipip6" else "ip6ip6";
+                    EncapsulationLimit = ipip.encapsulation.type;
+                  });
+              };
+              networks = mkIf (ipip.dev != null) {
+                "40-${ipip.dev}" = {
+                  tunnel = [ name ];
+                };
+              };
+            }
+          )
+        ))
        (mkMerge (
          flip mapAttrsToList cfg.greTunnels (
            name: gre: {