From bc8d6d8f968fcc37b6495526b805e0de18f9f849 Mon Sep 17 00:00:00 2001 From: Vincent Haupert Date: Sun, 9 Oct 2022 00:00:18 +0200 Subject: [PATCH 1/5] nixos/networkd: `DHCPv6PrefixDelegation` -> `DHCPPrefixDelegation` Adapt to changes introduced in Systemd 250: > The [DHCPv6PrefixDelegation] section in .network file is renamed to > [DHCPPrefixDelegation], as now the prefix delegation is also > supported with DHCPv4 protocol by enabling the Use6RD= setting. Replaces the `dhcpV6PrefixDelegationConfig` with `dhcpPrefixDelegationConfig` and throws an error if the old option is used. Also adapt the respective IPv6 prefix delegation test. --- nixos/modules/system/boot/networkd.nix | 26 +++++++++++++------ ...ystemd-networkd-ipv6-prefix-delegation.nix | 2 +- 2 files changed, 19 insertions(+), 9 deletions(-) diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index cb60117f0eb8..7b6739e62d6a 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -526,7 +526,7 @@ let "IPv6ProxyNDP" "IPv6ProxyNDPAddress" "IPv6SendRA" - "DHCPv6PrefixDelegation" + "DHCPPrefixDelegation" "IPv6MTUBytes" "Bridge" "Bond" @@ -569,7 +569,7 @@ let (assertValueOneOf "IPv4ProxyARP" boolValues) (assertValueOneOf "IPv6ProxyNDP" boolValues) (assertValueOneOf "IPv6SendRA" boolValues) - (assertValueOneOf "DHCPv6PrefixDelegation" boolValues) + (assertValueOneOf "DHCPPrefixDelegation" boolValues) (assertByteFormat "IPv6MTUBytes") (assertValueOneOf "ActiveSlave" boolValues) (assertValueOneOf "PrimarySlave" boolValues) @@ -766,15 +766,20 @@ let (assertInt "IAID") ]; - sectionDHCPv6PrefixDelegation = checkUnitConfig "DHCPv6PrefixDelegation" [ + sectionDHCPPrefixDelegation = checkUnitConfig "DHCPPrefixDelegation" [ (assertOnlyFields [ + "UplinkInterface" "SubnetId" "Announce" "Assign" "Token" + "ManageTemporaryAddress" + "RouteMetric" ]) (assertValueOneOf "Announce" boolValues) (assertValueOneOf "Assign" boolValues) + (assertValueOneOf "ManageTemporaryAddress" boolValues) + (assertRange "RouteMetric" 0 4294967295) ]; sectionIPv6AcceptRA = checkUnitConfig "IPv6AcceptRA" [ @@ -1338,12 +1343,17 @@ let }; dhcpV6PrefixDelegationConfig = mkOption { + visible = false; + apply = _: throw "The option `systemd.network.networks..dhcpV6PrefixDelegationConfig` has been renamed to `systemd.network.networks..dhcpPrefixDelegationConfig`."; + }; + + dhcpPrefixDelegationConfig = mkOption { default = {}; example = { SubnetId = "auto"; Announce = true; }; - type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPv6PrefixDelegation; + type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPPrefixDelegation; description = lib.mdDoc '' Each attribute in this set specifies an option in the - `[DHCPv6PrefixDelegation]` section of the unit. See + `[DHCPPrefixDelegation]` section of the unit. See {manpage}`systemd.network(5)` for details. ''; }; @@ -1789,9 +1799,9 @@ let [DHCPv6] ${attrsToSection def.dhcpV6Config} '' - + optionalString (def.dhcpV6PrefixDelegationConfig != { }) '' - [DHCPv6PrefixDelegation] - ${attrsToSection def.dhcpV6PrefixDelegationConfig} + + optionalString (def.dhcpPrefixDelegationConfig != { }) '' + [DHCPPrefixDelegation] + ${attrsToSection def.dhcpPrefixDelegationConfig} '' + optionalString (def.ipv6AcceptRAConfig != { }) '' [IPv6AcceptRA] diff --git a/nixos/tests/systemd-networkd-ipv6-prefix-delegation.nix b/nixos/tests/systemd-networkd-ipv6-prefix-delegation.nix index 37a89fc21e44..4e04617acd6e 100644 --- a/nixos/tests/systemd-networkd-ipv6-prefix-delegation.nix +++ b/nixos/tests/systemd-networkd-ipv6-prefix-delegation.nix @@ -176,7 +176,7 @@ import ./make-test-python.nix ({pkgs, ...}: { IPv6AcceptRA = false; # Delegate prefixes from the DHCPv6 PD pool. - DHCPv6PrefixDelegation = true; + DHCPPrefixDelegation = true; IPv6SendRA = true; }; From 036489ffaa477774a0cfad0377598aaf3120aa58 Mon Sep 17 00:00:00 2001 From: Vincent Haupert Date: Sun, 9 Oct 2022 00:14:53 +0200 Subject: [PATCH 2/5] nixos/networkd: adapt `dhcpV6Config` * Remove `ForceDHCPv6PDOtherInformation=` * Add a missing `WithoutRA=` option Systemd 250: > The ForceDHCPv6PDOtherInformation= setting in the [DHCPv6] section > has been removed. Please use the WithoutRA= and UseDelegatedPrefix= > settings in the [DHCPv6] section and the DHCPv6Client= setting in the > [IPv6AcceptRA] section to control when the DHCPv6 client is started > and how the delegated prefixes are handled by the DHCPv6 client. --- nixos/modules/system/boot/networkd.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index 7b6739e62d6a..ad6c95257ad1 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -745,7 +745,6 @@ let "MUDURL" "RequestOptions" "SendVendorOption" - "ForceDHCPv6PDOtherInformation" "PrefixDelegationHint" "WithoutRA" "SendOption" @@ -760,8 +759,7 @@ let (assertValueOneOf "UseNTP" boolValues) (assertInt "RouteMetric") (assertValueOneOf "RapidCommit" boolValues) - (assertValueOneOf "ForceDHCPv6PDOtherInformation" boolValues) - (assertValueOneOf "WithoutRA" ["solicit" "information-request"]) + (assertValueOneOf "WithoutRA" ["no" "solicit" "information-request"]) (assertRange "SendOption" 1 65536) (assertInt "IAID") ]; From 4367b782bc0371702ec398256d68a9e43b95decc Mon Sep 17 00:00:00 2001 From: Vincent Haupert Date: Sun, 9 Oct 2022 00:46:33 +0200 Subject: [PATCH 3/5] nixos/networkd: deprecate `IPv6Token=` > The IPv6Token= section in the [Network] section is deprecated, and >> the [IPv6AcceptRA] section gained the Token= setting for its >> replacement. The [IPv6Prefix] section also gained the Token= setting. >> The Token= setting gained 'eui64' mode to explicitly configure an >> address with the EUI64 algorithm based on the interface MAC address. >> The 'prefixstable' mode can now optionally take a secret key. The >> Token= setting in the [DHCPPrefixDelegation] section now supports all >> algorithms supported by the same settings in the other sections. --- nixos/modules/system/boot/networkd.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index ad6c95257ad1..2ec238d9275f 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -501,7 +501,6 @@ let "LinkLocalAddressing" "IPv4LLRoute" "DefaultRouteOnDevice" - "IPv6Token" "LLMNR" "MulticastDNS" "DNSOverTLS" @@ -795,6 +794,10 @@ let "RouteAllowList" "DHCPv6Client" "RouteMetric" + "UseMTU" + "UseGateway" + "UseRoutePrefix" + "Token" ]) (assertValueOneOf "UseDNS" boolValues) (assertValueOneOf "UseDomains" (boolValues ++ ["route"])) @@ -877,6 +880,7 @@ let "Prefix" "PreferredLifetimeSec" "ValidLifetimeSec" + "Token" ]) (assertValueOneOf "AddressAutoconfiguration" boolValues) (assertValueOneOf "OnLink" boolValues) From 4f442dde0ec8412d7eeb024dcb568620787901b3 Mon Sep 17 00:00:00 2001 From: Vincent Haupert Date: Sun, 9 Oct 2022 00:27:52 +0200 Subject: [PATCH 4/5] nixos/networkd: add new options Systemd 250: > DHCPv4 client support in systemd-networkd learnt a new Label= option > for configuring the address label to apply to configure IPv4 > addresses. > The [IPv6AcceptRA] section of .network files gained support for a new > UseMTU= setting that may be used to control whether to apply the > announced MTU settings to the local interface. > The [DHCPv4] section in .network file gained a new Use6RD= boolean > setting to control whether the DHCPv4 client request and process the > DHCP 6RD option. > The [DHCPv6] section in .network file gained a new setting > UseDelegatedPrefix= to control whether the delegated prefixes will be > propagated to the downstream interfaces. > The [IPv6AcceptRA] section of .network files now understands two new > settings UseGateway=/UseRoutePrefix= for explicitly configuring > whether to use the relevant fields from the IPv6 Router Advertisement > records. > The [RoutingPolicyRule] section of .network file gained a new > SuppressInterfaceGroup= setting. > The IgnoreCarrierLoss= setting in the [Network] section of .network > files now allows a duration to be specified, controlling how long to > wait before reacting to carrier loss. Systemd 246: > systemd-networkd's [DHCPv4] section gained a new setting UseGateway= > which may be used to turn off use of the gateway information provided > by the DHCP lease. A new FallbackLeaseLifetimeSec= setting may be > used to configure how to process leases that lack a lifetime option. --- nixos/modules/system/boot/networkd.nix | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index 2ec238d9275f..a9b81dd116bb 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -573,7 +573,6 @@ let (assertValueOneOf "ActiveSlave" boolValues) (assertValueOneOf "PrimarySlave" boolValues) (assertValueOneOf "ConfigureWithoutCarrier" boolValues) - (assertValueOneOf "IgnoreCarrierLoss" boolValues) (assertValueOneOf "KeepConfiguration" (boolValues ++ ["static" "dhcp-on-stop" "dhcp"])) ]; @@ -618,6 +617,7 @@ let "User" "SuppressPrefixLength" "Type" + "SuppressInterfaceGroup" ]) (assertInt "TypeOfService") (assertRange "TypeOfService" 0 255) @@ -631,6 +631,7 @@ let (assertInt "SuppressPrefixLength") (assertRange "SuppressPrefixLength" 0 128) (assertValueOneOf "Type" ["blackhole" "unreachable" "prohibit"]) + (assertRange "SuppressInterfaceGroup" 0 2147483647) ]; sectionRoute = checkUnitConfig "Route" [ @@ -710,6 +711,9 @@ let "BlackList" "RequestOptions" "SendOption" + "FallbackLeaseLifetimeSec" + "Label" + "Use6RD" ]) (assertValueOneOf "UseDNS" boolValues) (assertValueOneOf "RoutesToDNS" boolValues) @@ -732,6 +736,8 @@ let (assertPort "ListenPort") (assertValueOneOf "SendRelease" boolValues) (assertValueOneOf "SendDecline" boolValues) + (assertValueOneOf "FallbackLeaseLifetimeSec" ["forever" "infinity"]) + (assertValueOneOf "Use6RD" boolValues) ]; sectionDHCPv6 = checkUnitConfig "DHCPv6" [ @@ -752,6 +758,7 @@ let "DUIDType" "DUIDRawData" "IAID" + "UseDelegatedPrefix" ]) (assertValueOneOf "UseAddress" boolValues) (assertValueOneOf "UseDNS" boolValues) @@ -761,6 +768,7 @@ let (assertValueOneOf "WithoutRA" ["no" "solicit" "information-request"]) (assertRange "SendOption" 1 65536) (assertInt "IAID") + (assertValueOneOf "UseDelegatedPrefix" boolValues) ]; sectionDHCPPrefixDelegation = checkUnitConfig "DHCPPrefixDelegation" [ @@ -805,6 +813,9 @@ let (assertValueOneOf "UseAutonomousPrefix" boolValues) (assertValueOneOf "UseOnLinkPrefix" boolValues) (assertValueOneOf "DHCPv6Client" (boolValues ++ ["always"])) + (assertValueOneOf "UseMTU" boolValues) + (assertValueOneOf "UseGateway" boolValues) + (assertValueOneOf "UseRoutePrefix" boolValues) ]; sectionDHCPServer = checkUnitConfig "DHCPServer" [ From bfed63047d0ec304c61a3f44197494aad23cb6c2 Mon Sep 17 00:00:00 2001 From: Vincent Haupert Date: Tue, 11 Oct 2022 19:00:49 +0200 Subject: [PATCH 5/5] release-notes: mention breaking changes w/r/t `systemd-networkd` 250 --- .../from_md/release-notes/rl-2211.section.xml | 41 +++++++++++++++++++ .../manual/release-notes/rl-2211.section.md | 6 +++ 2 files changed, 47 insertions(+) diff --git a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml index 78bd6c6a22d8..aa79083d1065 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml @@ -578,6 +578,47 @@ instead. + + + systemd-networkd v250 deprecated, renamed, + and moved some sections and settings which leads to the + following breaking module changes: + + + + + systemd.network.networks.<name>.dhcpV6PrefixDelegationConfig + is renamed to + systemd.network.networks.<name>.dhcpPrefixDelegationConfig. + + + + + systemd.network.networks.<name>.dhcpV6Config + no longer accepts the + ForceDHCPv6PDOtherInformation= setting. + Please use the WithoutRA= and + UseDelegatedPrefix= settings in your + systemd.network.networks.<name>.dhcpV6Config + and the DHCPv6Client= setting in your + systemd.network.networks.<name>.ipv6AcceptRAConfig + to control when the DHCPv6 client is started and how the + delegated prefixes are handled by the DHCPv6 client. + + + + + systemd.network.networks.<name>.networkConfig + no longer accepts the IPv6Token= + setting. Use the Token= setting in your + systemd.network.networks.<name>.ipv6AcceptRAConfig + instead. The + systemd.network.networks.<name>.ipv6Prefixes.*.ipv6PrefixConfig + now also accepts the Token= setting. + + + + The meta.mainProgram attribute of packages diff --git a/nixos/doc/manual/release-notes/rl-2211.section.md b/nixos/doc/manual/release-notes/rl-2211.section.md index 37b0db8a8ce1..3c2560df713f 100644 --- a/nixos/doc/manual/release-notes/rl-2211.section.md +++ b/nixos/doc/manual/release-notes/rl-2211.section.md @@ -194,6 +194,12 @@ Available as [services.patroni](options.html#opt-services.patroni.enable). - The `aws` package has been removed due to being abandoned by the upstream. It is recommended to use `awscli` or `awscli2` instead. +- `systemd-networkd` v250 deprecated, renamed, and moved some sections and settings which leads to the following breaking module changes: + + * `systemd.network.networks..dhcpV6PrefixDelegationConfig` is renamed to `systemd.network.networks..dhcpPrefixDelegationConfig`. + * `systemd.network.networks..dhcpV6Config` no longer accepts the `ForceDHCPv6PDOtherInformation=` setting. Please use the `WithoutRA=` and `UseDelegatedPrefix=` settings in your `systemd.network.networks..dhcpV6Config` and the `DHCPv6Client=` setting in your `systemd.network.networks..ipv6AcceptRAConfig` to control when the DHCPv6 client is started and how the delegated prefixes are handled by the DHCPv6 client. + * `systemd.network.networks..networkConfig` no longer accepts the `IPv6Token=` setting. Use the `Token=` setting in your `systemd.network.networks..ipv6AcceptRAConfig` instead. The `systemd.network.networks..ipv6Prefixes.*.ipv6PrefixConfig` now also accepts the `Token=` setting. + - The `meta.mainProgram` attribute of packages in `wineWowPackages` now defaults to `"wine64"`. - The `paperless` module now defaults `PAPERLESS_TIME_ZONE` to your configured system timezone.