From d30dbf38b9f416ed756dc2e9a5e6d37865745651 Mon Sep 17 00:00:00 2001 From: Linus Heckemann Date: Tue, 5 Apr 2022 12:02:18 +0200 Subject: [PATCH 01/10] nixos/networkd: reimplement useDHCP in a sensible way --- .../tasks/network-interfaces-systemd.nix | 40 ++++++++++++++++--- 1 file changed, 34 insertions(+), 6 deletions(-) diff --git a/nixos/modules/tasks/network-interfaces-systemd.nix b/nixos/modules/tasks/network-interfaces-systemd.nix index 8654539b662..4273bbc6f0c 100644 --- a/nixos/modules/tasks/network-interfaces-systemd.nix +++ b/nixos/modules/tasks/network-interfaces-systemd.nix @@ -43,12 +43,6 @@ in } { assertion = cfg.defaultGateway6 == null || cfg.defaultGateway6.interface == null; message = "networking.defaultGateway6.interface is not supported by networkd."; - } { - assertion = cfg.useDHCP == false; - message = '' - networking.useDHCP is not supported by networkd. - Please use per interface configuration and set the global option to false. - ''; } ] ++ flip mapAttrsToList cfg.bridges (n: { rstp, ... }: { assertion = !rstp; message = "networking.bridges.${n}.rstp is not supported by networkd."; @@ -92,6 +86,40 @@ in }; }; }); + networks."99-ethernet-default-dhcp" = lib.mkIf cfg.useDHCP { + # We want to match physical ethernet interfaces as commonly + # found on laptops, desktops and servers, to provide an + # "out-of-the-box" setup that works for common cases. This + # heuristic isn't perfect (it could match interfaces with + # custom names that _happen_ to start with en or eth), but + # should be good enough to make the common case easy and can + # be overridden on a case-by-case basis using + # higher-priority networks or by disabling useDHCP. + + # Type=ether matches veth interfaces as well, and this is + # more likely to result in interfaces being configured to + # use DHCP when they shouldn't. + + # We set RequiredForOnline to false, because it's fairly + # common for such devices to have multiple interfaces and + # only one of them to be connected (e.g. a laptop with + # ethernet and WiFi interfaces). Maybe one day networkd will + # support "any"-style RequiredForOnline... + matchConfig.Name = ["en*" "eth*"]; + DHCP = "yes"; + linkConfig.RequiredForOnline = lib.mkDefault false; + }; + networks."99-wireless-client-dhcp" = lib.mkIf cfg.useDHCP { + # Like above, but this is much more likely to be correct. + matchConfig.WLANInterfaceType = "station"; + DHCP = "yes"; + linkConfig.RequiredForOnline = lib.mkDefault false; + # We also set the route metric to one more than the default + # of 1024, so that Ethernet is preferred if both are + # available. + dhcpV4Config.RouteMetric = 1025; + ipv6AcceptRAConfig.RouteMetric = 1025; + }; networks."40-${i.name}" = mkMerge [ (genericNetwork id) { name = mkDefault i.name; DHCP = mkForce (dhcpStr From ba4a615da9400c3ff8d27b6615013fee5ff69b9e Mon Sep 17 00:00:00 2001 From: Linus Heckemann Date: Tue, 5 Apr 2022 21:28:38 +0200 Subject: [PATCH 02/10] nixos/tests/networking: add test for global useDHCP --- nixos/tests/networking.nix | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/nixos/tests/networking.nix b/nixos/tests/networking.nix index a1150097a09..d49c7d943fd 100644 --- a/nixos/tests/networking.nix +++ b/nixos/tests/networking.nix @@ -139,6 +139,25 @@ let client.wait_until_succeeds("ping -c 1 192.168.3.1") ''; }; + dhcpDefault = { + name = "useDHCP-by-default"; + nodes.router = router; + nodes.client = { lib, ... }: { + # Disable test driver default config + networking.interfaces = lib.mkForce {}; + virtualisation.vlans = [ 1 ]; + }; + testScript = '' + start_all() + client.wait_for_unit("multi-user.target") + client.wait_until_succeeds("ip addr show dev eth1 | grep '192.168.1'") + client.shell_interact() + client.succeed("ping -c 1 192.168.1.1") + router.succeed("ping -c 1 192.168.1.1") + router.succeed("ping -c 1 192.168.1.2") + router.succeed("ping -c 1 192.168.1.2") + ''; + }; dhcpSimple = { name = "SimpleDHCP"; nodes.router = router; From 161dd27ee1ac84a78bda62a603dcb54ae1f8b15f Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Fri, 29 Apr 2022 13:12:05 +0200 Subject: [PATCH 03/10] nixos/tests/networking: test connectivity from both client & router --- nixos/tests/networking.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/tests/networking.nix b/nixos/tests/networking.nix index d49c7d943fd..84693ee780c 100644 --- a/nixos/tests/networking.nix +++ b/nixos/tests/networking.nix @@ -155,7 +155,7 @@ let client.succeed("ping -c 1 192.168.1.1") router.succeed("ping -c 1 192.168.1.1") router.succeed("ping -c 1 192.168.1.2") - router.succeed("ping -c 1 192.168.1.2") + client.succeed("ping -c 1 192.168.1.2") ''; }; dhcpSimple = { From aa849e14785930404601747c7ea7b6172d80832d Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Fri, 29 Apr 2022 13:48:01 +0200 Subject: [PATCH 04/10] nixos/network-interfaces-systemd: actually set catchall-iface if `useDHCP = true;` Previously this wasn't done in the `forEach`-expression for `cfg.interfaces` and thus `networking.useDHCP` didn't have any effect if no further interface was statically configured. --- .../tasks/network-interfaces-systemd.nix | 26 ++++++++++--------- 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/nixos/modules/tasks/network-interfaces-systemd.nix b/nixos/modules/tasks/network-interfaces-systemd.nix index 4273bbc6f0c..110e84494a3 100644 --- a/nixos/modules/tasks/network-interfaces-systemd.nix +++ b/nixos/modules/tasks/network-interfaces-systemd.nix @@ -74,18 +74,7 @@ in in mkMerge [ { enable = true; } - (mkMerge (forEach interfaces (i: { - netdevs = mkIf i.virtual ({ - "40-${i.name}" = { - netdevConfig = { - Name = i.name; - Kind = i.virtualType; - }; - "${i.virtualType}Config" = optionalAttrs (i.virtualOwner != null) { - User = i.virtualOwner; - }; - }; - }); + (mkIf cfg.useDHCP { networks."99-ethernet-default-dhcp" = lib.mkIf cfg.useDHCP { # We want to match physical ethernet interfaces as commonly # found on laptops, desktops and servers, to provide an @@ -120,6 +109,19 @@ in dhcpV4Config.RouteMetric = 1025; ipv6AcceptRAConfig.RouteMetric = 1025; }; + }) + (mkMerge (forEach interfaces (i: { + netdevs = mkIf i.virtual ({ + "40-${i.name}" = { + netdevConfig = { + Name = i.name; + Kind = i.virtualType; + }; + "${i.virtualType}Config" = optionalAttrs (i.virtualOwner != null) { + User = i.virtualOwner; + }; + }; + }); networks."40-${i.name}" = mkMerge [ (genericNetwork id) { name = mkDefault i.name; DHCP = mkForce (dhcpStr From b08a06859c615a920b91b05b52b5765ca8368b71 Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Fri, 29 Apr 2022 23:35:53 +0200 Subject: [PATCH 05/10] nixos/tests/networking/dhcpDefault: actually use networkd for client --- nixos/tests/networking.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/tests/networking.nix b/nixos/tests/networking.nix index 84693ee780c..2cc1e9b0942 100644 --- a/nixos/tests/networking.nix +++ b/nixos/tests/networking.nix @@ -145,6 +145,7 @@ let nodes.client = { lib, ... }: { # Disable test driver default config networking.interfaces = lib.mkForce {}; + networking.useNetworkd = networkd; virtualisation.vlans = [ 1 ]; }; testScript = '' From 9c186626125999e917027accc297d1c9b24e1fcb Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Fri, 29 Apr 2022 13:55:16 +0200 Subject: [PATCH 06/10] nixos/networkd: allow RouteMetric for IPv6AcceptRA According to `systemd.network(5)` of systemd v249 this is a valid option. Fixes evaluation of the wildcard network definitions. --- nixos/modules/system/boot/networkd.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index d1a6f46bfc4..0336930b3ab 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -779,6 +779,7 @@ let "RouteDenyList" "RouteAllowList" "DHCPv6Client" + "RouteMetric" ]) (assertValueOneOf "UseDNS" boolValues) (assertValueOneOf "UseDomains" (boolValues ++ ["route"])) From cff16bc62507bc0dfbaa1582ad0931be4da006ad Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Fri, 29 Apr 2022 23:45:26 +0200 Subject: [PATCH 07/10] nixos/doc: add release-note entry for networking.useDHCP change --- .../from_md/release-notes/rl-2205.section.xml | 15 +++++++++++++++ nixos/doc/manual/release-notes/rl-2205.section.md | 7 +++++++ 2 files changed, 22 insertions(+) diff --git a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml index 2046e2449cc..aa7be94c331 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml @@ -2386,6 +2386,21 @@ hosts. + + + The option + networking.useDHCP + isn’t deprecated anymore. When using + systemd-networkd, + a generic .network-unit is added which + enables DHCP for each interface matching + en*, eth* or + wl* with priority 99 (which means that it + doesn’t have any effect if such an interface is matched by a + .network-unit with a lower priority). In + case of scripted networking, no behavior was changed. + + diff --git a/nixos/doc/manual/release-notes/rl-2205.section.md b/nixos/doc/manual/release-notes/rl-2205.section.md index 9674eb66a4c..aefe6286931 100644 --- a/nixos/doc/manual/release-notes/rl-2205.section.md +++ b/nixos/doc/manual/release-notes/rl-2205.section.md @@ -846,4 +846,11 @@ In addition to numerous new and upgraded packages, this release has the followin `true` starting with NixOS 22.11. Enable it explicitly if you need to control Snapserver remotely or connect streamig clients from other hosts. +- The option [networking.useDHCP](options.html#opt-networking.useDHCP) isn't deprecated anymore. + When using [`systemd-networkd`](options.html#opt-networking.useNetworkd), a generic + `.network`-unit is added which enables DHCP for each interface matching `en*`, `eth*` + or `wl*` with priority 99 (which means that it doesn't have any effect if such an interface is matched + by a `.network-`unit with a lower priority). In case of scripted networking, no behavior + was changed. + From 8e42949a2421485c34fa56cff3e768af1c91459e Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Sat, 30 Apr 2022 00:26:46 +0200 Subject: [PATCH 08/10] nixos/nixos-generate-config: use networking.useDHCP by default Currently we're still using scripted networking by default. A problem with scripted networking is that having `useDHCP` on potentially non-existing interfaces (e.g. an ethernet interface for USB tethering) can cause the boot to hang. Closes #107908 --- .../modules/installer/tools/nixos-generate-config.pl | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/nixos/modules/installer/tools/nixos-generate-config.pl b/nixos/modules/installer/tools/nixos-generate-config.pl index fb5d3ba4732..6d32d727501 100644 --- a/nixos/modules/installer/tools/nixos-generate-config.pl +++ b/nixos/modules/installer/tools/nixos-generate-config.pl @@ -581,17 +581,19 @@ ${\join "", (map { " $_\n" } (uniq @attrs))}} EOF sub generateNetworkingDhcpConfig { + # FIXME disable networking.useDHCP by default when switching to networkd. my $config = <.useDHCP`. + networking.useDHCP = lib.mkDefault true; EOF foreach my $path (glob "/sys/class/net/*") { my $dev = basename($path); if ($dev ne "lo") { - $config .= " networking.interfaces.$dev.useDHCP = lib.mkDefault true;\n"; + $config .= " # networking.interfaces.$dev.useDHCP = lib.mkDefault true;\n"; } } From 196c877c8555eb72e52c5a5353a18a710ad00c70 Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Sat, 30 Apr 2022 12:40:10 +0200 Subject: [PATCH 09/10] nixos/network-interfaces: remove outdated deprecation information --- nixos/modules/tasks/network-interfaces.nix | 5 ----- 1 file changed, 5 deletions(-) diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix index d09e9b99248..d56159f1596 100644 --- a/nixos/modules/tasks/network-interfaces.nix +++ b/nixos/modules/tasks/network-interfaces.nix @@ -1254,11 +1254,6 @@ in Whether to use DHCP to obtain an IP address and other configuration for all network interfaces that are not manually configured. - - Using this option is highly discouraged and also incompatible with - . Please use - instead - and set this to false. ''; }; From f4e5bd806439fb7010c4962295a786d61d4af305 Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Fri, 6 May 2022 16:56:47 +0200 Subject: [PATCH 10/10] nixos/nixos-generate-config: update comment for useDHCP --- nixos/modules/installer/tools/nixos-generate-config.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nixos/modules/installer/tools/nixos-generate-config.pl b/nixos/modules/installer/tools/nixos-generate-config.pl index 6d32d727501..b74ec838df4 100644 --- a/nixos/modules/installer/tools/nixos-generate-config.pl +++ b/nixos/modules/installer/tools/nixos-generate-config.pl @@ -585,8 +585,8 @@ sub generateNetworkingDhcpConfig { my $config = <.useDHCP`. + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. networking.useDHCP = lib.mkDefault true; EOF