]> Git — Sourcephile - sourcephile-nix.git/blob - nixos/defaults/predictable-interface-names.nix
nftables: harden input checks on mermet
[sourcephile-nix.git] / nixos / defaults / predictable-interface-names.nix
1 # Use predictable interface names in stage-1 and stage-2.
2 # DOC: https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/
3 #
4 # Tip: names that can be given using ID_NET_NAME_* envvars
5 # can be checked before hand with:
6 # udevadm test-builtin net_id /sys/class/net/*
7 { pkgs, lib, config, ... }:
8 let
9 udevNetSetupLinkRules = pkgs.writeTextDir "etc/udev/rules.d/79-net-setup-link.rules" ''
10 SUBSYSTEM!="net", GOTO="net_setup_link_end"
11
12 IMPORT{builtin}="path_id"
13
14 ACTION!="add", GOTO="net_setup_link_end"
15
16 # Load net_setup_link to setup the ID_NET_NAME_* envvars
17 IMPORT{builtin}="net_setup_link"
18
19 # Rename eth* using the "path" name policy (eg. enp1s0),
20 # Note that in stage-1 the envvar ID_NET_NAME is not set,
21 # hence not usable as in ''${pkgs.systemd}/lib/udev/rules.d/80-net-setup-link.rules
22 # Because in stage-1 there is no /etc/systemd/network/*.link
23 # nor **/systemd/network/99-default.link
24 # to set NamePolicy= which is responsible to set ID_NET_NAME.
25 # Not sure if ATTR{type}=="1" and KERNEL=="eth*" are equivalent or not.
26 ATTR{type}=="1", KERNEL=="eth*", NAME="$env{ID_NET_NAME_PATH}"
27
28 LABEL="net_setup_link_end"
29 '';
30 in
31 {
32 networking = {
33 # Currently no-op.
34 # false would set boot.kernelParams = [ "net.ifnames=0" ];
35 # to disable NamePolicy= in *.link.
36 usePredictableInterfaceNames = true;
37 };
38
39 boot.initrd = {
40 extraUdevRulesCommands = ''
41 # The name set here in stage-1 by 79-net-setup-link.rules
42 # will stay in stage-2 (at least until the device is removed/added).
43 cp -v ${udevNetSetupLinkRules}/etc/udev/rules.d/79-net-setup-link.rules $out/
44 '';
45 };
46
47 services.udev.packages = [
48 # Only useful here in stage-2 if the device is removed and re-added
49 # (eg. the network module is rmmod-ed then modprobe-d).
50 # The stage-1 (or initrd) is only a pivot_root after all,
51 # it does not reload the kernel, hence passing to stage-2
52 # does not trigger ACTION=="add" for the net devices.
53 udevNetSetupLinkRules
54 ];
55
56 /* Useless block, only here for explanations.
57
58 # NixOS put this .link only in the root filesystem, not in the initrd
59 # hence it's only active in stage-2, not stage-1.
60 # And even in stage-2, the 80-net-setup-link.rules has priority.
61 # DOC: https://www.freedesktop.org/software/systemd/man/systemd.link.html
62 environment.etc."systemd/network/79-net-setup.link".text = ''
63 [Match]
64 OriginalName=*
65
66 [Link]
67 #NamePolicy=keep kernel database onboard slot path
68 NamePolicy=mac
69 MACAddressPolicy=persistent
70 '';
71 */
72 }