Official NixOS Wiki

Networking: Difference between revisions

← Older edit
DHCP (talk | contribs)
104 edits
VisualWikitext
Axka (talk | contribs)
79 edits
Update link aggregation section
DHCP (talk | contribs)
104 edits
m Virtualization: minor formatting fix
 
(7 intermediate revisions by 4 users not shown)
Line 2: Line 2:


== Configuration ==
== Configuration ==
=== Wireless networks ===
See [[wpa_supplicant]] / [[Iwd]].


=== Static IP for network adapter ===
=== Static IP for network adapter ===
Line 35: Line 39:
<syntaxhighlight lang="nix">
<syntaxhighlight lang="nix">
networking.hosts = {
networking.hosts = {
   "127.0.0.2" = ["other-localhost"];
   "127.0.0.2" = [ "other-localhost" ];
   "192.0.2.1" = ["mail.example.com" "imap.example.com"];
   "192.0.2.1" = [ "mail.example.com" "imap.example.com" ];
};
};
</syntaxhighlight>
</syntaxhighlight>
Line 111: Line 115:
         }
         }
     '';
     '';
  };
};
</syntaxhighlight>
=== Virtualization ===
Sometimes complex network configurations with VPNs or firewall rules you may need extra configurations in order for your VMs to have network access. It is recommended to use more granular control over the ports instead of simply allowing the entire interface.<syntaxhighlight lang="nix">
networking = {
  firewall = {
    enable = true;
   
    # Allows the entire interface through the firewall.
    # trustedInterfaces = [ "virbr0" ];
    # Allows individual ports through the firewall.
    interfaces = {
      virbr0 = {
        allowedUDPPorts = [
          # DNS
          53
          # DHCP
          67
          # You may want to allow more ports such as ipv6 and other services here.
        ];
      };
    };
  };
  nat = {
    enable = true;
    internalInterfaces = [ "virbr0" ];
   };
   };
};
};
Line 207: Line 241:


<syntaxhighlight lang="nix">
<syntaxhighlight lang="nix">
    networking = {
networking = {
      hostId = "deadb33f";
  hostId = "deadb33f";
      hostName = "nixos";
  hostName = "nixos";
      domain = "example.com";
  domain = "example.com";
      dhcpcd.enable = false;
  dhcpcd.enable = false;
      interfaces.enp2s1.ipv4.addresses = [{
  interfaces.enp2s1.ipv4.addresses = [{
        address = "192.168.1.2";
    address = "192.168.1.2";
        prefixLength = 28;
    prefixLength = 28;
      }];
  }];
      vlans = {
  vlans = {
        vlan100 = { id=100; interface="enp2s0"; };
    vlan100 = { id=100; interface="enp2s0"; };
        vlan101 = { id=101; interface="enp2s0"; };
    vlan101 = { id=101; interface="enp2s0"; };
      };
  };
      interfaces.vlan100.ipv4.addresses = [{
  interfaces.vlan100.ipv4.addresses = [{
        address = "10.1.1.2";
    address = "10.1.1.2";
        prefixLength = 24;
    prefixLength = 24;
      }];
  }];
      interfaces.vlan101.ipv4.addresses = [{
  interfaces.vlan101.ipv4.addresses = [{
        address = "10.10.10.3";
    address = "10.10.10.3";
        prefixLength = 24;
    prefixLength = 24;
      }];
  }];
      defaultGateway = "192.168.1.1";
  defaultGateway = "192.168.1.1";
      nameservers = [ "1.1.1.1" "8.8.8.8" ];
  nameservers = [ "1.1.1.1" "8.8.8.8" ];
    };
};
</syntaxhighlight>
</syntaxhighlight>


Line 263: Line 297:


{{file|/etc/nixos/configuration.nix|nix|<nowiki>
{{file|/etc/nixos/configuration.nix|nix|<nowiki>
  networking.networkmanager.ensureProfiles.profiles = {
networking.networkmanager.ensureProfiles.profiles = {
    "Bond connection 1" = {
  "Bond connection 1" = {
      bond = {
    bond = {
        miimon = "100"; # Monitor MII link every 100ms
      miimon = "100"; # Monitor MII link every 100ms
        mode = "802.3ad";
      mode = "802.3ad";
        xmit_hash_policy = "layer3+4"; # IP and TCP/UDP hash
      xmit_hash_policy = "layer3+4"; # IP and TCP/UDP hash
      };
    };
      connection = {
    connection = {
        id = "Bond connection 1";
      id = "Bond connection 1";
        interface-name = "bond0"; # Make sure this matches the controller properties
      interface-name = "bond0"; # Make sure this matches the controller properties
        type = "bond";
      type = "bond";
      };
    };
      ipv4 = {
    ipv4 = {
        method = "auto";
      method = "auto";
      };
    };
      ipv6 = {
    ipv6 = {
        addr-gen-mode = "stable-privacy";
      addr-gen-mode = "stable-privacy";
        method = "auto";
      method = "auto";
      };
      proxy = { };
     };
     };
     # No more automatically generated "Wired connection 1"
     proxy = { };
    "bond0 port 1" = {
  };
      connection = {
  # No more automatically generated "Wired connection 1"
        id = "bond0 port 1";
  "bond0 port 1" = {
        type = "ethernet";
    connection = {
        interface-name = "enp2s0";
      id = "bond0 port 1";
        controller = "bond0";
      type = "ethernet";
        port-type = "bond";
      interface-name = "enp2s0";
      };
      controller = "bond0";
      port-type = "bond";
     };
     };
    "bond0 port 2" = {
  };
      connection = {
  "bond0 port 2" = {
        id = "bond0 port 2";
    connection = {
        type = "ethernet";
      id = "bond0 port 2";
        interface-name = "enp3s0";
      type = "ethernet";
        controller = "bond0";
      interface-name = "enp3s0";
        port-type = "bond";
      controller = "bond0";
      };
      port-type = "bond";
     };
     };
   };
   };
};
</nowiki>}}
</nowiki>}}


Line 311: Line 345:


{{file|/etc/nixos/configuration.nix|nix|<nowiki>
{{file|/etc/nixos/configuration.nix|nix|<nowiki>
  networking.bonds = {
networking.bonds = {
    bond0 = {
  bond0 = {
      interfaces = [ "enp2s0" "enp3s0" ];
    interfaces = [ "enp2s0" "enp3s0" ];
      driverOptions = {
    driverOptions = {
        miimon = "100"; # Monitor MII link every 100ms
      miimon = "100"; # Monitor MII link every 100ms
        mode = "802.3ad";
      mode = "802.3ad";
        xmit_hash_policy = "layer3+4"; # IP and TCP/UDP hash
      xmit_hash_policy = "layer3+4"; # IP and TCP/UDP hash
      };
     };
     };
   };
   };
};
</nowiki>}}
</nowiki>}}


=== Teaming ===
=== Teaming ===


Using the teaming driver provides more configuration capabilities since more descision-making is done in userspace <ref>https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/7/html/networking_guide/sec-comparison_of_network_teaming_to_bonding#sec-Comparison_of_Network_Teaming_to_Bonding</ref>.
Using the teaming driver provides more configuration capabilities since more descision-making is done in userspace <ref>https://github.com/jpirko/libteam/wiki/Bonding-vs.-Team-features</ref>.
{{Expansion|Missing information about teaming.}}
{{Expansion|Missing information about teaming.}}


Retrieved from "https://wiki.nixos.org/wiki/Networking"