Official NixOS Wiki

Networking: Difference between revisions

← Older edit
DHCP (talk | contribs)
104 edits
VisualWikitext
m Configuration: link to related pages
DHCP (talk | contribs)
104 edits
m Virtualization: minor formatting fix
 
(5 intermediate revisions by 2 users not shown)
Line 39: Line 39:
<syntaxhighlight lang="nix">
<syntaxhighlight lang="nix">
networking.hosts = {
networking.hosts = {
   "127.0.0.2" = ["other-localhost"];
   "127.0.0.2" = [ "other-localhost" ];
   "192.0.2.1" = ["mail.example.com" "imap.example.com"];
   "192.0.2.1" = [ "mail.example.com" "imap.example.com" ];
};
};
</syntaxhighlight>
</syntaxhighlight>
Line 115: Line 115:
         }
         }
     '';
     '';
  };
};
</syntaxhighlight>
=== Virtualization ===
Sometimes complex network configurations with VPNs or firewall rules you may need extra configurations in order for your VMs to have network access. It is recommended to use more granular control over the ports instead of simply allowing the entire interface.<syntaxhighlight lang="nix">
networking = {
  firewall = {
    enable = true;
   
    # Allows the entire interface through the firewall.
    # trustedInterfaces = [ "virbr0" ];
    # Allows individual ports through the firewall.
    interfaces = {
      virbr0 = {
        allowedUDPPorts = [
          # DNS
          53
          # DHCP
          67
          # You may want to allow more ports such as ipv6 and other services here.
        ];
      };
    };
  };
  nat = {
    enable = true;
    internalInterfaces = [ "virbr0" ];
   };
   };
};
};
Line 211: Line 241:


<syntaxhighlight lang="nix">
<syntaxhighlight lang="nix">
    networking = {
networking = {
      hostId = "deadb33f";
  hostId = "deadb33f";
      hostName = "nixos";
  hostName = "nixos";
      domain = "example.com";
  domain = "example.com";
      dhcpcd.enable = false;
  dhcpcd.enable = false;
      interfaces.enp2s1.ipv4.addresses = [{
  interfaces.enp2s1.ipv4.addresses = [{
        address = "192.168.1.2";
    address = "192.168.1.2";
        prefixLength = 28;
    prefixLength = 28;
      }];
  }];
      vlans = {
  vlans = {
        vlan100 = { id=100; interface="enp2s0"; };
    vlan100 = { id=100; interface="enp2s0"; };
        vlan101 = { id=101; interface="enp2s0"; };
    vlan101 = { id=101; interface="enp2s0"; };
      };
  };
      interfaces.vlan100.ipv4.addresses = [{
  interfaces.vlan100.ipv4.addresses = [{
        address = "10.1.1.2";
    address = "10.1.1.2";
        prefixLength = 24;
    prefixLength = 24;
      }];
  }];
      interfaces.vlan101.ipv4.addresses = [{
  interfaces.vlan101.ipv4.addresses = [{
        address = "10.10.10.3";
    address = "10.10.10.3";
        prefixLength = 24;
    prefixLength = 24;
      }];
  }];
      defaultGateway = "192.168.1.1";
  defaultGateway = "192.168.1.1";
      nameservers = [ "1.1.1.1" "8.8.8.8" ];
  nameservers = [ "1.1.1.1" "8.8.8.8" ];
    };
};
</syntaxhighlight>
</syntaxhighlight>


Line 267: Line 297:


{{file|/etc/nixos/configuration.nix|nix|<nowiki>
{{file|/etc/nixos/configuration.nix|nix|<nowiki>
  networking.networkmanager.ensureProfiles.profiles = {
networking.networkmanager.ensureProfiles.profiles = {
    "Bond connection 1" = {
  "Bond connection 1" = {
      bond = {
    bond = {
        miimon = "100"; # Monitor MII link every 100ms
      miimon = "100"; # Monitor MII link every 100ms
        mode = "802.3ad";
      mode = "802.3ad";
        xmit_hash_policy = "layer3+4"; # IP and TCP/UDP hash
      xmit_hash_policy = "layer3+4"; # IP and TCP/UDP hash
      };
    };
      connection = {
    connection = {
        id = "Bond connection 1";
      id = "Bond connection 1";
        interface-name = "bond0"; # Make sure this matches the controller properties
      interface-name = "bond0"; # Make sure this matches the controller properties
        type = "bond";
      type = "bond";
      };
    };
      ipv4 = {
    ipv4 = {
        method = "auto";
      method = "auto";
      };
    };
      ipv6 = {
    ipv6 = {
        addr-gen-mode = "stable-privacy";
      addr-gen-mode = "stable-privacy";
        method = "auto";
      method = "auto";
      };
      proxy = { };
     };
     };
     # No more automatically generated "Wired connection 1"
     proxy = { };
    "bond0 port 1" = {
  };
      connection = {
  # No more automatically generated "Wired connection 1"
        id = "bond0 port 1";
  "bond0 port 1" = {
        type = "ethernet";
    connection = {
        interface-name = "enp2s0";
      id = "bond0 port 1";
        controller = "bond0";
      type = "ethernet";
        port-type = "bond";
      interface-name = "enp2s0";
      };
      controller = "bond0";
      port-type = "bond";
     };
     };
    "bond0 port 2" = {
  };
      connection = {
  "bond0 port 2" = {
        id = "bond0 port 2";
    connection = {
        type = "ethernet";
      id = "bond0 port 2";
        interface-name = "enp3s0";
      type = "ethernet";
        controller = "bond0";
      interface-name = "enp3s0";
        port-type = "bond";
      controller = "bond0";
      };
      port-type = "bond";
     };
     };
   };
   };
};
</nowiki>}}
</nowiki>}}


Line 315: Line 345:


{{file|/etc/nixos/configuration.nix|nix|<nowiki>
{{file|/etc/nixos/configuration.nix|nix|<nowiki>
  networking.bonds = {
networking.bonds = {
    bond0 = {
  bond0 = {
      interfaces = [ "enp2s0" "enp3s0" ];
    interfaces = [ "enp2s0" "enp3s0" ];
      driverOptions = {
    driverOptions = {
        miimon = "100"; # Monitor MII link every 100ms
      miimon = "100"; # Monitor MII link every 100ms
        mode = "802.3ad";
      mode = "802.3ad";
        xmit_hash_policy = "layer3+4"; # IP and TCP/UDP hash
      xmit_hash_policy = "layer3+4"; # IP and TCP/UDP hash
      };
     };
     };
   };
   };
};
</nowiki>}}
</nowiki>}}


Retrieved from "https://wiki.nixos.org/wiki/Networking"