Improving systemd-networkd


First time NixOS user here. I decided to use NixOS to build a router from spare server bits I had lying around to replace my home router that has been giving me lots of issues particularly with IPv6. I found NixOS to work well and reminded me of working with Juniper routers with the config files and ability to rollback changes easily.

After a false start with the older script based networking options (which I got working including DHCP prefix delegation but was rather finicky), I switched to systemd-networkd and now I am happy with how things are.

While working on the configuration I found a few areas where the systemd-networkd config tree didn’t quite line up with current systemd-networkd man page. The Wiki documentation could do with some more examples as well - I ended up using stuff from the Arch Wiki for guidance.

Anyway I decided to start helping update the config tree for systemd-networkd and for the first PR I worked just on Mainly as I was after the IPv6PrivacyExtensions setting which was missing.

I am still getting to grips with the Nix language and available functions etc. My changes so far are in the branch GitHub - ljbade/nixpkgs at networkd-r23.11

Does anyone have feedback on what I have so far before I make a PR?

The main changes are adding the missing settings from networkd.conf. I also tweaked some of the error messages as I found them a bit confusing when I first encountered them.

The one area I am most unsure of is adding new validation functions as am still figuring out the available functions and how to chain them together. For example I am not sure whether it is better to split the settings strings up into parts and try to decode the integers in them, or if regex would be better. So any feedback the design of isValidRouteTableDef would be great.


Nice work @ljbade! You should open a draft PR on nixpkgs so we can see the changes you are proposing more easily.

As you have discovered, we add systemd-networkd options to nixpkgs manually, so it isn’t uncommon to find missing ones, in which case, they should be added as you are doing!

I have also been seriously considering standing up a nixos router recently, also to work around confusing ipv6 support on the router I have connected to my gateway.

My main hesitation is that I don’t have good knowledge of nftables, so am afraid i will make a mistake setting up the firewall and internal devices will be exposed to the outside. Right now, my LAN is ipv4 only, so i rely on NAT / port forwarding as a firewall :sweat_smile:.

@danielbarter yes nftables took me a while to figure out but there are some good examples available and their wiki site is invaluable.

1 Like