Hello all,
First post here, and I am a newbie at both the whole Nix ecosystem and Discourse so please bear with me for the unavoidable missteps.
My home network is more complex than average, for… Reasons. 
MultiVLAN, dual stack IPv4/6, Mikrotik router behind the ISP provider serving DHCP and SLAAC, network services and applications running on a proxmox hypervisor (RP, DNS…).
I am learning NixOS, the goal being to replace my alpine/debian VMs by lighter NixOS LXC containers. The existing VMs build their IPv6 network addresses using the IPv6 token mechanism. I found that I could reproduce this on NixOS by enabling NetworkManager, but I’d rather do it in a declarative way in the configuration.nix file.
Following the official documentation only gives me a few examples for the most basic stuff and I have a hard time believing this is the whole story. Now, this is probably a case of me not yet knowing where to look, or approaching the problem with the wrong mindset, since I’m a newbie, so I need some help with this.
So my first question is: where can I find all the available networking options I may use in this file?
And my second question would be: if someone reading this has already tried to use IPv6 tokens, may I have your thoughts, advice on that topic? If IPv6 tokens are a no go in NixOS for some reason, I’d rather change my habits than waste my time.
Best regards,
Xavier
1 Like
Here you find a list of all options.
For documentation, the manual cover only very basic setups, as you said. Probably the best place to look of examples is the NixOS tests directory.
I’m not familiar with IPv6 token at all, but know that whatever you do in NetworkManager should be possible to configure declaratively with networking.networkmanager.ensureProfiles. See this test for an example.
Thanks for the answer.
I did imply that using NetworkManager would not be declarative because that’s what the official wiki says:
“”"
Networking config always goes in your system configuration. This can be done declaratively as shown in the following sections or through non-declarative tools such as NetworkManager.
“”"
So, good to know that I can use NetworkManager in a declarative way. I must add, though, that I had a hard time building a stable IPv6 network because of the multiple tools/layers I had to learn and use depending on context/distro (systemd, NetworkManager, netplan…). In the end, I’d rather use one and only distro, with the smallest possible number of additional layers. Network Manager will be a last resort. If I can avoid it, I will.
Time to search that list of options.
Well, it’s not wrong: NetworkManager is typically used on desktops from a GUI, but with that option you can also add some network profiles from the NixOS configuration.
(If you look at the implementation you’ll see ensureProfiles is a bit of a hack because NetworkManager doesn’t really have static configuration files like typical unix daemons, but it works well nonetheless.)
Network Manager will be a last resort. If I can avoid it, I will.
Sure, it makes sense for a VM.
I’ve looked at bit into this token thing: AFAIU it’s an alternative method to generate stable addresses with SLAAC. The networking-interfaces.nix module doesn’t handle it (this is what provides most of the networking.* options); systemd-networkd (systemd.network.*) does have an option to specify a token, but if you want to avoid running network daemon, it seems you could simply put an ip token set command in networking.localCommands.
Yes, tokens allow for fixed IP addresses in a SLAAC context, without resorting to DHCPv6. It is the best way I found to give fixed addresses to my VMs.
Using a local command to set a token on boot is among the solutions I used when learning to use tokens before, but it felt and still feel like a hack. I’m happy to learn about “networking.localCommands”, though. Could still prove useful down the road.
After digging I came to the conclusion that a working configuration as per systemd-networkd - Official NixOS Wiki , nixpkgs/nixos/modules/system/boot/networkd.nix at 70b90a048b19daa587554494f63c7dc20959d1fa · NixOS/nixpkgs · GitHub , and my previous experience with using tokens on Linux would be something like:
systemd = {
network = {
enable = true;
networks = {
"10-eth0" = {
matchConfig.Name = "eth0";
networkConfig.DHCP = "ipv4";
ipv6AcceptRAConfig = {
UseDNS = true;
UseDomains = true;
Token = "<TOKEN>";
UsePREF64 = true;
};
};
};
};
};
Dry-build stopped complaining after I fixed a typo (IPv6AcceptRAConfig vs. ipv6AcceptRAConfig).
Dry-activate stopped complaining when I stopped forgetting to “sudo” (but doesn’t “work” since networking is not reset).
Switch… Works. The token is properly used with both GUA and ULA prefixes. There is an issue with the domain name but it reveals an issue with my setup. I think the domain name is only provided through DHCPv4 at the moment, and this configuration lacks some options about that. Anyway, this issue is irrelevant to this thread, and I will do my homework before maybe coming back to discourse.
Thanks a lot for pointing me in the right direction!
2 Likes
I’ve looked at the implementation in the linux kernel and there doesn’t seem to be a sysctl or command line parameter to configure this (probably because this is a draft that never made it into a proper RFC).
So, at the end of the day something must send a command over netlink to set the token, be either systemd-networkd, NetworkManager or some script using ip token set.
Thanks a lot for pointing me in the right direction!
No problem.