[Nix-dev] [systemd] ip-up target params
Mathijs Kwik
mathijs at bluescreen303.nl
Thu Sep 13 09:01:43 CEST 2012
Eelco Dolstra <eelco.dolstra at logicblox.com> writes:
> Hi,
>
> On 12/09/12 11:12, Mathijs Kwik wrote:
>
>> Currently (with upstart), network interfaces tigger ip-up once dhcpcd
>> assigns them an ip-address.
>> Upstart triggers had an option to supply extra params, and dhcpcd's
>> hook used this to supply information on which interface got connected,
>> and - if on wireless - to which AP a connection was made.
>>
>> I have a somewhat complicated networking setup, so I use these features a lot.
>> Depending on which wifi AP (trusted/untrusted), I enable different
>> firewall rules, openvpn tunnels and routes.
>>
>> Now, I think I should just define systemd targets for these
>> environments (trusted/untrusted/home) and add the services I want to
>> these.
>> However, I need a way to tell upstart which of these targets to (de)activate.
>> Currently, "ip-up" is hardcoded in dhcpcd's hook, "ip-down" is
>> disabled (used to trigger when disconnecting wifi), and if multiple
>> interfaces come up, nothing will happen if the ip-up target was
>> already reached.
>
> Systemd units have a template instantiation mechanism which might be useful
> here. We can have units "if-up at .target" and "if-down at .target" that get
> instantiated when a specific interface goes up or down. So if wlan0 appears, we
> can instantiate "if-up at wlan0.target", which in turn can pull in other dependencies.
I'm using instantiation for my openvpn configs. It's very nice.
Indeed targets per interface is a nice start, but for mobile systems
such as laptops, the network I connect to matters more than the
interface.
As I think this kind of behaviour is useful to most laptop users, I
would like to create a nixos module for defining "networks".
A network then maps to a systemd target, and there are some options for
detecting the current network, like the assigned IP address range, wifi
BSSID, visible ip or mac addresses, DHCP server options. Stuff like that.
But indeed, the output of the network-detection module would just be a
shell script that performs the detection and then starts the associated
target. So it's trivial to have that trigger either on the current ip-up
or the future if-up at iface targets.
I'll see what I can come up with.
More information about the nix-dev
mailing list