NixOS · lheckemann · Nov 22, 2022 · Nov 22, 2022 · Nov 22, 2022 · Nov 22, 2022
diff --git a/nixos/doc/manual/configuration/ad-hoc-network-config.section.md b/nixos/doc/manual/configuration/ad-hoc-network-config.section.md
diff --git a/nixos/doc/manual/configuration/networking.chapter.md b/nixos/doc/manual/configuration/networking.chapter.md
@@ -10,7 +10,6 @@ on your NixOS machine.
 <xi:include href="ipv6-config.section.xml" />
 <xi:include href="firewall.section.xml" />
 <xi:include href="wireless.section.xml" />
-<xi:include href="ad-hoc-network-config.section.xml" />
 <xi:include href="renaming-interfaces.section.xml" />
 ```
 <!-- TODO: OpenVPN, NAT -->
diff --git a/nixos/doc/manual/from_md/configuration/networking.chapter.xml b/nixos/doc/manual/from_md/configuration/networking.chapter.xml
@@ -10,6 +10,5 @@
   <xi:include href="ipv6-config.section.xml" />
   <xi:include href="firewall.section.xml" />
   <xi:include href="wireless.section.xml" />
-  <xi:include href="ad-hoc-network-config.section.xml" />
   <xi:include href="renaming-interfaces.section.xml" />
 </chapter>
diff --git a/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml
@@ -13,7 +13,17 @@
     <itemizedlist spacing="compact">
       <listitem>
         <para>
-          Create the first release note entry in this section!
+          NixOS now uses
+          <link linkend="opt-systemd.network.enable">systemd-networkd</link>
+          as its default networking backend. With networkd, many network
+          configurations which previously required use of
+          <xref linkend="opt-networking.localCommands" /> can be
+          expressed declaratively. Networkd’s connection management is
+          also significantly more reliable than the scripted networking
+          implementation previously in use by default. If you wish to
+          continue using scripted networking, set
+          <xref linkend="opt-networking.useNetworkd" /> to
+          <literal>false</literal>.
         </para>
       </listitem>
     </itemizedlist>

diff --git a/nixos/doc/manual/release-notes/rl-2305.section.md b/nixos/doc/manual/release-notes/rl-2305.section.md
@@ -8,7 +8,7 @@ In addition to numerous new and upgraded packages, this release has the followin
 
 <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
 
-- Create the first release note entry in this section!
+- NixOS now uses [systemd-networkd](#opt-systemd.network.enable) as its default networking backend. With networkd, many network configurations which previously required use of [](#opt-networking.localCommands) can be expressed declaratively. Networkd's connection management is also significantly more reliable than the scripted networking implementation previously in use by default. If you wish to continue using scripted networking, set [](#opt-networking.useNetworkd) to `false`.
 
 ## New Services {#sec-release-23.05-new-services}
 

diff --git a/nixos/modules/installer/tools/nixos-generate-config.pl b/nixos/modules/installer/tools/nixos-generate-config.pl
@@ -596,22 +596,10 @@ sub multiLineList {
 EOF
 
 sub generateNetworkingDhcpConfig {
-    # FIXME disable networking.useDHCP by default when switching to networkd.
     my $config = <<EOF;
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  # Enables DHCP on all ethernet and wireless LAN interfaces.
   networking.useDHCP = lib.mkDefault true;
 EOF
-
-    foreach my $path (glob "/sys/class/net/*") {
-        my $dev = basename($path);
-        if ($dev ne "lo") {
-            $config .= "  # networking.interfaces.$dev.useDHCP = lib.mkDefault true;\n";
-        }
-    }
-
     return $config;
 }
 

diff --git a/nixos/modules/services/system/cloud-init.nix b/nixos/modules/services/system/cloud-init.nix
@@ -121,7 +121,8 @@ in
 
     environment.etc."cloud/cloud.cfg".text = cfg.config;
 
-    systemd.network.enable = cfg.network.enable;
+    # Enable networkd if we're supposed to configure the network, but don't disable it otherwise
+    systemd.network.enable = mkIf cfg.network.enable true;
 
     systemd.services.cloud-init-local =
       { description = "Initial cloud-init job (pre-networking)";

diff --git a/nixos/modules/tasks/network-interfaces-systemd.nix b/nixos/modules/tasks/network-interfaces-systemd.nix
@@ -74,6 +74,7 @@ in
         enable = true;
       }
       (mkIf cfg.useDHCP {
+        wait-online.anyInterface = lib.mkDefault true;
         networks."99-ethernet-default-dhcp" = lib.mkIf cfg.useDHCP {
           # We want to match physical ethernet interfaces as commonly
           # found on laptops, desktops and servers, to provide an

diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix
@@ -1291,12 +1291,14 @@ in
     };
 
     networking.useNetworkd = mkOption {
-      default = false;
+      default = true;
       type = types.bool;
       description = lib.mdDoc ''
-        Whether we should use networkd as the network configuration backend or
-        the legacy script based system. Note that this option is experimental,
-        enable at your own risk.
+        Whether to use systemd-networkd to manage network interface
+        configuration. networkd provides more declarative, versatile
+        and reliable network configuration than the legacy scripted
+        networking setup, but may require config changes when
+        upgrading.
       '';
     };
 

diff --git a/nixos/modules/virtualisation/container-config.nix b/nixos/modules/virtualisation/container-config.nix
@@ -16,7 +16,7 @@ with lib;
     powerManagement.enable = mkDefault false;
     documentation.nixos.enable = mkDefault false;
 
-    networking.useHostResolvConf = mkDefault true;
+    networking.useHostResolvConf = mkDefault (!config.systemd.network.enable);
 
     # Containers should be light-weight, so start sshd on demand.
     services.openssh.startWhenNeeded = mkDefault true;

diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix
@@ -81,8 +81,8 @@ in {
   atd = handleTest ./atd.nix {};
   atop = handleTest ./atop.nix {};
   auth-mysql = handleTest ./auth-mysql.nix {};
-  avahi = handleTest ./avahi.nix {};
-  avahi-with-resolved = handleTest ./avahi.nix { networkd = true; };
+  avahi = handleTest ./avahi.nix { networkd = true; };
+  avahi-with-scripted-networking = handleTest ./avahi.nix { networkd = false; };
   babeld = handleTest ./babeld.nix {};
   bazarr = handleTest ./bazarr.nix {};
   bcachefs = handleTestOn ["x86_64-linux" "aarch64-linux"] ./bcachefs.nix {};

diff --git a/nixos/tests/avahi.nix b/nixos/tests/avahi.nix
@@ -24,11 +24,7 @@ import ./make-test-python.nix {
         publish.workstation = true;
         extraServiceFiles.ssh = "${pkgs.avahi}/etc/avahi/services/ssh.service";
       };
-    } // pkgs.lib.optionalAttrs (networkd) {
-      networking = {
-        useNetworkd = true;
-        useDHCP = false;
-      };
+      networking.useNetworkd = networkd;
     };
   in {
     one = cfg;

diff --git a/nixos/tests/bird.nix b/nixos/tests/bird.nix
@@ -15,7 +15,6 @@ let
     environment.systemPackages = with pkgs; [ jq ];
 
     networking = {
-      useNetworkd = true;
       useDHCP = false;
       firewall.enable = false;
     };

diff --git a/nixos/tests/cjdns.nix b/nixos/tests/cjdns.nix
@@ -7,6 +7,9 @@ let
     { ... }:
     { services.cjdns.enable = true;
 
+      # Occupies port 53 otherwise
+      services.resolved.enable = false;
+
       # Turning off DHCP isn't very realistic but makes
       # the sequence of address assignment less stochastic.
       networking.useDHCP = false;

diff --git a/nixos/tests/dnscrypt-proxy2.nix b/nixos/tests/dnscrypt-proxy2.nix
@@ -24,14 +24,11 @@ in {
           refresh_delay = 72;
         };
       };
-
-      services.dnsmasq.enable = true;
-      services.dnsmasq.servers = [ "127.0.0.1#${toString localProxyPort}" ];
     };
   };
 
   testScript = ''
-    client.wait_for_unit("dnsmasq")
+    client.wait_for_unit("systemd-resolved")
     client.wait_for_unit("dnscrypt-proxy2")
     client.wait_until_succeeds("ss --numeric --udp --listening | grep -q ${toString localProxyPort}")
   '';

diff --git a/nixos/tests/dnsdist.nix b/nixos/tests/dnsdist.nix
@@ -33,6 +33,9 @@ import ./make-test-python.nix (
       };
 
       environment.systemPackages = with pkgs; [ dig ];
+
+      # Occupies port 53 otherwise
+      services.resolved.enable = false;
     };
 
     testScript = ''

diff --git a/nixos/tests/ferm.nix b/nixos/tests/ferm.nix
@@ -11,7 +11,6 @@ import ./make-test-python.nix ({ pkgs, ...} : {
         with pkgs.lib;
         {
           networking = {
-            dhcpcd.enable = false;
             interfaces.eth1.ipv6.addresses = mkOverride 0 [ { address = "fd00::2"; prefixLength = 64; } ];
             interfaces.eth1.ipv4.addresses = mkOverride 0 [ { address = "192.168.1.2"; prefixLength = 24; } ];
           };
@@ -21,9 +20,6 @@ import ./make-test-python.nix ({ pkgs, ...} : {
         with pkgs.lib;
         {
           networking = {
-            dhcpcd.enable = false;
-            useNetworkd = true;
-            useDHCP = false;
             interfaces.eth1.ipv6.addresses = mkOverride 0 [ { address = "fd00::1"; prefixLength = 64; } ];
             interfaces.eth1.ipv4.addresses = mkOverride 0 [ { address = "192.168.1.1"; prefixLength = 24; } ];
           };

diff --git a/nixos/tests/kea.nix b/nixos/tests/kea.nix
@@ -8,7 +8,6 @@ import ./make-test-python.nix ({ pkgs, lib, ...}: {
       virtualisation.vlans = [ 1 ];
 
       networking = {
-        useNetworkd = true;
         useDHCP = false;
         firewall.allowedUDPPorts = [ 67 ];
       };
@@ -58,10 +57,7 @@ import ./make-test-python.nix ({ pkgs, lib, ...}: {
       virtualisation.vlans = [ 1 ];
       systemd.services.systemd-networkd.environment.SYSTEMD_LOG_LEVEL = "debug";
       networking = {
-        useNetworkd = true;
-        useDHCP = false;
         firewall.enable = false;
-        interfaces.eth1.useDHCP = true;
       };
     };
   };

diff --git a/nixos/tests/knot.nix b/nixos/tests/knot.nix
@@ -57,6 +57,10 @@ in {
           { address = "fd00::1"; prefixLength = 64; }
         ];
       };
+
+      # Occupies port 53 otherwise
+      services.resolved.enable = false;
+
       services.knot.enable = true;
       services.knot.extraArgs = [ "-v" ];
       services.knot.keyFiles = [ tsigFile ];

diff --git a/nixos/tests/ncdns.nix b/nixos/tests/ncdns.nix
@@ -58,6 +58,9 @@ in
       identity.address    = "1.0.0.1";
     };
 
+    # Occupies port 53 otherwise
+    services.resolved.enable = false;
+
     services.pdns-recursor.enable = true;
     services.pdns-recursor.resolveNamecoin = true;
 

diff --git a/nixos/tests/owncast.nix b/nixos/tests/owncast.nix
@@ -5,16 +5,12 @@ import ./make-test-python.nix ({ pkgs, ... }: {
   nodes = {
     client = { pkgs, ... }: with pkgs.lib; {
       networking = {
-        dhcpcd.enable = false;
         interfaces.eth1.ipv6.addresses = mkOverride 0 [ { address = "fd00::2"; prefixLength = 64; } ];
         interfaces.eth1.ipv4.addresses = mkOverride 0 [ { address = "192.168.1.2"; prefixLength = 24; } ];
       };
     };
     server = { pkgs, ... }: with pkgs.lib; {
       networking = {
-        dhcpcd.enable = false;
-        useNetworkd = true;
-        useDHCP = false;
         interfaces.eth1.ipv6.addresses = mkOverride 0 [ { address = "fd00::1"; prefixLength = 64; } ];
         interfaces.eth1.ipv4.addresses = mkOverride 0 [ { address = "192.168.1.1"; prefixLength = 24; } ];
 

diff --git a/nixos/tests/pdns-recursor.nix b/nixos/tests/pdns-recursor.nix
@@ -5,6 +5,9 @@ import ./make-test-python.nix ({ pkgs, ... }: {
     services.pdns-recursor.enable = true;
     services.pdns-recursor.exportHosts= true;
     networking.hosts."192.0.2.1" = [ "example.com" ];
+
+    # Occupies port 53 otherwise
+    services.resolved.enable = false;
   };
 
   testScript = ''

diff --git a/nixos/tests/powerdns-admin.nix b/nixos/tests/powerdns-admin.nix
@@ -25,6 +25,8 @@ let
           secretKeyFile = "/etc/powerdns-admin/secret";
           saltFile = "/etc/powerdns-admin/salt";
         };
+        # Occupies port 53 otherwise
+        services.resolved.enable = false;
         # It's insecure to have secrets in the world-readable nix store, but this is just a test
         environment.etc."powerdns-admin/secret".text = "secret key";
         environment.etc."powerdns-admin/salt".text = "salt";

diff --git a/nixos/tests/powerdns.nix b/nixos/tests/powerdns.nix
@@ -13,6 +13,9 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: {
       zone-cache-refresh-interval=0
     '';
 
+    # Occupies port 53 otherwise
+    services.resolved.enable = false;
+
     services.mysql = {
       enable = true;
       package = pkgs.mariadb;

diff --git a/nixos/tests/systemd-bpf.nix b/nixos/tests/systemd-bpf.nix
@@ -7,7 +7,6 @@ import ./make-test-python.nix ({ lib, ... }: {
     node1 = {
       virtualisation.vlans = [ 1 ];
       networking = {
-        useNetworkd = true;
         useDHCP = false;
         firewall.enable = false;
         interfaces.eth1.ipv4.addresses = [
@@ -19,7 +18,6 @@ import ./make-test-python.nix ({ lib, ... }: {
     node2 = {
       virtualisation.vlans = [ 1 ];
       networking = {
-        useNetworkd = true;
         useDHCP = false;
         firewall.enable = false;
         interfaces.eth1.ipv4.addresses = [

diff --git a/nixos/tests/systemd-machinectl.nix b/nixos/tests/systemd-machinectl.nix
@@ -7,10 +7,6 @@ import ./make-test-python.nix ({ pkgs, ... }:
       # ... and revert unwanted defaults
       networking.useHostResolvConf = false;
 
-      # use networkd to obtain systemd network setup
-      networking.useNetworkd = true;
-      networking.useDHCP = false;
-
       # systemd-nspawn expects /sbin/init
       boot.loader.initScript.enable = true;
 
@@ -30,10 +26,6 @@ import ./make-test-python.nix ({ pkgs, ... }:
     name = "systemd-machinectl";
 
     nodes.machine = { lib, ... }: {
-      # use networkd to obtain systemd network setup
-      networking.useNetworkd = true;
-      networking.useDHCP = false;
-
       # do not try to access cache.nixos.org
       nix.settings.substituters = lib.mkForce [ ];
 

diff --git a/nixos/tests/systemd-networkd-dhcpserver-static-leases.nix b/nixos/tests/systemd-networkd-dhcpserver-static-leases.nix
@@ -10,7 +10,6 @@ import ./make-test-python.nix ({ lib, ... }: {
       virtualisation.vlans = [ 1 ];
       systemd.services.systemd-networkd.environment.SYSTEMD_LOG_LEVEL = "debug";
       networking = {
-        useNetworkd = true;
         useDHCP = false;
         firewall.enable = false;
       };
@@ -42,11 +41,8 @@ import ./make-test-python.nix ({ lib, ... }: {
       virtualisation.vlans = [ 1 ];
       systemd.services.systemd-networkd.environment.SYSTEMD_LOG_LEVEL = "debug";
       networking = {
-        useNetworkd = true;
-        useDHCP = false;
         firewall.enable = false;
         interfaces.eth1 = {
-          useDHCP = true;
           macAddress = "02:de:ad:be:ef:01";
         };
       };

diff --git a/nixos/tests/systemd-networkd-dhcpserver.nix b/nixos/tests/systemd-networkd-dhcpserver.nix
@@ -11,7 +11,6 @@ import ./make-test-python.nix ({pkgs, ...}: {
       virtualisation.vlans = [ 1 ];
       systemd.services.systemd-networkd.environment.SYSTEMD_LOG_LEVEL = "debug";
       networking = {
-        useNetworkd = true;
         useDHCP = false;
         firewall.enable = false;
       };
@@ -41,10 +40,7 @@ import ./make-test-python.nix ({pkgs, ...}: {
       virtualisation.vlans = [ 1 ];
       systemd.services.systemd-networkd.environment.SYSTEMD_LOG_LEVEL = "debug";
       networking = {
-        useNetworkd = true;
-        useDHCP = false;
         firewall.enable = false;
-        interfaces.eth1.useDHCP = true;
       };
     };
   };

diff --git a/nixos/tests/systemd-networkd-ipv6-prefix-delegation.nix b/nixos/tests/systemd-networkd-ipv6-prefix-delegation.nix
@@ -167,7 +167,6 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: {
       };
 
       networking = {
-        useNetworkd = true;
         useDHCP = false;
         # Consider enabling this in production and generating firewall rules
         # for fowarding/input from the configured interfaces so you do not have
@@ -274,10 +273,6 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: {
     client = {
       virtualisation.vlans = [ 2 ];
       systemd.services.systemd-networkd.environment.SYSTEMD_LOG_LEVEL = "debug";
-      networking = {
-        useNetworkd = true;
-        useDHCP = false;
-      };
 
       # make the network-online target a requirement, we wait for it in our test script
       systemd.targets.network-online.wantedBy = [ "multi-user.target" ];