From 19ac01efef6fa17f77b4510c1f14af316a13f40c Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 10 Mar 2025 11:20:29 +0100
Subject: [PATCH] network: also manage namespace tap links

---
 network/80-namespace-ns-tun.link    | 19 +++++++++++++++++
 network/80-namespace-ns-tun.network | 32 +++++++++++++++++++++++++++++
 2 files changed, 51 insertions(+)
 create mode 100644 network/80-namespace-ns-tun.link
 create mode 100644 network/80-namespace-ns-tun.network

diff --git a/network/80-namespace-ns-tun.link b/network/80-namespace-ns-tun.link
new file mode 100644
index 00000000000..6eb37edb4b5
--- /dev/null
+++ b/network/80-namespace-ns-tun.link
@@ -0,0 +1,19 @@
+# SPDX-License-Identifier: MIT-0
+#
+# This config file is installed as part of systemd.
+# It may be freely copied and edited (following the MIT No Attribution license).
+#
+# To make local modifications, use "networkctl edit". See networkctl(1) for details.
+# This file should not be edited in place, because it'll be overwritten on upgrades.
+
+# This link file matches the host-side of the Ethernet Tap device created by
+# systemd-nsresourced's network support. See systemd-nsresourced(1) for
+# details.
+
+[Match]
+Kind=tun
+OriginalName=ns-*
+
+[Link]
+NamePolicy=keep
+Property=ID_NET_MANAGED_BY=io.systemd.Network
diff --git a/network/80-namespace-ns-tun.network b/network/80-namespace-ns-tun.network
new file mode 100644
index 00000000000..fe084838a9b
--- /dev/null
+++ b/network/80-namespace-ns-tun.network
@@ -0,0 +1,32 @@
+# SPDX-License-Identifier: MIT-0
+#
+# This config file is installed as part of systemd.
+# It may be freely copied and edited (following the MIT No Attribution license).
+#
+# To make local modifications, use "networkctl edit". See networkctl(1) for details.
+# This file should not be edited in place, because it'll be overwritten on upgrades.
+
+# This network file matches the host-side of the Ethernet Tap device created by
+# systemd-nsresourced's network support. See systemd-nsresourced(1) for
+# details.
+
+[Match]
+Kind=tun
+Name=ns-*
+
+[Link]
+RequiredForOnline=no
+
+[Network]
+# Default to using a /28 prefix, giving up to 13 addresses per namespace
+Address=0.0.0.0/28
+LinkLocalAddressing=yes
+DHCPServer=yes
+IPMasquerade=both
+LLDP=yes
+EmitLLDP=customer-bridge
+IPv6AcceptRA=no
+IPv6SendRA=yes
+
+[DHCPServer]
+PersistLeases=no
-- 
2.47.3