diff options
author | Nikolay Amiantov <ab@fmap.me> | 2019-07-15 20:18:49 +0300 |
---|---|---|
committer | Nikolay Amiantov <ab@fmap.me> | 2019-07-15 20:25:39 +0300 |
commit | 01b90dce78ee3906def0fc8d800217a3f9f40aa7 (patch) | |
tree | e4641a57c7dea1639d817fc97f4d22918dbd4ba5 /nixos/modules/services | |
parent | 267c8d6b2fea05bc811c8e2c2f4529b1436eeb9a (diff) | |
download | nixlib-01b90dce78ee3906def0fc8d800217a3f9f40aa7.tar nixlib-01b90dce78ee3906def0fc8d800217a3f9f40aa7.tar.gz nixlib-01b90dce78ee3906def0fc8d800217a3f9f40aa7.tar.bz2 nixlib-01b90dce78ee3906def0fc8d800217a3f9f40aa7.tar.lz nixlib-01b90dce78ee3906def0fc8d800217a3f9f40aa7.tar.xz nixlib-01b90dce78ee3906def0fc8d800217a3f9f40aa7.tar.zst nixlib-01b90dce78ee3906def0fc8d800217a3f9f40aa7.zip |
resolvconf service: init
This is a refactor of how resolvconf is managed on NixOS. We split it into a separate service which is enabled internally depending on whether we want /etc/resolv.conf to be managed by it. Various services now take advantage of those configuration options. We also now use systemd instead of activation scripts to update resolv.conf. NetworkManager now uses the right option for rc-manager DNS automatically, so the configuration option shouldn't be exposed.
Diffstat (limited to 'nixos/modules/services')
-rw-r--r-- | nixos/modules/services/networking/bind.nix | 4 | ||||
-rw-r--r-- | nixos/modules/services/networking/dnsmasq.nix | 11 | ||||
-rw-r--r-- | nixos/modules/services/networking/networkmanager.nix | 24 | ||||
-rw-r--r-- | nixos/modules/services/networking/rdnssd.nix | 5 | ||||
-rw-r--r-- | nixos/modules/services/networking/unbound.nix | 2 |
5 files changed, 23 insertions, 23 deletions
diff --git a/nixos/modules/services/networking/bind.nix b/nixos/modules/services/networking/bind.nix index 7f89cff22329..2097b9a31639 100644 --- a/nixos/modules/services/networking/bind.nix +++ b/nixos/modules/services/networking/bind.nix @@ -168,7 +168,9 @@ in ###### implementation - config = mkIf config.services.bind.enable { + config = mkIf cfg.enable { + + networking.resolvconf.useLocalResolver = mkDefault true; users.users = singleton { name = bindUser; diff --git a/nixos/modules/services/networking/dnsmasq.nix b/nixos/modules/services/networking/dnsmasq.nix index 24d16046c63e..714a5903bff1 100644 --- a/nixos/modules/services/networking/dnsmasq.nix +++ b/nixos/modules/services/networking/dnsmasq.nix @@ -79,7 +79,7 @@ in ###### implementation - config = mkIf config.services.dnsmasq.enable { + config = mkIf cfg.enable { networking.nameservers = optional cfg.resolveLocalQueries "127.0.0.1"; @@ -92,6 +92,15 @@ in description = "Dnsmasq daemon user"; }; + networking.resolvconf = mkIf cfg.resolveLocalQueries { + useLocalResolver = mkDefault true; + + extraConfig = '' + dnsmasq_conf=/etc/dnsmasq-conf.conf + dnsmasq_resolv=/etc/dnsmasq-resolv.conf + ''; + }; + systemd.services.dnsmasq = { description = "Dnsmasq Daemon"; after = [ "network.target" "systemd-resolved.service" ]; diff --git a/nixos/modules/services/networking/networkmanager.nix b/nixos/modules/services/networking/networkmanager.nix index f1f8c9722e02..49d46456c044 100644 --- a/nixos/modules/services/networking/networkmanager.nix +++ b/nixos/modules/services/networking/networkmanager.nix @@ -17,7 +17,8 @@ let plugins=keyfile dhcp=${cfg.dhcp} dns=${cfg.dns} - rc-manager=${cfg.rc-manager} + # If resolvconf is disabled that means that resolv.conf is managed by some other module. + rc-manager=${if config.networking.resolvconf.enable then "resolvconf" else "unmanaged"} [keyfile] ${optionalString (cfg.unmanaged != []) @@ -268,25 +269,6 @@ in { ''; }; - rc-manager = mkOption { - type = types.enum [ "symlink" "file" "resolvconf" "netconfig" "unmanaged" "none" ]; - default = "resolvconf"; - description = '' - Set the <literal>resolv.conf</literal> management mode. - </para> - <para> - A description of these modes can be found in the main section of - <link xlink:href="https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html"> - https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html - </link> - or in - <citerefentry> - <refentrytitle>NetworkManager.conf</refentrytitle> - <manvolnum>5</manvolnum> - </citerefentry>. - ''; - }; - dispatcherScripts = mkOption { type = types.listOf (types.submodule { options = { @@ -512,7 +494,7 @@ in { networking = { useDHCP = false; # use mkDefault to trigger the assertion about the conflict above - wireless.enable = lib.mkDefault false; + wireless.enable = mkDefault false; }; security.polkit.extraConfig = polkitConf; diff --git a/nixos/modules/services/networking/rdnssd.nix b/nixos/modules/services/networking/rdnssd.nix index 887772f6e5f0..bccab805beeb 100644 --- a/nixos/modules/services/networking/rdnssd.nix +++ b/nixos/modules/services/networking/rdnssd.nix @@ -35,6 +35,11 @@ in config = mkIf config.services.rdnssd.enable { + assertions = [{ + assertion = config.networking.resolvconf.enable; + message = "rdnssd needs resolvconf to work (probably something sets up a static resolv.conf)"; + }]; + systemd.services.rdnssd = { description = "RDNSS daemon"; after = [ "network.target" ]; diff --git a/nixos/modules/services/networking/unbound.nix b/nixos/modules/services/networking/unbound.nix index 1a35979ad44c..3cf82e8839bb 100644 --- a/nixos/modules/services/networking/unbound.nix +++ b/nixos/modules/services/networking/unbound.nix @@ -101,6 +101,8 @@ in isSystemUser = true; }; + networking.resolvconf.useLocalResolver = mkDefault true; + systemd.services.unbound = { description = "Unbound recursive Domain Name Server"; after = [ "network.target" ]; |