Merge pull request #23409 from florianjacob/avahi-point-to-point-interfaces

avahi-daemon service: Add option to enable point-to-point interfaces.

1 files changed, 10 insertions, 0 deletions

diff --git a/nixos/modules/services/networking/avahi-daemon.nix b/nixos/modules/services/networking/avahi-daemon.nix
index 6a786e75bbc8..e7ef68c90b2a 100644
--- a/nixos/modules/services/networking/avahi-daemon.nix
+++ b/nixos/modules/services/networking/avahi-daemon.nix
@@ -21,6 +21,7 @@ let
     use-ipv6=${if ipv6 then "yes" else "no"}
     ${optionalString (interfaces!=null) "allow-interfaces=${concatStringsSep "," interfaces}"}
     ${optionalString (domainName!=null) "domain-name=${domainName}"}
+    allow-point-to-point=${if allowPointToPoint then "yes" else "no"}
 
     [wide-area]
     enable-wide-area=${if wideArea then "yes" else "no"}
@@ -98,6 +99,15 @@ in
         '';
       };
 
+      allowPointToPoint = mkOption {
+        default = false;
+        description= ''
+          Whether to use POINTTOPOINT interfaces. Might make mDNS unreliable due to usually large
+          latencies with such links and opens a potential security hole by allowing mDNS access from Internet
+          connections. Use with care and YMMV!
+        '';
+      };
+
       wideArea = mkOption {
         default = true;
         description = ''Whether to enable wide-area service discovery.'';