diff options
| author | Sandro <sandro.jaeckel@gmail.com> | 2023-03-17 17:11:49 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-03-17 17:11:49 +0100 |
| commit | 7ec767ff542e006dc0f882c81157c0d9298603e3 (patch) | |
| tree | b0b0ba062ba62bce9632dab756cb656c4364df50 /nixos | |
| parent | a585ce724c0b459130d098d95bd9ca64bc3dce4d (diff) | |
| parent | ea0dc2c5eb7c462a657e336763b1754efe1e5661 (diff) | |
| download | nixlib-7ec767ff542e006dc0f882c81157c0d9298603e3.tar nixlib-7ec767ff542e006dc0f882c81157c0d9298603e3.tar.gz nixlib-7ec767ff542e006dc0f882c81157c0d9298603e3.tar.bz2 nixlib-7ec767ff542e006dc0f882c81157c0d9298603e3.tar.lz nixlib-7ec767ff542e006dc0f882c81157c0d9298603e3.tar.xz nixlib-7ec767ff542e006dc0f882c81157c0d9298603e3.tar.zst nixlib-7ec767ff542e006dc0f882c81157c0d9298603e3.zip | |
Merge pull request #173697 from jmbaur/avahi-daemon-deny-interfaces
nixos/avahi: add denyInterfaces option
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/services/networking/avahi-daemon.nix | 36 |
1 files changed, 27 insertions, 9 deletions
diff --git a/nixos/modules/services/networking/avahi-daemon.nix b/nixos/modules/services/networking/avahi-daemon.nix index 103f73fdaa68..3a7519c7230b 100644 --- a/nixos/modules/services/networking/avahi-daemon.nix +++ b/nixos/modules/services/networking/avahi-daemon.nix @@ -5,7 +5,7 @@ with lib; let cfg = config.services.avahi; - yesNo = yes : if yes then "yes" else "no"; + yesNo = yes: if yes then "yes" else "no"; avahiDaemonConf = with cfg; pkgs.writeText "avahi-daemon.conf" '' [server] @@ -17,7 +17,8 @@ let browse-domains=${concatStringsSep ", " browseDomains} use-ipv4=${yesNo ipv4} use-ipv6=${yesNo ipv6} - ${optionalString (interfaces!=null) "allow-interfaces=${concatStringsSep "," interfaces}"} + ${optionalString (allowInterfaces!=null) "allow-interfaces=${concatStringsSep "," allowInterfaces}"} + ${optionalString (denyInterfaces!=null) "deny-interfaces=${concatStringsSep "," denyInterfaces}"} ${optionalString (domainName!=null) "domain-name=${domainName}"} allow-point-to-point=${yesNo allowPointToPoint} ${optionalString (cacheEntriesMax!=null) "cache-entries-max=${toString cacheEntriesMax}"} @@ -39,6 +40,10 @@ let ''; in { + imports = [ + (lib.mkRenamedOptionModule [ "services" "avahi" "interfaces" ] [ "services" "avahi" "allowInterfaces" ]) + ]; + options.services.avahi = { enable = mkOption { type = types.bool; @@ -91,7 +96,7 @@ in description = lib.mdDoc "Whether to use IPv6."; }; - interfaces = mkOption { + allowInterfaces = mkOption { type = types.nullOr (types.listOf types.str); default = null; description = lib.mdDoc '' @@ -101,6 +106,17 @@ in ''; }; + denyInterfaces = mkOption { + type = types.nullOr (types.listOf types.str); + default = null; + description = lib.mdDoc '' + List of network interfaces that should be ignored by the + {command}`avahi-daemon`. Other unspecified interfaces will be used, + unless {option}`allowInterfaces` is set. This option takes precedence + over {option}`allowInterfaces`. + ''; + }; + openFirewall = mkOption { type = types.bool; default = true; @@ -134,7 +150,7 @@ in extraServiceFiles = mkOption { type = with types; attrsOf (either str path); - default = {}; + default = { }; example = literalExpression '' { ssh = "''${pkgs.avahi}/etc/avahi/services/ssh.service"; @@ -236,7 +252,7 @@ in isSystemUser = true; }; - users.groups.avahi = {}; + users.groups.avahi = { }; system.nssModules = optional cfg.nssmdns pkgs.nssmdns; system.nssDatabases.hosts = optionals cfg.nssmdns (mkMerge [ @@ -246,10 +262,12 @@ in environment.systemPackages = [ pkgs.avahi ]; - environment.etc = (mapAttrs' (n: v: nameValuePair - "avahi/services/${n}.service" - { ${if types.path.check v then "source" else "text"} = v; } - ) cfg.extraServiceFiles); + environment.etc = (mapAttrs' + (n: v: nameValuePair + "avahi/services/${n}.service" + { ${if types.path.check v then "source" else "text"} = v; } + ) + cfg.extraServiceFiles); systemd.sockets.avahi-daemon = { description = "Avahi mDNS/DNS-SD Stack Activation Socket"; |