diff options
Diffstat (limited to 'nixos/modules/services/networking/networkmanager.nix')
| -rw-r--r-- | nixos/modules/services/networking/networkmanager.nix | 159 |
1 files changed, 73 insertions, 86 deletions
diff --git a/nixos/modules/services/networking/networkmanager.nix b/nixos/modules/services/networking/networkmanager.nix index f1ba7dd4e4f2..551636a33d25 100644 --- a/nixos/modules/services/networking/networkmanager.nix +++ b/nixos/modules/services/networking/networkmanager.nix @@ -1,6 +1,5 @@ { config, lib, pkgs, ... }: -with pkgs; with lib; let @@ -12,11 +11,13 @@ let # /var/lib/misc is for dnsmasq.leases. stateDirs = "/var/lib/NetworkManager /var/lib/dhclient /var/lib/misc"; - configFile = writeText "NetworkManager.conf" '' + configFile = pkgs.writeText "NetworkManager.conf" '' [main] plugins=keyfile dhcp=${cfg.dhcp} dns=${cfg.dns} + # If resolvconf is disabled that means that resolv.conf is managed by some other module. + rc-manager=${if config.networking.resolvconf.enable then "resolvconf" else "unmanaged"} [keyfile] ${optionalString (cfg.unmanaged != []) @@ -64,19 +65,19 @@ let }); ''; - ns = xs: writeText "nameservers" ( + ns = xs: pkgs.writeText "nameservers" ( concatStrings (map (s: "nameserver ${s}\n") xs) ); - overrideNameserversScript = writeScript "02overridedns" '' + overrideNameserversScript = pkgs.writeScript "02overridedns" '' #!/bin/sh - tmp=`${coreutils}/bin/mktemp` - ${gnused}/bin/sed '/nameserver /d' /etc/resolv.conf > $tmp - ${gnugrep}/bin/grep 'nameserver ' /etc/resolv.conf | \ - ${gnugrep}/bin/grep -vf ${ns (cfg.appendNameservers ++ cfg.insertNameservers)} > $tmp.ns - ${optionalString (cfg.appendNameservers != []) "${coreutils}/bin/cat $tmp $tmp.ns ${ns cfg.appendNameservers} > /etc/resolv.conf"} - ${optionalString (cfg.insertNameservers != []) "${coreutils}/bin/cat $tmp ${ns cfg.insertNameservers} $tmp.ns > /etc/resolv.conf"} - ${coreutils}/bin/rm -f $tmp $tmp.ns + PATH=${with pkgs; makeBinPath [ gnused gnugrep coreutils ]} + tmp=$(mktemp) + sed '/nameserver /d' /etc/resolv.conf > $tmp + grep 'nameserver ' /etc/resolv.conf | \ + grep -vf ${ns (cfg.appendNameservers ++ cfg.insertNameservers)} > $tmp.ns + cat $tmp ${ns cfg.insertNameservers} $tmp.ns ${ns cfg.appendNameservers} > /etc/resolv.conf + rm -f $tmp $tmp.ns ''; dispatcherTypesSubdirMap = { @@ -90,11 +91,29 @@ let default = "preserve"; example = "00:11:22:33:44:55"; description = '' - "XX:XX:XX:XX:XX:XX": MAC address of the interface. - <literal>permanent</literal>: use the permanent MAC address of the device. - <literal>preserve</literal>: don’t change the MAC address of the device upon activation. - <literal>random</literal>: generate a randomized value upon each connect. - <literal>stable</literal>: generate a stable, hashed MAC address. + Set the MAC address of the interface. + <variablelist> + <varlistentry> + <term>"XX:XX:XX:XX:XX:XX"</term> + <listitem><para>MAC address of the interface</para></listitem> + </varlistentry> + <varlistentry> + <term><literal>"permanent"</literal></term> + <listitem><para>Use the permanent MAC address of the device</para></listitem> + </varlistentry> + <varlistentry> + <term><literal>"preserve"</literal></term> + <listitem><para>Don’t change the MAC address of the device upon activation</para></listitem> + </varlistentry> + <varlistentry> + <term><literal>"random"</literal></term> + <listitem><para>Generate a randomized value upon each connect</para></listitem> + </varlistentry> + <varlistentry> + <term><literal>"stable"</literal></term> + <listitem><para>Generate a stable, hashed MAC address</para></listitem> + </varlistentry> + </variablelist> ''; }; @@ -123,6 +142,16 @@ in { default = ""; description = '' Configuration appended to the generated NetworkManager.conf. + Refer to + <link xlink:href="https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html"> + https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html + </link> + or + <citerefentry> + <refentrytitle>NetworkManager.conf</refentrytitle> + <manvolnum>5</manvolnum> + </citerefentry> + for more information. ''; }; @@ -131,15 +160,24 @@ in { default = []; description = '' List of interfaces that will not be managed by NetworkManager. - Interface name can be specified here, but if you need more fidelity - see "Device List Format" in NetworkManager.conf man page. + Interface name can be specified here, but if you need more fidelity, + refer to + <link xlink:href="https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html#device-spec"> + https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html#device-spec + </link> + or the "Device List Format" Appendix of + <citerefentry> + <refentrytitle>NetworkManager.conf</refentrytitle> + <manvolnum>5</manvolnum> + </citerefentry>. ''; }; # Ugly hack for using the correct gnome3 packageSet basePackages = mkOption { type = types.attrsOf types.package; - default = { inherit networkmanager modemmanager wpa_supplicant + default = { inherit (pkgs) + networkmanager modemmanager wpa_supplicant crda networkmanager-openvpn networkmanager-vpnc networkmanager-openconnect networkmanager-fortisslvpn networkmanager-l2tp networkmanager-iodine; }; @@ -219,67 +257,15 @@ in { Set the DNS (<literal>resolv.conf</literal>) processing mode. </para> <para> - Options: - <variablelist> - <varlistentry> - <term><literal>"default"</literal></term> - <listitem><para> - NetworkManager will update <literal>/etc/resolv.conf</literal> to - reflect the nameservers provided by currently active connections. - </para></listitem> - </varlistentry> - <varlistentry> - <term><literal>"dnsmasq"</literal></term> - <listitem> - <para> - Enable NetworkManager's dnsmasq integration. NetworkManager will - run dnsmasq as a local caching nameserver, using a "split DNS" - configuration if you are connected to a VPN, and then update - <literal>resolv.conf</literal> to point to the local nameserver. - </para> - <para> - It is possible to pass custom options to the dnsmasq instance by - adding them to files in the - <literal>/etc/NetworkManager/dnsmasq.d/</literal> directory. - </para> - <para> - When multiple upstream servers are available, dnsmasq will - initially contact them in parallel and then use the fastest to - respond, probing again other servers after some time. This - behavior can be modified passing the - <literal>all-servers</literal> or <literal>strict-order</literal> - options to dnsmasq (see the manual page for more details). - </para> - <para> - Note that this option causes NetworkManager to launch and manage - its own instance of the dnsmasq daemon, which is - <emphasis>not</emphasis> the same as setting - <literal>services.dnsmasq.enable = true;</literal>. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term><literal>"unbound"</literal></term> - <listitem><para> - NetworkManager will talk to unbound and dnssec-triggerd, - providing a "split DNS" configuration with DNSSEC support. - <literal>/etc/resolv.conf</literal> will be managed by - dnssec-trigger daemon. - </para></listitem> - </varlistentry> - <varlistentry> - <term><literal>"systemd-resolved"</literal></term> - <listitem><para> - NetworkManager will push the DNS configuration to systemd-resolved. - </para></listitem> - </varlistentry> - <varlistentry> - <term><literal>"none"</literal></term> - <listitem><para> - NetworkManager will not modify resolv.conf. - </para></listitem> - </varlistentry> - </variablelist> + A description of these modes can be found in the main section of + <link xlink:href="https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html"> + https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html + </link> + or in + <citerefentry> + <refentrytitle>NetworkManager.conf</refentrytitle> + <manvolnum>5</manvolnum> + </citerefentry>. ''; }; @@ -421,13 +407,10 @@ in { { source = "${networkmanager-l2tp}/lib/NetworkManager/VPN/nm-l2tp-service.name"; target = "NetworkManager/VPN/nm-l2tp-service.name"; } - { source = "${networkmanager_strongswan}/lib/NetworkManager/VPN/nm-strongswan-service.name"; - target = "NetworkManager/VPN/nm-strongswan-service.name"; - } { source = "${networkmanager-iodine}/lib/NetworkManager/VPN/nm-iodine-service.name"; target = "NetworkManager/VPN/nm-iodine-service.name"; } - ] ++ optional (cfg.appendNameservers == [] || cfg.insertNameservers == []) + ] ++ optional (cfg.appendNameservers != [] || cfg.insertNameservers != []) { source = overrideNameserversScript; target = "NetworkManager/dispatcher.d/02overridedns"; } @@ -436,11 +419,15 @@ in { target = "NetworkManager/dispatcher.d/${dispatcherTypesSubdirMap.${s.type}}03userscript${lib.fixedWidthNumber 4 i}"; mode = "0544"; }) cfg.dispatcherScripts - ++ optional (dynamicHostsEnabled) + ++ optional dynamicHostsEnabled { target = "NetworkManager/dnsmasq.d/dyndns.conf"; text = concatMapStrings (n: '' hostsdir=/run/NetworkManager/hostsdirs/${n} '') (attrNames cfg.dynamicHosts.hostsDirs); + } + ++ optional cfg.enableStrongSwan + { source = "${pkgs.networkmanager_strongswan}/lib/NetworkManager/VPN/nm-strongswan-service.name"; + target = "NetworkManager/VPN/nm-strongswan-service.name"; }; environment.systemPackages = cfg.packages; @@ -508,7 +495,7 @@ in { networking = { useDHCP = false; # use mkDefault to trigger the assertion about the conflict above - wireless.enable = lib.mkDefault false; + wireless.enable = mkDefault false; }; security.polkit.extraConfig = polkitConf; |