diff options
Diffstat (limited to 'nixos/modules/services/networking')
| -rw-r--r-- | nixos/modules/services/networking/nebula.nix | 34 | ||||
| -rw-r--r-- | nixos/modules/services/networking/networkmanager.nix | 1 |
2 files changed, 30 insertions, 5 deletions
diff --git a/nixos/modules/services/networking/nebula.nix b/nixos/modules/services/networking/nebula.nix index e13876172dac..2f9e41ae9c80 100644 --- a/nixos/modules/services/networking/nebula.nix +++ b/nixos/modules/services/networking/nebula.nix @@ -10,6 +10,15 @@ let format = pkgs.formats.yaml {}; nameToId = netName: "nebula-${netName}"; + + resolveFinalPort = netCfg: + if netCfg.listen.port == null then + if (netCfg.isLighthouse || netCfg.isRelay) then + 4242 + else + 0 + else + netCfg.listen.port; in { # Interface @@ -95,8 +104,15 @@ in }; listen.port = mkOption { - type = types.port; - default = 4242; + type = types.nullOr types.port; + default = null; + defaultText = lib.literalExpression '' + if (config.services.nebula.networks.''${name}.isLighthouse || + config.services.nebula.networks.''${name}.isRelay) then + 4242 + else + 0; + ''; description = lib.mdDoc "Port number to listen on."; }; @@ -174,7 +190,7 @@ in }; listen = { host = netCfg.listen.host; - port = netCfg.listen.port; + port = resolveFinalPort netCfg; }; tun = { disabled = netCfg.tun.disable; @@ -185,7 +201,15 @@ in outbound = netCfg.firewall.outbound; }; } netCfg.settings; - configFile = format.generate "nebula-config-${netName}.yml" settings; + configFile = format.generate "nebula-config-${netName}.yml" ( + warnIf + ((settings.lighthouse.am_lighthouse || settings.relay.am_relay) && settings.listen.port == 0) + '' + Nebula network '${netName}' is configured as a lighthouse or relay, and its port is ${builtins.toString settings.listen.port}. + You will likely experience connectivity issues: https://nebula.defined.net/docs/config/listen/#listenport + '' + settings + ); in { # Create the systemd service for Nebula. @@ -229,7 +253,7 @@ in # Open the chosen ports for UDP. networking.firewall.allowedUDPPorts = - unique (mapAttrsToList (netName: netCfg: netCfg.listen.port) enabledNetworks); + unique (filter (port: port > 0) (mapAttrsToList (netName: netCfg: resolveFinalPort netCfg) enabledNetworks)); # Create the service users and groups. users.users = mkMerge (mapAttrsToList (netName: netCfg: diff --git a/nixos/modules/services/networking/networkmanager.nix b/nixos/modules/services/networking/networkmanager.nix index c96439cf2641..dcde505b7f2a 100644 --- a/nixos/modules/services/networking/networkmanager.nix +++ b/nixos/modules/services/networking/networkmanager.nix @@ -436,6 +436,7 @@ in And if you edit a declarative profile NetworkManager will move it to the persistent storage and treat it like a ad-hoc one, but there will be two profiles as soon as the systemd unit from this option runs again which can be confusing since NetworkManager tools will start displaying two profiles with the same name and probably a bit different settings depending on what you edited. A profile won't be deleted even if it's removed from the config until the system reboots because that's when NetworkManager clears it's temp directory. + If `networking.resolvconf.enable` is true, attributes affecting the name resolution (such as `ignore-auto-dns`) may not end up changing `/etc/resolv.conf` as expected when other name services (for example `networking.dhcpcd`) are enabled. Run `resolvconf -l` in the terminal to see what each service produces. ''; }; environmentFiles = mkOption { |