diff options
Diffstat (limited to 'nixpkgs/nixos/modules/services/networking/networkmanager.nix')
-rw-r--r-- | nixpkgs/nixos/modules/services/networking/networkmanager.nix | 196 |
1 files changed, 93 insertions, 103 deletions
diff --git a/nixpkgs/nixos/modules/services/networking/networkmanager.nix b/nixpkgs/nixos/modules/services/networking/networkmanager.nix index 7a9d9e5428a7..d5d562e7ba5f 100644 --- a/nixpkgs/nixos/modules/services/networking/networkmanager.nix +++ b/nixpkgs/nixos/modules/services/networking/networkmanager.nix @@ -5,18 +5,6 @@ with lib; let cfg = config.networking.networkmanager; - basePackages = with pkgs; [ - modemmanager - networkmanager - networkmanager-fortisslvpn - networkmanager-iodine - networkmanager-l2tp - networkmanager-openconnect - networkmanager-openvpn - networkmanager-vpnc - networkmanager-sstp - ] ++ optional (!delegateWireless && !enableIwd) wpa_supplicant; - delegateWireless = config.networking.wireless.enable == true && cfg.unmanaged != []; enableIwd = cfg.wifi.backend == "iwd"; @@ -145,6 +133,15 @@ let ''; }; + packages = [ + pkgs.modemmanager + pkgs.networkmanager + ] + ++ cfg.plugins + ++ lib.optionals (!delegateWireless && !enableIwd) [ + pkgs.wpa_supplicant + ]; + in { meta = { @@ -160,10 +157,10 @@ in { enable = mkOption { type = types.bool; default = false; - description = '' + description = lib.mdDoc '' Whether to use NetworkManager to obtain an IP address and other configuration for all network interfaces that are not manually - configured. If enabled, a group <literal>networkmanager</literal> + configured. If enabled, a group `networkmanager` will be created. Add all users that should have permission to change network settings to this group. ''; @@ -176,17 +173,14 @@ in { str ])); default = {}; - description = '' + description = lib.mdDoc '' Configuration for the [connection] section of NetworkManager.conf. Refer to - <link xlink:href="https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html"> + [ https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html#id-1.2.3.11 - </link> + ](https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html) or - <citerefentry> - <refentrytitle>NetworkManager.conf</refentrytitle> - <manvolnum>5</manvolnum> - </citerefentry> + {manpage}`NetworkManager.conf(5)` for more information. ''; }; @@ -194,17 +188,14 @@ in { extraConfig = mkOption { type = types.lines; default = ""; - description = '' + description = lib.mdDoc '' Configuration appended to the generated NetworkManager.conf. Refer to - <link xlink:href="https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html"> + [ https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html - </link> + ](https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html) or - <citerefentry> - <refentrytitle>NetworkManager.conf</refentrytitle> - <manvolnum>5</manvolnum> - </citerefentry> + {manpage}`NetworkManager.conf(5)` for more information. ''; }; @@ -212,34 +203,47 @@ in { unmanaged = mkOption { type = types.listOf types.str; default = []; - description = '' + description = lib.mdDoc '' List of interfaces that will not be managed by NetworkManager. Interface name can be specified here, but if you need more fidelity, refer to - <link xlink:href="https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html#device-spec"> + [ https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html#device-spec - </link> + ](https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html#device-spec) or the "Device List Format" Appendix of - <citerefentry> - <refentrytitle>NetworkManager.conf</refentrytitle> - <manvolnum>5</manvolnum> - </citerefentry>. + {manpage}`NetworkManager.conf(5)`. ''; }; - packages = mkOption { - type = types.listOf types.package; + plugins = mkOption { + type = + let + networkManagerPluginPackage = types.package // { + description = "NetworkManager plug-in"; + check = + p: + lib.assertMsg + (types.package.check p + && p ? networkManagerPlugin + && lib.isString p.networkManagerPlugin) + '' + Package ‘${p.name}’, is not a NetworkManager plug-in. + Those need to have a ‘networkManagerPlugin’ attribute. + ''; + }; + in + types.listOf networkManagerPluginPackage; default = [ ]; - description = '' - Extra packages that provide NetworkManager plugins. + description = lib.mdDoc '' + List of NetworkManager plug-ins to enable. + Some plug-ins are enabled by the NetworkManager module by default. ''; - apply = list: basePackages ++ list; }; dhcp = mkOption { - type = types.enum [ "dhclient" "dhcpcd" "internal" ]; + type = types.enum [ "dhcpcd" "internal" ]; default = "internal"; - description = '' + description = lib.mdDoc '' Which program (or internal library) should be used for DHCP. ''; }; @@ -247,7 +251,7 @@ in { firewallBackend = mkOption { type = types.enum [ "iptables" "nftables" "none" ]; default = "iptables"; - description = '' + description = lib.mdDoc '' Which firewall backend should be used for configuring masquerading with shared mode. If set to none, NetworkManager doesn't manage the configuration at all. ''; @@ -256,7 +260,7 @@ in { logLevel = mkOption { type = types.enum [ "OFF" "ERR" "WARN" "INFO" "DEBUG" "TRACE" ]; default = "WARN"; - description = '' + description = lib.mdDoc '' Set the default logging verbosity level. ''; }; @@ -264,7 +268,7 @@ in { appendNameservers = mkOption { type = types.listOf types.str; default = []; - description = '' + description = lib.mdDoc '' A list of name servers that should be appended to the ones configured in NetworkManager or received by DHCP. ''; @@ -273,7 +277,7 @@ in { insertNameservers = mkOption { type = types.listOf types.str; default = []; - description = '' + description = lib.mdDoc '' A list of name servers that should be inserted before the ones configured in NetworkManager or received by DHCP. ''; @@ -287,16 +291,16 @@ in { backend = mkOption { type = types.enum [ "wpa_supplicant" "iwd" ]; default = "wpa_supplicant"; - description = '' + description = lib.mdDoc '' Specify the Wi-Fi backend used for the device. - Currently supported are <option>wpa_supplicant</option> or <option>iwd</option> (experimental). + Currently supported are {option}`wpa_supplicant` or {option}`iwd` (experimental). ''; }; powersave = mkOption { type = types.nullOr types.bool; default = null; - description = '' + description = lib.mdDoc '' Whether to enable Wi-Fi power saving. ''; }; @@ -304,7 +308,7 @@ in { scanRandMacAddress = mkOption { type = types.bool; default = true; - description = '' + description = lib.mdDoc '' Whether to enable MAC address randomization of a Wi-Fi device during scanning. ''; @@ -314,19 +318,15 @@ in { dns = mkOption { type = types.enum [ "default" "dnsmasq" "unbound" "systemd-resolved" "none" ]; default = "default"; - description = '' - Set the DNS (<literal>resolv.conf</literal>) processing mode. - </para> - <para> + description = lib.mdDoc '' + Set the DNS (`resolv.conf`) processing mode. + A description of these modes can be found in the main section of - <link xlink:href="https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html"> + [ https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html - </link> + ](https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html) or in - <citerefentry> - <refentrytitle>NetworkManager.conf</refentrytitle> - <manvolnum>5</manvolnum> - </citerefentry>. + {manpage}`NetworkManager.conf(5)`. ''; }; @@ -335,7 +335,7 @@ in { options = { source = mkOption { type = types.path; - description = '' + description = lib.mdDoc '' Path to the hook script. ''; }; @@ -367,7 +367,7 @@ in { '''; type = "basic"; } ]''; - description = '' + description = lib.mdDoc '' A list of scripts which will be executed in response to network events. ''; }; @@ -375,12 +375,12 @@ in { enableStrongSwan = mkOption { type = types.bool; default = false; - description = '' + description = lib.mdDoc '' Enable the StrongSwan plugin. - </para><para> + If you enable this option the - <literal>networkmanager_strongswan</literal> plugin will be added to - the <option>networking.networkmanager.packages</option> option + `networkmanager_strongswan` plugin will be added to + the {option}`networking.networkmanager.plugins` option so you don't need to to that yourself. ''; }; @@ -388,10 +388,10 @@ in { enableFccUnlock = mkOption { type = types.bool; default = false; - description = '' + description = lib.mdDoc '' Enable FCC unlock procedures. Since release 1.18.4, the ModemManager daemon no longer automatically performs the FCC unlock procedure by default. See - <link xlink:href="https://modemmanager.org/docs/modemmanager/fcc-unlock/">the docs</link> + [the docs](https://modemmanager.org/docs/modemmanager/fcc-unlock/) for more details. ''; }; @@ -399,6 +399,9 @@ in { }; imports = [ + (mkRenamedOptionModule + [ "networking" "networkmanager" "packages" ] + [ "networking" "networkmanager" "plugins" ]) (mkRenamedOptionModule [ "networking" "networkmanager" "useDnsmasq" ] [ "networking" "networkmanager" "dns" ]) (mkRemovedOptionModule ["networking" "networkmanager" "dynamicHosts"] '' This option was removed because allowing (multiple) regular users to @@ -426,31 +429,12 @@ in { hardware.wirelessRegulatoryDatabase = true; - environment.etc = with pkgs; { - "NetworkManager/NetworkManager.conf".source = configFile; - - "NetworkManager/VPN/nm-openvpn-service.name".source = - "${networkmanager-openvpn}/lib/NetworkManager/VPN/nm-openvpn-service.name"; - - "NetworkManager/VPN/nm-vpnc-service.name".source = - "${networkmanager-vpnc}/lib/NetworkManager/VPN/nm-vpnc-service.name"; - - "NetworkManager/VPN/nm-openconnect-service.name".source = - "${networkmanager-openconnect}/lib/NetworkManager/VPN/nm-openconnect-service.name"; - - "NetworkManager/VPN/nm-fortisslvpn-service.name".source = - "${networkmanager-fortisslvpn}/lib/NetworkManager/VPN/nm-fortisslvpn-service.name"; - - "NetworkManager/VPN/nm-l2tp-service.name".source = - "${networkmanager-l2tp}/lib/NetworkManager/VPN/nm-l2tp-service.name"; - - "NetworkManager/VPN/nm-iodine-service.name".source = - "${networkmanager-iodine}/lib/NetworkManager/VPN/nm-iodine-service.name"; - - "NetworkManager/VPN/nm-sstp-service.name".source = - "${networkmanager-sstp}/lib/NetworkManager/VPN/nm-sstp-service.name"; - + environment.etc = { + "NetworkManager/NetworkManager.conf".source = configFile; } + // builtins.listToAttrs (map (pkg: nameValuePair "NetworkManager/${pkg.networkManagerPlugin}" { + source = "${pkg}/lib/NetworkManager/${pkg.networkManagerPlugin}"; + }) cfg.plugins) // optionalAttrs cfg.enableFccUnlock { "ModemManager/fcc-unlock.d".source = @@ -460,18 +444,13 @@ in { { "NetworkManager/dispatcher.d/02overridedns".source = overrideNameserversScript; } - // optionalAttrs cfg.enableStrongSwan - { - "NetworkManager/VPN/nm-strongswan-service.name".source = - "${pkgs.networkmanager_strongswan}/lib/NetworkManager/VPN/nm-strongswan-service.name"; - } // listToAttrs (lib.imap1 (i: s: { name = "NetworkManager/dispatcher.d/${dispatcherTypesSubdirMap.${s.type}}03userscript${lib.fixedWidthNumber 4 i}"; value = { mode = "0544"; inherit (s) source; }; }) cfg.dispatcherScripts); - environment.systemPackages = cfg.packages; + environment.systemPackages = packages; users.groups = { networkmanager.gid = config.ids.gids.networkmanager; @@ -490,14 +469,13 @@ in { }; }; - systemd.packages = cfg.packages; + systemd.packages = packages; systemd.tmpfiles.rules = [ "d /etc/NetworkManager/system-connections 0700 root root -" "d /etc/ipsec.d 0700 root root -" "d /var/lib/NetworkManager-fortisslvpn 0700 root root -" - "d /var/lib/dhclient 0755 root root -" "d /var/lib/misc 0755 root root -" # for dnsmasq.leases ]; @@ -534,8 +512,20 @@ in { useDHCP = false; }) + { + networkmanager.plugins = with pkgs; [ + networkmanager-fortisslvpn + networkmanager-iodine + networkmanager-l2tp + networkmanager-openconnect + networkmanager-openvpn + networkmanager-vpnc + networkmanager-sstp + ]; + } + (mkIf cfg.enableStrongSwan { - networkmanager.packages = [ pkgs.networkmanager_strongswan ]; + networkmanager.plugins = [ pkgs.networkmanager_strongswan ]; }) (mkIf enableIwd { @@ -559,10 +549,10 @@ in { security.polkit.enable = true; security.polkit.extraConfig = polkitConf; - services.dbus.packages = cfg.packages + services.dbus.packages = packages ++ optional cfg.enableStrongSwan pkgs.strongswanNM ++ optional (cfg.dns == "dnsmasq") pkgs.dnsmasq; - services.udev.packages = cfg.packages; + services.udev.packages = packages; }; } |