diff options
Diffstat (limited to 'nixpkgs/nixos/modules/services/networking')
5 files changed, 79 insertions, 57 deletions
diff --git a/nixpkgs/nixos/modules/services/networking/adguardhome.nix b/nixpkgs/nixos/modules/services/networking/adguardhome.nix index 1701e5b439c1..399d838ccc69 100644 --- a/nixpkgs/nixos/modules/services/networking/adguardhome.nix +++ b/nixpkgs/nixos/modules/services/networking/adguardhome.nix @@ -17,6 +17,7 @@ let text = builtins.toJSON cfg.settings; checkPhase = "${pkgs.adguardhome}/bin/adguardhome -c $out --check-config"; }; + defaultBindPort = 3000; in { @@ -86,7 +87,7 @@ in ''; }; bind_port = mkOption { - default = 3000; + default = defaultBindPort; type = port; description = lib.mdDoc '' Port to serve HTTP pages on. @@ -169,6 +170,6 @@ in }; }; - networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.settings.bind_port ]; + networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.settings.bind_port or defaultBindPort ]; }; } diff --git a/nixpkgs/nixos/modules/services/networking/networkmanager.nix b/nixpkgs/nixos/modules/services/networking/networkmanager.nix index e28f96f7a6d6..6bc46a9a90e4 100644 --- a/nixpkgs/nixos/modules/services/networking/networkmanager.nix +++ b/nixpkgs/nixos/modules/services/networking/networkmanager.nix @@ -5,7 +5,7 @@ with lib; let cfg = config.networking.networkmanager; - delegateWireless = config.networking.wireless.enable == true && cfg.unmanaged != []; + delegateWireless = config.networking.wireless.enable == true && cfg.unmanaged != [ ]; enableIwd = cfg.wifi.backend == "iwd"; @@ -40,7 +40,7 @@ let }) (mkSection "keyfile" { unmanaged-devices = - if cfg.unmanaged == [] then null + if cfg.unmanaged == [ ] then null else lib.concatStringsSep ";" cfg.unmanaged; }) (mkSection "logging" { @@ -103,7 +103,7 @@ let }; macAddressOpt = mkOption { - type = types.either types.str (types.enum ["permanent" "preserve" "random" "stable"]); + type = types.either types.str (types.enum [ "permanent" "preserve" "random" "stable" ]); default = "preserve"; example = "00:11:22:33:44:55"; description = lib.mdDoc '' @@ -126,7 +126,8 @@ let pkgs.wpa_supplicant ]; -in { +in +{ meta = { maintainers = teams.freedesktop.members; @@ -156,7 +157,7 @@ in { int str ])); - default = {}; + default = { }; description = lib.mdDoc '' Configuration for the [connection] section of NetworkManager.conf. Refer to @@ -186,7 +187,7 @@ in { unmanaged = mkOption { type = types.listOf types.str; - default = []; + default = [ ]; description = lib.mdDoc '' List of interfaces that will not be managed by NetworkManager. Interface name can be specified here, but if you need more fidelity, @@ -251,7 +252,7 @@ in { appendNameservers = mkOption { type = types.listOf types.str; - default = []; + default = [ ]; description = lib.mdDoc '' A list of name servers that should be appended to the ones configured in NetworkManager or received by DHCP. @@ -260,7 +261,7 @@ in { insertNameservers = mkOption { type = types.listOf types.str; - default = []; + default = [ ]; description = lib.mdDoc '' A list of name servers that should be inserted before the ones configured in NetworkManager or received by DHCP. @@ -336,21 +337,21 @@ in { }; }; }); - default = []; + default = [ ]; example = literalExpression '' - [ { - source = pkgs.writeText "upHook" ''' - - if [ "$2" != "up" ]; then - logger "exit: event $2 != up" - exit - fi - - # coreutils and iproute are in PATH too - logger "Device $DEVICE_IFACE coming up" - '''; - type = "basic"; - } ]''; + [ { + source = pkgs.writeText "upHook" ''' + + if [ "$2" != "up" ]; then + logger "exit: event $2 != up" + exit + fi + + # coreutils and iproute are in PATH too + logger "Device $DEVICE_IFACE coming up" + '''; + type = "basic"; + } ]''; description = lib.mdDoc '' A list of scripts which will be executed in response to network events. ''; @@ -369,14 +370,24 @@ in { ''; }; - enableFccUnlock = mkOption { - type = types.bool; - default = false; + fccUnlockScripts = mkOption { + type = types.listOf (types.submodule { + options = { + id = mkOption { + type = types.str; + description = lib.mdDoc "vid:pid of either the PCI or USB vendor and product ID"; + }; + path = mkOption { + type = types.path; + description = lib.mdDoc "Path to the unlock script"; + }; + }; + }); + default = [ ]; + example = literalExpression ''[{ name = "03f0:4e1d"; script = "''${pkgs.modemmanager}/share/ModemManager/fcc-unlock.available.d/03f0:4e1d"; }]''; description = lib.mdDoc '' - Enable FCC unlock procedures. Since release 1.18.4, the ModemManager daemon no longer - automatically performs the FCC unlock procedure by default. See - [the docs](https://modemmanager.org/docs/modemmanager/fcc-unlock/) - for more details. + List of FCC unlock scripts to enable on the system, behaving as described in + https://modemmanager.org/docs/modemmanager/fcc-unlock/#integration-with-third-party-fcc-unlock-tools. ''; }; }; @@ -387,7 +398,14 @@ in { [ "networking" "networkmanager" "packages" ] [ "networking" "networkmanager" "plugins" ]) (mkRenamedOptionModule [ "networking" "networkmanager" "useDnsmasq" ] [ "networking" "networkmanager" "dns" ]) - (mkRemovedOptionModule ["networking" "networkmanager" "dynamicHosts"] '' + (mkRemovedOptionModule [ "networking" "networkmanager" "enableFccUnlock" ] '' + This option was removed, because using bundled FCC unlock scripts is risky, + might conflict with vendor-provided unlock scripts, and should + be a conscious decision on a per-device basis. + Instead it's recommended to use the + `networking.networkmanager.fccUnlockScripts` option. + '') + (mkRemovedOptionModule [ "networking" "networkmanager" "dynamicHosts" ] '' This option was removed because allowing (multiple) regular users to override host entries affecting the whole system opens up a huge attack vector. There seem to be very rare cases where this might be useful. @@ -403,7 +421,8 @@ in { config = mkIf cfg.enable { assertions = [ - { assertion = config.networking.wireless.enable == true -> cfg.unmanaged != []; + { + assertion = config.networking.wireless.enable == true -> cfg.unmanaged != [ ]; message = '' You can not use networking.networkmanager with networking.wireless. Except if you mark some interfaces as <literal>unmanaged</literal> by NetworkManager. @@ -414,25 +433,29 @@ in { hardware.wirelessRegulatoryDatabase = true; environment.etc = { - "NetworkManager/NetworkManager.conf".source = configFile; - } - // builtins.listToAttrs (map (pkg: nameValuePair "NetworkManager/${pkg.networkManagerPlugin}" { + "NetworkManager/NetworkManager.conf".source = configFile; + } + // builtins.listToAttrs (map + (pkg: nameValuePair "NetworkManager/${pkg.networkManagerPlugin}" { source = "${pkg}/lib/NetworkManager/${pkg.networkManagerPlugin}"; - }) cfg.plugins) - // optionalAttrs cfg.enableFccUnlock - { - "ModemManager/fcc-unlock.d".source = - "${pkgs.modemmanager}/share/ModemManager/fcc-unlock.available.d/*"; - } - // optionalAttrs (cfg.appendNameservers != [] || cfg.insertNameservers != []) - { - "NetworkManager/dispatcher.d/02overridedns".source = overrideNameserversScript; - } - // listToAttrs (lib.imap1 (i: s: - { - name = "NetworkManager/dispatcher.d/${dispatcherTypesSubdirMap.${s.type}}03userscript${lib.fixedWidthNumber 4 i}"; - value = { mode = "0544"; inherit (s) source; }; - }) cfg.dispatcherScripts); + }) + cfg.plugins) + // builtins.listToAttrs (map + (e: nameValuePair "ModemManager/fcc-unlock.d/${e.id}" { + source = e.path; + }) + cfg.fccUnlockScripts) + // optionalAttrs (cfg.appendNameservers != [ ] || cfg.insertNameservers != [ ]) + { + "NetworkManager/dispatcher.d/02overridedns".source = overrideNameserversScript; + } + // listToAttrs (lib.imap1 + (i: s: + { + name = "NetworkManager/dispatcher.d/${dispatcherTypesSubdirMap.${s.type}}03userscript${lib.fixedWidthNumber 4 i}"; + value = { mode = "0544"; inherit (s) source; }; + }) + cfg.dispatcherScripts); environment.systemPackages = packages; diff --git a/nixpkgs/nixos/modules/services/networking/ssh/sshd.nix b/nixpkgs/nixos/modules/services/networking/ssh/sshd.nix index 162267b5a85d..942317f8da74 100644 --- a/nixpkgs/nixos/modules/services/networking/ssh/sshd.nix +++ b/nixpkgs/nixos/modules/services/networking/ssh/sshd.nix @@ -33,8 +33,7 @@ let ${cfg.extraConfig} EOL - ssh-keygen -q -f mock-hostkey -N "" - sshd -t -f $out -h mock-hostkey + sshd -G -f $out ''; cfg = config.services.openssh; diff --git a/nixpkgs/nixos/modules/services/networking/trust-dns.nix b/nixpkgs/nixos/modules/services/networking/trust-dns.nix index a3b4d12479b4..4196d124a2ab 100644 --- a/nixpkgs/nixos/modules/services/networking/trust-dns.nix +++ b/nixpkgs/nixos/modules/services/networking/trust-dns.nix @@ -1,5 +1,4 @@ { config, lib, pkgs, ... }: - let cfg = config.services.trust-dns; toml = pkgs.formats.toml { }; @@ -55,7 +54,7 @@ in defaultText = "pkgs.trust-dns"; description = mdDoc '' Trust-dns package to use. - Only `bin/named` need be provided: the other trust-dns utilities (client and resolver) are not needed. + Only `bin/trust-dns` need be provided: the other trust-dns utilities (client and resolver) are not needed. ''; }; quiet = mkOption { @@ -136,7 +135,7 @@ in flags = (lib.optional cfg.debug "--debug") ++ (lib.optional cfg.quiet "--quiet"); flagsStr = builtins.concatStringsSep " " flags; in '' - ${cfg.package}/bin/named --config ${configFile} ${flagsStr} + ${cfg.package}/bin/trust-dns --config ${configFile} ${flagsStr} ''; Type = "simple"; Restart = "on-failure"; diff --git a/nixpkgs/nixos/modules/services/networking/websockify.nix b/nixpkgs/nixos/modules/services/networking/websockify.nix index 45a3487bd337..27ad8953d3fa 100644 --- a/nixpkgs/nixos/modules/services/networking/websockify.nix +++ b/nixpkgs/nixos/modules/services/networking/websockify.nix @@ -38,7 +38,7 @@ let cfg = config.services.networking.websockify; in { description = "Service to forward websocket connections to TCP connections (from port:to port %I)"; script = '' IFS=':' read -a array <<< "$1" - ${pkgs.pythonPackages.websockify}/bin/websockify --ssl-only \ + ${pkgs.python3Packages.websockify}/bin/websockify --ssl-only \ --cert=${cfg.sslCert} --key=${cfg.sslKey} 0.0.0.0:''${array[0]} 0.0.0.0:''${array[1]} ''; scriptArgs = "%i"; |