From c61aad65744cbeca78504b64f4b346870e3bf2f7 Mon Sep 17 00:00:00 2001 From: Matt McHenry Date: Wed, 30 May 2018 22:30:12 -0400 Subject: restic: add s3CredentialsFile option --- nixos/modules/services/backup/restic.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'nixos/modules/services') diff --git a/nixos/modules/services/backup/restic.nix b/nixos/modules/services/backup/restic.nix index 21d82469c605..2d14762e8685 100644 --- a/nixos/modules/services/backup/restic.nix +++ b/nixos/modules/services/backup/restic.nix @@ -14,7 +14,15 @@ with lib; Read the repository password from a file. ''; example = "/etc/nixos/restic-password"; + }; + s3CredentialsFile = mkOption { + type = with types; nullOr str; + description = '' + file containing the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY + for an S3-hosted repository, in the format of an EnvironmentFile + as described by systemd.exec(5) + ''; }; repository = mkOption { @@ -134,6 +142,8 @@ with lib; Type = "oneshot"; ExecStart = "${resticCmd} backup ${concatStringsSep " " backup.extraBackupArgs} ${concatStringsSep " " backup.paths}"; User = backup.user; + } // optionalAttrs (backup.s3CredentialsFile != null) { + EnvironmentFile = backup.s3CredentialsFile; }; } // optionalAttrs backup.initialize { preStart = '' -- cgit 1.4.1 From 31714e44b755889db2ccf54d4c1f26157a05bf5a Mon Sep 17 00:00:00 2001 From: Janne Heß Date: Mon, 4 Jun 2018 14:14:57 +0200 Subject: nixos/tt-rss: Support plugins and themes The extra config is required to configure some plugins. --- nixos/modules/services/web-apps/tt-rss.nix | 40 ++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) (limited to 'nixos/modules/services') diff --git a/nixos/modules/services/web-apps/tt-rss.nix b/nixos/modules/services/web-apps/tt-rss.nix index 610c6463a5eb..1646ee5964fb 100644 --- a/nixos/modules/services/web-apps/tt-rss.nix +++ b/nixos/modules/services/web-apps/tt-rss.nix @@ -76,6 +76,8 @@ let define('SMTP_FROM_NAME', '${escape ["'" "\\"] cfg.email.fromName}'); define('SMTP_FROM_ADDRESS', '${escape ["'" "\\"] cfg.email.fromAddress}'); define('DIGEST_SUBJECT', '${escape ["'" "\\"] cfg.email.digestSubject}'); + + ${cfg.extraConfig} ''; in { @@ -431,6 +433,26 @@ let ''; }; + pluginPackages = mkOption { + type = types.listOf types.package; + default = []; + description = '' + List of plugins to install. The list elements are expected to + be derivations. All elements in this derivation are automatically + copied to the plugins.local directory. + ''; + }; + + themePackages = mkOption { + type = types.listOf types.package; + default = []; + description = '' + List of themes to install. The list elements are expected to + be derivations. All elements in this derivation are automatically + copied to the themes.local directory. + ''; + }; + logDestination = mkOption { type = types.enum ["" "sql" "syslog"]; default = "sql"; @@ -441,6 +463,14 @@ let error.log). ''; }; + + extraConfig = mkOption { + type = types.lines; + default = ""; + description = '' + Additional lines to append to config.php. + ''; + }; }; }; @@ -517,6 +547,16 @@ let rm -rf "${cfg.root}/*" mkdir -m 755 -p "${cfg.root}" cp -r "${pkgs.tt-rss}/"* "${cfg.root}" + ${optionalString (cfg.pluginPackages != []) '' + for plugin in ${concatStringsSep " " cfg.pluginPackages}; do + cp -r "$plugin"/* "${cfg.root}/plugins.local/" + done + ''} + ${optionalString (cfg.themePackages != []) '' + for theme in ${concatStringsSep " " cfg.themePackages}; do + cp -r "$theme"/* "${cfg.root}/themes.local/" + done + ''} ln -sf "${tt-rss-config}" "${cfg.root}/config.php" chown -R "${cfg.user}" "${cfg.root}" chmod -R 755 "${cfg.root}" -- cgit 1.4.1 From e598fdf2294998b233d11ae707dc22230b5d67e2 Mon Sep 17 00:00:00 2001 From: Michael Raitza Date: Thu, 7 Jun 2018 16:44:04 +0200 Subject: dbus: Add NSS modules path to dbus system bus service DBus seems to resolve user IDs directly via glibc, circumventing nscd. In more advanced setups this leads to user's coming from LDAP or SSSD not being resolved by the dbus system bus daemon. The effect for such users is, that all access to the system bus (e.g. busctl or nmcli) is denied. Adding the respective NSS modules to the service's environment solves the issue the same way it does for nscd. --- nixos/modules/services/system/dbus.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'nixos/modules/services') diff --git a/nixos/modules/services/system/dbus.nix b/nixos/modules/services/system/dbus.nix index 643bec188142..248df7351a8c 100644 --- a/nixos/modules/services/system/dbus.nix +++ b/nixos/modules/services/system/dbus.nix @@ -100,6 +100,7 @@ in # Don't restart dbus-daemon. Bad things tend to happen if we do. reloadIfChanged = true; restartTriggers = [ configDir ]; + environment = { LD_LIBRARY_PATH = config.system.nssModules.path; }; }; systemd.user = { -- cgit 1.4.1 From 8b9559e417f529138449a1a80aeed7c3fa449d7f Mon Sep 17 00:00:00 2001 From: Notkea Date: Sun, 10 Jun 2018 16:25:01 +0200 Subject: cgit: parametrise subdirectory This proposal enables the user to choose the sub-directory in which to serve cgit. The previous default behaviour isn't altered. --- .../modules/services/web-servers/lighttpd/cgit.nix | 28 +++++++++++++++++----- 1 file changed, 22 insertions(+), 6 deletions(-) (limited to 'nixos/modules/services') diff --git a/nixos/modules/services/web-servers/lighttpd/cgit.nix b/nixos/modules/services/web-servers/lighttpd/cgit.nix index 710fecc0c05c..e6a054c296dc 100644 --- a/nixos/modules/services/web-servers/lighttpd/cgit.nix +++ b/nixos/modules/services/web-servers/lighttpd/cgit.nix @@ -4,8 +4,15 @@ with lib; let cfg = config.services.lighttpd.cgit; + pathPrefix = if stringLength cfg.subdir == 0 then "" else "/" + cfg.subdir; configFile = pkgs.writeText "cgitrc" '' + # default paths to static assets + css=${pathPrefix}/cgit.css + logo=${pathPrefix}/cgit.png + favicon=${pathPrefix}/favicon.ico + + # user configuration ${cfg.configText} ''; in @@ -18,8 +25,17 @@ in type = types.bool; description = '' If true, enable cgit (fast web interface for git repositories) as a - sub-service in lighttpd. cgit will be accessible at - http://yourserver/cgit + sub-service in lighttpd. + ''; + }; + + subdir = mkOption { + default = "cgit"; + example = ""; + type = types.str; + description = '' + The subdirectory in which to serve cgit. The web application will be + accessible at http://yourserver/''${subdir} ''; }; @@ -48,14 +64,14 @@ in services.lighttpd.enableModules = [ "mod_cgi" "mod_alias" "mod_setenv" ]; services.lighttpd.extraConfig = '' - $HTTP["url"] =~ "^/cgit" { + $HTTP["url"] =~ "^/${cfg.subdir}" { cgi.assign = ( "cgit.cgi" => "${pkgs.cgit}/cgit/cgit.cgi" ) alias.url = ( - "/cgit.css" => "${pkgs.cgit}/cgit/cgit.css", - "/cgit.png" => "${pkgs.cgit}/cgit/cgit.png", - "/cgit" => "${pkgs.cgit}/cgit/cgit.cgi" + "${pathPrefix}/cgit.css" => "${pkgs.cgit}/cgit/cgit.css", + "${pathPrefix}/cgit.png" => "${pkgs.cgit}/cgit/cgit.png", + "${pathPrefix}" => "${pkgs.cgit}/cgit/cgit.cgi" ) setenv.add-environment = ( "CGIT_CONFIG" => "${configFile}" -- cgit 1.4.1 From ead58d100d37fad39a915f1c56f5574c2f06018f Mon Sep 17 00:00:00 2001 From: Kevin Rauscher Date: Sun, 3 Jun 2018 21:48:05 +0200 Subject: bloop: init at 1.0.0-M11 --- nixos/modules/module-list.nix | 1 + nixos/modules/services/development/bloop.nix | 37 +++++++++++++ .../tools/build-managers/bloop/default.nix | 61 ++++++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 + 4 files changed, 101 insertions(+) create mode 100644 nixos/modules/services/development/bloop.nix create mode 100644 pkgs/development/tools/build-managers/bloop/default.nix (limited to 'nixos/modules/services') diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 193ef0d1c961..b88d8c1b3242 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -242,6 +242,7 @@ ./services/desktops/gnome3/tracker-miners.nix ./services/desktops/profile-sync-daemon.nix ./services/desktops/telepathy.nix + ./services/development/bloop.nix ./services/development/hoogle.nix ./services/editors/emacs.nix ./services/editors/infinoted.nix diff --git a/nixos/modules/services/development/bloop.nix b/nixos/modules/services/development/bloop.nix new file mode 100644 index 000000000000..56904b7c40e6 --- /dev/null +++ b/nixos/modules/services/development/bloop.nix @@ -0,0 +1,37 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + cfg = config.services.bloop; + +in { + + options.services.bloop = { + install = mkOption { + type = types.bool; + default = false; + description = '' + Whether to install a user service for the Bloop server. + + The service must be manually started for each user with + "systemctl --user start bloop". + ''; + }; + }; + + config = mkIf (cfg.install) { + systemd.user.services.bloop = { + description = "Bloop Scala build server"; + + serviceConfig = { + Type = "simple"; + ExecStart = ''${pkgs.bloop}/bin/blp-server''; + Restart = "always"; + }; + }; + + environment.systemPackages = [ pkgs.bloop ]; + }; +} diff --git a/pkgs/development/tools/build-managers/bloop/default.nix b/pkgs/development/tools/build-managers/bloop/default.nix new file mode 100644 index 000000000000..96e9d0f9a439 --- /dev/null +++ b/pkgs/development/tools/build-managers/bloop/default.nix @@ -0,0 +1,61 @@ +{ stdenv, lib, fetchurl, coursier, jdk, jre, python, makeWrapper }: + +let + baseName = "bloop"; + version = "1.0.0-M11"; + deps = stdenv.mkDerivation { + name = "${baseName}-deps-${version}"; + buildCommand = '' + export COURSIER_CACHE=$(pwd) + ${coursier}/bin/coursier fetch ch.epfl.scala:bloop-frontend_2.12:${version} \ + -r "bintray:scalameta/maven" \ + -r "bintray:scalacenter/releases" \ + -r "https://oss.sonatype.org/content/repositories/staging" > deps + mkdir -p $out/share/java + cp $(< deps) $out/share/java/ + ''; + outputHashMode = "recursive"; + outputHashAlgo = "sha256"; + outputHash = "00p9mrwcms3skzicyj8frqs0r0a2rfvk5fbh58rk5yvcvkwl4fy1"; + }; +in +stdenv.mkDerivation rec { + name = "${baseName}-${version}"; + nailgunCommit = "60c2d130"; + + buildInputs = [ jdk makeWrapper deps ]; + + phases = [ "installPhase" ]; + + client = fetchurl { + url = "https://raw.githubusercontent.com/scalacenter/nailgun/${nailgunCommit}/pynailgun/ng.py"; + sha256 = "0qjw4nsyb4cxg96jj1yv5c0ivcxvmscxxqfzll5w9p1pjb30bq0n"; + }; + + zshCompletion = fetchurl { + url = "https://raw.githubusercontent.com/scalacenter/bloop/v${version}/etc/zsh/_bloop"; + sha256 = "1id6f1fgy2rk0q5aad6ffivhbxa94fallzsc04l9n0y1s2xdhqpm"; + }; + + installPhase = '' + mkdir -p $out/bin + mkdir -p $out/share/zsh/site-functions + + cp ${client} $out/bin/blp-client + cp ${zshCompletion} $out/share/zsh/site-functions/_bloop + chmod +x $out/bin/blp-client + + makeWrapper ${jre}/bin/java $out/bin/blp-server \ + --prefix PATH : ${lib.makeBinPath [ jdk ]} \ + --add-flags "-cp $CLASSPATH bloop.Server" + makeWrapper $out/bin/blp-client $out/bin/bloop \ + --prefix PATH : ${lib.makeBinPath [ python ]} + ''; + + meta = with stdenv.lib; { + homepage = https://scalacenter.github.io/bloop/; + license = licenses.asl20; + description = "Bloop is a Scala build server and command-line tool to make the compile and test developer workflows fast and productive in a build-tool-agnostic way."; + maintainers = with maintainers; [ tomahna ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index bdf2d83fe3fc..03ccb873d772 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -7770,6 +7770,8 @@ with pkgs; bloaty = callPackage ../development/tools/bloaty { }; + bloop = callPackage ../development/tools/build-managers/bloop { }; + bossa = callPackage ../development/tools/misc/bossa { wxGTK = wxGTK30; }; -- cgit 1.4.1 From 401370287a9b74fc18539fe9c0bdc7ac9df9cf22 Mon Sep 17 00:00:00 2001 From: Bas van Dijk Date: Sun, 24 Jun 2018 11:32:10 +0200 Subject: strongswan-swanctl: adapt options to strongswan-5.6.3 This time there was only one change between 5.6.2..5.6.3: https://github.com/strongswan/strongswan/commit/2c7a4b07045786ee493021020e2ad5bd6bb4d045 --- .../services/networking/strongswan-swanctl/swanctl-params.nix | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'nixos/modules/services') diff --git a/nixos/modules/services/networking/strongswan-swanctl/swanctl-params.nix b/nixos/modules/services/networking/strongswan-swanctl/swanctl-params.nix index ad211f41eef0..e65616332640 100644 --- a/nixos/modules/services/networking/strongswan-swanctl/swanctl-params.nix +++ b/nixos/modules/services/networking/strongswan-swanctl/swanctl-params.nix @@ -938,9 +938,12 @@ in { protection. ''; - hw_offload = mkYesNoParam no '' + hw_offload = mkEnumParam ["yes" "no" "auto"] "no" '' Enable hardware offload for this CHILD_SA, if supported by the IPsec - implementation. + implementation. The value yes enforces offloading + and the installation will fail if it's not supported by either kernel or + device. The value auto enables offloading, if it's + supported, but the installation does not fail otherwise. ''; start_action = mkEnumParam ["none" "trap" "start"] "none" '' -- cgit 1.4.1 From 2ef3ae559068c1ea495ec1fa007c9acd00575611 Mon Sep 17 00:00:00 2001 From: Franz Pletz Date: Tue, 26 Jun 2018 01:16:51 +0200 Subject: virtlyst service: init --- nixos/modules/module-list.nix | 1 + nixos/modules/services/web-apps/virtlyst.nix | 72 ++++++++++++++++++++++++++++ 2 files changed, 73 insertions(+) create mode 100644 nixos/modules/services/web-apps/virtlyst.nix (limited to 'nixos/modules/services') diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 193ef0d1c961..c425f3c65075 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -662,6 +662,7 @@ ./services/web-apps/tt-rss.nix ./services/web-apps/selfoss.nix ./services/web-apps/quassel-webserver.nix + ./services/web-apps/virtlyst.nix ./services/web-apps/youtrack.nix ./services/web-servers/apache-httpd/default.nix ./services/web-servers/caddy.nix diff --git a/nixos/modules/services/web-apps/virtlyst.nix b/nixos/modules/services/web-apps/virtlyst.nix new file mode 100644 index 000000000000..2fc67435ce82 --- /dev/null +++ b/nixos/modules/services/web-apps/virtlyst.nix @@ -0,0 +1,72 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + cfg = config.services.virtlyst; + stateDir = "/var/lib/virtlyst"; + + ini = pkgs.writeText "virtlyst-config.ini" '' + [wsgi] + master = true + threads = auto + http-socket = ${cfg.httpSocket} + application = ${pkgs.virtlyst}/lib/libVirtlyst.so + chdir2 = ${stateDir} + static-map = /static=${pkgs.virtlyst}/root/static + + [Cutelyst] + production = true + DatabasePath = virtlyst.sqlite + TemplatePath = ${pkgs.virtlyst}/root/src + + [Rules] + cutelyst.* = true + virtlyst.* = true + ''; + +in + +{ + + options.services.virtlyst = { + enable = mkEnableOption "Virtlyst libvirt web interface"; + + adminPassword = mkOption { + type = types.str; + description = '' + Initial admin password with which the database will be seeded. + ''; + }; + + httpSocket = mkOption { + type = types.str; + default = "localhost:3000"; + description = '' + IP and/or port to which to bind the http socket. + ''; + }; + }; + + config = mkIf cfg.enable { + users.extraUsers.virtlyst = { + home = stateDir; + createHome = true; + group = mkIf config.virtualisation.libvirtd.enable "libvirtd"; + }; + + systemd.services.virtlyst = { + wantedBy = [ "multi-user.target" ]; + environment = { + VIRTLYST_ADMIN_PASSWORD = cfg.adminPassword; + }; + serviceConfig = { + ExecStart = "${pkgs.cutelyst}/bin/cutelyst-wsgi2 --ini ${ini}"; + User = "virtlyst"; + WorkingDirectory = stateDir; + }; + }; + }; + +} -- cgit 1.4.1 From a346f153b5aec465222bb23dd7a7b6178a819e1f Mon Sep 17 00:00:00 2001 From: aszlig Date: Tue, 26 Jun 2018 10:02:07 +0200 Subject: nixos/strongswan-swanctl: Fix build of manual Commit 401370287a9b74fc18539fe9c0bdc7ac9df9cf22 introduced a small error where the closing tag of was an opening tag instead. Signed-off-by: aszlig Cc: @basvandijk, @xeji --- nixos/modules/services/networking/strongswan-swanctl/swanctl-params.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nixos/modules/services') diff --git a/nixos/modules/services/networking/strongswan-swanctl/swanctl-params.nix b/nixos/modules/services/networking/strongswan-swanctl/swanctl-params.nix index e65616332640..b16d299917fe 100644 --- a/nixos/modules/services/networking/strongswan-swanctl/swanctl-params.nix +++ b/nixos/modules/services/networking/strongswan-swanctl/swanctl-params.nix @@ -942,7 +942,7 @@ in { Enable hardware offload for this CHILD_SA, if supported by the IPsec implementation. The value yes enforces offloading and the installation will fail if it's not supported by either kernel or - device. The value auto enables offloading, if it's + device. The value auto enables offloading, if it's supported, but the installation does not fail otherwise. ''; -- cgit 1.4.1 From 1327218d8a5ab95c01f6473a433801c587b05bc4 Mon Sep 17 00:00:00 2001 From: Jesper Geertsen Jonsson Date: Sun, 10 Jun 2018 22:02:17 +0200 Subject: zerotier: interface names changed; fix no dhcp Since ZT v1.2.8: ZT interface names are no longer named zt. Instead they are by default named zt. https://www.zerotier.com/blog/2018-05-04-128.shtml --- nixos/modules/services/networking/zerotierone.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nixos/modules/services') diff --git a/nixos/modules/services/networking/zerotierone.nix b/nixos/modules/services/networking/zerotierone.nix index cd1617b8e2ba..4c1ee75d536c 100644 --- a/nixos/modules/services/networking/zerotierone.nix +++ b/nixos/modules/services/networking/zerotierone.nix @@ -47,7 +47,7 @@ in }; # ZeroTier does not issue DHCP leases, but some strangers might... - networking.dhcpcd.denyInterfaces = [ "zt0" ]; + networking.dhcpcd.denyInterfaces = [ "zt*" ]; # ZeroTier receives UDP transmissions on port 9993 by default networking.firewall.allowedUDPPorts = [ 9993 ]; -- cgit 1.4.1 From dca7e24a11940477f6a3568fc49bade96ca59514 Mon Sep 17 00:00:00 2001 From: Benjamin Staffin Date: Fri, 29 Jun 2018 13:41:46 -0400 Subject: networkmanager: Expand dns description, integrate with other services (#41898) Rather than special-casing the dns options in networkmanager.nix, use the module system to let unbound and systemd-resolved contribute to the newtorkmanager config. --- .../modules/services/networking/networkmanager.nix | 85 +++++++++++++++++----- nixos/modules/services/networking/unbound.nix | 3 + nixos/modules/system/boot/resolved.nix | 2 + 3 files changed, 71 insertions(+), 19 deletions(-) (limited to 'nixos/modules/services') diff --git a/nixos/modules/services/networking/networkmanager.nix b/nixos/modules/services/networking/networkmanager.nix index 816234506593..4e51725b19de 100644 --- a/nixos/modules/services/networking/networkmanager.nix +++ b/nixos/modules/services/networking/networkmanager.nix @@ -9,18 +9,11 @@ let # /var/lib/misc is for dnsmasq.leases. stateDirs = "/var/lib/NetworkManager /var/lib/dhclient /var/lib/misc"; - dns = - if cfg.dns == "none" then "none" - else if cfg.dns == "dnsmasq" then "dnsmasq" - else if config.services.resolved.enable then "systemd-resolved" - else if config.services.unbound.enable then "unbound" - else "default"; - configFile = writeText "NetworkManager.conf" '' [main] plugins=keyfile dhcp=${cfg.dhcp} - dns=${dns} + dns=${cfg.dns} [keyfile] ${optionalString (cfg.unmanaged != []) @@ -217,19 +210,73 @@ in { }; dns = mkOption { - type = types.enum [ "auto" "dnsmasq" "none" ]; - default = "auto"; + type = types.enum [ "default" "dnsmasq" "unbound" "systemd-resolved" "none" ]; + default = "default"; description = '' + Set the DNS (resolv.conf) processing mode. + + Options: - - auto: Check for systemd-resolved, unbound, or use default. - - dnsmasq: - Enable NetworkManager's dnsmasq integration. NetworkManager will run - dnsmasq as a local caching nameserver, using a "split DNS" - configuration if you are connected to a VPN, and then update - resolv.conf to point to the local nameserver. - - none: - Disable NetworkManager's DNS integration completely. - It will not touch your /etc/resolv.conf. + + + "default" + + NetworkManager will update /etc/resolv.conf to + reflect the nameservers provided by currently active connections. + + + + "dnsmasq" + + + Enable NetworkManager's dnsmasq integration. NetworkManager will + run dnsmasq as a local caching nameserver, using a "split DNS" + configuration if you are connected to a VPN, and then update + resolv.conf to point to the local nameserver. + + + It is possible to pass custom options to the dnsmasq instance by + adding them to files in the + /etc/NetworkManager/dnsmasq.d/ directory. + + + When multiple upstream servers are available, dnsmasq will + initially contact them in parallel and then use the fastest to + respond, probing again other servers after some time. This + behavior can be modified passing the + all-servers or strict-order + options to dnsmasq (see the manual page for more details). + + + Note that this option causes NetworkManager to launch and manage + its own instance of the dnsmasq daemon, which is + not the same as setting + services.dnsmasq.enable = true;. + + + + + "unbound" + + NetworkManager will talk to unbound and dnssec-triggerd, + providing a "split DNS" configuration with DNSSEC support. + /etc/resolv.conf will be managed by + dnssec-trigger daemon. + + + + "systemd-resolved" + + NetworkManager will push the DNS configuration to systemd-resolved. + + + + "none" + + NetworkManager will not modify resolv.conf. + + + ''; }; diff --git a/nixos/modules/services/networking/unbound.nix b/nixos/modules/services/networking/unbound.nix index 07936faaa133..1a35979ad44c 100644 --- a/nixos/modules/services/networking/unbound.nix +++ b/nixos/modules/services/networking/unbound.nix @@ -131,6 +131,9 @@ in }; }; + # If networkmanager is enabled, ask it to interface with unbound. + networking.networkmanager.dns = "unbound"; + }; } diff --git a/nixos/modules/system/boot/resolved.nix b/nixos/modules/system/boot/resolved.nix index 4d9de020c84e..e1095fb988eb 100644 --- a/nixos/modules/system/boot/resolved.nix +++ b/nixos/modules/system/boot/resolved.nix @@ -147,6 +147,8 @@ in ${config.services.resolved.extraConfig} ''; + # If networkmanager is enabled, ask it to interface with resolved. + networking.networkmanager.dns = "systemd-resolved"; }; } -- cgit 1.4.1