Merge pull request #209068 from CRTified/adguard-dhcp

pyrox.dev / nixpkgs

fork atom

lol

fork atom

authored by

Sandro and committed by

GitHub 2 years ago 0b77630d b337874d

+84 -1

2 changed files

expand all

nixos

modules

services

networking

adguardhome.nix

tests

adguardhome.nix

+15 -1

nixos/modules/services/networking/adguardhome.nix

··· 41 41 ''; 42 42 }; 43 43 44 + allowDHCP = mkOption { 45 + default = cfg.settings.dhcp.enabled or false; 46 + defaultText = literalExpression ''config.services.adguardhome.settings.dhcp.enabled or false''; 47 + type = bool; 48 + description = lib.mdDoc '' 49 + Allows AdGuard Home to open raw sockets (`CAP_NET_RAW`), which is 50 + required for the integrated DHCP server. 51 + 52 + The default enables this conditionally if the declarative configuration 53 + enables the integrated DHCP server. Manually setting this option is only 54 + required for non-declarative setups. 55 + ''; 56 + }; 57 + 44 58 mutableSettings = mkOption { 45 59 default = true; 46 60 type = bool; ··· 147 161 serviceConfig = { 148 162 DynamicUser = true; 149 163 ExecStart = "${pkgs.adguardhome}/bin/adguardhome ${args}"; 150 - AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ]; 164 + AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ] ++ optionals cfg.allowDHCP [ "CAP_NET_RAW" ]; 151 165 Restart = "always"; 152 166 RestartSec = 10; 153 167 RuntimeDirectory = "AdGuardHome";

+69

nixos/tests/adguardhome.nix

··· 40 40 }; 41 41 }; 42 42 }; 43 + 44 + dhcpConf = { lib, ... }: { 45 + virtualisation.vlans = [ 1 ]; 46 + 47 + networking = { 48 + # Configure static IP for DHCP server 49 + useDHCP = false; 50 + interfaces."eth1" = lib.mkForce { 51 + useDHCP = false; 52 + ipv4 = { 53 + addresses = [{ 54 + address = "10.0.10.1"; 55 + prefixLength = 24; 56 + }]; 57 + 58 + routes = [{ 59 + address = "10.0.10.0"; 60 + prefixLength = 24; 61 + }]; 62 + }; 63 + }; 64 + 65 + # Required for DHCP 66 + firewall.allowedUDPPorts = [ 67 68 ]; 67 + }; 68 + 69 + services.adguardhome = { 70 + enable = true; 71 + allowDHCP = true; 72 + mutableSettings = false; 73 + settings = { 74 + schema_version = 0; 75 + dns = { 76 + bind_host = "0.0.0.0"; 77 + bootstrap_dns = "127.0.0.1"; 78 + }; 79 + dhcp = { 80 + # This implicitly enables CAP_NET_RAW 81 + enabled = true; 82 + interface_name = "eth1"; 83 + local_domain_name = "lan"; 84 + dhcpv4 = { 85 + gateway_ip = "10.0.10.1"; 86 + range_start = "10.0.10.100"; 87 + range_end = "10.0.10.101"; 88 + subnet_mask = "255.255.255.0"; 89 + }; 90 + }; 91 + }; 92 + }; 93 + }; 94 + 95 + client = { lib, ... }: { 96 + virtualisation.vlans = [ 1 ]; 97 + networking = { 98 + interfaces.eth1 = { 99 + useDHCP = true; 100 + ipv4.addresses = lib.mkForce [ ]; 101 + }; 102 + }; 103 + }; 43 104 }; 44 105 45 106 testScript = '' ··· 63 124 mixedConf.systemctl("restart adguardhome.service") 64 125 mixedConf.wait_for_unit("adguardhome.service") 65 126 mixedConf.wait_for_open_port(3000) 127 + 128 + with subtest("Testing successful DHCP start"): 129 + dhcpConf.wait_for_unit("adguardhome.service") 130 + client.wait_for_unit("network-online.target") 131 + # Test IP assignment via DHCP 132 + dhcpConf.wait_until_succeeds("ping -c 5 10.0.10.100") 133 + # Test hostname resolution over DHCP-provided DNS 134 + dhcpConf.wait_until_succeeds("ping -c 5 client.lan") 66 135 ''; 67 136 }