pyrox.dev / nixpkgs
lol
fork atom

nixos avahi-daemon: add new option declarations

Add new option declarations to control what information is published
by the avahi daemon. The default values are chosen to respect the
privacy of the user over the connectivity of the system.

Thomas Strobel cdd7310a 29c676e7

+72 -16
unified split
+72 -16
nixos/modules/services/networking/avahi-daemon.nix
··· 1 1 # Avahi daemon. 2 - { config, lib, pkgs, ... }: 2 + { config, lib, utils, pkgs, ... }: 3 3 4 4 with lib; 5 5 ··· 7 7 8 8 cfg = config.services.avahi; 9 9 10 - inherit (pkgs) avahi; 10 + # We must escape interfaces due to the systemd interpretation 11 + subsystemDevice = interface: 12 + "sys-subsystem-net-devices-${utils.escapeSystemdPath interface}.device"; 11 13 12 14 avahiDaemonConf = with cfg; pkgs.writeText "avahi-daemon.conf" '' 13 15 [server] ··· 21 23 browse-domains=${concatStringsSep ", " browseDomains} 22 24 use-ipv4=${if ipv4 then "yes" else "no"} 23 25 use-ipv6=${if ipv6 then "yes" else "no"} 26 + ${optionalString (interfaces!=null) "allow-interfaces=${concatStringsSep "," interfaces}"} 24 27 25 28 [wide-area] 26 29 enable-wide-area=${if wideArea then "yes" else "no"} 27 30 28 31 [publish] 29 - disable-publishing=${if publishing then "no" else "yes"} 32 + disable-publishing=${if publish.enable then "no" else "yes"} 33 + disable-user-service-publishing=${if publish.userServices then "no" else "yes"} 34 + publish-addresses=${if publish.userServices || publish.addresses then "yes" else "no"} 35 + publish-hinfo=${if publish.hinfo then "yes" else "no"} 36 + publish-workstation=${if publish.workstation then "yes" else "no"} 37 + publish-domain=${if publish.domain then "yes" else "no"} 30 38 ''; 31 39 32 40 in ··· 74 82 description = ''Whether to use IPv6''; 75 83 }; 76 84 85 + interfaces = mkOption { 86 + type = types.nullOr (types.listOf types.str); 87 + default = null; 88 + description = '' 89 + List of network interfaces that should be used by the <command>avahi-daemon</command>. 90 + Other interfaces will be ignored. If <literal>null</literal> all local interfaces 91 + except loopback and point-to-point will be used. 92 + ''; 93 + }; 94 + 77 95 wideArea = mkOption { 78 96 default = true; 79 97 description = ''Whether to enable wide-area service discovery.''; 80 98 }; 81 99 82 - publishing = mkOption { 83 - default = true; 84 - description = ''Whether to allow publishing.''; 100 + publish = { 101 + enable = mkOption { 102 + default = false; 103 + description = ''Whether to allow publishing in general.''; 104 + }; 105 + 106 + userServices = mkOption { 107 + default = false; 108 + description = ''Whether to publish user services. Will set <literal>addresses=true</literal>.''; 109 + }; 110 + 111 + addresses = mkOption { 112 + default = false; 113 + description = ''Whether to register mDNS address records for all local IP addresses.''; 114 + }; 115 + 116 + hinfo = mkOption { 117 + default = false; 118 + description = '' 119 + Whether to register an mDNS HINFO record which contains information about the 120 + local operating system and CPU. 121 + ''; 122 + }; 123 + 124 + workstation = mkOption { 125 + default = false; 126 + description = ''Whether to register a service of type "_workstation._tcp" on the local LAN.''; 127 + }; 128 + 129 + domain = mkOption { 130 + default = false; 131 + description = ''Whether to announce the locally used domain name for browsing by other hosts.''; 132 + }; 133 + 85 134 }; 86 135 87 136 nssmdns = mkOption { ··· 118 167 119 168 system.nssModules = optional cfg.nssmdns pkgs.nssmdns; 120 169 121 - environment.systemPackages = [ avahi ]; 170 + environment.systemPackages = [ pkgs.avahi ]; 122 171 123 - jobs.avahi_daemon = 124 - { name = "avahi-daemon"; 172 + systemd.services.avahi-daemon = 173 + let 174 + deps = optionals (cfg.interfaces!=null) (map subsystemDevice cfg.interfaces); 175 + in 176 + { description = "Avahi daemon"; 177 + wantedBy = [ "ip-up.target" ]; 178 + bindsTo = deps; 179 + after = deps; 180 + before = [ "ip-up.target" ]; 181 + # Receive restart event after resume 182 + partOf = [ "post-resume.target" ]; 125 183 126 - startOn = "ip-up"; 184 + path = [ pkgs.coreutils pkgs.avahi ]; 185 + 186 + preStart = "mkdir -p /var/run/avahi-daemon"; 127 187 128 188 script = 129 189 '' 130 - export PATH="${avahi}/bin:${avahi}/sbin:$PATH" 131 - 132 190 # Make NSS modules visible so that `avahi_nss_support ()' can 133 191 # return a sensible value. 134 192 export LD_LIBRARY_PATH="${config.system.nssModules.path}" 135 193 136 - mkdir -p /var/run/avahi-daemon 137 - 138 - exec ${avahi}/sbin/avahi-daemon --syslog -f "${avahiDaemonConf}" 194 + exec ${pkgs.avahi}/sbin/avahi-daemon --syslog -f "${avahiDaemonConf}" 139 195 ''; 140 196 }; 141 197 142 198 services.dbus.enable = true; 143 - services.dbus.packages = [avahi]; 199 + services.dbus.packages = [ pkgs.avahi ]; 144 200 145 201 # Enabling Avahi without exposing it in the firewall doesn't make 146 202 # sense.