commit eb23738e85c5ca39ab8fc944516e19eebf30dda1

+1 -2

nixos/doc/manual/release-notes/rl-2205.section.md

··· 935 935 using the `pomerium-cli` command, you should now install the `pomerium-cli` 936 936 package. 937 937 938 - - The option 939 - [services.networking.networkmanager.enableFccUnlock](#opt-networking.networkmanager.enableFccUnlock) 938 + - The option `services.networking.networkmanager.enableFccUnlock` 940 939 was added to support FCC unlock procedures. Since release 1.18.4, the ModemManager 941 940 daemon no longer automatically performs the FCC unlock procedure by default. See 942 941 [the docs](https://modemmanager.org/docs/modemmanager/fcc-unlock/) for more details.

+2

nixos/doc/manual/release-notes/rl-2311.section.md

··· 187 187 188 188 - Emacs macport version 29 was introduced. 189 189 190 + - The option `services.networking.networkmanager.enableFccUnlock` was removed in favor of `networking.networkmanager.fccUnlockScripts`, which allows specifying unlock scripts explicitly. The previous option simply did enable all unlock scripts bundled with ModemManager, which is risky, and didn't allow using vendor-provided unlock scripts at all. 191 + 190 192 - The `html-proofer` package has been updated from major version 3 to major version 5, which includes [breaking changes](https://github.com/gjtorikian/html-proofer/blob/v5.0.8/UPGRADING.md). 191 193 192 194 - `kratos` has been updated from 0.10.1 to the first stable version 1.0.0, please read the [0.10.1 to 0.11.0](https://github.com/ory/kratos/releases/tag/v0.11.0), [0.11.0 to 0.11.1](https://github.com/ory/kratos/releases/tag/v0.11.1), [0.11.1 to 0.13.0](https://github.com/ory/kratos/releases/tag/v0.13.0) and [0.13.0 to 1.0.0](https://github.com/ory/kratos/releases/tag/v1.0.0) upgrade guides. The most notable breaking change is the introduction of one-time passwords (`code`) and update of the default recovery strategy from `link` to `code`.

+70 -47

nixos/modules/services/networking/networkmanager.nix

··· 5 5 let 6 6 cfg = config.networking.networkmanager; 7 7 8 - delegateWireless = config.networking.wireless.enable == true && cfg.unmanaged != []; 8 + delegateWireless = config.networking.wireless.enable == true && cfg.unmanaged != [ ]; 9 9 10 10 enableIwd = cfg.wifi.backend == "iwd"; 11 11 ··· 40 40 }) 41 41 (mkSection "keyfile" { 42 42 unmanaged-devices = 43 - if cfg.unmanaged == [] then null 43 + if cfg.unmanaged == [ ] then null 44 44 else lib.concatStringsSep ";" cfg.unmanaged; 45 45 }) 46 46 (mkSection "logging" { ··· 103 103 }; 104 104 105 105 macAddressOpt = mkOption { 106 - type = types.either types.str (types.enum ["permanent" "preserve" "random" "stable"]); 106 + type = types.either types.str (types.enum [ "permanent" "preserve" "random" "stable" ]); 107 107 default = "preserve"; 108 108 example = "00:11:22:33:44:55"; 109 109 description = lib.mdDoc '' ··· 126 126 pkgs.wpa_supplicant 127 127 ]; 128 128 129 - in { 129 + in 130 + { 130 131 131 132 meta = { 132 133 maintainers = teams.freedesktop.members; ··· 156 157 int 157 158 str 158 159 ])); 159 - default = {}; 160 + default = { }; 160 161 description = lib.mdDoc '' 161 162 Configuration for the [connection] section of NetworkManager.conf. 162 163 Refer to ··· 186 187 187 188 unmanaged = mkOption { 188 189 type = types.listOf types.str; 189 - default = []; 190 + default = [ ]; 190 191 description = lib.mdDoc '' 191 192 List of interfaces that will not be managed by NetworkManager. 192 193 Interface name can be specified here, but if you need more fidelity, ··· 251 252 252 253 appendNameservers = mkOption { 253 254 type = types.listOf types.str; 254 - default = []; 255 + default = [ ]; 255 256 description = lib.mdDoc '' 256 257 A list of name servers that should be appended 257 258 to the ones configured in NetworkManager or received by DHCP. ··· 260 261 261 262 insertNameservers = mkOption { 262 263 type = types.listOf types.str; 263 - default = []; 264 + default = [ ]; 264 265 description = lib.mdDoc '' 265 266 A list of name servers that should be inserted before 266 267 the ones configured in NetworkManager or received by DHCP. ··· 336 337 }; 337 338 }; 338 339 }); 339 - default = []; 340 + default = [ ]; 340 341 example = literalExpression '' 341 - [ { 342 - source = pkgs.writeText "upHook" ''' 342 + [ { 343 + source = pkgs.writeText "upHook" ''' 343 344 344 - if [ "$2" != "up" ]; then 345 - logger "exit: event $2 != up" 346 - exit 347 - fi 345 + if [ "$2" != "up" ]; then 346 + logger "exit: event $2 != up" 347 + exit 348 + fi 348 349 349 - # coreutils and iproute are in PATH too 350 - logger "Device $DEVICE_IFACE coming up" 351 - '''; 352 - type = "basic"; 353 - } ]''; 350 + # coreutils and iproute are in PATH too 351 + logger "Device $DEVICE_IFACE coming up" 352 + '''; 353 + type = "basic"; 354 + } ]''; 354 355 description = lib.mdDoc '' 355 356 A list of scripts which will be executed in response to network events. 356 357 ''; ··· 369 370 ''; 370 371 }; 371 372 372 - enableFccUnlock = mkOption { 373 - type = types.bool; 374 - default = false; 373 + fccUnlockScripts = mkOption { 374 + type = types.listOf (types.submodule { 375 + options = { 376 + id = mkOption { 377 + type = types.str; 378 + description = lib.mdDoc "vid:pid of either the PCI or USB vendor and product ID"; 379 + }; 380 + path = mkOption { 381 + type = types.path; 382 + description = lib.mdDoc "Path to the unlock script"; 383 + }; 384 + }; 385 + }); 386 + default = [ ]; 387 + example = literalExpression ''[{ name = "03f0:4e1d"; script = "''${pkgs.modemmanager}/share/ModemManager/fcc-unlock.available.d/03f0:4e1d"; }]''; 375 388 description = lib.mdDoc '' 376 - Enable FCC unlock procedures. Since release 1.18.4, the ModemManager daemon no longer 377 - automatically performs the FCC unlock procedure by default. See 378 - [the docs](https://modemmanager.org/docs/modemmanager/fcc-unlock/) 379 - for more details. 389 + List of FCC unlock scripts to enable on the system, behaving as described in 390 + https://modemmanager.org/docs/modemmanager/fcc-unlock/#integration-with-third-party-fcc-unlock-tools. 380 391 ''; 381 392 }; 382 393 }; ··· 387 398 [ "networking" "networkmanager" "packages" ] 388 399 [ "networking" "networkmanager" "plugins" ]) 389 400 (mkRenamedOptionModule [ "networking" "networkmanager" "useDnsmasq" ] [ "networking" "networkmanager" "dns" ]) 390 - (mkRemovedOptionModule ["networking" "networkmanager" "dynamicHosts"] '' 401 + (mkRemovedOptionModule [ "networking" "networkmanager" "enableFccUnlock" ] '' 402 + This option was removed, because using bundled FCC unlock scripts is risky, 403 + might conflict with vendor-provided unlock scripts, and should 404 + be a conscious decision on a per-device basis. 405 + Instead it's recommended to use the 406 + `networking.networkmanager.fccUnlockScripts` option. 407 + '') 408 + (mkRemovedOptionModule [ "networking" "networkmanager" "dynamicHosts" ] '' 391 409 This option was removed because allowing (multiple) regular users to 392 410 override host entries affecting the whole system opens up a huge attack 393 411 vector. There seem to be very rare cases where this might be useful. ··· 403 421 config = mkIf cfg.enable { 404 422 405 423 assertions = [ 406 - { assertion = config.networking.wireless.enable == true -> cfg.unmanaged != []; 424 + { 425 + assertion = config.networking.wireless.enable == true -> cfg.unmanaged != [ ]; 407 426 message = '' 408 427 You can not use networking.networkmanager with networking.wireless. 409 428 Except if you mark some interfaces as <literal>unmanaged</literal> by NetworkManager. ··· 414 433 hardware.wirelessRegulatoryDatabase = true; 415 434 416 435 environment.etc = { 417 - "NetworkManager/NetworkManager.conf".source = configFile; 418 - } 419 - // builtins.listToAttrs (map (pkg: nameValuePair "NetworkManager/${pkg.networkManagerPlugin}" { 436 + "NetworkManager/NetworkManager.conf".source = configFile; 437 + } 438 + // builtins.listToAttrs (map 439 + (pkg: nameValuePair "NetworkManager/${pkg.networkManagerPlugin}" { 420 440 source = "${pkg}/lib/NetworkManager/${pkg.networkManagerPlugin}"; 421 - }) cfg.plugins) 422 - // optionalAttrs cfg.enableFccUnlock 423 - { 424 - "ModemManager/fcc-unlock.d".source = 425 - "${pkgs.modemmanager}/share/ModemManager/fcc-unlock.available.d/*"; 426 - } 427 - // optionalAttrs (cfg.appendNameservers != [] || cfg.insertNameservers != []) 428 - { 429 - "NetworkManager/dispatcher.d/02overridedns".source = overrideNameserversScript; 430 - } 431 - // listToAttrs (lib.imap1 (i: s: 432 - { 433 - name = "NetworkManager/dispatcher.d/${dispatcherTypesSubdirMap.${s.type}}03userscript${lib.fixedWidthNumber 4 i}"; 434 - value = { mode = "0544"; inherit (s) source; }; 435 - }) cfg.dispatcherScripts); 441 + }) 442 + cfg.plugins) 443 + // builtins.listToAttrs (map 444 + (e: nameValuePair "ModemManager/fcc-unlock.d/${e.id}" { 445 + source = e.path; 446 + }) 447 + cfg.fccUnlockScripts) 448 + // optionalAttrs (cfg.appendNameservers != [ ] || cfg.insertNameservers != [ ]) 449 + { 450 + "NetworkManager/dispatcher.d/02overridedns".source = overrideNameserversScript; 451 + } 452 + // listToAttrs (lib.imap1 453 + (i: s: 454 + { 455 + name = "NetworkManager/dispatcher.d/${dispatcherTypesSubdirMap.${s.type}}03userscript${lib.fixedWidthNumber 4 i}"; 456 + value = { mode = "0544"; inherit (s) source; }; 457 + }) 458 + cfg.dispatcherScripts); 436 459 437 460 environment.systemPackages = packages; 438 461