tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
fork atom

Merge pull request #41715 from rickynils/networkmanager-dynamichosts

nixos: Add option networking.networkmanager.dynamicHosts

authored by Rickard Nilsson and committed by GitHub dad6f732 949bddfa

+81 -5
unified split
+81 -5
nixos/modules/services/networking/networkmanager.nix
··· 6 6 let 7 7 cfg = config.networking.networkmanager; 8 8 9 + dynamicHostsEnabled = 10 + cfg.dynamicHosts.enable && cfg.dynamicHosts.hostsDirs != {}; 11 + 9 12 # /var/lib/misc is for dnsmasq.leases. 10 13 stateDirs = "/var/lib/NetworkManager /var/lib/dhclient /var/lib/misc"; 11 14 ··· 253 256 so you don't need to to that yourself. 254 257 ''; 255 258 }; 259 + 260 + dynamicHosts = { 261 + enable = mkOption { 262 + type = types.bool; 263 + default = false; 264 + description = '' 265 + Enabling this option requires the 266 + <option>networking.networkmanager.useDnsmasq</option> option to be 267 + enabled too. If enabled, the directories defined by the 268 + <option>networking.networkmanager.dynamicHosts.hostsDirs</option> 269 + option will be set up when the service starts. The dnsmasq instance 270 + managed by NetworkManager will then watch those directories for 271 + hosts files (see the <literal>--hostsdir</literal> option of 272 + dnsmasq). This way a non-privileged user can add or override DNS 273 + entries on the local system (depending on what hosts directories 274 + that are configured).. 275 + ''; 276 + }; 277 + hostsDirs = mkOption { 278 + type = with types; attrsOf (submodule { 279 + options = { 280 + user = mkOption { 281 + type = types.str; 282 + default = "root"; 283 + description = '' 284 + The user that will own the hosts directory. 285 + ''; 286 + }; 287 + group = mkOption { 288 + type = types.str; 289 + default = "root"; 290 + description = '' 291 + The group that will own the hosts directory. 292 + ''; 293 + }; 294 + }; 295 + }); 296 + default = {}; 297 + description = '' 298 + Defines a set of directories (relative to 299 + <literal>/run/NetworkManager/hostdirs</literal>) that dnsmasq will 300 + watch for hosts files. 301 + ''; 302 + }; 303 + }; 256 304 }; 257 305 }; 258 306 ··· 261 309 262 310 config = mkIf cfg.enable { 263 311 264 - assertions = [{ 265 - assertion = config.networking.wireless.enable == false; 266 - message = "You can not use networking.networkmanager with networking.wireless"; 267 - }]; 312 + assertions = [ 313 + { assertion = config.networking.wireless.enable == false; 314 + message = "You can not use networking.networkmanager with networking.wireless"; 315 + } 316 + { assertion = dynamicHostsEnabled && cfg.useDnsmasq; 317 + message = '' 318 + To use networking.networkmanager.dynamicHosts you also need to enable 319 + networking.networkmanager.useDnsmasq 320 + ''; 321 + } 322 + ]; 268 323 269 324 environment.etc = with cfg.basePackages; [ 270 325 { source = configFile; ··· 298 353 ++ lib.imap1 (i: s: { 299 354 inherit (s) source; 300 355 target = "NetworkManager/dispatcher.d/${dispatcherTypesSubdirMap.${s.type}}03userscript${lib.fixedWidthNumber 4 i}"; 301 - }) cfg.dispatcherScripts; 356 + }) cfg.dispatcherScripts 357 + ++ optional (dynamicHostsEnabled) 358 + { target = "NetworkManager/dnsmasq.d/dyndns.conf"; 359 + text = concatMapStrings (n: '' 360 + hostsdir=/run/NetworkManager/hostsdirs/${n} 361 + '') (attrNames cfg.dynamicHosts.hostsDirs); 362 + }; 302 363 303 364 environment.systemPackages = cfg.packages; 304 365 ··· 332 393 mkdir -m 700 -p /etc/ipsec.d 333 394 mkdir -m 755 -p ${stateDirs} 334 395 ''; 396 + }; 397 + 398 + systemd.services.nm-setup-hostsdirs = mkIf dynamicHostsEnabled { 399 + wantedBy = [ "network-manager.service" ]; 400 + before = [ "network-manager.service" ]; 401 + partOf = [ "network-manager.service" ]; 402 + script = concatStrings (mapAttrsToList (n: d: '' 403 + mkdir -p "/run/NetworkManager/hostsdirs/${n}" 404 + chown "${d.user}:${d.group}" "/run/NetworkManager/hostsdirs/${n}" 405 + chmod 0775 "/run/NetworkManager/hostsdirs/${n}" 406 + '') cfg.dynamicHosts.hostsDirs); 407 + serviceConfig = { 408 + Type = "oneshot"; 409 + RemainAfterExist = true; 410 + }; 335 411 }; 336 412 337 413 # Turn off NixOS' network management