2014-04-14 15:26:48 +01:00
|
|
|
|
{ config, lib, pkgs, ... }:
|
2012-03-15 07:19:17 +00:00
|
|
|
|
|
2014-05-05 19:58:51 +01:00
|
|
|
|
with lib;
|
2012-03-15 07:19:17 +00:00
|
|
|
|
|
|
|
|
|
let
|
2012-09-19 13:13:34 +01:00
|
|
|
|
cfg = config.networking.networkmanager;
|
|
|
|
|
|
2019-09-30 01:05:40 +01:00
|
|
|
|
basePackages = with pkgs; [
|
|
|
|
|
crda
|
|
|
|
|
modemmanager
|
|
|
|
|
networkmanager
|
|
|
|
|
networkmanager-fortisslvpn
|
|
|
|
|
networkmanager-iodine
|
|
|
|
|
networkmanager-l2tp
|
|
|
|
|
networkmanager-openconnect
|
|
|
|
|
networkmanager-openvpn
|
|
|
|
|
networkmanager-vpnc
|
2019-10-03 02:45:44 +01:00
|
|
|
|
] ++ optional (!delegateWireless && !enableIwd) wpa_supplicant;
|
2019-09-30 01:05:40 +01:00
|
|
|
|
|
2018-07-05 22:22:09 +01:00
|
|
|
|
dynamicHostsEnabled =
|
|
|
|
|
cfg.dynamicHosts.enable && cfg.dynamicHosts.hostsDirs != {};
|
|
|
|
|
|
2019-07-06 02:57:53 +01:00
|
|
|
|
delegateWireless = config.networking.wireless.enable == true && cfg.unmanaged != [];
|
|
|
|
|
|
2019-10-03 02:45:44 +01:00
|
|
|
|
enableIwd = cfg.wifi.backend == "iwd";
|
|
|
|
|
|
2015-08-26 20:17:08 +01:00
|
|
|
|
# /var/lib/misc is for dnsmasq.leases.
|
|
|
|
|
stateDirs = "/var/lib/NetworkManager /var/lib/dhclient /var/lib/misc";
|
2012-09-19 13:13:34 +01:00
|
|
|
|
|
2019-06-10 16:30:26 +01:00
|
|
|
|
configFile = pkgs.writeText "NetworkManager.conf" ''
|
2012-09-19 13:13:34 +01:00
|
|
|
|
[main]
|
|
|
|
|
plugins=keyfile
|
2017-06-02 12:05:22 +01:00
|
|
|
|
dhcp=${cfg.dhcp}
|
2018-06-29 18:41:46 +01:00
|
|
|
|
dns=${cfg.dns}
|
2019-07-15 18:18:49 +01:00
|
|
|
|
# If resolvconf is disabled that means that resolv.conf is managed by some other module.
|
|
|
|
|
rc-manager=${if config.networking.resolvconf.enable then "resolvconf" else "unmanaged"}
|
2012-09-19 13:13:34 +01:00
|
|
|
|
|
|
|
|
|
[keyfile]
|
2015-11-07 13:06:33 +00:00
|
|
|
|
${optionalString (cfg.unmanaged != [])
|
|
|
|
|
''unmanaged-devices=${lib.concatStringsSep ";" cfg.unmanaged}''}
|
2012-09-19 13:13:34 +01:00
|
|
|
|
|
|
|
|
|
[logging]
|
2017-06-02 12:05:22 +01:00
|
|
|
|
level=${cfg.logLevel}
|
2016-05-16 13:27:56 +01:00
|
|
|
|
audit=${lib.boolToString config.security.audit.enable}
|
2016-03-03 17:01:01 +00:00
|
|
|
|
|
|
|
|
|
[connection]
|
|
|
|
|
ipv6.ip6-privacy=2
|
2017-03-07 02:50:37 +00:00
|
|
|
|
ethernet.cloned-mac-address=${cfg.ethernet.macAddress}
|
|
|
|
|
wifi.cloned-mac-address=${cfg.wifi.macAddress}
|
2017-11-02 21:57:25 +00:00
|
|
|
|
${optionalString (cfg.wifi.powersave != null)
|
|
|
|
|
''wifi.powersave=${if cfg.wifi.powersave then "3" else "2"}''}
|
|
|
|
|
|
|
|
|
|
[device]
|
|
|
|
|
wifi.scan-rand-mac-address=${if cfg.wifi.scanRandMacAddress then "yes" else "no"}
|
2019-10-03 02:45:44 +01:00
|
|
|
|
wifi.backend=${cfg.wifi.backend}
|
2018-06-17 18:03:29 +01:00
|
|
|
|
|
|
|
|
|
${cfg.extraConfig}
|
2012-09-19 13:13:34 +01:00
|
|
|
|
'';
|
|
|
|
|
|
2013-11-09 15:29:18 +00:00
|
|
|
|
/*
|
2012-09-19 13:13:34 +01:00
|
|
|
|
[network-manager]
|
|
|
|
|
Identity=unix-group:networkmanager
|
|
|
|
|
Action=org.freedesktop.NetworkManager.*
|
|
|
|
|
ResultAny=yes
|
|
|
|
|
ResultInactive=no
|
|
|
|
|
ResultActive=yes
|
|
|
|
|
|
|
|
|
|
[modem-manager]
|
|
|
|
|
Identity=unix-group:networkmanager
|
2014-02-08 19:16:34 +00:00
|
|
|
|
Action=org.freedesktop.ModemManager*
|
2012-09-19 13:13:34 +01:00
|
|
|
|
ResultAny=yes
|
|
|
|
|
ResultInactive=no
|
|
|
|
|
ResultActive=yes
|
2013-11-09 15:29:18 +00:00
|
|
|
|
*/
|
|
|
|
|
polkitConf = ''
|
|
|
|
|
polkit.addRule(function(action, subject) {
|
|
|
|
|
if (
|
|
|
|
|
subject.isInGroup("networkmanager")
|
|
|
|
|
&& (action.id.indexOf("org.freedesktop.NetworkManager.") == 0
|
2014-02-08 19:16:34 +00:00
|
|
|
|
|| action.id.indexOf("org.freedesktop.ModemManager") == 0
|
2013-11-09 15:29:18 +00:00
|
|
|
|
))
|
|
|
|
|
{ return polkit.Result.YES; }
|
|
|
|
|
});
|
2012-09-19 13:13:34 +01:00
|
|
|
|
'';
|
|
|
|
|
|
2019-06-10 16:29:13 +01:00
|
|
|
|
ns = xs: pkgs.writeText "nameservers" (
|
2013-11-13 00:52:57 +00:00
|
|
|
|
concatStrings (map (s: "nameserver ${s}\n") xs)
|
|
|
|
|
);
|
|
|
|
|
|
2019-06-10 16:29:13 +01:00
|
|
|
|
overrideNameserversScript = pkgs.writeScript "02overridedns" ''
|
2013-08-15 23:35:57 +01:00
|
|
|
|
#!/bin/sh
|
2019-06-10 16:29:13 +01:00
|
|
|
|
PATH=${with pkgs; makeBinPath [ gnused gnugrep coreutils ]}
|
2019-07-11 16:37:51 +01:00
|
|
|
|
tmp=$(mktemp)
|
2019-06-10 16:29:13 +01:00
|
|
|
|
sed '/nameserver /d' /etc/resolv.conf > $tmp
|
|
|
|
|
grep 'nameserver ' /etc/resolv.conf | \
|
|
|
|
|
grep -vf ${ns (cfg.appendNameservers ++ cfg.insertNameservers)} > $tmp.ns
|
|
|
|
|
cat $tmp ${ns cfg.insertNameservers} $tmp.ns ${ns cfg.appendNameservers} > /etc/resolv.conf
|
|
|
|
|
rm -f $tmp $tmp.ns
|
2013-08-15 23:35:57 +01:00
|
|
|
|
'';
|
|
|
|
|
|
2015-03-08 17:30:15 +00:00
|
|
|
|
dispatcherTypesSubdirMap = {
|
2019-08-13 22:52:01 +01:00
|
|
|
|
basic = "";
|
|
|
|
|
pre-up = "pre-up.d/";
|
|
|
|
|
pre-down = "pre-down.d/";
|
2015-03-08 17:30:15 +00:00
|
|
|
|
};
|
|
|
|
|
|
2017-03-07 02:50:37 +00:00
|
|
|
|
macAddressOpt = mkOption {
|
|
|
|
|
type = types.either types.str (types.enum ["permanent" "preserve" "random" "stable"]);
|
|
|
|
|
default = "preserve";
|
|
|
|
|
example = "00:11:22:33:44:55";
|
|
|
|
|
description = ''
|
2019-05-24 13:47:34 +01:00
|
|
|
|
Set the MAC address of the interface.
|
|
|
|
|
<variablelist>
|
|
|
|
|
<varlistentry>
|
|
|
|
|
<term>"XX:XX:XX:XX:XX:XX"</term>
|
|
|
|
|
<listitem><para>MAC address of the interface</para></listitem>
|
|
|
|
|
</varlistentry>
|
|
|
|
|
<varlistentry>
|
|
|
|
|
<term><literal>"permanent"</literal></term>
|
|
|
|
|
<listitem><para>Use the permanent MAC address of the device</para></listitem>
|
|
|
|
|
</varlistentry>
|
|
|
|
|
<varlistentry>
|
|
|
|
|
<term><literal>"preserve"</literal></term>
|
|
|
|
|
<listitem><para>Don’t change the MAC address of the device upon activation</para></listitem>
|
|
|
|
|
</varlistentry>
|
|
|
|
|
<varlistentry>
|
|
|
|
|
<term><literal>"random"</literal></term>
|
|
|
|
|
<listitem><para>Generate a randomized value upon each connect</para></listitem>
|
|
|
|
|
</varlistentry>
|
|
|
|
|
<varlistentry>
|
|
|
|
|
<term><literal>"stable"</literal></term>
|
|
|
|
|
<listitem><para>Generate a stable, hashed MAC address</para></listitem>
|
|
|
|
|
</varlistentry>
|
|
|
|
|
</variablelist>
|
2017-03-07 02:50:37 +00:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2012-09-19 13:13:34 +01:00
|
|
|
|
in {
|
2012-03-15 07:19:17 +00:00
|
|
|
|
|
|
|
|
|
###### interface
|
|
|
|
|
|
|
|
|
|
options = {
|
|
|
|
|
|
2013-08-15 23:35:57 +01:00
|
|
|
|
networking.networkmanager = {
|
|
|
|
|
|
|
|
|
|
enable = mkOption {
|
2013-10-28 15:14:15 +00:00
|
|
|
|
type = types.bool;
|
2013-08-15 23:35:57 +01:00
|
|
|
|
default = false;
|
|
|
|
|
description = ''
|
|
|
|
|
Whether to use NetworkManager to obtain an IP address and other
|
|
|
|
|
configuration for all network interfaces that are not manually
|
|
|
|
|
configured. If enabled, a group <literal>networkmanager</literal>
|
|
|
|
|
will be created. Add all users that should have permission
|
|
|
|
|
to change network settings to this group.
|
|
|
|
|
'';
|
|
|
|
|
};
|
2014-02-12 11:29:18 +00:00
|
|
|
|
|
2018-06-17 18:03:29 +01:00
|
|
|
|
extraConfig = mkOption {
|
|
|
|
|
type = types.lines;
|
|
|
|
|
default = "";
|
|
|
|
|
description = ''
|
|
|
|
|
Configuration appended to the generated NetworkManager.conf.
|
2019-05-24 13:47:34 +01:00
|
|
|
|
Refer to
|
|
|
|
|
<link xlink:href="https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html">
|
|
|
|
|
https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html
|
|
|
|
|
</link>
|
|
|
|
|
or
|
|
|
|
|
<citerefentry>
|
|
|
|
|
<refentrytitle>NetworkManager.conf</refentrytitle>
|
|
|
|
|
<manvolnum>5</manvolnum>
|
|
|
|
|
</citerefentry>
|
|
|
|
|
for more information.
|
2018-06-17 18:03:29 +01:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2015-11-07 13:06:33 +00:00
|
|
|
|
unmanaged = mkOption {
|
2019-08-08 21:48:27 +01:00
|
|
|
|
type = types.listOf types.str;
|
2015-11-07 13:06:33 +00:00
|
|
|
|
default = [];
|
|
|
|
|
description = ''
|
|
|
|
|
List of interfaces that will not be managed by NetworkManager.
|
2019-05-24 13:47:34 +01:00
|
|
|
|
Interface name can be specified here, but if you need more fidelity,
|
|
|
|
|
refer to
|
|
|
|
|
<link xlink:href="https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html#device-spec">
|
|
|
|
|
https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html#device-spec
|
|
|
|
|
</link>
|
|
|
|
|
or the "Device List Format" Appendix of
|
|
|
|
|
<citerefentry>
|
|
|
|
|
<refentrytitle>NetworkManager.conf</refentrytitle>
|
|
|
|
|
<manvolnum>5</manvolnum>
|
|
|
|
|
</citerefentry>.
|
2015-11-07 13:06:33 +00:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2013-08-15 23:35:57 +01:00
|
|
|
|
packages = mkOption {
|
2019-09-30 01:05:40 +01:00
|
|
|
|
type = types.listOf types.package;
|
2013-08-15 23:35:57 +01:00
|
|
|
|
default = [ ];
|
|
|
|
|
description = ''
|
|
|
|
|
Extra packages that provide NetworkManager plugins.
|
|
|
|
|
'';
|
2019-09-30 01:05:40 +01:00
|
|
|
|
apply = list: basePackages ++ list;
|
2013-08-15 23:35:57 +01:00
|
|
|
|
};
|
|
|
|
|
|
2017-06-02 12:05:22 +01:00
|
|
|
|
dhcp = mkOption {
|
|
|
|
|
type = types.enum [ "dhclient" "dhcpcd" "internal" ];
|
2019-09-14 00:02:38 +01:00
|
|
|
|
default = "internal";
|
2017-06-02 12:05:22 +01:00
|
|
|
|
description = ''
|
|
|
|
|
Which program (or internal library) should be used for DHCP.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
logLevel = mkOption {
|
|
|
|
|
type = types.enum [ "OFF" "ERR" "WARN" "INFO" "DEBUG" "TRACE" ];
|
|
|
|
|
default = "WARN";
|
|
|
|
|
description = ''
|
|
|
|
|
Set the default logging verbosity level.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2013-11-13 00:52:57 +00:00
|
|
|
|
appendNameservers = mkOption {
|
2015-06-15 17:18:46 +01:00
|
|
|
|
type = types.listOf types.str;
|
2013-11-13 00:52:57 +00:00
|
|
|
|
default = [];
|
2013-08-15 23:35:57 +01:00
|
|
|
|
description = ''
|
2013-11-13 00:52:57 +00:00
|
|
|
|
A list of name servers that should be appended
|
|
|
|
|
to the ones configured in NetworkManager or received by DHCP.
|
2013-08-20 12:36:01 +01:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2013-11-13 00:52:57 +00:00
|
|
|
|
insertNameservers = mkOption {
|
2015-06-15 17:18:46 +01:00
|
|
|
|
type = types.listOf types.str;
|
2013-11-13 00:52:57 +00:00
|
|
|
|
default = [];
|
2013-08-20 12:36:01 +01:00
|
|
|
|
description = ''
|
2013-11-13 00:52:57 +00:00
|
|
|
|
A list of name servers that should be inserted before
|
|
|
|
|
the ones configured in NetworkManager or received by DHCP.
|
2013-08-15 23:35:57 +01:00
|
|
|
|
'';
|
|
|
|
|
};
|
2012-03-15 07:19:17 +00:00
|
|
|
|
|
2017-03-07 02:50:37 +00:00
|
|
|
|
ethernet.macAddress = macAddressOpt;
|
2017-11-02 21:57:25 +00:00
|
|
|
|
|
|
|
|
|
wifi = {
|
|
|
|
|
macAddress = macAddressOpt;
|
|
|
|
|
|
2019-10-03 02:45:44 +01:00
|
|
|
|
backend = mkOption {
|
|
|
|
|
type = types.enum [ "wpa_supplicant" "iwd" ];
|
|
|
|
|
default = "wpa_supplicant";
|
|
|
|
|
description = ''
|
|
|
|
|
Specify the Wi-Fi backend used for the device.
|
|
|
|
|
Currently supported are <option>wpa_supplicant</option> or <option>iwd</option> (experimental).
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2017-11-02 21:57:25 +00:00
|
|
|
|
powersave = mkOption {
|
|
|
|
|
type = types.nullOr types.bool;
|
|
|
|
|
default = null;
|
|
|
|
|
description = ''
|
|
|
|
|
Whether to enable Wi-Fi power saving.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
scanRandMacAddress = mkOption {
|
|
|
|
|
type = types.bool;
|
|
|
|
|
default = true;
|
|
|
|
|
description = ''
|
|
|
|
|
Whether to enable MAC address randomization of a Wi-Fi device
|
|
|
|
|
during scanning.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
};
|
2017-03-07 02:50:37 +00:00
|
|
|
|
|
2018-05-03 13:05:43 +01:00
|
|
|
|
dns = mkOption {
|
2018-06-29 18:41:46 +01:00
|
|
|
|
type = types.enum [ "default" "dnsmasq" "unbound" "systemd-resolved" "none" ];
|
|
|
|
|
default = "default";
|
2017-10-14 07:40:22 +01:00
|
|
|
|
description = ''
|
2018-06-29 18:41:46 +01:00
|
|
|
|
Set the DNS (<literal>resolv.conf</literal>) processing mode.
|
|
|
|
|
</para>
|
|
|
|
|
<para>
|
2019-05-24 13:47:34 +01:00
|
|
|
|
A description of these modes can be found in the main section of
|
|
|
|
|
<link xlink:href="https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html">
|
|
|
|
|
https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html
|
|
|
|
|
</link>
|
|
|
|
|
or in
|
|
|
|
|
<citerefentry>
|
|
|
|
|
<refentrytitle>NetworkManager.conf</refentrytitle>
|
|
|
|
|
<manvolnum>5</manvolnum>
|
|
|
|
|
</citerefentry>.
|
2017-10-14 07:40:22 +01:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2015-03-08 17:30:15 +00:00
|
|
|
|
dispatcherScripts = mkOption {
|
|
|
|
|
type = types.listOf (types.submodule {
|
|
|
|
|
options = {
|
|
|
|
|
source = mkOption {
|
2017-04-09 13:14:04 +01:00
|
|
|
|
type = types.path;
|
2015-03-08 17:30:15 +00:00
|
|
|
|
description = ''
|
2018-04-26 10:53:19 +01:00
|
|
|
|
Path to the hook script.
|
2015-03-08 17:30:15 +00:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
type = mkOption {
|
2017-06-02 12:05:22 +01:00
|
|
|
|
type = types.enum (attrNames dispatcherTypesSubdirMap);
|
2015-03-08 17:30:15 +00:00
|
|
|
|
default = "basic";
|
|
|
|
|
description = ''
|
2018-04-26 10:53:19 +01:00
|
|
|
|
Dispatcher hook type. Look up the hooks described at
|
|
|
|
|
<link xlink:href="https://developer.gnome.org/NetworkManager/stable/NetworkManager.html">https://developer.gnome.org/NetworkManager/stable/NetworkManager.html</link>
|
|
|
|
|
and choose the type depending on the output folder.
|
|
|
|
|
You should then filter the event type (e.g., "up"/"down") from within your script.
|
2015-03-08 17:30:15 +00:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
});
|
|
|
|
|
default = [];
|
2018-04-26 10:53:19 +01:00
|
|
|
|
example = literalExample ''
|
|
|
|
|
[ {
|
|
|
|
|
source = pkgs.writeText "upHook" '''
|
|
|
|
|
|
|
|
|
|
if [ "$2" != "up" ]; then
|
|
|
|
|
logger "exit: event $2 != up"
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# coreutils and iproute are in PATH too
|
|
|
|
|
logger "Device $DEVICE_IFACE coming up"
|
|
|
|
|
''';
|
|
|
|
|
type = "basic";
|
|
|
|
|
} ]'';
|
2015-03-08 17:30:15 +00:00
|
|
|
|
description = ''
|
|
|
|
|
A list of scripts which will be executed in response to network events.
|
|
|
|
|
'';
|
|
|
|
|
};
|
2017-10-24 22:55:05 +01:00
|
|
|
|
|
|
|
|
|
enableStrongSwan = mkOption {
|
|
|
|
|
type = types.bool;
|
|
|
|
|
default = false;
|
|
|
|
|
description = ''
|
|
|
|
|
Enable the StrongSwan plugin.
|
|
|
|
|
</para><para>
|
|
|
|
|
If you enable this option the
|
|
|
|
|
<literal>networkmanager_strongswan</literal> plugin will be added to
|
|
|
|
|
the <option>networking.networkmanager.packages</option> option
|
|
|
|
|
so you don't need to to that yourself.
|
|
|
|
|
'';
|
|
|
|
|
};
|
2018-07-05 22:22:09 +01:00
|
|
|
|
|
|
|
|
|
dynamicHosts = {
|
|
|
|
|
enable = mkOption {
|
|
|
|
|
type = types.bool;
|
|
|
|
|
default = false;
|
|
|
|
|
description = ''
|
|
|
|
|
Enabling this option requires the
|
|
|
|
|
<option>networking.networkmanager.dns</option> option to be
|
|
|
|
|
set to <literal>dnsmasq</literal>. If enabled, the directories
|
|
|
|
|
defined by the
|
|
|
|
|
<option>networking.networkmanager.dynamicHosts.hostsDirs</option>
|
|
|
|
|
option will be set up when the service starts. The dnsmasq instance
|
|
|
|
|
managed by NetworkManager will then watch those directories for
|
|
|
|
|
hosts files (see the <literal>--hostsdir</literal> option of
|
|
|
|
|
dnsmasq). This way a non-privileged user can add or override DNS
|
|
|
|
|
entries on the local system (depending on what hosts directories
|
|
|
|
|
that are configured)..
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
hostsDirs = mkOption {
|
|
|
|
|
type = with types; attrsOf (submodule {
|
|
|
|
|
options = {
|
|
|
|
|
user = mkOption {
|
|
|
|
|
type = types.str;
|
|
|
|
|
default = "root";
|
|
|
|
|
description = ''
|
|
|
|
|
The user that will own the hosts directory.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
group = mkOption {
|
|
|
|
|
type = types.str;
|
|
|
|
|
default = "root";
|
|
|
|
|
description = ''
|
|
|
|
|
The group that will own the hosts directory.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
});
|
|
|
|
|
default = {};
|
|
|
|
|
description = ''
|
|
|
|
|
Defines a set of directories (relative to
|
|
|
|
|
<literal>/run/NetworkManager/hostdirs</literal>) that dnsmasq will
|
|
|
|
|
watch for hosts files.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
};
|
2012-03-15 07:19:17 +00:00
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
###### implementation
|
|
|
|
|
|
2012-09-19 13:13:34 +01:00
|
|
|
|
config = mkIf cfg.enable {
|
|
|
|
|
|
2018-07-05 22:22:09 +01:00
|
|
|
|
assertions = [
|
2019-07-06 02:57:53 +01:00
|
|
|
|
{ assertion = config.networking.wireless.enable == true -> cfg.unmanaged != [];
|
|
|
|
|
message = ''
|
|
|
|
|
You can not use networking.networkmanager with networking.wireless.
|
|
|
|
|
Except if you mark some interfaces as <literal>unmanaged</literal> by NetworkManager.
|
|
|
|
|
'';
|
2018-07-05 22:22:09 +01:00
|
|
|
|
}
|
|
|
|
|
{ assertion = !dynamicHostsEnabled || (dynamicHostsEnabled && cfg.dns == "dnsmasq");
|
|
|
|
|
message = ''
|
|
|
|
|
To use networking.networkmanager.dynamicHosts you also need to set
|
2019-10-03 02:45:44 +01:00
|
|
|
|
`networking.networkmanager.dns = "dnsmasq"`
|
2018-07-05 22:22:09 +01:00
|
|
|
|
'';
|
|
|
|
|
}
|
|
|
|
|
];
|
2013-03-31 20:18:51 +01:00
|
|
|
|
|
2019-09-30 01:05:40 +01:00
|
|
|
|
environment.etc = with pkgs; [
|
2013-01-03 17:55:56 +00:00
|
|
|
|
{ source = configFile;
|
|
|
|
|
target = "NetworkManager/NetworkManager.conf";
|
|
|
|
|
}
|
2018-09-08 13:10:51 +01:00
|
|
|
|
{ source = "${networkmanager-openvpn}/lib/NetworkManager/VPN/nm-openvpn-service.name";
|
2013-05-13 16:52:19 +01:00
|
|
|
|
target = "NetworkManager/VPN/nm-openvpn-service.name";
|
|
|
|
|
}
|
2018-09-08 13:10:51 +01:00
|
|
|
|
{ source = "${networkmanager-vpnc}/lib/NetworkManager/VPN/nm-vpnc-service.name";
|
2013-07-10 15:43:26 +01:00
|
|
|
|
target = "NetworkManager/VPN/nm-vpnc-service.name";
|
|
|
|
|
}
|
2018-09-08 13:10:51 +01:00
|
|
|
|
{ source = "${networkmanager-openconnect}/lib/NetworkManager/VPN/nm-openconnect-service.name";
|
2013-07-10 15:43:26 +01:00
|
|
|
|
target = "NetworkManager/VPN/nm-openconnect-service.name";
|
|
|
|
|
}
|
2018-09-08 13:10:51 +01:00
|
|
|
|
{ source = "${networkmanager-fortisslvpn}/lib/NetworkManager/VPN/nm-fortisslvpn-service.name";
|
2017-05-19 13:42:36 +01:00
|
|
|
|
target = "NetworkManager/VPN/nm-fortisslvpn-service.name";
|
|
|
|
|
}
|
2018-09-08 13:10:51 +01:00
|
|
|
|
{ source = "${networkmanager-l2tp}/lib/NetworkManager/VPN/nm-l2tp-service.name";
|
2015-03-24 11:08:05 +00:00
|
|
|
|
target = "NetworkManager/VPN/nm-l2tp-service.name";
|
|
|
|
|
}
|
2018-09-08 13:10:51 +01:00
|
|
|
|
{ source = "${networkmanager-iodine}/lib/NetworkManager/VPN/nm-iodine-service.name";
|
2017-08-15 22:42:48 +01:00
|
|
|
|
target = "NetworkManager/VPN/nm-iodine-service.name";
|
|
|
|
|
}
|
2019-06-10 16:27:27 +01:00
|
|
|
|
] ++ optional (cfg.appendNameservers != [] || cfg.insertNameservers != [])
|
2013-08-15 23:35:57 +01:00
|
|
|
|
{ source = overrideNameserversScript;
|
|
|
|
|
target = "NetworkManager/dispatcher.d/02overridedns";
|
2015-03-08 17:30:15 +00:00
|
|
|
|
}
|
2017-07-04 23:29:23 +01:00
|
|
|
|
++ lib.imap1 (i: s: {
|
2017-04-09 13:14:04 +01:00
|
|
|
|
inherit (s) source;
|
2015-03-08 17:30:15 +00:00
|
|
|
|
target = "NetworkManager/dispatcher.d/${dispatcherTypesSubdirMap.${s.type}}03userscript${lib.fixedWidthNumber 4 i}";
|
2018-04-26 10:53:19 +01:00
|
|
|
|
mode = "0544";
|
2018-07-05 22:22:09 +01:00
|
|
|
|
}) cfg.dispatcherScripts
|
2019-06-10 16:31:14 +01:00
|
|
|
|
++ optional dynamicHostsEnabled
|
2018-07-05 22:22:09 +01:00
|
|
|
|
{ target = "NetworkManager/dnsmasq.d/dyndns.conf";
|
|
|
|
|
text = concatMapStrings (n: ''
|
|
|
|
|
hostsdir=/run/NetworkManager/hostsdirs/${n}
|
|
|
|
|
'') (attrNames cfg.dynamicHosts.hostsDirs);
|
2019-06-10 16:31:14 +01:00
|
|
|
|
}
|
|
|
|
|
++ optional cfg.enableStrongSwan
|
|
|
|
|
{ source = "${pkgs.networkmanager_strongswan}/lib/NetworkManager/VPN/nm-strongswan-service.name";
|
|
|
|
|
target = "NetworkManager/VPN/nm-strongswan-service.name";
|
2018-07-05 22:22:09 +01:00
|
|
|
|
};
|
2012-09-19 13:13:34 +01:00
|
|
|
|
|
2015-04-10 16:02:57 +01:00
|
|
|
|
environment.systemPackages = cfg.packages;
|
2012-03-15 07:19:17 +00:00
|
|
|
|
|
2018-06-30 00:58:35 +01:00
|
|
|
|
users.groups = [{
|
2012-09-19 13:13:34 +01:00
|
|
|
|
name = "networkmanager";
|
|
|
|
|
gid = config.ids.gids.networkmanager;
|
2015-10-29 08:58:38 +00:00
|
|
|
|
}
|
|
|
|
|
{
|
|
|
|
|
name = "nm-openvpn";
|
2015-12-08 16:46:57 +00:00
|
|
|
|
gid = config.ids.gids.nm-openvpn;
|
2015-10-29 08:58:38 +00:00
|
|
|
|
}];
|
2018-06-30 00:58:35 +01:00
|
|
|
|
users.users = [{
|
2015-10-29 08:58:38 +00:00
|
|
|
|
name = "nm-openvpn";
|
2015-12-08 16:46:57 +00:00
|
|
|
|
uid = config.ids.uids.nm-openvpn;
|
2017-04-11 03:41:55 +01:00
|
|
|
|
extraGroups = [ "networkmanager" ];
|
2017-08-15 22:42:48 +01:00
|
|
|
|
}
|
|
|
|
|
{
|
|
|
|
|
name = "nm-iodine";
|
|
|
|
|
isSystemUser = true;
|
|
|
|
|
group = "networkmanager";
|
2015-10-29 08:58:38 +00:00
|
|
|
|
}];
|
2012-09-19 13:13:34 +01:00
|
|
|
|
|
2013-01-03 17:55:56 +00:00
|
|
|
|
systemd.packages = cfg.packages;
|
|
|
|
|
|
2019-08-13 22:52:01 +01:00
|
|
|
|
systemd.services.NetworkManager = {
|
2013-01-03 17:55:56 +00:00
|
|
|
|
wantedBy = [ "network.target" ];
|
2017-03-07 02:50:37 +00:00
|
|
|
|
restartTriggers = [ configFile ];
|
2016-08-14 11:27:14 +01:00
|
|
|
|
|
|
|
|
|
preStart = ''
|
2012-09-19 13:13:34 +01:00
|
|
|
|
mkdir -m 700 -p /etc/NetworkManager/system-connections
|
2017-10-31 11:14:00 +00:00
|
|
|
|
mkdir -m 700 -p /etc/ipsec.d
|
2012-09-19 13:13:34 +01:00
|
|
|
|
mkdir -m 755 -p ${stateDirs}
|
|
|
|
|
'';
|
2019-09-13 17:11:53 +01:00
|
|
|
|
|
|
|
|
|
aliases = [ "dbus-org.freedesktop.NetworkManager.service" ];
|
2012-09-19 13:13:34 +01:00
|
|
|
|
};
|
2012-03-15 07:19:17 +00:00
|
|
|
|
|
2019-05-05 00:02:35 +01:00
|
|
|
|
systemd.services.NetworkManager-wait-online = {
|
|
|
|
|
wantedBy = [ "network-online.target" ];
|
|
|
|
|
};
|
|
|
|
|
|
2019-09-13 17:11:53 +01:00
|
|
|
|
systemd.services.ModemManager.aliases = [ "dbus-org.freedesktop.ModemManager1.service" ];
|
|
|
|
|
|
2018-07-05 22:22:09 +01:00
|
|
|
|
systemd.services.nm-setup-hostsdirs = mkIf dynamicHostsEnabled {
|
2018-12-02 12:11:44 +00:00
|
|
|
|
wantedBy = [ "NetworkManager.service" ];
|
|
|
|
|
before = [ "NetworkManager.service" ];
|
|
|
|
|
partOf = [ "NetworkManager.service" ];
|
2018-07-05 22:22:09 +01:00
|
|
|
|
script = concatStrings (mapAttrsToList (n: d: ''
|
|
|
|
|
mkdir -p "/run/NetworkManager/hostsdirs/${n}"
|
|
|
|
|
chown "${d.user}:${d.group}" "/run/NetworkManager/hostsdirs/${n}"
|
|
|
|
|
chmod 0775 "/run/NetworkManager/hostsdirs/${n}"
|
|
|
|
|
'') cfg.dynamicHosts.hostsDirs);
|
|
|
|
|
serviceConfig = {
|
|
|
|
|
Type = "oneshot";
|
2018-12-15 07:33:28 +00:00
|
|
|
|
RemainAfterExit = true;
|
2018-07-05 22:22:09 +01:00
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2019-08-13 22:52:01 +01:00
|
|
|
|
systemd.services.NetworkManager-dispatcher = {
|
2018-04-26 10:53:19 +01:00
|
|
|
|
wantedBy = [ "network.target" ];
|
|
|
|
|
restartTriggers = [ configFile ];
|
|
|
|
|
|
|
|
|
|
# useful binaries for user-specified hooks
|
|
|
|
|
path = [ pkgs.iproute pkgs.utillinux pkgs.coreutils ];
|
2019-09-13 17:11:53 +01:00
|
|
|
|
aliases = [ "dbus-org.freedesktop.nm-dispatcher.service" ];
|
2018-04-26 10:53:19 +01:00
|
|
|
|
};
|
|
|
|
|
|
2019-07-06 02:57:53 +01:00
|
|
|
|
# Turn off NixOS' network management when networking is managed entirely by NetworkManager
|
|
|
|
|
networking = (mkIf (!delegateWireless) {
|
2013-01-03 17:55:56 +00:00
|
|
|
|
useDHCP = false;
|
2019-07-06 02:57:53 +01:00
|
|
|
|
# Use mkDefault to trigger the assertion about the conflict above
|
2019-07-15 18:18:49 +01:00
|
|
|
|
wireless.enable = mkDefault false;
|
2019-07-06 02:57:53 +01:00
|
|
|
|
}) // (mkIf cfg.enableStrongSwan {
|
|
|
|
|
networkmanager.packages = [ pkgs.networkmanager_strongswan ];
|
2019-10-03 02:45:44 +01:00
|
|
|
|
}) // (mkIf enableIwd {
|
|
|
|
|
wireless.iwd.enable = true;
|
2019-07-06 02:57:53 +01:00
|
|
|
|
});
|
2012-09-19 13:13:34 +01:00
|
|
|
|
|
2013-11-09 15:29:18 +00:00
|
|
|
|
security.polkit.extraConfig = polkitConf;
|
2012-09-19 13:13:34 +01:00
|
|
|
|
|
2016-05-16 13:27:56 +01:00
|
|
|
|
services.dbus.packages = cfg.packages
|
|
|
|
|
++ optional cfg.enableStrongSwan pkgs.strongswanNM
|
|
|
|
|
++ optional (cfg.dns == "dnsmasq") pkgs.dnsmasq;
|
2012-09-19 13:13:34 +01:00
|
|
|
|
|
|
|
|
|
services.udev.packages = cfg.packages;
|
2012-03-15 07:19:17 +00:00
|
|
|
|
};
|
|
|
|
|
}
|