2014-04-14 14:26:48 +00:00
|
|
|
|
{ config, lib, pkgs, ... }:
|
2012-03-15 07:19:17 +00:00
|
|
|
|
|
2014-05-05 18:58:51 +00:00
|
|
|
|
with lib;
|
2012-03-15 07:19:17 +00:00
|
|
|
|
|
|
|
|
|
let
|
2012-09-19 12:13:34 +00:00
|
|
|
|
cfg = config.networking.networkmanager;
|
|
|
|
|
|
2019-07-06 01:57:53 +00:00
|
|
|
|
delegateWireless = config.networking.wireless.enable == true && cfg.unmanaged != [];
|
|
|
|
|
|
2019-10-03 01:45:44 +00:00
|
|
|
|
enableIwd = cfg.wifi.backend == "iwd";
|
|
|
|
|
|
2021-06-08 15:13:59 +00:00
|
|
|
|
mkValue = v:
|
|
|
|
|
if v == true then "yes"
|
|
|
|
|
else if v == false then "no"
|
|
|
|
|
else if lib.isInt v then toString v
|
|
|
|
|
else v;
|
|
|
|
|
|
|
|
|
|
mkSection = name: attrs: ''
|
|
|
|
|
[${name}]
|
|
|
|
|
${
|
|
|
|
|
lib.concatStringsSep "\n"
|
|
|
|
|
(lib.mapAttrsToList
|
|
|
|
|
(k: v: "${k}=${mkValue v}")
|
|
|
|
|
(lib.filterAttrs
|
|
|
|
|
(k: v: v != null)
|
|
|
|
|
attrs))
|
|
|
|
|
}
|
2012-09-19 12:13:34 +00:00
|
|
|
|
'';
|
|
|
|
|
|
2021-06-08 15:13:59 +00:00
|
|
|
|
configFile = pkgs.writeText "NetworkManager.conf" (lib.concatStringsSep "\n" [
|
|
|
|
|
(mkSection "main" {
|
|
|
|
|
plugins = "keyfile";
|
|
|
|
|
dhcp = cfg.dhcp;
|
|
|
|
|
dns = cfg.dns;
|
|
|
|
|
# If resolvconf is disabled that means that resolv.conf is managed by some other module.
|
|
|
|
|
rc-manager =
|
|
|
|
|
if config.networking.resolvconf.enable then "resolvconf"
|
|
|
|
|
else "unmanaged";
|
2021-07-18 16:49:40 +00:00
|
|
|
|
firewall-backend = cfg.firewallBackend;
|
2021-06-08 15:13:59 +00:00
|
|
|
|
})
|
|
|
|
|
(mkSection "keyfile" {
|
|
|
|
|
unmanaged-devices =
|
|
|
|
|
if cfg.unmanaged == [] then null
|
|
|
|
|
else lib.concatStringsSep ";" cfg.unmanaged;
|
|
|
|
|
})
|
|
|
|
|
(mkSection "logging" {
|
|
|
|
|
audit = config.security.audit.enable;
|
|
|
|
|
level = cfg.logLevel;
|
|
|
|
|
})
|
|
|
|
|
(mkSection "connection" cfg.connectionConfig)
|
|
|
|
|
(mkSection "device" {
|
|
|
|
|
"wifi.scan-rand-mac-address" = cfg.wifi.scanRandMacAddress;
|
|
|
|
|
"wifi.backend" = cfg.wifi.backend;
|
|
|
|
|
})
|
|
|
|
|
cfg.extraConfig
|
|
|
|
|
]);
|
|
|
|
|
|
2013-11-09 15:29:18 +00:00
|
|
|
|
/*
|
2012-09-19 12:13:34 +00:00
|
|
|
|
[network-manager]
|
|
|
|
|
Identity=unix-group:networkmanager
|
|
|
|
|
Action=org.freedesktop.NetworkManager.*
|
|
|
|
|
ResultAny=yes
|
|
|
|
|
ResultInactive=no
|
|
|
|
|
ResultActive=yes
|
|
|
|
|
|
|
|
|
|
[modem-manager]
|
|
|
|
|
Identity=unix-group:networkmanager
|
2014-02-08 19:16:34 +00:00
|
|
|
|
Action=org.freedesktop.ModemManager*
|
2012-09-19 12:13:34 +00:00
|
|
|
|
ResultAny=yes
|
|
|
|
|
ResultInactive=no
|
|
|
|
|
ResultActive=yes
|
2013-11-09 15:29:18 +00:00
|
|
|
|
*/
|
|
|
|
|
polkitConf = ''
|
|
|
|
|
polkit.addRule(function(action, subject) {
|
|
|
|
|
if (
|
|
|
|
|
subject.isInGroup("networkmanager")
|
|
|
|
|
&& (action.id.indexOf("org.freedesktop.NetworkManager.") == 0
|
2014-02-08 19:16:34 +00:00
|
|
|
|
|| action.id.indexOf("org.freedesktop.ModemManager") == 0
|
2013-11-09 15:29:18 +00:00
|
|
|
|
))
|
|
|
|
|
{ return polkit.Result.YES; }
|
|
|
|
|
});
|
2012-09-19 12:13:34 +00:00
|
|
|
|
'';
|
|
|
|
|
|
2019-06-10 15:29:13 +00:00
|
|
|
|
ns = xs: pkgs.writeText "nameservers" (
|
2013-11-13 00:52:57 +00:00
|
|
|
|
concatStrings (map (s: "nameserver ${s}\n") xs)
|
|
|
|
|
);
|
|
|
|
|
|
2019-06-10 15:29:13 +00:00
|
|
|
|
overrideNameserversScript = pkgs.writeScript "02overridedns" ''
|
2013-08-15 22:35:57 +00:00
|
|
|
|
#!/bin/sh
|
2019-06-10 15:29:13 +00:00
|
|
|
|
PATH=${with pkgs; makeBinPath [ gnused gnugrep coreutils ]}
|
2019-07-11 15:37:51 +00:00
|
|
|
|
tmp=$(mktemp)
|
2019-06-10 15:29:13 +00:00
|
|
|
|
sed '/nameserver /d' /etc/resolv.conf > $tmp
|
|
|
|
|
grep 'nameserver ' /etc/resolv.conf | \
|
|
|
|
|
grep -vf ${ns (cfg.appendNameservers ++ cfg.insertNameservers)} > $tmp.ns
|
|
|
|
|
cat $tmp ${ns cfg.insertNameservers} $tmp.ns ${ns cfg.appendNameservers} > /etc/resolv.conf
|
|
|
|
|
rm -f $tmp $tmp.ns
|
2013-08-15 22:35:57 +00:00
|
|
|
|
'';
|
|
|
|
|
|
2015-03-08 17:30:15 +00:00
|
|
|
|
dispatcherTypesSubdirMap = {
|
2019-08-13 21:52:01 +00:00
|
|
|
|
basic = "";
|
|
|
|
|
pre-up = "pre-up.d/";
|
|
|
|
|
pre-down = "pre-down.d/";
|
2015-03-08 17:30:15 +00:00
|
|
|
|
};
|
|
|
|
|
|
2017-03-07 02:50:37 +00:00
|
|
|
|
macAddressOpt = mkOption {
|
|
|
|
|
type = types.either types.str (types.enum ["permanent" "preserve" "random" "stable"]);
|
|
|
|
|
default = "preserve";
|
|
|
|
|
example = "00:11:22:33:44:55";
|
2022-08-29 23:13:36 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2019-05-24 12:47:34 +00:00
|
|
|
|
Set the MAC address of the interface.
|
2022-08-29 23:13:36 +00:00
|
|
|
|
|
|
|
|
|
- `"XX:XX:XX:XX:XX:XX"`: MAC address of the interface
|
|
|
|
|
- `"permanent"`: Use the permanent MAC address of the device
|
|
|
|
|
- `"preserve"`: Don’t change the MAC address of the device upon activation
|
|
|
|
|
- `"random"`: Generate a randomized value upon each connect
|
|
|
|
|
- `"stable"`: Generate a stable, hashed MAC address
|
2017-03-07 02:50:37 +00:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2022-03-17 03:04:10 +00:00
|
|
|
|
packages = [
|
|
|
|
|
pkgs.modemmanager
|
|
|
|
|
pkgs.networkmanager
|
|
|
|
|
]
|
|
|
|
|
++ cfg.plugins
|
|
|
|
|
++ lib.optionals (!delegateWireless && !enableIwd) [
|
|
|
|
|
pkgs.wpa_supplicant
|
|
|
|
|
];
|
|
|
|
|
|
2012-09-19 12:13:34 +00:00
|
|
|
|
in {
|
2012-03-15 07:19:17 +00:00
|
|
|
|
|
2020-04-02 00:16:24 +00:00
|
|
|
|
meta = {
|
|
|
|
|
maintainers = teams.freedesktop.members;
|
|
|
|
|
};
|
|
|
|
|
|
2012-03-15 07:19:17 +00:00
|
|
|
|
###### interface
|
|
|
|
|
|
|
|
|
|
options = {
|
|
|
|
|
|
2013-08-15 22:35:57 +00:00
|
|
|
|
networking.networkmanager = {
|
|
|
|
|
|
|
|
|
|
enable = mkOption {
|
2013-10-28 15:14:15 +00:00
|
|
|
|
type = types.bool;
|
2013-08-15 22:35:57 +00:00
|
|
|
|
default = false;
|
2022-07-28 21:19:15 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2013-08-15 22:35:57 +00:00
|
|
|
|
Whether to use NetworkManager to obtain an IP address and other
|
|
|
|
|
configuration for all network interfaces that are not manually
|
2022-07-28 21:19:15 +00:00
|
|
|
|
configured. If enabled, a group `networkmanager`
|
2013-08-15 22:35:57 +00:00
|
|
|
|
will be created. Add all users that should have permission
|
|
|
|
|
to change network settings to this group.
|
|
|
|
|
'';
|
|
|
|
|
};
|
2014-02-12 11:29:18 +00:00
|
|
|
|
|
2021-06-08 15:13:59 +00:00
|
|
|
|
connectionConfig = mkOption {
|
|
|
|
|
type = with types; attrsOf (nullOr (oneOf [
|
|
|
|
|
bool
|
|
|
|
|
int
|
|
|
|
|
str
|
|
|
|
|
]));
|
|
|
|
|
default = {};
|
2022-08-05 17:39:00 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2021-06-08 15:13:59 +00:00
|
|
|
|
Configuration for the [connection] section of NetworkManager.conf.
|
|
|
|
|
Refer to
|
2022-08-05 17:39:00 +00:00
|
|
|
|
[
|
2021-06-08 15:13:59 +00:00
|
|
|
|
https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html#id-1.2.3.11
|
2022-08-05 17:39:00 +00:00
|
|
|
|
](https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html)
|
2021-06-08 15:13:59 +00:00
|
|
|
|
or
|
2022-08-05 17:39:00 +00:00
|
|
|
|
{manpage}`NetworkManager.conf(5)`
|
2021-06-08 15:13:59 +00:00
|
|
|
|
for more information.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2018-06-17 17:03:29 +00:00
|
|
|
|
extraConfig = mkOption {
|
|
|
|
|
type = types.lines;
|
|
|
|
|
default = "";
|
2022-08-05 17:39:00 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2018-06-17 17:03:29 +00:00
|
|
|
|
Configuration appended to the generated NetworkManager.conf.
|
2019-05-24 12:47:34 +00:00
|
|
|
|
Refer to
|
2022-08-05 17:39:00 +00:00
|
|
|
|
[
|
2019-05-24 12:47:34 +00:00
|
|
|
|
https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html
|
2022-08-05 17:39:00 +00:00
|
|
|
|
](https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html)
|
2019-05-24 12:47:34 +00:00
|
|
|
|
or
|
2022-08-05 17:39:00 +00:00
|
|
|
|
{manpage}`NetworkManager.conf(5)`
|
2019-05-24 12:47:34 +00:00
|
|
|
|
for more information.
|
2018-06-17 17:03:29 +00:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2015-11-07 13:06:33 +00:00
|
|
|
|
unmanaged = mkOption {
|
2019-08-08 20:48:27 +00:00
|
|
|
|
type = types.listOf types.str;
|
2015-11-07 13:06:33 +00:00
|
|
|
|
default = [];
|
2022-08-05 17:39:00 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2015-11-07 13:06:33 +00:00
|
|
|
|
List of interfaces that will not be managed by NetworkManager.
|
2019-05-24 12:47:34 +00:00
|
|
|
|
Interface name can be specified here, but if you need more fidelity,
|
|
|
|
|
refer to
|
2022-08-05 17:39:00 +00:00
|
|
|
|
[
|
2019-05-24 12:47:34 +00:00
|
|
|
|
https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html#device-spec
|
2022-08-05 17:39:00 +00:00
|
|
|
|
](https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html#device-spec)
|
2019-05-24 12:47:34 +00:00
|
|
|
|
or the "Device List Format" Appendix of
|
2022-08-05 17:39:00 +00:00
|
|
|
|
{manpage}`NetworkManager.conf(5)`.
|
2015-11-07 13:06:33 +00:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2022-03-17 03:04:10 +00:00
|
|
|
|
plugins = mkOption {
|
|
|
|
|
type =
|
|
|
|
|
let
|
|
|
|
|
networkManagerPluginPackage = types.package // {
|
|
|
|
|
description = "NetworkManager plug-in";
|
|
|
|
|
check =
|
|
|
|
|
p:
|
|
|
|
|
lib.assertMsg
|
|
|
|
|
(types.package.check p
|
|
|
|
|
&& p ? networkManagerPlugin
|
|
|
|
|
&& lib.isString p.networkManagerPlugin)
|
|
|
|
|
''
|
|
|
|
|
Package ‘${p.name}’, is not a NetworkManager plug-in.
|
|
|
|
|
Those need to have a ‘networkManagerPlugin’ attribute.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
in
|
|
|
|
|
types.listOf networkManagerPluginPackage;
|
2013-08-15 22:35:57 +00:00
|
|
|
|
default = [ ];
|
2022-07-28 21:19:15 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2022-03-17 03:04:10 +00:00
|
|
|
|
List of NetworkManager plug-ins to enable.
|
|
|
|
|
Some plug-ins are enabled by the NetworkManager module by default.
|
2013-08-15 22:35:57 +00:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2017-06-02 11:05:22 +00:00
|
|
|
|
dhcp = mkOption {
|
2022-03-30 18:43:16 +00:00
|
|
|
|
type = types.enum [ "dhcpcd" "internal" ];
|
2019-09-13 23:02:38 +00:00
|
|
|
|
default = "internal";
|
2022-07-28 21:19:15 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2017-06-02 11:05:22 +00:00
|
|
|
|
Which program (or internal library) should be used for DHCP.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2021-07-18 16:49:40 +00:00
|
|
|
|
firewallBackend = mkOption {
|
|
|
|
|
type = types.enum [ "iptables" "nftables" "none" ];
|
|
|
|
|
default = "iptables";
|
2022-07-28 21:19:15 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2021-07-18 16:49:40 +00:00
|
|
|
|
Which firewall backend should be used for configuring masquerading with shared mode.
|
|
|
|
|
If set to none, NetworkManager doesn't manage the configuration at all.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2017-06-02 11:05:22 +00:00
|
|
|
|
logLevel = mkOption {
|
|
|
|
|
type = types.enum [ "OFF" "ERR" "WARN" "INFO" "DEBUG" "TRACE" ];
|
|
|
|
|
default = "WARN";
|
2022-07-28 21:19:15 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2017-06-02 11:05:22 +00:00
|
|
|
|
Set the default logging verbosity level.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2013-11-13 00:52:57 +00:00
|
|
|
|
appendNameservers = mkOption {
|
2015-06-15 16:18:46 +00:00
|
|
|
|
type = types.listOf types.str;
|
2013-11-13 00:52:57 +00:00
|
|
|
|
default = [];
|
2022-07-28 21:19:15 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2013-11-13 00:52:57 +00:00
|
|
|
|
A list of name servers that should be appended
|
|
|
|
|
to the ones configured in NetworkManager or received by DHCP.
|
2013-08-20 11:36:01 +00:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2013-11-13 00:52:57 +00:00
|
|
|
|
insertNameservers = mkOption {
|
2015-06-15 16:18:46 +00:00
|
|
|
|
type = types.listOf types.str;
|
2013-11-13 00:52:57 +00:00
|
|
|
|
default = [];
|
2022-07-28 21:19:15 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2013-11-13 00:52:57 +00:00
|
|
|
|
A list of name servers that should be inserted before
|
|
|
|
|
the ones configured in NetworkManager or received by DHCP.
|
2013-08-15 22:35:57 +00:00
|
|
|
|
'';
|
|
|
|
|
};
|
2012-03-15 07:19:17 +00:00
|
|
|
|
|
2017-03-07 02:50:37 +00:00
|
|
|
|
ethernet.macAddress = macAddressOpt;
|
2017-11-02 21:57:25 +00:00
|
|
|
|
|
|
|
|
|
wifi = {
|
|
|
|
|
macAddress = macAddressOpt;
|
|
|
|
|
|
2019-10-03 01:45:44 +00:00
|
|
|
|
backend = mkOption {
|
|
|
|
|
type = types.enum [ "wpa_supplicant" "iwd" ];
|
|
|
|
|
default = "wpa_supplicant";
|
2022-07-28 21:19:15 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2019-10-03 01:45:44 +00:00
|
|
|
|
Specify the Wi-Fi backend used for the device.
|
2022-07-28 21:19:15 +00:00
|
|
|
|
Currently supported are {option}`wpa_supplicant` or {option}`iwd` (experimental).
|
2019-10-03 01:45:44 +00:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2017-11-02 21:57:25 +00:00
|
|
|
|
powersave = mkOption {
|
|
|
|
|
type = types.nullOr types.bool;
|
|
|
|
|
default = null;
|
2022-07-28 21:19:15 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2017-11-02 21:57:25 +00:00
|
|
|
|
Whether to enable Wi-Fi power saving.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
scanRandMacAddress = mkOption {
|
|
|
|
|
type = types.bool;
|
|
|
|
|
default = true;
|
2022-07-28 21:19:15 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2017-11-02 21:57:25 +00:00
|
|
|
|
Whether to enable MAC address randomization of a Wi-Fi device
|
|
|
|
|
during scanning.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
};
|
2017-03-07 02:50:37 +00:00
|
|
|
|
|
2018-05-03 12:05:43 +00:00
|
|
|
|
dns = mkOption {
|
2018-06-29 17:41:46 +00:00
|
|
|
|
type = types.enum [ "default" "dnsmasq" "unbound" "systemd-resolved" "none" ];
|
|
|
|
|
default = "default";
|
2022-08-05 17:39:00 +00:00
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
|
Set the DNS (`resolv.conf`) processing mode.
|
2022-08-02 15:34:22 +00:00
|
|
|
|
|
2019-05-24 12:47:34 +00:00
|
|
|
|
A description of these modes can be found in the main section of
|
2022-08-05 17:39:00 +00:00
|
|
|
|
[
|
2019-05-24 12:47:34 +00:00
|
|
|
|
https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html
|
2022-08-05 17:39:00 +00:00
|
|
|
|
](https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html)
|
2019-05-24 12:47:34 +00:00
|
|
|
|
or in
|
2022-08-05 17:39:00 +00:00
|
|
|
|
{manpage}`NetworkManager.conf(5)`.
|
2017-10-14 06:40:22 +00:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2015-03-08 17:30:15 +00:00
|
|
|
|
dispatcherScripts = mkOption {
|
|
|
|
|
type = types.listOf (types.submodule {
|
|
|
|
|
options = {
|
|
|
|
|
source = mkOption {
|
2017-04-09 12:14:04 +00:00
|
|
|
|
type = types.path;
|
2022-07-28 21:19:15 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2018-04-26 09:53:19 +00:00
|
|
|
|
Path to the hook script.
|
2015-03-08 17:30:15 +00:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
type = mkOption {
|
2017-06-02 11:05:22 +00:00
|
|
|
|
type = types.enum (attrNames dispatcherTypesSubdirMap);
|
2015-03-08 17:30:15 +00:00
|
|
|
|
default = "basic";
|
2022-08-30 12:18:54 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2018-04-26 09:53:19 +00:00
|
|
|
|
Dispatcher hook type. Look up the hooks described at
|
2022-08-30 12:18:54 +00:00
|
|
|
|
[https://developer.gnome.org/NetworkManager/stable/NetworkManager.html](https://developer.gnome.org/NetworkManager/stable/NetworkManager.html)
|
2018-04-26 09:53:19 +00:00
|
|
|
|
and choose the type depending on the output folder.
|
|
|
|
|
You should then filter the event type (e.g., "up"/"down") from within your script.
|
2015-03-08 17:30:15 +00:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
});
|
|
|
|
|
default = [];
|
2021-10-03 16:06:03 +00:00
|
|
|
|
example = literalExpression ''
|
2018-04-26 09:53:19 +00:00
|
|
|
|
[ {
|
|
|
|
|
source = pkgs.writeText "upHook" '''
|
|
|
|
|
|
|
|
|
|
if [ "$2" != "up" ]; then
|
|
|
|
|
logger "exit: event $2 != up"
|
2020-01-01 14:32:15 +00:00
|
|
|
|
exit
|
2018-04-26 09:53:19 +00:00
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# coreutils and iproute are in PATH too
|
|
|
|
|
logger "Device $DEVICE_IFACE coming up"
|
|
|
|
|
''';
|
|
|
|
|
type = "basic";
|
|
|
|
|
} ]'';
|
2022-07-28 21:19:15 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2015-03-08 17:30:15 +00:00
|
|
|
|
A list of scripts which will be executed in response to network events.
|
|
|
|
|
'';
|
|
|
|
|
};
|
2017-10-24 21:55:05 +00:00
|
|
|
|
|
|
|
|
|
enableStrongSwan = mkOption {
|
|
|
|
|
type = types.bool;
|
|
|
|
|
default = false;
|
2022-08-03 20:46:41 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2017-10-24 21:55:05 +00:00
|
|
|
|
Enable the StrongSwan plugin.
|
2022-08-02 15:34:22 +00:00
|
|
|
|
|
2017-10-24 21:55:05 +00:00
|
|
|
|
If you enable this option the
|
2022-08-03 20:46:41 +00:00
|
|
|
|
`networkmanager_strongswan` plugin will be added to
|
|
|
|
|
the {option}`networking.networkmanager.plugins` option
|
2017-10-24 21:55:05 +00:00
|
|
|
|
so you don't need to to that yourself.
|
|
|
|
|
'';
|
|
|
|
|
};
|
2022-01-17 20:42:34 +00:00
|
|
|
|
|
|
|
|
|
enableFccUnlock = mkOption {
|
|
|
|
|
type = types.bool;
|
|
|
|
|
default = false;
|
2022-07-28 21:19:15 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2022-01-17 20:42:34 +00:00
|
|
|
|
Enable FCC unlock procedures. Since release 1.18.4, the ModemManager daemon no longer
|
|
|
|
|
automatically performs the FCC unlock procedure by default. See
|
2022-07-28 21:19:15 +00:00
|
|
|
|
[the docs](https://modemmanager.org/docs/modemmanager/fcc-unlock/)
|
2022-01-17 20:42:34 +00:00
|
|
|
|
for more details.
|
|
|
|
|
'';
|
|
|
|
|
};
|
2012-03-15 07:19:17 +00:00
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2019-10-18 12:05:53 +00:00
|
|
|
|
imports = [
|
2022-03-17 03:04:10 +00:00
|
|
|
|
(mkRenamedOptionModule
|
|
|
|
|
[ "networking" "networkmanager" "packages" ]
|
|
|
|
|
[ "networking" "networkmanager" "plugins" ])
|
2019-12-10 01:51:19 +00:00
|
|
|
|
(mkRenamedOptionModule [ "networking" "networkmanager" "useDnsmasq" ] [ "networking" "networkmanager" "dns" ])
|
2019-10-18 12:05:53 +00:00
|
|
|
|
(mkRemovedOptionModule ["networking" "networkmanager" "dynamicHosts"] ''
|
|
|
|
|
This option was removed because allowing (multiple) regular users to
|
|
|
|
|
override host entries affecting the whole system opens up a huge attack
|
|
|
|
|
vector. There seem to be very rare cases where this might be useful.
|
|
|
|
|
Consider setting system-wide host entries using networking.hosts, provide
|
|
|
|
|
them via the DNS server in your network, or use environment.etc
|
|
|
|
|
to add a file into /etc/NetworkManager/dnsmasq.d reconfiguring hostsdir.
|
|
|
|
|
'')
|
|
|
|
|
];
|
|
|
|
|
|
2012-03-15 07:19:17 +00:00
|
|
|
|
|
|
|
|
|
###### implementation
|
|
|
|
|
|
2012-09-19 12:13:34 +00:00
|
|
|
|
config = mkIf cfg.enable {
|
|
|
|
|
|
2018-07-05 21:22:09 +00:00
|
|
|
|
assertions = [
|
2019-07-06 01:57:53 +00:00
|
|
|
|
{ assertion = config.networking.wireless.enable == true -> cfg.unmanaged != [];
|
|
|
|
|
message = ''
|
|
|
|
|
You can not use networking.networkmanager with networking.wireless.
|
|
|
|
|
Except if you mark some interfaces as <literal>unmanaged</literal> by NetworkManager.
|
|
|
|
|
'';
|
2018-07-05 21:22:09 +00:00
|
|
|
|
}
|
|
|
|
|
];
|
2013-03-31 19:18:51 +00:00
|
|
|
|
|
2021-05-02 12:00:00 +00:00
|
|
|
|
hardware.wirelessRegulatoryDatabase = true;
|
|
|
|
|
|
2022-03-17 03:04:10 +00:00
|
|
|
|
environment.etc = {
|
|
|
|
|
"NetworkManager/NetworkManager.conf".source = configFile;
|
2017-08-15 21:42:48 +00:00
|
|
|
|
}
|
2022-03-17 03:04:10 +00:00
|
|
|
|
// builtins.listToAttrs (map (pkg: nameValuePair "NetworkManager/${pkg.networkManagerPlugin}" {
|
|
|
|
|
source = "${pkg}/lib/NetworkManager/${pkg.networkManagerPlugin}";
|
|
|
|
|
}) cfg.plugins)
|
2022-01-17 20:42:34 +00:00
|
|
|
|
// optionalAttrs cfg.enableFccUnlock
|
|
|
|
|
{
|
|
|
|
|
"ModemManager/fcc-unlock.d".source =
|
|
|
|
|
"${pkgs.modemmanager}/share/ModemManager/fcc-unlock.available.d/*";
|
|
|
|
|
}
|
2019-09-14 17:51:29 +00:00
|
|
|
|
// optionalAttrs (cfg.appendNameservers != [] || cfg.insertNameservers != [])
|
|
|
|
|
{
|
|
|
|
|
"NetworkManager/dispatcher.d/02overridedns".source = overrideNameserversScript;
|
|
|
|
|
}
|
|
|
|
|
// listToAttrs (lib.imap1 (i: s:
|
|
|
|
|
{
|
|
|
|
|
name = "NetworkManager/dispatcher.d/${dispatcherTypesSubdirMap.${s.type}}03userscript${lib.fixedWidthNumber 4 i}";
|
|
|
|
|
value = { mode = "0544"; inherit (s) source; };
|
|
|
|
|
}) cfg.dispatcherScripts);
|
2012-09-19 12:13:34 +00:00
|
|
|
|
|
2022-03-17 03:04:10 +00:00
|
|
|
|
environment.systemPackages = packages;
|
2012-03-15 07:19:17 +00:00
|
|
|
|
|
2019-09-14 17:51:29 +00:00
|
|
|
|
users.groups = {
|
|
|
|
|
networkmanager.gid = config.ids.gids.networkmanager;
|
|
|
|
|
nm-openvpn.gid = config.ids.gids.nm-openvpn;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
users.users = {
|
|
|
|
|
nm-openvpn = {
|
|
|
|
|
uid = config.ids.uids.nm-openvpn;
|
2021-08-08 12:00:00 +00:00
|
|
|
|
group = "nm-openvpn";
|
2019-09-14 17:51:29 +00:00
|
|
|
|
extraGroups = [ "networkmanager" ];
|
|
|
|
|
};
|
|
|
|
|
nm-iodine = {
|
|
|
|
|
isSystemUser = true;
|
|
|
|
|
group = "networkmanager";
|
|
|
|
|
};
|
|
|
|
|
};
|
2012-09-19 12:13:34 +00:00
|
|
|
|
|
2022-03-17 03:04:10 +00:00
|
|
|
|
systemd.packages = packages;
|
2013-01-03 17:55:56 +00:00
|
|
|
|
|
2019-10-18 09:55:20 +00:00
|
|
|
|
systemd.tmpfiles.rules = [
|
|
|
|
|
"d /etc/NetworkManager/system-connections 0700 root root -"
|
|
|
|
|
"d /etc/ipsec.d 0700 root root -"
|
2019-10-17 12:00:00 +00:00
|
|
|
|
"d /var/lib/NetworkManager-fortisslvpn 0700 root root -"
|
2019-10-18 09:55:20 +00:00
|
|
|
|
|
|
|
|
|
"d /var/lib/misc 0755 root root -" # for dnsmasq.leases
|
|
|
|
|
];
|
|
|
|
|
|
2019-08-13 21:52:01 +00:00
|
|
|
|
systemd.services.NetworkManager = {
|
2013-01-03 17:55:56 +00:00
|
|
|
|
wantedBy = [ "network.target" ];
|
2017-03-07 02:50:37 +00:00
|
|
|
|
restartTriggers = [ configFile ];
|
2016-08-14 10:27:14 +00:00
|
|
|
|
|
2019-09-13 16:11:53 +00:00
|
|
|
|
aliases = [ "dbus-org.freedesktop.NetworkManager.service" ];
|
2019-10-18 09:55:20 +00:00
|
|
|
|
|
|
|
|
|
serviceConfig = {
|
|
|
|
|
StateDirectory = "NetworkManager";
|
|
|
|
|
StateDirectoryMode = 755; # not sure if this really needs to be 755
|
|
|
|
|
};
|
2012-09-19 12:13:34 +00:00
|
|
|
|
};
|
2012-03-15 07:19:17 +00:00
|
|
|
|
|
2019-05-04 23:02:35 +00:00
|
|
|
|
systemd.services.NetworkManager-wait-online = {
|
|
|
|
|
wantedBy = [ "network-online.target" ];
|
|
|
|
|
};
|
|
|
|
|
|
2019-09-13 16:11:53 +00:00
|
|
|
|
systemd.services.ModemManager.aliases = [ "dbus-org.freedesktop.ModemManager1.service" ];
|
2018-07-05 21:22:09 +00:00
|
|
|
|
|
2019-08-13 21:52:01 +00:00
|
|
|
|
systemd.services.NetworkManager-dispatcher = {
|
2018-04-26 09:53:19 +00:00
|
|
|
|
wantedBy = [ "network.target" ];
|
2020-04-15 20:50:51 +00:00
|
|
|
|
restartTriggers = [ configFile overrideNameserversScript ];
|
2018-04-26 09:53:19 +00:00
|
|
|
|
|
|
|
|
|
# useful binaries for user-specified hooks
|
2021-03-14 16:05:16 +00:00
|
|
|
|
path = [ pkgs.iproute2 pkgs.util-linux pkgs.coreutils ];
|
2019-09-13 16:11:53 +00:00
|
|
|
|
aliases = [ "dbus-org.freedesktop.nm-dispatcher.service" ];
|
2018-04-26 09:53:19 +00:00
|
|
|
|
};
|
|
|
|
|
|
2019-07-06 01:57:53 +00:00
|
|
|
|
# Turn off NixOS' network management when networking is managed entirely by NetworkManager
|
2019-11-06 17:54:56 +00:00
|
|
|
|
networking = mkMerge [
|
|
|
|
|
(mkIf (!delegateWireless) {
|
|
|
|
|
useDHCP = false;
|
|
|
|
|
})
|
|
|
|
|
|
2022-03-17 03:04:10 +00:00
|
|
|
|
{
|
|
|
|
|
networkmanager.plugins = with pkgs; [
|
|
|
|
|
networkmanager-fortisslvpn
|
|
|
|
|
networkmanager-iodine
|
|
|
|
|
networkmanager-l2tp
|
|
|
|
|
networkmanager-openconnect
|
|
|
|
|
networkmanager-openvpn
|
|
|
|
|
networkmanager-vpnc
|
|
|
|
|
networkmanager-sstp
|
|
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
|
2019-11-06 17:54:56 +00:00
|
|
|
|
(mkIf cfg.enableStrongSwan {
|
2022-03-17 03:04:10 +00:00
|
|
|
|
networkmanager.plugins = [ pkgs.networkmanager_strongswan ];
|
2019-11-06 17:54:56 +00:00
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
(mkIf enableIwd {
|
|
|
|
|
wireless.iwd.enable = true;
|
|
|
|
|
})
|
2021-06-08 15:13:59 +00:00
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
networkmanager.connectionConfig = {
|
|
|
|
|
"ethernet.cloned-mac-address" = cfg.ethernet.macAddress;
|
|
|
|
|
"wifi.cloned-mac-address" = cfg.wifi.macAddress;
|
|
|
|
|
"wifi.powersave" =
|
|
|
|
|
if cfg.wifi.powersave == null then null
|
|
|
|
|
else if cfg.wifi.powersave then 3
|
|
|
|
|
else 2;
|
|
|
|
|
};
|
|
|
|
|
}
|
2019-11-06 17:54:56 +00:00
|
|
|
|
];
|
2012-09-19 12:13:34 +00:00
|
|
|
|
|
2021-04-06 11:50:51 +00:00
|
|
|
|
boot.kernelModules = [ "ctr" ];
|
|
|
|
|
|
2022-01-26 14:40:07 +00:00
|
|
|
|
security.polkit.enable = true;
|
2013-11-09 15:29:18 +00:00
|
|
|
|
security.polkit.extraConfig = polkitConf;
|
2012-09-19 12:13:34 +00:00
|
|
|
|
|
2022-03-17 03:04:10 +00:00
|
|
|
|
services.dbus.packages = packages
|
2016-05-16 12:27:56 +00:00
|
|
|
|
++ optional cfg.enableStrongSwan pkgs.strongswanNM
|
|
|
|
|
++ optional (cfg.dns == "dnsmasq") pkgs.dnsmasq;
|
2012-09-19 12:13:34 +00:00
|
|
|
|
|
2022-03-17 03:04:10 +00:00
|
|
|
|
services.udev.packages = packages;
|
2012-03-15 07:19:17 +00:00
|
|
|
|
};
|
|
|
|
|
}
|