2014-04-14 16:26:48 +02:00
|
|
|
|
{ config, lib, pkgs, ... }:
|
2012-03-15 08:19:17 +01:00
|
|
|
|
|
2013-01-03 18:55:56 +01:00
|
|
|
|
with pkgs;
|
2014-05-05 20:58:51 +02:00
|
|
|
|
with lib;
|
2012-03-15 08:19:17 +01:00
|
|
|
|
|
|
|
|
|
let
|
2012-09-19 14:13:34 +02:00
|
|
|
|
cfg = config.networking.networkmanager;
|
|
|
|
|
|
2015-08-26 21:17:08 +02:00
|
|
|
|
# /var/lib/misc is for dnsmasq.leases.
|
|
|
|
|
stateDirs = "/var/lib/NetworkManager /var/lib/dhclient /var/lib/misc";
|
2012-09-19 14:13:34 +02:00
|
|
|
|
|
2017-08-26 04:21:55 +02:00
|
|
|
|
useDnsmasq = cfg.dns == "dnsmasq";
|
|
|
|
|
useResolved = cfg.dns == "systemd-resolved";
|
|
|
|
|
|
|
|
|
|
rcman = if useResolved then "unmanaged" else "resolvconf";
|
2017-06-30 15:55:40 +02:00
|
|
|
|
|
2013-01-03 18:55:56 +01:00
|
|
|
|
configFile = writeText "NetworkManager.conf" ''
|
2012-09-19 14:13:34 +02:00
|
|
|
|
[main]
|
|
|
|
|
plugins=keyfile
|
2017-06-02 13:05:22 +02:00
|
|
|
|
dhcp=${cfg.dhcp}
|
2017-08-26 04:21:55 +02:00
|
|
|
|
dns=${cfg.dns}
|
|
|
|
|
rc-manager=${rcman}
|
2012-09-19 14:13:34 +02:00
|
|
|
|
|
|
|
|
|
[keyfile]
|
2015-11-07 14:06:33 +01:00
|
|
|
|
${optionalString (cfg.unmanaged != [])
|
|
|
|
|
''unmanaged-devices=${lib.concatStringsSep ";" cfg.unmanaged}''}
|
2012-09-19 14:13:34 +02:00
|
|
|
|
|
|
|
|
|
[logging]
|
2017-06-02 13:05:22 +02:00
|
|
|
|
level=${cfg.logLevel}
|
2016-03-03 18:01:01 +01:00
|
|
|
|
|
|
|
|
|
[connection]
|
|
|
|
|
ipv6.ip6-privacy=2
|
2017-03-07 03:50:37 +01:00
|
|
|
|
ethernet.cloned-mac-address=${cfg.ethernet.macAddress}
|
|
|
|
|
wifi.cloned-mac-address=${cfg.wifi.macAddress}
|
2017-08-26 04:21:55 +02:00
|
|
|
|
|
|
|
|
|
${cfg.extraConfig}
|
2012-09-19 14:13:34 +02:00
|
|
|
|
'';
|
|
|
|
|
|
2013-11-09 16:29:18 +01:00
|
|
|
|
/*
|
2012-09-19 14:13:34 +02:00
|
|
|
|
[network-manager]
|
|
|
|
|
Identity=unix-group:networkmanager
|
|
|
|
|
Action=org.freedesktop.NetworkManager.*
|
|
|
|
|
ResultAny=yes
|
|
|
|
|
ResultInactive=no
|
|
|
|
|
ResultActive=yes
|
|
|
|
|
|
|
|
|
|
[modem-manager]
|
|
|
|
|
Identity=unix-group:networkmanager
|
2014-02-08 20:16:34 +01:00
|
|
|
|
Action=org.freedesktop.ModemManager*
|
2012-09-19 14:13:34 +02:00
|
|
|
|
ResultAny=yes
|
|
|
|
|
ResultInactive=no
|
|
|
|
|
ResultActive=yes
|
2013-11-09 16:29:18 +01:00
|
|
|
|
*/
|
|
|
|
|
polkitConf = ''
|
|
|
|
|
polkit.addRule(function(action, subject) {
|
|
|
|
|
if (
|
|
|
|
|
subject.isInGroup("networkmanager")
|
|
|
|
|
&& (action.id.indexOf("org.freedesktop.NetworkManager.") == 0
|
2014-02-08 20:16:34 +01:00
|
|
|
|
|| action.id.indexOf("org.freedesktop.ModemManager") == 0
|
2013-11-09 16:29:18 +01:00
|
|
|
|
))
|
|
|
|
|
{ return polkit.Result.YES; }
|
|
|
|
|
});
|
2012-09-19 14:13:34 +02:00
|
|
|
|
'';
|
|
|
|
|
|
2013-11-13 01:52:57 +01:00
|
|
|
|
ns = xs: writeText "nameservers" (
|
|
|
|
|
concatStrings (map (s: "nameserver ${s}\n") xs)
|
|
|
|
|
);
|
|
|
|
|
|
2013-08-16 00:35:57 +02:00
|
|
|
|
overrideNameserversScript = writeScript "02overridedns" ''
|
|
|
|
|
#!/bin/sh
|
2013-11-13 01:52:57 +01:00
|
|
|
|
tmp=`${coreutils}/bin/mktemp`
|
|
|
|
|
${gnused}/bin/sed '/nameserver /d' /etc/resolv.conf > $tmp
|
|
|
|
|
${gnugrep}/bin/grep 'nameserver ' /etc/resolv.conf | \
|
|
|
|
|
${gnugrep}/bin/grep -vf ${ns (cfg.appendNameservers ++ cfg.insertNameservers)} > $tmp.ns
|
|
|
|
|
${optionalString (cfg.appendNameservers != []) "${coreutils}/bin/cat $tmp $tmp.ns ${ns cfg.appendNameservers} > /etc/resolv.conf"}
|
|
|
|
|
${optionalString (cfg.insertNameservers != []) "${coreutils}/bin/cat $tmp ${ns cfg.insertNameservers} $tmp.ns > /etc/resolv.conf"}
|
|
|
|
|
${coreutils}/bin/rm -f $tmp $tmp.ns
|
2013-08-16 00:35:57 +02:00
|
|
|
|
'';
|
|
|
|
|
|
2015-03-08 18:30:15 +01:00
|
|
|
|
dispatcherTypesSubdirMap = {
|
|
|
|
|
"basic" = "";
|
2015-11-14 21:32:51 +01:00
|
|
|
|
"pre-up" = "pre-up.d/";
|
|
|
|
|
"pre-down" = "pre-down.d/";
|
2015-03-08 18:30:15 +01:00
|
|
|
|
};
|
|
|
|
|
|
2017-03-07 03:50:37 +01:00
|
|
|
|
macAddressOpt = mkOption {
|
|
|
|
|
type = types.either types.str (types.enum ["permanent" "preserve" "random" "stable"]);
|
|
|
|
|
default = "preserve";
|
|
|
|
|
example = "00:11:22:33:44:55";
|
|
|
|
|
description = ''
|
|
|
|
|
"XX:XX:XX:XX:XX:XX": MAC address of the interface.
|
|
|
|
|
<literal>permanent</literal>: use the permanent MAC address of the device.
|
|
|
|
|
<literal>preserve</literal>: don’t change the MAC address of the device upon activation.
|
|
|
|
|
<literal>random</literal>: generate a randomized value upon each connect.
|
|
|
|
|
<literal>stable</literal>: generate a stable, hashed MAC address.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2012-09-19 14:13:34 +02:00
|
|
|
|
in {
|
2012-03-15 08:19:17 +01:00
|
|
|
|
|
|
|
|
|
###### interface
|
|
|
|
|
|
|
|
|
|
options = {
|
|
|
|
|
|
2013-08-16 00:35:57 +02:00
|
|
|
|
networking.networkmanager = {
|
|
|
|
|
|
|
|
|
|
enable = mkOption {
|
2013-10-28 16:14:15 +01:00
|
|
|
|
type = types.bool;
|
2013-08-16 00:35:57 +02:00
|
|
|
|
default = false;
|
|
|
|
|
description = ''
|
|
|
|
|
Whether to use NetworkManager to obtain an IP address and other
|
|
|
|
|
configuration for all network interfaces that are not manually
|
|
|
|
|
configured. If enabled, a group <literal>networkmanager</literal>
|
|
|
|
|
will be created. Add all users that should have permission
|
|
|
|
|
to change network settings to this group.
|
|
|
|
|
'';
|
|
|
|
|
};
|
2014-02-12 12:29:18 +01:00
|
|
|
|
|
2015-11-07 14:06:33 +01:00
|
|
|
|
unmanaged = mkOption {
|
|
|
|
|
type = types.listOf types.string;
|
|
|
|
|
default = [];
|
|
|
|
|
description = ''
|
|
|
|
|
List of interfaces that will not be managed by NetworkManager.
|
|
|
|
|
Interface name can be specified here, but if you need more fidelity
|
|
|
|
|
see "Device List Format" in NetworkManager.conf man page.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2015-04-10 17:02:57 +02:00
|
|
|
|
# Ugly hack for using the correct gnome3 packageSet
|
|
|
|
|
basePackages = mkOption {
|
2016-01-17 19:34:55 +01:00
|
|
|
|
type = types.attrsOf types.package;
|
2016-05-21 11:57:04 +02:00
|
|
|
|
default = { inherit networkmanager modemmanager wpa_supplicant
|
2015-04-10 17:02:57 +02:00
|
|
|
|
networkmanager_openvpn networkmanager_vpnc
|
2017-05-19 14:42:36 +02:00
|
|
|
|
networkmanager_openconnect networkmanager_fortisslvpn
|
2017-08-15 23:42:48 +02:00
|
|
|
|
networkmanager_pptp networkmanager_l2tp
|
|
|
|
|
networkmanager_iodine; };
|
2015-04-10 17:02:57 +02:00
|
|
|
|
internal = true;
|
|
|
|
|
};
|
|
|
|
|
|
2013-08-16 00:35:57 +02:00
|
|
|
|
packages = mkOption {
|
2013-10-28 16:14:15 +01:00
|
|
|
|
type = types.listOf types.path;
|
2013-08-16 00:35:57 +02:00
|
|
|
|
default = [ ];
|
|
|
|
|
description = ''
|
|
|
|
|
Extra packages that provide NetworkManager plugins.
|
|
|
|
|
'';
|
2015-04-10 17:02:57 +02:00
|
|
|
|
apply = list: (attrValues cfg.basePackages) ++ list;
|
2013-08-16 00:35:57 +02:00
|
|
|
|
};
|
|
|
|
|
|
2017-08-26 04:21:55 +02:00
|
|
|
|
dns = mkOption {
|
|
|
|
|
type = types.enum [ "default" "dnsmasq" "systemd-resolved" ];
|
|
|
|
|
default = "default";
|
|
|
|
|
description = ''
|
|
|
|
|
Enable NetworkManager's integration with other DNS resolvers. NetworkManager can run
|
|
|
|
|
dnsmasq as a local caching nameserver or systemd-resolved, using a "split DNS"
|
|
|
|
|
configuration if you are connected to a VPN, and then update
|
|
|
|
|
resolv.conf to point to the local nameserver.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2017-06-02 13:05:22 +02:00
|
|
|
|
dhcp = mkOption {
|
|
|
|
|
type = types.enum [ "dhclient" "dhcpcd" "internal" ];
|
|
|
|
|
default = "dhclient";
|
|
|
|
|
description = ''
|
|
|
|
|
Which program (or internal library) should be used for DHCP.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
logLevel = mkOption {
|
|
|
|
|
type = types.enum [ "OFF" "ERR" "WARN" "INFO" "DEBUG" "TRACE" ];
|
|
|
|
|
default = "WARN";
|
|
|
|
|
description = ''
|
|
|
|
|
Set the default logging verbosity level.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2013-11-13 01:52:57 +01:00
|
|
|
|
appendNameservers = mkOption {
|
2015-06-15 18:18:46 +02:00
|
|
|
|
type = types.listOf types.str;
|
2013-11-13 01:52:57 +01:00
|
|
|
|
default = [];
|
2013-08-16 00:35:57 +02:00
|
|
|
|
description = ''
|
2013-11-13 01:52:57 +01:00
|
|
|
|
A list of name servers that should be appended
|
|
|
|
|
to the ones configured in NetworkManager or received by DHCP.
|
2013-08-20 13:36:01 +02:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2013-11-13 01:52:57 +01:00
|
|
|
|
insertNameservers = mkOption {
|
2015-06-15 18:18:46 +02:00
|
|
|
|
type = types.listOf types.str;
|
2013-11-13 01:52:57 +01:00
|
|
|
|
default = [];
|
2013-08-20 13:36:01 +02:00
|
|
|
|
description = ''
|
2013-11-13 01:52:57 +01:00
|
|
|
|
A list of name servers that should be inserted before
|
|
|
|
|
the ones configured in NetworkManager or received by DHCP.
|
2013-08-16 00:35:57 +02:00
|
|
|
|
'';
|
|
|
|
|
};
|
2012-03-15 08:19:17 +01:00
|
|
|
|
|
2017-03-07 03:50:37 +01:00
|
|
|
|
ethernet.macAddress = macAddressOpt;
|
|
|
|
|
wifi.macAddress = macAddressOpt;
|
|
|
|
|
|
2015-03-08 18:30:15 +01:00
|
|
|
|
dispatcherScripts = mkOption {
|
|
|
|
|
type = types.listOf (types.submodule {
|
|
|
|
|
options = {
|
|
|
|
|
source = mkOption {
|
2017-04-09 14:14:04 +02:00
|
|
|
|
type = types.path;
|
2015-03-08 18:30:15 +01:00
|
|
|
|
description = ''
|
2017-04-09 14:14:04 +02:00
|
|
|
|
A script.
|
2015-03-08 18:30:15 +01:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
type = mkOption {
|
2017-06-02 13:05:22 +02:00
|
|
|
|
type = types.enum (attrNames dispatcherTypesSubdirMap);
|
2015-03-08 18:30:15 +01:00
|
|
|
|
default = "basic";
|
|
|
|
|
description = ''
|
|
|
|
|
Dispatcher hook type. Only basic hooks are currently available.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
});
|
|
|
|
|
default = [];
|
|
|
|
|
description = ''
|
|
|
|
|
A list of scripts which will be executed in response to network events.
|
|
|
|
|
'';
|
|
|
|
|
};
|
2017-08-26 04:21:55 +02:00
|
|
|
|
|
|
|
|
|
extraConfig = mkOption {
|
|
|
|
|
type = types.lines;
|
|
|
|
|
default = "";
|
|
|
|
|
description = "Additional configuration added verbatim to the configuration file.";
|
|
|
|
|
};
|
2012-03-15 08:19:17 +01:00
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
###### implementation
|
|
|
|
|
|
2012-09-19 14:13:34 +02:00
|
|
|
|
config = mkIf cfg.enable {
|
|
|
|
|
|
2013-03-31 21:18:51 +02:00
|
|
|
|
assertions = [{
|
|
|
|
|
assertion = config.networking.wireless.enable == false;
|
2017-01-22 20:29:41 +01:00
|
|
|
|
message = "You can not use networking.networkmanager with networking.wireless";
|
2013-03-31 21:18:51 +02:00
|
|
|
|
}];
|
|
|
|
|
|
2014-01-19 21:40:51 +01:00
|
|
|
|
boot.kernelModules = [ "ppp_mppe" ]; # Needed for most (all?) PPTP VPN connections.
|
|
|
|
|
|
2016-05-21 11:56:32 +02:00
|
|
|
|
environment.etc = with cfg.basePackages; [
|
2013-01-03 18:55:56 +01:00
|
|
|
|
{ source = configFile;
|
|
|
|
|
target = "NetworkManager/NetworkManager.conf";
|
|
|
|
|
}
|
2013-05-13 17:52:19 +02:00
|
|
|
|
{ source = "${networkmanager_openvpn}/etc/NetworkManager/VPN/nm-openvpn-service.name";
|
|
|
|
|
target = "NetworkManager/VPN/nm-openvpn-service.name";
|
|
|
|
|
}
|
2013-07-10 16:43:26 +02:00
|
|
|
|
{ source = "${networkmanager_vpnc}/etc/NetworkManager/VPN/nm-vpnc-service.name";
|
|
|
|
|
target = "NetworkManager/VPN/nm-vpnc-service.name";
|
|
|
|
|
}
|
|
|
|
|
{ source = "${networkmanager_openconnect}/etc/NetworkManager/VPN/nm-openconnect-service.name";
|
|
|
|
|
target = "NetworkManager/VPN/nm-openconnect-service.name";
|
|
|
|
|
}
|
2017-05-19 14:42:36 +02:00
|
|
|
|
{ source = "${networkmanager_fortisslvpn}/etc/NetworkManager/VPN/nm-fortisslvpn-service.name";
|
|
|
|
|
target = "NetworkManager/VPN/nm-fortisslvpn-service.name";
|
|
|
|
|
}
|
2014-01-02 18:01:31 +01:00
|
|
|
|
{ source = "${networkmanager_pptp}/etc/NetworkManager/VPN/nm-pptp-service.name";
|
|
|
|
|
target = "NetworkManager/VPN/nm-pptp-service.name";
|
|
|
|
|
}
|
2015-03-24 12:08:05 +01:00
|
|
|
|
{ source = "${networkmanager_l2tp}/etc/NetworkManager/VPN/nm-l2tp-service.name";
|
|
|
|
|
target = "NetworkManager/VPN/nm-l2tp-service.name";
|
|
|
|
|
}
|
2016-08-25 21:58:56 +02:00
|
|
|
|
{ source = "${networkmanager_strongswan}/etc/NetworkManager/VPN/nm-strongswan-service.name";
|
|
|
|
|
target = "NetworkManager/VPN/nm-strongswan-service.name";
|
|
|
|
|
}
|
2017-08-15 23:42:48 +02:00
|
|
|
|
{ source = "${networkmanager_iodine}/etc/NetworkManager/VPN/nm-iodine-service.name";
|
|
|
|
|
target = "NetworkManager/VPN/nm-iodine-service.name";
|
|
|
|
|
}
|
2014-05-05 20:58:51 +02:00
|
|
|
|
] ++ optional (cfg.appendNameservers == [] || cfg.insertNameservers == [])
|
2013-08-16 00:35:57 +02:00
|
|
|
|
{ source = overrideNameserversScript;
|
|
|
|
|
target = "NetworkManager/dispatcher.d/02overridedns";
|
2015-03-08 18:30:15 +01:00
|
|
|
|
}
|
2017-07-05 00:29:23 +02:00
|
|
|
|
++ lib.imap1 (i: s: {
|
2017-04-09 14:14:04 +02:00
|
|
|
|
inherit (s) source;
|
2015-03-08 18:30:15 +01:00
|
|
|
|
target = "NetworkManager/dispatcher.d/${dispatcherTypesSubdirMap.${s.type}}03userscript${lib.fixedWidthNumber 4 i}";
|
|
|
|
|
}) cfg.dispatcherScripts;
|
2012-09-19 14:13:34 +02:00
|
|
|
|
|
2015-04-10 17:02:57 +02:00
|
|
|
|
environment.systemPackages = cfg.packages;
|
2012-03-15 08:19:17 +01:00
|
|
|
|
|
2015-10-29 09:58:38 +01:00
|
|
|
|
users.extraGroups = [{
|
2012-09-19 14:13:34 +02:00
|
|
|
|
name = "networkmanager";
|
|
|
|
|
gid = config.ids.gids.networkmanager;
|
2015-10-29 09:58:38 +01:00
|
|
|
|
}
|
|
|
|
|
{
|
|
|
|
|
name = "nm-openvpn";
|
2015-12-08 17:46:57 +01:00
|
|
|
|
gid = config.ids.gids.nm-openvpn;
|
2015-10-29 09:58:38 +01:00
|
|
|
|
}];
|
|
|
|
|
users.extraUsers = [{
|
|
|
|
|
name = "nm-openvpn";
|
2015-12-08 17:46:57 +01:00
|
|
|
|
uid = config.ids.uids.nm-openvpn;
|
2017-04-11 04:41:55 +02:00
|
|
|
|
extraGroups = [ "networkmanager" ];
|
2017-08-15 23:42:48 +02:00
|
|
|
|
}
|
|
|
|
|
{
|
|
|
|
|
name = "nm-iodine";
|
|
|
|
|
isSystemUser = true;
|
|
|
|
|
group = "networkmanager";
|
2015-10-29 09:58:38 +01:00
|
|
|
|
}];
|
2012-09-19 14:13:34 +02:00
|
|
|
|
|
2017-08-26 04:21:55 +02:00
|
|
|
|
services.resolved = lib.mkIf useResolved {
|
|
|
|
|
enable = true;
|
|
|
|
|
};
|
|
|
|
|
|
2013-01-03 18:55:56 +01:00
|
|
|
|
systemd.packages = cfg.packages;
|
|
|
|
|
|
2016-08-14 12:27:14 +02:00
|
|
|
|
systemd.services."network-manager" = {
|
2013-01-03 18:55:56 +01:00
|
|
|
|
wantedBy = [ "network.target" ];
|
2017-08-26 04:21:55 +02:00
|
|
|
|
wants = lib.mkIf useResolved [ "systemd-resolved.service" ];
|
2017-03-07 03:50:37 +01:00
|
|
|
|
restartTriggers = [ configFile ];
|
2016-08-14 12:27:14 +02:00
|
|
|
|
|
|
|
|
|
preStart = ''
|
2012-09-19 14:13:34 +02:00
|
|
|
|
mkdir -m 700 -p /etc/NetworkManager/system-connections
|
|
|
|
|
mkdir -m 755 -p ${stateDirs}
|
|
|
|
|
'';
|
|
|
|
|
};
|
2012-03-15 08:19:17 +01:00
|
|
|
|
|
2013-01-03 18:55:56 +01:00
|
|
|
|
# Turn off NixOS' network management
|
|
|
|
|
networking = {
|
|
|
|
|
useDHCP = false;
|
2017-01-22 20:29:41 +01:00
|
|
|
|
# use mkDefault to trigger the assertion about the conflict above
|
|
|
|
|
wireless.enable = lib.mkDefault false;
|
2013-01-03 18:55:56 +01:00
|
|
|
|
};
|
2012-09-19 14:13:34 +02:00
|
|
|
|
|
2013-04-22 19:36:14 +02:00
|
|
|
|
powerManagement.resumeCommands = ''
|
2014-12-27 11:52:35 +01:00
|
|
|
|
${config.systemd.package}/bin/systemctl restart network-manager
|
2013-04-22 19:36:14 +02:00
|
|
|
|
'';
|
|
|
|
|
|
2013-11-09 16:29:18 +01:00
|
|
|
|
security.polkit.extraConfig = polkitConf;
|
2012-09-19 14:13:34 +02:00
|
|
|
|
|
2015-04-10 17:02:57 +02:00
|
|
|
|
services.dbus.packages = cfg.packages;
|
2012-09-19 14:13:34 +02:00
|
|
|
|
|
|
|
|
|
services.udev.packages = cfg.packages;
|
2012-03-15 08:19:17 +01:00
|
|
|
|
};
|
|
|
|
|
}
|