nixos/modules/config/networking.nix at 15.09-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / config / networking.nix
at 15.09-beta 7.2 kB view raw
  1# /etc files related to networking, such as /etc/services.
  2
  3{ config, lib, pkgs, ... }:
  4
  5with lib;
  6
  7let
  8
  9  cfg = config.networking;
 10  dnsmasqResolve = config.services.dnsmasq.enable &&
 11                   config.services.dnsmasq.resolveLocalQueries;
 12  hasLocalResolver = config.services.bind.enable || dnsmasqResolve;
 13
 14in
 15
 16{
 17
 18  options = {
 19
 20    networking.extraHosts = lib.mkOption {
 21      type = types.lines;
 22      default = "";
 23      example = "192.168.0.1 lanlocalhost";
 24      description = ''
 25        Additional entries to be appended to <filename>/etc/hosts</filename>.
 26      '';
 27    };
 28
 29    networking.dnsSingleRequest = lib.mkOption {
 30      type = types.bool;
 31      default = false;
 32      description = ''
 33        Recent versions of glibc will issue both ipv4 (A) and ipv6 (AAAA)
 34        address queries at the same time, from the same port. Sometimes upstream
 35        routers will systemically drop the ipv4 queries. The symptom of this problem is
 36        that 'getent hosts example.com' only returns ipv6 (or perhaps only ipv4) addresses. The
 37        workaround for this is to specify the option 'single-request' in
 38        /etc/resolv.conf. This option enables that.
 39      '';
 40    };
 41
 42    networking.proxy = {
 43
 44      default = lib.mkOption {
 45        type = types.nullOr types.str;
 46        default = null;
 47        description = ''
 48          This option specifies the default value for httpProxy, httpsProxy, ftpProxy and rsyncProxy.
 49        '';
 50        example = "http://127.0.0.1:3128";
 51      };
 52
 53      httpProxy = lib.mkOption {
 54        type = types.nullOr types.str;
 55        default = cfg.proxy.default;
 56        description = ''
 57          This option specifies the http_proxy environment variable.
 58        '';
 59        example = "http://127.0.0.1:3128";
 60      };
 61
 62      httpsProxy = lib.mkOption {
 63        type = types.nullOr types.str;
 64        default = cfg.proxy.default;
 65        description = ''
 66          This option specifies the https_proxy environment variable.
 67        '';
 68        example = "http://127.0.0.1:3128";
 69      };
 70
 71      ftpProxy = lib.mkOption {
 72        type = types.nullOr types.str;
 73        default = cfg.proxy.default;
 74        description = ''
 75          This option specifies the ftp_proxy environment variable.
 76        '';
 77        example = "http://127.0.0.1:3128";
 78      };
 79
 80      rsyncProxy = lib.mkOption {
 81        type = types.nullOr types.str;
 82        default = cfg.proxy.default;
 83        description = ''
 84          This option specifies the rsync_proxy environment variable.
 85        '';
 86        example = "http://127.0.0.1:3128";
 87      };
 88
 89      noProxy = lib.mkOption {
 90        type = types.nullOr types.str;
 91        default = null;
 92        description = ''
 93          This option specifies the no_proxy environment variable.
 94          If a default proxy is used and noProxy is null,
 95          then noProxy will be set to 127.0.0.1,localhost.
 96        '';
 97        example = "127.0.0.1,localhost,.localdomain";
 98      };
 99
100      envVars = lib.mkOption {
101        type = types.attrs;
102        internal = true;
103        default = {};
104        description = ''
105          Environment variables used for the network proxy.
106        '';
107      };
108    };
109  };
110
111  config = {
112
113    environment.etc =
114      { # /etc/services: TCP/UDP port assignments.
115        "services".source = pkgs.iana_etc + "/etc/services";
116
117        # /etc/protocols: IP protocol numbers.
118        "protocols".source  = pkgs.iana_etc + "/etc/protocols";
119
120        # /etc/rpc: RPC program numbers.
121        "rpc".source = pkgs.glibc + "/etc/rpc";
122
123        # /etc/hosts: Hostname-to-IP mappings.
124        "hosts".text =
125          ''
126            127.0.0.1 localhost
127            ${optionalString cfg.enableIPv6 ''
128              ::1 localhost
129            ''}
130            ${cfg.extraHosts}
131          '';
132
133        # /etc/resolvconf.conf: Configuration for openresolv.
134        "resolvconf.conf".text =
135            ''
136              # This is the default, but we must set it here to prevent
137              # a collision with an apparently unrelated environment
138              # variable with the same name exported by dhcpcd.
139              interface_order='lo lo[0-9]*'
140            '' + optionalString config.services.nscd.enable ''
141              # Invalidate the nscd cache whenever resolv.conf is
142              # regenerated.
143              libc_restart='${pkgs.systemd}/bin/systemctl try-restart --no-block nscd.service 2> /dev/null'
144            '' + optionalString cfg.dnsSingleRequest ''
145              # only send one DNS request at a time
146              resolv_conf_options='single-request'
147            '' + optionalString hasLocalResolver ''
148              # This hosts runs a full-blown DNS resolver.
149              name_servers='127.0.0.1'
150            '' + optionalString dnsmasqResolve ''
151              dnsmasq_conf=/etc/dnsmasq-conf.conf
152              dnsmasq_resolv=/etc/dnsmasq-resolv.conf
153            '';
154
155      } // (optionalAttrs config.services.resolved.enable (
156        if dnsmasqResolve then {
157          "dnsmasq-resolv.conf".source = "/run/systemd/resolve/resolv.conf";
158        } else {
159          "resolv.conf".source = "/run/systemd/resolve/resolv.conf";
160        }
161      ));
162
163      networking.proxy.envVars =
164        optionalAttrs (cfg.proxy.default != null) {
165          # other options already fallback to proxy.default
166          no_proxy = "127.0.0.1,localhost";
167        } // optionalAttrs (cfg.proxy.httpProxy != null) {
168          http_proxy  = cfg.proxy.httpProxy;
169        } // optionalAttrs (cfg.proxy.httpsProxy != null) {
170          https_proxy = cfg.proxy.httpsProxy;
171        } // optionalAttrs (cfg.proxy.rsyncProxy != null) {
172          rsync_proxy = cfg.proxy.rsyncProxy;
173        } // optionalAttrs (cfg.proxy.ftpProxy != null) {
174          ftp_proxy   = cfg.proxy.ftpProxy;
175        } // optionalAttrs (cfg.proxy.noProxy != null) {
176          no_proxy    = cfg.proxy.noProxy;
177        };
178
179    # Install the proxy environment variables
180    environment.sessionVariables = cfg.proxy.envVars;
181
182    # The ‘ip-up’ target is started when we have IP connectivity.  So
183    # services that depend on IP connectivity (like ntpd) should be
184    # pulled in by this target.
185    systemd.targets.ip-up.description = "Services Requiring IP Connectivity";
186
187    # This is needed when /etc/resolv.conf is being overriden by networkd
188    # and other configurations. If the file is destroyed by an environment
189    # activation then it must be rebuilt so that applications which interface
190    # with /etc/resolv.conf directly don't break.
191    system.activationScripts.resolvconf = stringAfter [ "etc" "tmpfs" "var" ]
192      ''
193        # Systemd resolved controls its own resolv.conf
194        rm -f /run/resolvconf/interfaces/systemd
195        ${optionalString config.services.resolved.enable ''
196          rm -rf /run/resolvconf/interfaces
197          mkdir -p /run/resolvconf/interfaces
198          ln -s /run/systemd/resolve/resolv.conf /run/resolvconf/interfaces/systemd
199        ''}
200
201        # Make sure resolv.conf is up to date if not managed by systemd
202        ${optionalString (!config.services.resolved.enable) ''
203          ${pkgs.openresolv}/bin/resolvconf -u
204        ''}
205      '';
206
207  };
208
209  }