commit 59742f6f72384bb6505d3c9d2d6183d44c1199bf · pyrox.dev/nixpkgs

.github/CODEOWNERS

···

       232
       232
        
       /nixos/modules/services/networking/babeld.nix @mweinelt

     

       233
       233
        
       /nixos/modules/services/networking/kea.nix @mweinelt

     

       234
       234
        
       /nixos/modules/services/networking/knot.nix @mweinelt

     

       235
       235
       +
       nixos/modules/services/networking/networkmanager.nix @Janik-Haag

     

       235
       236
        
       /nixos/modules/services/monitoring/prometheus/exporters/kea.nix @mweinelt

     

       236
       237
        
       /nixos/tests/babeld.nix @mweinelt

     

       237
       238
        
       /nixos/tests/kea.nix @mweinelt

     

       238
       239
        
       /nixos/tests/knot.nix @mweinelt

     

       240
       240
       +
       /nixos/tests/networking/* @Janik-Haag

     

       239
       241
        
       

     

       240
       242
        
       # Web servers

     

       241
       243
        
       /doc/packages/nginx.section.md @raitobezarius

nixos/doc/manual/release-notes/rl-2405.section.md

···

       587
       587
        
       

     

       588
       588
        
       - The `hardware.pulseaudio` module now sets permission of pulse user home directory to 755 when running in "systemWide" mode. It fixes [issue 114399](https://github.com/NixOS/nixpkgs/issues/114399).

     

       589
       589
        
       

     

       590
       590
       +
       - The `services.networkmanager.extraConfig` was renamed to `services.networkmanager.settings` and was changed to use the ini type instead of using a multiline string.

     

       591
       591
       +
       

     

       590
       592
        
       - The module `services.github-runner` has been removed. To configure a single GitHub Actions Runner refer to `services.github-runners.*`. Note that this will trigger a new runner registration.

     

       591
       593
        
       

     

       592
       594
        
       - The `services.slskd` has been refactored to include more configuation options in

+43 -41

nixos/modules/services/networking/networkmanager.nix

···

       10
       10
        
       

     

       11
       11
        
         enableIwd = cfg.wifi.backend == "iwd";

     

       12
       12
        
       

     

       13
       13
       -
         mkValue = v:

     

       14
       14
       -
           if v == true then "yes"

     

       15
       15
       -
           else if v == false then "no"

     

       16
       16
       -
           else if lib.isInt v then toString v

     

       17
       17
       -
           else v;

     

       18
       18
       -
       

     

       19
       19
       -
         mkSection = name: attrs: ''

     

       20
       20
       -
           [${name}]

     

       21
       21
       -
           ${

     

       22
       22
       -
             lib.concatStringsSep "\n"

     

       23
       23
       -
               (lib.mapAttrsToList

     

       24
       24
       -
                 (k: v: "${k}=${mkValue v}")

     

       25
       25
       -
                 (lib.filterAttrs

     

       26
       26
       -
                   (k: v: v != null)

     

       27
       27
       -
                   attrs))

     

       28
       28
       -
           }

     

       29
       29
       -
         '';

     

       30
       30
       -
       

     

       31
       31
       -
         configFile = pkgs.writeText "NetworkManager.conf" (lib.concatStringsSep "\n" [

     

       32
       32
       -
           (mkSection "main" {

     

       13
       13
       +
         configAttrs = lib.recursiveUpdate {

     

       14
       14
       +
           main = {

     

       33
       15
        
             plugins = "keyfile";

     

       34
       16
        
             inherit (cfg) dhcp dns;

     

       35
       17
        
             # If resolvconf is disabled that means that resolv.conf is managed by some other module.

     

       36
       18
        
             rc-manager =

     

       37
       19
        
               if config.networking.resolvconf.enable then "resolvconf"

     

       38
       20
        
               else "unmanaged";

     

       39
       39
       -
           })

     

       40
       40
       -
           (mkSection "keyfile" {

     

       21
       21
       +
           };

     

       22
       22
       +
           keyfile = {

     

       41
       23
        
             unmanaged-devices =

     

       42
       42
       -
               if cfg.unmanaged == [ ] then null

     

       43
       43
       -
               else lib.concatStringsSep ";" cfg.unmanaged;

     

       44
       44
       -
           })

     

       45
       45
       -
           (mkSection "logging" {

     

       24
       24
       +
             if cfg.unmanaged == [ ] then null

     

       25
       25
       +
             else lib.concatStringsSep ";" cfg.unmanaged;

     

       26
       26
       +
           };

     

       27
       27
       +
           logging = {

     

       46
       28
        
             audit = config.security.audit.enable;

     

       47
       29
        
             level = cfg.logLevel;

     

       48
       48
       -
           })

     

       49
       49
       -
           (mkSection "connection" cfg.connectionConfig)

     

       50
       50
       -
           (mkSection "device" {

     

       51
       51
       -
             "wifi.scan-rand-mac-address" = cfg.wifi.scanRandMacAddress;

     

       52
       52
       -
             "wifi.backend" = cfg.wifi.backend;

     

       53
       53
       -
           })

     

       54
       54
       -
           cfg.extraConfig

     

       55
       55
       -
         ]);

     

       30
       30
       +
           };

     

       31
       31
       +
           connection = cfg.connectionConfig;

     

       32
       32
       +
           device = {

     

       33
       33
       +
               "wifi.scan-rand-mac-address" = cfg.wifi.scanRandMacAddress;

     

       34
       34
       +
               "wifi.backend" = cfg.wifi.backend;

     

       35
       35
       +
           };

     

       36
       36
       +
         } cfg.settings;

     

       37
       37
       +
         configFile = ini.generate "NetworkManager.conf" configAttrs;

     

       56
       38
        
       

     

       57
       39
        
         /*

     

       58
       40
        
           [network-manager]

     
···

       145
       127
        
       {

     

       146
       128
        
       

     

       147
       129
        
         meta = {

     

       148
       148
       -
           maintainers = teams.freedesktop.members;

     

       130
       130
       +
           maintainers = teams.freedesktop.members ++ [ lib.maintainers.janik ];

     

       149
       131
        
         };

     

       150
       132
        
       

     

       151
       133
        
         ###### interface

     
···

       185
       167
        
               '';

     

       186
       168
        
             };

     

       187
       169
        
       

     

       188
       188
       -
             extraConfig = mkOption {

     

       189
       189
       -
               type = types.lines;

     

       190
       190
       -
               default = "";

     

       170
       170
       +
             settings = mkOption {

     

       171
       171
       +
               type = ini.type;

     

       172
       172
       +
               default = {};

     

       191
       173
        
               description = ''

     

       192
       192
       -
                 Configuration appended to the generated NetworkManager.conf.

     

       174
       174
       +
                 Configuration added to the generated NetworkManager.conf, note that you can overwrite settings with this.

     

       193
       175
        
                 Refer to

     

       194
       176
        
                 [

     

       195
       177
        
                   https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html

     
···

       471
       453
        
         imports = [

     

       472
       454
        
           (mkRenamedOptionModule

     

       473
       455
        
             [ "networking" "networkmanager" "packages" ]

     

       474
       474
       -
             [ "networking" "networkmanager" "plugins" ])

     

       475
       475
       -
           (mkRenamedOptionModule [ "networking" "networkmanager" "useDnsmasq" ] [ "networking" "networkmanager" "dns" ])

     

       456
       456
       +
             [ "networking" "networkmanager" "plugins" ]

     

       457
       457
       +
           )

     

       458
       458
       +
           (mkRenamedOptionModule

     

       459
       459
       +
             [ "networking" "networkmanager" "useDnsmasq" ]

     

       460
       460
       +
             [ "networking" "networkmanager" "dns" ]

     

       461
       461
       +
           )

     

       462
       462
       +
           (mkRemovedOptionModule [ "networking" "networkmanager" "extraConfig" ] ''

     

       463
       463
       +
             This option was removed in favour of `networking.networkmanager.settings`,

     

       464
       464
       +
             which accepts structured nix-code equivalent to the ini

     

       465
       465
       +
             and allows for overriding settings.

     

       466
       466
       +
             Example patch:

     

       467
       467
       +
             ```patch

     

       468
       468
       +
                networking.networkmanager = {

     

       469
       469
       +
             -    extraConfig = '''

     

       470
       470
       +
             -      [main]

     

       471
       471
       +
             -      no-auto-default=*

     

       472
       472
       +
             -    '''

     

       473
       473
       +
             +    extraConfig.main.no-auto-default = "*";

     

       474
       474
       +
                };

     

       475
       475
       +
             ```

     

       476
       476
       +
           ''

     

       477
       477
       +
           )

     

       476
       478
        
           (mkRemovedOptionModule [ "networking" "networkmanager" "enableFccUnlock" ] ''

     

       477
       479
        
             This option was removed, because using bundled FCC unlock scripts is risky,

     

       478
       480
        
             might conflict with vendor-provided unlock scripts, and should

nixos/tests/all-tests.nix

···

       599
       599
        
         netdata = handleTest ./netdata.nix {};

     

       600
       600
        
         networking.scripted = handleTest ./networking/networkd-and-scripted.nix { networkd = false; };

     

       601
       601
        
         networking.networkd = handleTest ./networking/networkd-and-scripted.nix { networkd = true; };

     

       602
       602
       +
         networking.networkmanager = handleTest ./networking/networkmanager.nix {};

     

       602
       603
        
         netbox_3_6 = handleTest ./web-apps/netbox.nix { netbox = pkgs.netbox_3_6; };

     

       603
       604
        
         netbox_3_7 = handleTest ./web-apps/netbox.nix { netbox = pkgs.netbox_3_7; };

     

       604
       605
        
         netbox-upgrade = handleTest ./web-apps/netbox-upgrade.nix {};

+172

nixos/tests/networking/networkmanager.nix

···

       1
       1
       +
       { system ? builtins.currentSystem

     

       2
       2
       +
       , config ? {}

     

       3
       3
       +
       , pkgs ? import ../.. { inherit system config; }

     

       4
       4
       +
       }:

     

       5
       5
       +
       

     

       6
       6
       +
       with import ../../lib/testing-python.nix { inherit system pkgs; };

     

       7
       7
       +
       

     

       8
       8
       +
       let

     

       9
       9
       +
         lib = pkgs.lib;

     

       10
       10
       +
         # this is intended as a client test since you shouldn't use NetworkManager for a router or server

     

       11
       11
       +
         # so using systemd-networkd for the router vm is fine in these tests.

     

       12
       12
       +
         router = import ./router.nix { networkd = true; };

     

       13
       13
       +
         qemu-common = import ../../lib/qemu-common.nix { inherit (pkgs) lib pkgs; };

     

       14
       14
       +
         clientConfig = extraConfig: lib.recursiveUpdate {

     

       15
       15
       +
           networking.useDHCP = false;

     

       16
       16
       +
       

     

       17
       17
       +
           # Make sure that only NetworkManager configures the interface

     

       18
       18
       +
           networking.interfaces = lib.mkForce {

     

       19
       19
       +
             eth1 = {};

     

       20
       20
       +
           };

     

       21
       21
       +
           networking.networkmanager = {

     

       22
       22
       +
             enable = true;

     

       23
       23
       +
             # this is needed so NM doesn't generate 'Wired Connection' profiles and instead uses the default one

     

       24
       24
       +
             settings.main.no-auto-default = "*";

     

       25
       25
       +
             ensureProfiles.profiles.default = {

     

       26
       26
       +
               connection = {

     

       27
       27
       +
                 id = "default";

     

       28
       28
       +
                 type = "ethernet";

     

       29
       29
       +
                 interface-name = "eth1";

     

       30
       30
       +
                 autoconnect = true;

     

       31
       31
       +
               };

     

       32
       32
       +
             };

     

       33
       33
       +
           };

     

       34
       34
       +
         } extraConfig;

     

       35
       35
       +
         testCases = {

     

       36
       36
       +
           static = {

     

       37
       37
       +
             name = "static";

     

       38
       38
       +
             nodes = {

     

       39
       39
       +
               inherit router;

     

       40
       40
       +
               client = clientConfig {

     

       41
       41
       +
                 networking.networkmanager.ensureProfiles.profiles.default = {

     

       42
       42
       +
                   ipv4.method = "manual";

     

       43
       43
       +
                   ipv4.addresses = "192.168.1.42/24";

     

       44
       44
       +
                   ipv4.gateway = "192.168.1.1";

     

       45
       45
       +
                   ipv6.method = "manual";

     

       46
       46
       +
                   ipv6.addresses = "fd00:1234:5678:1::42/64";

     

       47
       47
       +
                   ipv6.gateway = "fd00:1234:5678:1::1";

     

       48
       48
       +
                 };

     

       49
       49
       +
               };

     

       50
       50
       +
             };

     

       51
       51
       +
             testScript = ''

     

       52
       52
       +
               start_all()

     

       53
       53
       +
               router.systemctl("start network-online.target")

     

       54
       54
       +
               router.wait_for_unit("network-online.target")

     

       55
       55
       +
               client.wait_for_unit("NetworkManager.service")

     

       56
       56
       +
       

     

       57
       57
       +
               with subtest("Wait until we have an ip address on each interface"):

     

       58
       58
       +
                   client.wait_until_succeeds("ip addr show dev eth1 | grep -q '192.168.1'")

     

       59
       59
       +
                   client.wait_until_succeeds("ip addr show dev eth1 | grep -q 'fd00:1234:5678:1:'")

     

       60
       60
       +
       

     

       61
       61
       +
               with subtest("Test if icmp echo works"):

     

       62
       62
       +
                   client.wait_until_succeeds("ping -c 1 192.168.3.1")

     

       63
       63
       +
                   client.wait_until_succeeds("ping -c 1 fd00:1234:5678:3::1")

     

       64
       64
       +
                   router.wait_until_succeeds("ping -c 1 192.168.1.42")

     

       65
       65
       +
                   router.wait_until_succeeds("ping -c 1 fd00:1234:5678:1::42")

     

       66
       66
       +
             '';

     

       67
       67
       +
           };

     

       68
       68
       +
           auto = {

     

       69
       69
       +
             name = "auto";

     

       70
       70
       +
             nodes = {

     

       71
       71
       +
               inherit router;

     

       72
       72
       +
               client = clientConfig {

     

       73
       73
       +
                 networking.networkmanager.ensureProfiles.profiles.default = {

     

       74
       74
       +
                   ipv4.method = "auto";

     

       75
       75
       +
                   ipv6.method = "auto";

     

       76
       76
       +
                 };

     

       77
       77
       +
               };

     

       78
       78
       +
             };

     

       79
       79
       +
             testScript = ''

     

       80
       80
       +
               start_all()

     

       81
       81
       +
               router.systemctl("start network-online.target")

     

       82
       82
       +
               router.wait_for_unit("network-online.target")

     

       83
       83
       +
               client.wait_for_unit("NetworkManager.service")

     

       84
       84
       +
       

     

       85
       85
       +
               with subtest("Wait until we have an ip address on each interface"):

     

       86
       86
       +
                   client.wait_until_succeeds("ip addr show dev eth1 | grep -q '192.168.1'")

     

       87
       87
       +
                   client.wait_until_succeeds("ip addr show dev eth1 | grep -q 'fd00:1234:5678:1:'")

     

       88
       88
       +
       

     

       89
       89
       +
               with subtest("Test if icmp echo works"):

     

       90
       90
       +
                   client.wait_until_succeeds("ping -c 1 192.168.1.1")

     

       91
       91
       +
                   client.wait_until_succeeds("ping -c 1 fd00:1234:5678:1::1")

     

       92
       92
       +
                   router.wait_until_succeeds("ping -c 1 192.168.1.2")

     

       93
       93
       +
                   router.wait_until_succeeds("ping -c 1 fd00:1234:5678:1::2")

     

       94
       94
       +
             '';

     

       95
       95
       +
           };

     

       96
       96
       +
           dns = {

     

       97
       97
       +
             name = "dns";

     

       98
       98
       +
             nodes = {

     

       99
       99
       +
               inherit router;

     

       100
       100
       +
               dynamic = clientConfig {

     

       101
       101
       +
                 networking.networkmanager.ensureProfiles.profiles.default = {

     

       102
       102
       +
                   ipv4.method = "auto";

     

       103
       103
       +
                 };

     

       104
       104
       +
               };

     

       105
       105
       +
               static = clientConfig {

     

       106
       106
       +
                 networking.networkmanager.ensureProfiles.profiles.default = {

     

       107
       107
       +
                   ipv4 = {

     

       108
       108
       +
                     method = "auto";

     

       109
       109
       +
                     ignore-auto-dns = "true";

     

       110
       110
       +
                     dns = "10.10.10.10";

     

       111
       111
       +
                     dns-search = "";

     

       112
       112
       +
                   };

     

       113
       113
       +
                 };

     

       114
       114
       +
               };

     

       115
       115
       +
             };

     

       116
       116
       +
             testScript = ''

     

       117
       117
       +
               start_all()

     

       118
       118
       +
               router.systemctl("start network-online.target")

     

       119
       119
       +
               router.wait_for_unit("network-online.target")

     

       120
       120
       +
               dynamic.wait_for_unit("NetworkManager.service")

     

       121
       121
       +
               static.wait_for_unit("NetworkManager.service")

     

       122
       122
       +
       

     

       123
       123
       +
               dynamic.wait_until_succeeds("cat /etc/resolv.conf | grep -q '192.168.1.1'")

     

       124
       124
       +
               static.wait_until_succeeds("cat /etc/resolv.conf | grep -q '10.10.10.10'")

     

       125
       125
       +
               static.wait_until_fails("cat /etc/resolv.conf | grep -q '192.168.1.1'")

     

       126
       126
       +
             '';

     

       127
       127
       +
           };

     

       128
       128
       +
           dispatcherScripts = {

     

       129
       129
       +
             name = "dispatcherScripts";

     

       130
       130
       +
             nodes.client = clientConfig {

     

       131
       131
       +
               networking.networkmanager.dispatcherScripts = [{

     

       132
       132
       +
                 type = "pre-up";

     

       133
       133
       +
                 source = pkgs.writeText "testHook" ''

     

       134
       134
       +
                   touch /tmp/dispatcher-scripts-are-working

     

       135
       135
       +
                 '';

     

       136
       136
       +
               }];

     

       137
       137
       +
             };

     

       138
       138
       +
             testScript = ''

     

       139
       139
       +
               start_all()

     

       140
       140
       +
               client.wait_for_unit("NetworkManager.service")

     

       141
       141
       +
               client.wait_until_succeeds("stat /tmp/dispatcher-scripts-are-working")

     

       142
       142
       +
             '';

     

       143
       143
       +
           };

     

       144
       144
       +
           envsubst = {

     

       145
       145
       +
             name = "envsubst";

     

       146
       146
       +
             nodes.client = let

     

       147
       147
       +
               # you should never write secrets in to your nixos configuration, please use tools like sops-nix or agenix

     

       148
       148
       +
               secretFile = pkgs.writeText "my-secret.env" ''

     

       149
       149
       +
                 MY_SECRET_IP=fd00:1234:5678:1::23/64

     

       150
       150
       +
               '';

     

       151
       151
       +
             in clientConfig {

     

       152
       152
       +
               networking.networkmanager.ensureProfiles.environmentFiles = [ secretFile ];

     

       153
       153
       +
               networking.networkmanager.ensureProfiles.profiles.default = {

     

       154
       154
       +
                 ipv6.method = "manual";

     

       155
       155
       +
                 ipv6.addresses = "$MY_SECRET_IP";

     

       156
       156
       +
               };

     

       157
       157
       +
             };

     

       158
       158
       +
             testScript = ''

     

       159
       159
       +
               start_all()

     

       160
       160
       +
               client.wait_for_unit("NetworkManager.service")

     

       161
       161
       +
               client.wait_until_succeeds("ip addr show dev eth1 | grep -q 'fd00:1234:5678:1:'")

     

       162
       162
       +
               client.wait_until_succeeds("ping -c 1 fd00:1234:5678:1::23")

     

       163
       163
       +
             '';

     

       164
       164
       +
           };

     

       165
       165
       +
         };

     

       166
       166
       +
       in lib.mapAttrs (lib.const (attrs: makeTest (attrs // {

     

       167
       167
       +
         name = "${attrs.name}-Networking-NetworkManager";

     

       168
       168
       +
         meta = {

     

       169
       169
       +
           maintainers = with lib.maintainers; [ janik ];

     

       170
       170
       +
         };

     

       171
       171
       +
       

     

       172
       172
       +
       }))) testCases

pkgs/tools/networking/networkmanager/default.nix

···

       50
       50
        
       , mobile-broadband-provider-info

     

       51
       51
        
       , runtimeShell

     

       52
       52
        
       , buildPackages

     

       53
       53
       +
       , nixosTests

     

       53
       54
        
       }:

     

       54
       55
        
       

     

       55
       56
        
       let

     
···

       202
       203
        
             packageName = "NetworkManager";

     

       203
       204
        
             attrPath = "networkmanager";

     

       204
       205
        
             versionPolicy = "odd-unstable";

     

       206
       206
       +
           };

     

       207
       207
       +
           tests = {

     

       208
       208
       +
             inherit (nixosTests.networking) networkmanager;

     

       205
       209
        
           };

     

       206
       210
        
         };

     

       207
       211