{ config, pkgs, ... }:
with pkgs.lib;
with pkgs;
let
cfg = config.networking.networkmanager;
stateDirs = "/var/lib/NetworkManager /var/lib/dhclient";
configFile = writeText "NetworkManager.conf" ''
[main]
plugins=keyfile
[keyfile]
${optionalString (config.networking.hostName != "") ''
hostname=${config.networking.hostName}
''}
[logging]
level=WARN
'';
polkitConf = ''
[network-manager]
Identity=unix-group:networkmanager
Action=org.freedesktop.NetworkManager.*
ResultAny=yes
ResultInactive=no
ResultActive=yes
[modem-manager]
Identity=unix-group:networkmanager
Action=org.freedesktop.ModemManager.*
ResultAny=yes
ResultInactive=no
ResultActive=yes
'';
ipUpScript = writeScript "01nixos-ip-up" ''
#!/bin/sh
if test "$2" = "up"; then
${config.systemd.package}/bin/systemctl start ip-up.target
fi
'';
overrideNameserversScript = writeScript "02overridedns" ''
#!/bin/sh
${optionalString cfg.overrideNameservers "${gnused}/bin/sed -i '/nameserver /d' /etc/resolv.conf"}
${concatStrings (map (s: ''
${optionalString cfg.appendNameservers
"${gnused}/bin/sed -i '/nameserver ${s}/d' /etc/resolv.conf"
}
echo 'nameserver ${s}' >> /etc/resolv.conf
'') config.networking.nameservers)}
'';
in {
###### interface
options = {
networking.networkmanager = {
enable = mkOption {
default = false;
merge = mergeEnableOption;
description = ''
Whether to use NetworkManager to obtain an IP address and other
configuration for all network interfaces that are not manually
configured. If enabled, a group networkmanager
will be created. Add all users that should have permission
to change network settings to this group.
'';
};
packages = mkOption {
default = [ ];
description = ''
Extra packages that provide NetworkManager plugins.
'';
merge = mergeListOption;
apply = list: [ networkmanager modemmanager wpa_supplicant ] ++ list;
};
overrideNameservers = mkOption {
default = false;
description = ''
If enabled, any nameservers received by DHCP or configured in
NetworkManager will be replaced by the nameservers configured
in the networking.nameservers option. This
option overrides the appendNameservers option
if both are enabled.
'';
};
appendNameservers = mkOption {
default = false;
description = ''
If enabled, the name servers configured in the
networking.nameservers option will be appended
to the ones configured in NetworkManager or received by DHCP.
'';
};
};
};
###### implementation
config = mkIf cfg.enable {
assertions = [{
assertion = config.networking.wireless.enable == false;
message = "You can not use networking.networkmanager with services.networking.wireless";
}];
environment.etc = [
{ source = ipUpScript;
target = "NetworkManager/dispatcher.d/01nixos-ip-up";
}
{ source = configFile;
target = "NetworkManager/NetworkManager.conf";
}
{ source = "${networkmanager_openvpn}/etc/NetworkManager/VPN/nm-openvpn-service.name";
target = "NetworkManager/VPN/nm-openvpn-service.name";
}
{ source = "${networkmanager_vpnc}/etc/NetworkManager/VPN/nm-vpnc-service.name";
target = "NetworkManager/VPN/nm-vpnc-service.name";
}
{ source = "${networkmanager_openconnect}/etc/NetworkManager/VPN/nm-openconnect-service.name";
target = "NetworkManager/VPN/nm-openconnect-service.name";
}
] ++ pkgs.lib.optional (cfg.overrideNameservers || cfg.appendNameservers)
{ source = overrideNameserversScript;
target = "NetworkManager/dispatcher.d/02overridedns";
};
environment.systemPackages = cfg.packages ++ [
networkmanager_openvpn
networkmanager_vpnc
networkmanager_openconnect
];
users.extraGroups = singleton {
name = "networkmanager";
gid = config.ids.gids.networkmanager;
};
systemd.packages = cfg.packages;
# Create an initialisation service that both starts
# NetworkManager when network.target is reached,
# and sets up necessary directories for NM.
systemd.services."networkmanager-init" = {
description = "NetworkManager initialisation";
wantedBy = [ "network.target" ];
partOf = [ "NetworkManager.service" ];
wants = [ "NetworkManager.service" ];
before = [ "NetworkManager.service" ];
script = ''
mkdir -m 700 -p /etc/NetworkManager/system-connections
mkdir -m 755 -p ${stateDirs}
'';
serviceConfig = {
Type = "oneshot";
};
};
# Turn off NixOS' network management
networking = {
useDHCP = false;
wireless.enable = false;
};
powerManagement.resumeCommands = ''
systemctl restart NetworkManager
'';
security.polkit.permissions = polkitConf;
# openvpn plugin has only dbus interface
services.dbus.packages = cfg.packages ++ [
networkmanager_openvpn
networkmanager_vpnc
networkmanager_openconnect
];
services.udev.packages = cfg.packages;
};
}