kookie
/
nomicon
1
0
Fork 0
Code Issues Projects Releases 1 Activity

nixos/avahi: refactor module, add option `extraServiceFiles`

Browse Source 
Types are now specified for all options.
The fixed uid and gid for the avahi user have been removed
and the user avahi is now in the group avahi.
The the generic opening of the firewall for UDP port 5353 is
now optional, but still defaults to true.

The option `extraServiceFiles` was added to specify avahi
service definitions, which are then placed in `/etc/avahi/services`.
wip/yesman
WilliButz 5 years ago
parent c260e9e399
commit 49302dc593
No known key found for this signature in database
GPG Key ID: 92582A10F1179CB2
1 changed files with 186 additions and 158 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 344
      nixos/modules/services/networking/avahi-daemon.nix

344
nixos/modules/services/networking/avahi-daemon.nix
Unescape View File

@ -1,10 +1,8 @@
# Avahi daemon.
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.avahi;
yesNo = yes : if yes then "yes" else "no";
@ -39,215 +37,245 @@ let
enable-reflector=${yesNo reflector}
${extraConfig}
'';
in
{
options.services.avahi = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to run the Avahi daemon, which allows Avahi clients
to use Avahi's service discovery facilities and also allows
the local machine to advertise its presence and services
(through the mDNS responder implemented by `avahi-daemon').
'';
};
###### interface
hostName = mkOption {
type = types.str;
default = config.networking.hostName;
defaultText = literalExample "config.networking.hostName";
description = ''
Host name advertised on the LAN. If not set, avahi will use the value
of <option>config.networking.hostName</option>.
'';
};
options = {
domainName = mkOption {
type = types.str;
default = "local";
description = ''
Domain name for all advertisements.
'';
};
services.avahi = {
browseDomains = mkOption {
type = types.listOf types.str;
default = [ ];
example = [ "0pointer.de" "zeroconf.org" ];
description = ''
List of non-local DNS domains to be browsed.
'';
};
enable = mkOption {
default = false;
description = ''
Whether to run the Avahi daemon, which allows Avahi clients
to use Avahi's service discovery facilities and also allows
the local machine to advertise its presence and services
(through the mDNS responder implemented by `avahi-daemon').
'';
};
ipv4 = mkOption {
type = types.bool;
default = true;
description = "Whether to use IPv4.";
};
hostName = mkOption {
type = types.str;
description = ''
Host name advertised on the LAN. If not set, avahi will use the value
of config.networking.hostName.
'';
};
ipv6 = mkOption {
type = types.bool;
default = false;
description = "Whether to use IPv6.";
};
domainName = mkOption {
type = types.str;
default = "local";
description = ''
Domain name for all advertisements.
'';
};
interfaces = mkOption {
type = types.nullOr (types.listOf types.str);
default = null;
description = ''
List of network interfaces that should be used by the <command>avahi-daemon</command>.
Other interfaces will be ignored. If <literal>null</literal>, all local interfaces
except loopback and point-to-point will be used.
'';
};
browseDomains = mkOption {
default = [ ];
example = [ "0pointer.de" "zeroconf.org" ];
description = ''
List of non-local DNS domains to be browsed.
'';
};
openFirewall = mkOption {
type = types.bool;
default = true;
description = ''
Whether to open the firewall for UDP port 5353.
'';
};
ipv4 = mkOption {
default = true;
description = ''Whether to use IPv4'';
};
allowPointToPoint = mkOption {
type = types.bool;
default = false;
description= ''
Whether to use POINTTOPOINT interfaces. Might make mDNS unreliable due to usually large
latencies with such links and opens a potential security hole by allowing mDNS access from Internet
connections.
'';
};
ipv6 = mkOption {
default = false;
description = ''Whether to use IPv6'';
};
wideArea = mkOption {
type = types.bool;
default = true;
description = "Whether to enable wide-area service discovery.";
};
interfaces = mkOption {
type = types.nullOr (types.listOf types.str);
default = null;
description = ''
List of network interfaces that should be used by the <command>avahi-daemon</command>.
Other interfaces will be ignored. If <literal>null</literal> all local interfaces
except loopback and point-to-point will be used.
'';
};
reflector = mkOption {
type = types.bool;
default = false;
description = "Reflect incoming mDNS requests to all allowed network interfaces.";
};
allowPointToPoint = mkOption {
default = false;
description= ''
Whether to use POINTTOPOINT interfaces. Might make mDNS unreliable due to usually large
latencies with such links and opens a potential security hole by allowing mDNS access from Internet
connections. Use with care and YMMV!
'';
};
extraServiceFiles = mkOption {
type = with types; attrsOf (either str path);
default = {};
example = literalExample ''
{
ssh = "''${pkgs.avahi}/etc/avahi/services/ssh.service";
smb = '''
<?xml version="1.0" standalone='no'?><!--*-nxml-*-->
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
<name replace-wildcards="yes">%h</name>
<service>
<type>_smb._tcp</type>
<port>445</port>
</service>
</service-group>
''';
}
'';
description = ''
Specify custom service definitions which are placed in the avahi service directory.
See the <citerefentry><refentrytitle>avahi.service</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> manpage for detailed information.
'';
};
wideArea = mkOption {
default = true;
description = ''Whether to enable wide-area service discovery.'';
publish = {
enable = mkOption {
type = types.bool;
default = false;
description = "Whether to allow publishing in general.";
};
reflector = mkOption {
userServices = mkOption {
type = types.bool;
default = false;
description = ''Reflect incoming mDNS requests to all allowed network interfaces.'';
description = "Whether to publish user services. Will set <literal>addresses=true</literal>.";
};
publish = {
enable = mkOption {
default = false;
description = ''Whether to allow publishing in general.'';
};
userServices = mkOption {
default = false;
description = ''Whether to publish user services. Will set <literal>addresses=true</literal>.'';
};
addresses = mkOption {
default = false;
description = ''Whether to register mDNS address records for all local IP addresses.'';
};
hinfo = mkOption {
default = false;
description = ''
Whether to register an mDNS HINFO record which contains information about the
local operating system and CPU.
'';
};
workstation = mkOption {
default = false;
description = ''Whether to register a service of type "_workstation._tcp" on the local LAN.'';
};
domain = mkOption {
default = false;
description = ''Whether to announce the locally used domain name for browsing by other hosts.'';
};
addresses = mkOption {
type = types.bool;
default = false;
description = "Whether to register mDNS address records for all local IP addresses.";
};
nssmdns = mkOption {
hinfo = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable the mDNS NSS (Name Service Switch) plug-in.
Enabling it allows applications to resolve names in the `.local'
domain by transparently querying the Avahi daemon.
Whether to register a mDNS HINFO record which contains information about the
local operating system and CPU.
'';
};
cacheEntriesMax = mkOption {
default = null;
type = types.nullOr types.int;
workstation = mkOption {
type = types.bool;
default = false;
description = ''
Number of resource records to be cached per interface. Use 0 to
disable caching. Avahi daemon defaults to 4096 if not set.
Whether to register a service of type "_workstation._tcp" on the local LAN.
'';
};
extraConfig = mkOption {
default = "";
type = types.lines;
description = ''
Extra config to append to avahi-daemon.conf.
'';
domain = mkOption {
type = types.bool;
default = false;
description = "Whether to announce the locally used domain name for browsing by other hosts.";
};
};
};
nssmdns = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable the mDNS NSS (Name Service Switch) plug-in.
Enabling it allows applications to resolve names in the `.local'
domain by transparently querying the Avahi daemon.
'';
};
cacheEntriesMax = mkOption {
type = types.nullOr types.int;
default = null;
description = ''
Number of resource records to be cached per interface. Use 0 to
disable caching. Avahi daemon defaults to 4096 if not set.
'';
};
###### implementation
extraConfig = mkOption {
type = types.lines;
default = "";
description = ''
Extra config to append to avahi-daemon.conf.
'';
};
};
config = mkIf cfg.enable {
users.users.avahi = {
description = "avahi-daemon privilege separation user";
home = "/var/empty";
group = "avahi";
isSystemUser = true;
};
services.avahi.hostName = mkDefault config.networking.hostName;
users.users = singleton
{ name = "avahi";
uid = config.ids.uids.avahi;
description = "`avahi-daemon' privilege separation user";
home = "/var/empty";
};
users.groups = singleton
{ name = "avahi";
gid = config.ids.gids.avahi;
};
users.groups.avahi = {};
system.nssModules = optional cfg.nssmdns pkgs.nssmdns;
environment.systemPackages = [ pkgs.avahi ];
systemd.sockets.avahi-daemon =
{ description = "Avahi mDNS/DNS-SD Stack Activation Socket";
listenStreams = [ "/run/avahi-daemon/socket" ];
wantedBy = [ "sockets.target" ];
};
environment.etc = (mapAttrs' (n: v: nameValuePair
"avahi/services/${n}.service"
{ ${if types.path.check v then "source" else "text"} = v; }
) cfg.extraServiceFiles);
systemd.services.avahi-daemon =
{ description = "Avahi mDNS/DNS-SD Stack";
wantedBy = [ "multi-user.target" ];
requires = [ "avahi-daemon.socket" ];
systemd.sockets.avahi-daemon = {
description = "Avahi mDNS/DNS-SD Stack Activation Socket";
listenStreams = [ "/run/avahi-daemon/socket" ];
wantedBy = [ "sockets.target" ];
};
serviceConfig."NotifyAccess" = "main";
serviceConfig."BusName" = "org.freedesktop.Avahi";
serviceConfig."Type" = "dbus";
systemd.tmpfiles.rules = [ "d /run/avahi-daemon - avahi avahi -" ];
path = [ pkgs.coreutils pkgs.avahi ];
systemd.services.avahi-daemon = {
description = "Avahi mDNS/DNS-SD Stack";
wantedBy = [ "multi-user.target" ];
requires = [ "avahi-daemon.socket" ];
preStart = "mkdir -p /run/avahi-daemon";
# Make NSS modules visible so that `avahi_nss_support ()' can
# return a sensible value.
environment.LD_LIBRARY_PATH = config.system.nssModules.path;
script =
''
# Make NSS modules visible so that `avahi_nss_support ()' can
# return a sensible value.
export LD_LIBRARY_PATH="${config.system.nssModules.path}"
path = [ pkgs.coreutils pkgs.avahi ];
exec ${pkgs.avahi}/sbin/avahi-daemon --syslog -f "${avahiDaemonConf}"
'';
serviceConfig = {
NotifyAccess = "main";
BusName = "org.freedesktop.Avahi";
Type = "dbus";
ExecStart = "${pkgs.avahi}/sbin/avahi-daemon --syslog -f ${avahiDaemonConf}";
};
};
services.dbus.enable = true;
services.dbus.packages = [ pkgs.avahi ];
# Enabling Avahi without exposing it in the firewall doesn't make
# sense.
networking.firewall.allowedUDPPorts = [ 5353 ];
networking.firewall.allowedUDPPorts = mkIf cfg.openFirewall [ 5353 ];
};
}

Write Preview
Loading…
Cancel
Save