cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

Merge pull request #173697 from jmbaur/avahi-daemon-deny-interfaces

Browse source 
nixos/avahi: add denyInterfaces option
This commit is contained in:
Sandro 2023-03-17 17:11:49 +01:00 committed by GitHub
commit 7ec767ff54
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 27 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
nixos/modules/services/networking/avahi-daemon.nix
View file

@ -17,7 +17,8 @@ let
browse-domains=${concatStringsSep ", " browseDomains} browse-domains=${concatStringsSep ", " browseDomains}
use-ipv4=${yesNo ipv4} use-ipv4=${yesNo ipv4}
use-ipv6=${yesNo ipv6} use-ipv6=${yesNo ipv6}
${optionalString (interfaces!=null) "allow-interfaces=${concatStringsSep "," interfaces}"} ${optionalString (allowInterfaces!=null) "allow-interfaces=${concatStringsSep "," allowInterfaces}"}
${optionalString (denyInterfaces!=null) "deny-interfaces=${concatStringsSep "," denyInterfaces}"}
${optionalString (domainName!=null) "domain-name=${domainName}"} ${optionalString (domainName!=null) "domain-name=${domainName}"}
allow-point-to-point=${yesNo allowPointToPoint} allow-point-to-point=${yesNo allowPointToPoint}
${optionalString (cacheEntriesMax!=null) "cache-entries-max=${toString cacheEntriesMax}"} ${optionalString (cacheEntriesMax!=null) "cache-entries-max=${toString cacheEntriesMax}"}
@ -39,6 +40,10 @@ let
''; '';
in in
{ {
imports = [
(lib.mkRenamedOptionModule [ "services" "avahi" "interfaces" ] [ "services" "avahi" "allowInterfaces" ])
];
options.services.avahi = { options.services.avahi = {
enable = mkOption { enable = mkOption {
type = types.bool; type = types.bool;
@ -91,7 +96,7 @@ in
description = lib.mdDoc "Whether to use IPv6."; description = lib.mdDoc "Whether to use IPv6.";
}; };
interfaces = mkOption { allowInterfaces = mkOption {
type = types.nullOr (types.listOf types.str); type = types.nullOr (types.listOf types.str);
default = null; default = null;
description = lib.mdDoc '' description = lib.mdDoc ''
@ -101,6 +106,17 @@ in
''; '';
}; };
denyInterfaces = mkOption {
type = types.nullOr (types.listOf types.str);
default = null;
description = lib.mdDoc ''
List of network interfaces that should be ignored by the
{command}`avahi-daemon`. Other unspecified interfaces will be used,
unless {option}`allowInterfaces` is set. This option takes precedence
over {option}`allowInterfaces`.
'';
};
openFirewall = mkOption { openFirewall = mkOption {
type = types.bool; type = types.bool;
default = true; default = true;
@ -246,10 +262,12 @@ in
environment.systemPackages = [ pkgs.avahi ]; environment.systemPackages = [ pkgs.avahi ];
environment.etc = (mapAttrs' (n: v: nameValuePair environment.etc = (mapAttrs'
(n: v: nameValuePair
"avahi/services/${n}.service" "avahi/services/${n}.service"
{ ${if types.path.check v then "source" else "text"} = v; } { ${if types.path.check v then "source" else "text"} = v; }
) cfg.extraServiceFiles); )
cfg.extraServiceFiles);
systemd.sockets.avahi-daemon = { systemd.sockets.avahi-daemon = {
description = "Avahi mDNS/DNS-SD Stack Activation Socket"; description = "Avahi mDNS/DNS-SD Stack Activation Socket";