Merge pull request #173697 from jmbaur/avahi-daemon-deny-interfaces
nixos/avahi: add denyInterfaces option
This commit is contained in:
Sandro
GitHub
commit
7ec767ff54
1 changed files with 27 additions and 9 deletions
|
|
@ -5,7 +5,7 @@ with lib;
|
|||
let
|
||||
cfg = config.services.avahi;
|
||||
|
||||
yesNo = yes : if yes then "yes" else "no";
|
||||
yesNo = yes: if yes then "yes" else "no";
|
||||
|
||||
avahiDaemonConf = with cfg; pkgs.writeText "avahi-daemon.conf" ''
|
||||
[server]
|
||||
|
|
@ -17,7 +17,8 @@ let
|
|||
browse-domains=${concatStringsSep ", " browseDomains}
|
||||
use-ipv4=${yesNo ipv4}
|
||||
use-ipv6=${yesNo ipv6}
|
||||
${optionalString (interfaces!=null) "allow-interfaces=${concatStringsSep "," interfaces}"}
|
||||
${optionalString (allowInterfaces!=null) "allow-interfaces=${concatStringsSep "," allowInterfaces}"}
|
||||
${optionalString (denyInterfaces!=null) "deny-interfaces=${concatStringsSep "," denyInterfaces}"}
|
||||
${optionalString (domainName!=null) "domain-name=${domainName}"}
|
||||
allow-point-to-point=${yesNo allowPointToPoint}
|
||||
${optionalString (cacheEntriesMax!=null) "cache-entries-max=${toString cacheEntriesMax}"}
|
||||
|
|
@ -39,6 +40,10 @@ let
|
|||
'';
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
(lib.mkRenamedOptionModule [ "services" "avahi" "interfaces" ] [ "services" "avahi" "allowInterfaces" ])
|
||||
];
|
||||
|
||||
options.services.avahi = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
|
|
@ -91,7 +96,7 @@ in
|
|||
description = lib.mdDoc "Whether to use IPv6.";
|
||||
};
|
||||
|
||||
interfaces = mkOption {
|
||||
allowInterfaces = mkOption {
|
||||
type = types.nullOr (types.listOf types.str);
|
||||
default = null;
|
||||
description = lib.mdDoc ''
|
||||
|
|
@ -101,6 +106,17 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
denyInterfaces = mkOption {
|
||||
type = types.nullOr (types.listOf types.str);
|
||||
default = null;
|
||||
description = lib.mdDoc ''
|
||||
List of network interfaces that should be ignored by the
|
||||
{command}`avahi-daemon`. Other unspecified interfaces will be used,
|
||||
unless {option}`allowInterfaces` is set. This option takes precedence
|
||||
over {option}`allowInterfaces`.
|
||||
'';
|
||||
};
|
||||
|
||||
openFirewall = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
|
|
@ -134,7 +150,7 @@ in
|
|||
|
||||
extraServiceFiles = mkOption {
|
||||
type = with types; attrsOf (either str path);
|
||||
default = {};
|
||||
default = { };
|
||||
example = literalExpression ''
|
||||
{
|
||||
ssh = "''${pkgs.avahi}/etc/avahi/services/ssh.service";
|
||||
|
|
@ -236,7 +252,7 @@ in
|
|||
isSystemUser = true;
|
||||
};
|
||||
|
||||
users.groups.avahi = {};
|
||||
users.groups.avahi = { };
|
||||
|
||||
system.nssModules = optional cfg.nssmdns pkgs.nssmdns;
|
||||
system.nssDatabases.hosts = optionals cfg.nssmdns (mkMerge [
|
||||
|
|
@ -246,10 +262,12 @@ in
|
|||
|
||||
environment.systemPackages = [ pkgs.avahi ];
|
||||
|
||||
environment.etc = (mapAttrs' (n: v: nameValuePair
|
||||
environment.etc = (mapAttrs'
|
||||
(n: v: nameValuePair
|
||||
"avahi/services/${n}.service"
|
||||
{ ${if types.path.check v then "source" else "text"} = v; }
|
||||
) cfg.extraServiceFiles);
|
||||
)
|
||||
cfg.extraServiceFiles);
|
||||
|
||||
systemd.sockets.avahi-daemon = {
|
||||
description = "Avahi mDNS/DNS-SD Stack Activation Socket";
|
||||
|
|
|
|||
Loading…
Reference in a new issue