From ea0dc2c5eb7c462a657e336763b1754efe1e5661 Mon Sep 17 00:00:00 2001 From: Jared Baur Date: Thu, 19 May 2022 19:56:35 -0700 Subject: [PATCH] nixos/avahi: add denyInterfaces option --- .../services/networking/avahi-daemon.nix | 36 ++++++++++++++----- 1 file changed, 27 insertions(+), 9 deletions(-) diff --git a/nixos/modules/services/networking/avahi-daemon.nix b/nixos/modules/services/networking/avahi-daemon.nix index 103f73fdaa68..3a7519c7230b 100644 --- a/nixos/modules/services/networking/avahi-daemon.nix +++ b/nixos/modules/services/networking/avahi-daemon.nix @@ -5,7 +5,7 @@ with lib; let cfg = config.services.avahi; - yesNo = yes : if yes then "yes" else "no"; + yesNo = yes: if yes then "yes" else "no"; avahiDaemonConf = with cfg; pkgs.writeText "avahi-daemon.conf" '' [server] @@ -17,7 +17,8 @@ let browse-domains=${concatStringsSep ", " browseDomains} use-ipv4=${yesNo ipv4} use-ipv6=${yesNo ipv6} - ${optionalString (interfaces!=null) "allow-interfaces=${concatStringsSep "," interfaces}"} + ${optionalString (allowInterfaces!=null) "allow-interfaces=${concatStringsSep "," allowInterfaces}"} + ${optionalString (denyInterfaces!=null) "deny-interfaces=${concatStringsSep "," denyInterfaces}"} ${optionalString (domainName!=null) "domain-name=${domainName}"} allow-point-to-point=${yesNo allowPointToPoint} ${optionalString (cacheEntriesMax!=null) "cache-entries-max=${toString cacheEntriesMax}"} @@ -39,6 +40,10 @@ let ''; in { + imports = [ + (lib.mkRenamedOptionModule [ "services" "avahi" "interfaces" ] [ "services" "avahi" "allowInterfaces" ]) + ]; + options.services.avahi = { enable = mkOption { type = types.bool; @@ -91,7 +96,7 @@ in description = lib.mdDoc "Whether to use IPv6."; }; - interfaces = mkOption { + allowInterfaces = mkOption { type = types.nullOr (types.listOf types.str); default = null; description = lib.mdDoc '' @@ -101,6 +106,17 @@ in ''; }; + denyInterfaces = mkOption { + type = types.nullOr (types.listOf types.str); + default = null; + description = lib.mdDoc '' + List of network interfaces that should be ignored by the + {command}`avahi-daemon`. Other unspecified interfaces will be used, + unless {option}`allowInterfaces` is set. This option takes precedence + over {option}`allowInterfaces`. + ''; + }; + openFirewall = mkOption { type = types.bool; default = true; @@ -134,7 +150,7 @@ in extraServiceFiles = mkOption { type = with types; attrsOf (either str path); - default = {}; + default = { }; example = literalExpression '' { ssh = "''${pkgs.avahi}/etc/avahi/services/ssh.service"; @@ -236,7 +252,7 @@ in isSystemUser = true; }; - users.groups.avahi = {}; + users.groups.avahi = { }; system.nssModules = optional cfg.nssmdns pkgs.nssmdns; system.nssDatabases.hosts = optionals cfg.nssmdns (mkMerge [ @@ -246,10 +262,12 @@ in environment.systemPackages = [ pkgs.avahi ]; - environment.etc = (mapAttrs' (n: v: nameValuePair - "avahi/services/${n}.service" - { ${if types.path.check v then "source" else "text"} = v; } - ) cfg.extraServiceFiles); + environment.etc = (mapAttrs' + (n: v: nameValuePair + "avahi/services/${n}.service" + { ${if types.path.check v then "source" else "text"} = v; } + ) + cfg.extraServiceFiles); systemd.sockets.avahi-daemon = { description = "Avahi mDNS/DNS-SD Stack Activation Socket";