networkmanager: hoist some lib.mkIfs up a few levels

would you believe one of these attributes was being set without a mkIf cfg.enabled guard :)
2024-05-28 05:27:23 +00:00
parent cbe6072c03
commit 4ba0343315
1 changed files with 89 additions and 87 deletions
--- a/hosts/common/programs/networkmanager.nix
+++ b/hosts/common/programs/networkmanager.nix
@@ -9,99 +9,101 @@ let
  cfg = config.sane.programs.networkmanager;
 in
 {
-  sane.programs.networkmanager = {
+  config = lib.mkMerge [
-    suggestedPrograms = [ "wpa_supplicant" ];
+    {
-    enableFor.system = lib.mkIf (builtins.any (en: en) (builtins.attrValues cfg.enableFor.user)) true;
+      sane.programs.networkmanager = {
-  };
+        suggestedPrograms = [ "wpa_supplicant" ];
        enableFor.system = lib.mkIf (builtins.any (en: en) (builtins.attrValues cfg.enableFor.user)) true;
      };
    }
-  # add to systemd.packages so we get the service file it ships, then override what we need to customize (taken from nixpkgs)
+    (lib.mkIf cfg.enabled {
-  systemd.packages = lib.mkIf cfg.enabled [ cfg.package ];
+      # add to systemd.packages so we get the service file it ships, then override what we need to customize (taken from nixpkgs)
-  systemd.services.NetworkManager = lib.mkIf cfg.enabled {
+      systemd.packages = [ cfg.package ];
-    wantedBy = [ "network.target" ];
+      systemd.services.NetworkManager = {
-    aliases = [ "dbus-org.freedesktop.NetworkManager.service" ];
+        wantedBy = [ "network.target" ];
        aliases = [ "dbus-org.freedesktop.NetworkManager.service" ];
-    serviceConfig = {
+        serviceConfig = {
-      StateDirectory = "NetworkManager";
+          StateDirectory = "NetworkManager";
-      StateDirectoryMode = 755; # not sure if this really needs to be 755
+          StateDirectoryMode = 755; # not sure if this really needs to be 755
-    };
+        };
-  };
+      };
-  systemd.services.NetworkManager-wait-online = lib.mkIf cfg.enabled {
+      systemd.services.NetworkManager-wait-online.wantedBy = [ "network-online.target" ];
    wantedBy = [ "network-online.target" ];
  };
-  systemd.services.NetworkManager-dispatcher = lib.mkIf cfg.enabled {
+      systemd.services.NetworkManager-dispatcher = {
-    wantedBy = [ "NetworkManager.service" ];
+        wantedBy = [ "NetworkManager.service" ];
-    # to debug, add NM_DISPATCHER_DEBUG_LOG=1
+        # to debug, add NM_DISPATCHER_DEBUG_LOG=1
-    serviceConfig.ExecStart = [
+        serviceConfig.ExecStart = [
-      ""  # first blank line is to clear the upstream `ExecStart` field.
+          ""  # first blank line is to clear the upstream `ExecStart` field.
-      "${cfg.package}/libexec/nm-dispatcher --persist"  # --persist is needed for it to actually run as a daemon
+          "${cfg.package}/libexec/nm-dispatcher --persist"  # --persist is needed for it to actually run as a daemon
-    ];
+        ];
-    serviceConfig.Restart = "always";
+        serviceConfig.Restart = "always";
-    serviceConfig.RestartSec = "1s";
+        serviceConfig.RestartSec = "1s";
-  };
+      };
-  environment.etc = lib.mkIf cfg.enabled {
+      environment.etc = {
-    "NetworkManager/system-connections".source = "/var/lib/NetworkManager/system-connections";
+        "NetworkManager/system-connections".source = "/var/lib/NetworkManager/system-connections";
-    "NetworkManager/NetworkManager.conf".text = ''
+        "NetworkManager/NetworkManager.conf".text = ''
-      [device]
+          [device]
-      # wifi.backend: wpa_supplicant or iwd
+          # wifi.backend: wpa_supplicant or iwd
-      wifi.backend=wpa_supplicant
+          wifi.backend=wpa_supplicant
-      wifi.scan-rand-mac-address=true
+          wifi.scan-rand-mac-address=true
-      [logging]
+          [logging]
-      audit=false
+          audit=false
-      # level: TRACE, DEBUG, INFO, WARN, ERR, OFF
+          # level: TRACE, DEBUG, INFO, WARN, ERR, OFF
-      level=INFO
+          level=INFO
-      # domain=...
+          # domain=...
-      [main]
+          [main]
-      # dhcp:
+          # dhcp:
-      # - `internal` (default)
+          # - `internal` (default)
-      # - `dhclient` (requires dhclient to be installed)
+          # - `dhclient` (requires dhclient to be installed)
-      # - `dhcpcd`   (requires dhcpcd to be installed)
+          # - `dhcpcd`   (requires dhcpcd to be installed)
-      dhcp=internal
+          dhcp=internal
-      # dns:
+          # dns:
-      # - `default`: update /etc/resolv.conf with nameservers provided by the active connection
+          # - `default`: update /etc/resolv.conf with nameservers provided by the active connection
-      # - `none`: NM won't update /etc/resolv.conf
+          # - `none`: NM won't update /etc/resolv.conf
-      # - `systemd-resolved`: push DNS config to systemd-resolved
+          # - `systemd-resolved`: push DNS config to systemd-resolved
-      # - `dnsmasq`: run a local caching nameserver
+          # - `dnsmasq`: run a local caching nameserver
-      dns=${if config.services.resolved.enable then
+          dns=${if config.services.resolved.enable then
-        "systemd-resolved"
+            "systemd-resolved"
-      else if config.sane.services.trust-dns.enable && config.sane.services.trust-dns.asSystemResolver then
+          else if config.sane.services.trust-dns.enable && config.sane.services.trust-dns.asSystemResolver then
-        "none"
+            "none"
-      else
+          else
-        "internal"
+            "internal"
-      }
+          }
-      plugins=keyfile
+          plugins=keyfile
-      # rc-manager: how NM should write to /etc/resolv.conf
+          # rc-manager: how NM should write to /etc/resolv.conf
-      # - regardless of this setting, NM will write /var/lib/NetworkManager/resolv.conf
+          # - regardless of this setting, NM will write /var/lib/NetworkManager/resolv.conf
-      rc-manager=unmanaged
+          rc-manager=unmanaged
-      # systemd-resolved: send DNS config to systemd-resolved?
+          # systemd-resolved: send DNS config to systemd-resolved?
-      # this setting has no effect if dns="systemd-resolved"; it's supplementary, not absolute.
+          # this setting has no effect if dns="systemd-resolved"; it's supplementary, not absolute.
-      systemd-resolved=false
+          systemd-resolved=false
-      # debug=...  (see also: NM_DEBUG env var)
+          # debug=...  (see also: NM_DEBUG env var)
-    '';
+        '';
-  };
+      };
-  hardware.wirelessRegulatoryDatabase = lib.mkIf cfg.enabled true;
+      hardware.wirelessRegulatoryDatabase = true;
-  networking.useDHCP = lib.mkIf cfg.enabled false;
+      networking.useDHCP = false;
-  users.groups = lib.mkIf cfg.enabled {
+      users.groups.networkmanager.gid = config.ids.gids.networkmanager;
-    networkmanager.gid = config.ids.gids.networkmanager;
+      services.udev.packages = [ cfg.package ];
-  };
+      security.polkit.enable = true;
-  services.udev.packages = lib.mkIf cfg.enabled [ cfg.package ];
+      security.polkit.extraConfig = ''
-  security.polkit.enable = lib.mkIf cfg.enabled true;
+        polkit.addRule(function(action, subject) {
-  security.polkit.extraConfig = ''
+          if (
-    polkit.addRule(function(action, subject) {
+            subject.isInGroup("networkmanager")
-      if (
+            && (action.id.indexOf("org.freedesktop.NetworkManager.") == 0
-        subject.isInGroup("networkmanager")
+                || action.id.indexOf("org.freedesktop.ModemManager")  == 0
-        && (action.id.indexOf("org.freedesktop.NetworkManager.") == 0
+            ))
-            || action.id.indexOf("org.freedesktop.ModemManager")  == 0
+              { return polkit.Result.YES; }
-        ))
+        });
-          { return polkit.Result.YES; }
+      '';
    });
  '';
-  boot.kernelModules = [ "ctr" ];  #< TODO: needed (what even is this)?
+      boot.kernelModules = [ "ctr" ];  #< TODO: needed (what even is this)?
-  # TODO: polkit?
+      # TODO: polkit?
-  # TODO: NetworkManager-ensure-profiles?
+      # TODO: NetworkManager-ensure-profiles?
    })
  ];
 }