colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

NetworkManager: use the upstream service file

Browse Source
This commit is contained in:
Colin 2024-04-27 10:58:21 +00:00
parent 4ce951bbed
commit 7e8a014f37
2 changed files with 14 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
hosts/common/programs/networkmanager.nix
View File

@ -14,35 +14,21 @@ in
enableFor.system = lib.mkIf (builtins.any (en: en) (builtins.attrValues cfg.enableFor.user)) true;
};
# these aren't the complete services, but just the fields Nix needs to manually set/override from the package's official service file
systemd.services.NetworkManager = lib.mkIf cfg.enabled {
after = [
"network-pre.target"
"dbus.service"
];
before = [ "network.target" ];
bindsTo = [ "dbus.service" ];
wants = [ "network.target" ];
wantedBy = [ "multi-user.target" "network.target" ];
description = "Network Manager";
documentation = [ "man:NetworkManager(8)" ];
wantedBy = [ "network.target" ];
aliases = [ "dbus-org.freedesktop.NetworkManager.service" ];
serviceConfig = {
Type = "dbus";
BusName = "org.freedesktop.NetworkManager";
ExecReload = "${pkgs.systemd}/bin/busctl call org.freedesktop.NetworkManager /org/freedesktop/NetworkManager org.freedesktop.NetworkManager Reload u 0";
ExecStart = "${cfg.package}/sbin/NetworkManager --no-daemon";
Restart = "on-failure";
# NM doesn't want systemd to kill its children for it
KillMode = "process";
# TODO: decrease this capability set
# CAP_DAC_OVERRIDE: required to open /run/openvswitch/db.sock socket.
CapabilityBoundingSet = "CAP_NET_ADMIN CAP_DAC_OVERRIDE CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_MODULE CAP_AUDIT_WRITE CAP_KILL CAP_SYS_CHROOT";
ProtectSystem = true;
ProtectHome = "read-only";
StateDirectory = "NetworkManager";
StateDirectoryMode = 755; # TODO: might not be needed
StateDirectoryMode = 755; # not sure if this really needs to be 755
};
};
systemd.services.NetworkManager-wait-online = lib.mkIf cfg.enabled{
wantedBy = [ "network-online.target" ];
};
environment.etc."NetworkManager/NetworkManager.conf".text = lib.mkIf cfg.enabled ''
# TODO: much of this is likely not needed.
[connection]
@ -70,11 +56,13 @@ in
rc-manager=unmanaged
'';
hardware.wirelessRegulatoryDatabase = lib.mkIf cfg.enabled true;
networking.useDHCP = lib.mkIf cfg.enabled false;
users.groups = lib.mkIf cfg.enabled {
networkmanager.gid = config.ids.gids.networkmanager;
};
services.udev.packages = lib.mkIf cfg.enabled [ cfg.package ];
networking.useDHCP = lib.mkIf cfg.enabled false;
# add to systemd.packages so we get the service file it ships
systemd.packages = lib.mkIf cfg.enabled [ cfg.package ];
boot.kernelModules = [ "ctr" ]; #< TODO: needed (what even is this)?
# TODO: polkit?

2
hosts/common/programs/wpa_supplicant.nix
View File

@ -5,4 +5,6 @@ in
{
sane.programs.wpa_supplicant = {};
services.udev.packages = lib.mkIf cfg.enabled [ cfg.package ];
# need to be on systemd.packages so we get its service file
systemd.packages = lib.mkIf cfg.enabled [ cfg.package ];
}