81 lines
2.7 KiB
Nix
81 lines
2.7 KiB
Nix
# Network Manager:
|
|
# i manage this myself because the nixos service is not flexible enough.
|
|
# - it unconditionally puts modemmanager onto the system path, preventing me from patching modemmanager's service file (without an overlay).
|
|
#
|
|
# XXX: it's normal to see error messages on an ethernet-only host, even when using nixos' official networkmanager service:
|
|
# - `Couldn't initialize supplicant interface: Failed to D-Bus activate wpa_supplicant service`
|
|
{ config, lib, pkgs, ... }:
|
|
let
|
|
cfg = config.sane.programs.networkmanager;
|
|
in
|
|
{
|
|
sane.programs.networkmanager = {
|
|
suggestedPrograms = [ "wpa_supplicant" ];
|
|
enableFor.system = lib.mkIf (builtins.any (en: en) (builtins.attrValues cfg.enableFor.user)) true;
|
|
};
|
|
|
|
# add to systemd.packages so we get the service file it ships, then override what we need to customize (taken from nixpkgs)
|
|
systemd.packages = lib.mkIf cfg.enabled [ cfg.package ];
|
|
systemd.services.NetworkManager = lib.mkIf cfg.enabled {
|
|
wantedBy = [ "network.target" ];
|
|
aliases = [ "dbus-org.freedesktop.NetworkManager.service" ];
|
|
|
|
serviceConfig = {
|
|
StateDirectory = "NetworkManager";
|
|
StateDirectoryMode = 755; # not sure if this really needs to be 755
|
|
};
|
|
};
|
|
|
|
systemd.services.NetworkManager-wait-online = lib.mkIf cfg.enabled{
|
|
wantedBy = [ "network-online.target" ];
|
|
};
|
|
|
|
environment.etc."NetworkManager/NetworkManager.conf".text = lib.mkIf cfg.enabled ''
|
|
# TODO: much of this is likely not needed.
|
|
[connection]
|
|
ethernet.cloned-mac-address=preserve
|
|
wifi.cloned-mac-address=preserve
|
|
wifi.powersave=null
|
|
|
|
[device]
|
|
wifi.backend=wpa_supplicant
|
|
wifi.scan-rand-mac-address=true
|
|
|
|
[keyfile]
|
|
# keyfile.path: where to check for connection credentials
|
|
path=/var/lib/NetworkManager/system-connections
|
|
unmanaged-devices=null
|
|
|
|
[logging]
|
|
audit=false
|
|
level=WARN
|
|
|
|
[main]
|
|
dhcp=internal
|
|
dns=systemd-resolved
|
|
plugins=keyfile
|
|
rc-manager=unmanaged
|
|
'';
|
|
hardware.wirelessRegulatoryDatabase = lib.mkIf cfg.enabled true;
|
|
networking.useDHCP = lib.mkIf cfg.enabled false;
|
|
users.groups = lib.mkIf cfg.enabled {
|
|
networkmanager.gid = config.ids.gids.networkmanager;
|
|
};
|
|
services.udev.packages = lib.mkIf cfg.enabled [ cfg.package ];
|
|
security.polkit.enable = lib.mkIf cfg.enabled true;
|
|
security.polkit.extraConfig = ''
|
|
polkit.addRule(function(action, subject) {
|
|
if (
|
|
subject.isInGroup("networkmanager")
|
|
&& (action.id.indexOf("org.freedesktop.NetworkManager.") == 0
|
|
|| action.id.indexOf("org.freedesktop.ModemManager") == 0
|
|
))
|
|
{ return polkit.Result.YES; }
|
|
});
|
|
'';
|
|
|
|
boot.kernelModules = [ "ctr" ]; #< TODO: needed (what even is this)?
|
|
# TODO: polkit?
|
|
# TODO: NetworkManager-ensure-profiles?
|
|
}
|