Merge pull request #164531 from jtojnar/networkmanager

nixos/networkmanager: Allow overriding installed plug-ins
NixOS · Apr 10, 2022 · adc7fbb · adc7fbb
2 parents 7259c8a + d2efc3e
commit adc7fbb
Show file tree

Hide file tree

Showing 9 changed files with 69 additions and 51 deletions.
diff --git a/nixos/modules/services/networking/networkmanager.nix b/nixos/modules/services/networking/networkmanager.nix
@@ -5,18 +5,6 @@ with lib;
 let
   cfg = config.networking.networkmanager;
 
-  basePackages = with pkgs; [
-    modemmanager
-    networkmanager
-    networkmanager-fortisslvpn
-    networkmanager-iodine
-    networkmanager-l2tp
-    networkmanager-openconnect
-    networkmanager-openvpn
-    networkmanager-vpnc
-    networkmanager-sstp
-   ] ++ optional (!delegateWireless && !enableIwd) wpa_supplicant;
-
   delegateWireless = config.networking.wireless.enable == true && cfg.unmanaged != [];
 
   enableIwd = cfg.wifi.backend == "iwd";
@@ -145,6 +133,15 @@ let
     '';
   };
 
+  packages = [
+    pkgs.modemmanager
+    pkgs.networkmanager
+  ]
+  ++ cfg.plugins
+  ++ lib.optionals (!delegateWireless && !enableIwd) [
+    pkgs.wpa_supplicant
+  ];
+
 in {
 
   meta = {
@@ -227,13 +224,29 @@ in {
         '';
       };
 
-      packages = mkOption {
-        type = types.listOf types.package;
+      plugins = mkOption {
+        type =
+          let
+            networkManagerPluginPackage = types.package // {
+              description = "NetworkManager plug-in";
+              check =
+                p:
+                lib.assertMsg
+                  (types.package.check p
+                    && p ? networkManagerPlugin
+                    && lib.isString p.networkManagerPlugin)
+                  ''
+                    Package ‘${p.name}’, is not a NetworkManager plug-in.
+                    Those need to have a ‘networkManagerPlugin’ attribute.
+                  '';
+            };
+          in
+          types.listOf networkManagerPluginPackage;
         default = [ ];
         description = ''
-          Extra packages that provide NetworkManager plugins.
+          List of NetworkManager plug-ins to enable.
+          Some plug-ins are enabled by the NetworkManager module by default.
         '';
-        apply = list: basePackages ++ list;
       };
 
       dhcp = mkOption {
@@ -380,7 +393,7 @@ in {
           </para><para>
           If you enable this option the
           <literal>networkmanager_strongswan</literal> plugin will be added to
-          the <option>networking.networkmanager.packages</option> option
+          the <option>networking.networkmanager.plugins</option> option
           so you don't need to to that yourself.
         '';
       };
@@ -399,6 +412,9 @@ in {
   };
 
   imports = [
+    (mkRenamedOptionModule
+      [ "networking" "networkmanager" "packages" ]
+      [ "networking" "networkmanager" "plugins" ])
     (mkRenamedOptionModule [ "networking" "networkmanager" "useDnsmasq" ] [ "networking" "networkmanager" "dns" ])
     (mkRemovedOptionModule ["networking" "networkmanager" "dynamicHosts"] ''
       This option was removed because allowing (multiple) regular users to
@@ -426,31 +442,12 @@ in {
 
     hardware.wirelessRegulatoryDatabase = true;
 
-    environment.etc = with pkgs; {
-      "NetworkManager/NetworkManager.conf".source = configFile;
-
-      "NetworkManager/VPN/nm-openvpn-service.name".source =
-        "${networkmanager-openvpn}/lib/NetworkManager/VPN/nm-openvpn-service.name";
-
-      "NetworkManager/VPN/nm-vpnc-service.name".source =
-        "${networkmanager-vpnc}/lib/NetworkManager/VPN/nm-vpnc-service.name";
-
-      "NetworkManager/VPN/nm-openconnect-service.name".source =
-        "${networkmanager-openconnect}/lib/NetworkManager/VPN/nm-openconnect-service.name";
-
-      "NetworkManager/VPN/nm-fortisslvpn-service.name".source =
-        "${networkmanager-fortisslvpn}/lib/NetworkManager/VPN/nm-fortisslvpn-service.name";
-
-      "NetworkManager/VPN/nm-l2tp-service.name".source =
-        "${networkmanager-l2tp}/lib/NetworkManager/VPN/nm-l2tp-service.name";
-
-      "NetworkManager/VPN/nm-iodine-service.name".source =
-        "${networkmanager-iodine}/lib/NetworkManager/VPN/nm-iodine-service.name";
-
-      "NetworkManager/VPN/nm-sstp-service.name".source =
-        "${networkmanager-sstp}/lib/NetworkManager/VPN/nm-sstp-service.name";
-
+    environment.etc = {
+        "NetworkManager/NetworkManager.conf".source = configFile;
       }
+      // builtins.listToAttrs (map (pkg: nameValuePair "NetworkManager/${pkg.networkManagerPlugin}" {
+        source = "${pkg}/lib/NetworkManager/${pkg.networkManagerPlugin}";
+      }) cfg.plugins)
       // optionalAttrs cfg.enableFccUnlock
          {
            "ModemManager/fcc-unlock.d".source =
@@ -460,18 +457,13 @@ in {
          {
            "NetworkManager/dispatcher.d/02overridedns".source = overrideNameserversScript;
          }
-      // optionalAttrs cfg.enableStrongSwan
-         {
-           "NetworkManager/VPN/nm-strongswan-service.name".source =
-             "${pkgs.networkmanager_strongswan}/lib/NetworkManager/VPN/nm-strongswan-service.name";
-         }
       // listToAttrs (lib.imap1 (i: s:
          {
             name = "NetworkManager/dispatcher.d/${dispatcherTypesSubdirMap.${s.type}}03userscript${lib.fixedWidthNumber 4 i}";
             value = { mode = "0544"; inherit (s) source; };
          }) cfg.dispatcherScripts);
 
-    environment.systemPackages = cfg.packages;
+    environment.systemPackages = packages;
 
     users.groups = {
       networkmanager.gid = config.ids.gids.networkmanager;
@@ -490,7 +482,7 @@ in {
       };
     };
 
-    systemd.packages = cfg.packages;
+    systemd.packages = packages;
 
     systemd.tmpfiles.rules = [
       "d /etc/NetworkManager/system-connections 0700 root root -"
@@ -534,8 +526,20 @@ in {
         useDHCP = false;
       })
 
+      {
+        networkmanager.plugins = with pkgs; [
+          networkmanager-fortisslvpn
+          networkmanager-iodine
+          networkmanager-l2tp
+          networkmanager-openconnect
+          networkmanager-openvpn
+          networkmanager-vpnc
+          networkmanager-sstp
+        ];
+      }
+
       (mkIf cfg.enableStrongSwan {
-        networkmanager.packages = [ pkgs.networkmanager_strongswan ];
+        networkmanager.plugins = [ pkgs.networkmanager_strongswan ];
       })
 
       (mkIf enableIwd {
@@ -559,10 +563,10 @@ in {
     security.polkit.enable = true;
     security.polkit.extraConfig = polkitConf;
 
-    services.dbus.packages = cfg.packages
+    services.dbus.packages = packages
       ++ optional cfg.enableStrongSwan pkgs.strongswanNM
       ++ optional (cfg.dns == "dnsmasq") pkgs.dnsmasq;
 
-    services.udev.packages = cfg.packages;
+    services.udev.packages = packages;
   };
 }
diff --git a/pkgs/tools/networking/networkmanager/fortisslvpn/default.nix b/pkgs/tools/networking/networkmanager/fortisslvpn/default.nix
@@ -73,6 +73,7 @@ stdenv.mkDerivation rec {
       attrPath = "networkmanager-fortisslvpn";
       versionPolicy = "odd-unstable";
     };
+    networkManagerPlugin = "VPN/nm-fortisslvpn-service.name";
   };
 
   meta = with lib; {

diff --git a/pkgs/tools/networking/networkmanager/iodine/default.nix b/pkgs/tools/networking/networkmanager/iodine/default.nix
@@ -48,6 +48,7 @@ in stdenv.mkDerivation {
       packageName = pname;
       attrPath = "networkmanager-iodine";
     };
+    networkManagerPlugin = "VPN/nm-iodine-service.name";
   };
 
   meta = with lib; {

diff --git a/pkgs/tools/networking/networkmanager/l2tp/default.nix b/pkgs/tools/networking/networkmanager/l2tp/default.nix
@@ -41,6 +41,10 @@ stdenv.mkDerivation rec {
 
   enableParallelBuilding = true;
 
+  passthru = {
+    networkManagerPlugin = "VPN/nm-l2tp-service.name";
+  };
+
   meta = with lib; {
     description = "L2TP plugin for NetworkManager";
     inherit (networkmanager.meta) platforms;

diff --git a/pkgs/tools/networking/networkmanager/openconnect/default.nix b/pkgs/tools/networking/networkmanager/openconnect/default.nix
@@ -69,6 +69,7 @@ stdenv.mkDerivation rec {
       attrPath = "networkmanager-openconnect";
       versionPolicy = "odd-unstable";
     };
+    networkManagerPlugin = "VPN/nm-openconnect-service.name";
   };
 
   meta = with lib; {

diff --git a/pkgs/tools/networking/networkmanager/openvpn/default.nix b/pkgs/tools/networking/networkmanager/openvpn/default.nix
@@ -67,6 +67,7 @@ stdenv.mkDerivation rec {
       attrPath = "networkmanager-openvpn";
       versionPolicy = "odd-unstable";
     };
+    networkManagerPlugin = "VPN/nm-openvpn-service.name";
   };
 
   meta = with lib; {

diff --git a/pkgs/tools/networking/networkmanager/sstp/default.nix b/pkgs/tools/networking/networkmanager/sstp/default.nix
@@ -54,6 +54,7 @@ in stdenv.mkDerivation {
       packageName = pname;
       attrPath = "networkmanager-sstp";
     };
+    networkManagerPlugin = "VPN/nm-sstp-service.name";
   };
 
   meta = with lib; {

diff --git a/pkgs/tools/networking/networkmanager/strongswan/default.nix b/pkgs/tools/networking/networkmanager/strongswan/default.nix
@@ -24,6 +24,10 @@ stdenv.mkDerivation rec {
     "--with-nm-plugindir=$(out)/lib/NetworkManager"
   ];
 
+  passthru = {
+    networkManagerPlugin = "VPN/nm-strongswan-service.name";
+  };
+
   PKG_CONFIG_LIBNM_VPNSERVICEDIR = "$(out)/lib/NetworkManager/VPN";
 
   meta = with lib; {

diff --git a/pkgs/tools/networking/networkmanager/vpnc/default.nix b/pkgs/tools/networking/networkmanager/vpnc/default.nix
@@ -64,6 +64,7 @@ stdenv.mkDerivation rec {
       attrPath = "networkmanager-vpnc";
       versionPolicy = "odd-unstable";
     };
+    networkManagerPlugin = "VPN/nm-vpnc-service.name";
   };
 
   meta = with lib; {