From 0deadd5baf64cf4dce993a3ab248a2c714a7b4af Mon Sep 17 00:00:00 2001
From: Colin <colin@uninsane.org>
Date: Sun, 2 Jun 2024 05:45:37 +0000
Subject: [PATCH] nixos/networkmanager: split ModemManager bits into own module

this should not result in any observable change by default, the
motivation is to make working on either one of these components in
isolation of the other a bit easier.
---
 .../manual/release-notes/rl-2505.section.md   |  2 +
 nixos/modules/module-list.nix                 |  1 +
 .../services/networking/modemmanager.nix      | 90 +++++++++++++++++++
 .../services/networking/networkmanager.nix    | 51 ++---------
 4 files changed, 102 insertions(+), 42 deletions(-)
 create mode 100644 nixos/modules/services/networking/modemmanager.nix

diff --git a/nixos/doc/manual/release-notes/rl-2505.section.md b/nixos/doc/manual/release-notes/rl-2505.section.md
index 948f097395fe..8c3bf253c6ce 100644
--- a/nixos/doc/manual/release-notes/rl-2505.section.md
+++ b/nixos/doc/manual/release-notes/rl-2505.section.md
@@ -28,6 +28,8 @@
 
 - [MaryTTS](https://github.com/marytts/marytts), an open-source, multilingual text-to-speech synthesis system written in pure Java. Available as [services.marytts](options.html#opt-services.marytts).
 
+- [networking.modemmanager](options.html#opt-networking.modemmanager) has been split out of [networking.networkmanager](options.html#opt-networking.networkmanager). NetworkManager still enables ModemManager by default, but options exist now to run NetworkManager without ModemManager.
+
 - [Conduwuit](https://conduwuit.puppyirl.gay/), a federated chat server implementing the Matrix protocol, forked from Conduit. Available as [services.conduwuit](#opt-services.conduwuit.enable).
 
 - [Traccar](https://www.traccar.org/), a modern GPS Tracking Platform. Available as [services.traccar](#opt-services.traccar.enable).
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index 783f20546af4..e014a97fb1a2 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -1135,6 +1135,7 @@
   ./services/networking/miredo.nix
   ./services/networking/mjpg-streamer.nix
   ./services/networking/mmsd.nix
+  ./services/networking/modemmanager.nix
   ./services/networking/monero.nix
   ./services/networking/morty.nix
   ./services/networking/mosquitto.nix
diff --git a/nixos/modules/services/networking/modemmanager.nix b/nixos/modules/services/networking/modemmanager.nix
new file mode 100644
index 000000000000..7cb399bf76a8
--- /dev/null
+++ b/nixos/modules/services/networking/modemmanager.nix
@@ -0,0 +1,90 @@
+{ config, lib, ... }:
+let
+  cfg = config.networking.modemmanager;
+in
+{
+  meta = {
+    maintainers = lib.teams.freedesktop.members;
+  };
+
+  options = with lib; {
+    networking.modemmanager = {
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to use ModemManager to manage modem devices.
+          This is usually used by some higher layer manager such as NetworkManager
+          but can be used standalone especially if using a modem for non-IP
+          connectivity (e.g. GPS).
+        '';
+      };
+
+      fccUnlockScripts = mkOption {
+        type = types.listOf (
+          types.submodule {
+            options = {
+              id = mkOption {
+                type = types.str;
+                description = "vid:pid of either the PCI or USB vendor and product ID";
+              };
+              path = mkOption {
+                type = types.path;
+                description = "Path to the unlock script";
+              };
+            };
+          }
+        );
+        default = [ ];
+        example = literalExpression ''[{ id = "03f0:4e1d"; path = "''${pkgs.modemmanager}/share/ModemManager/fcc-unlock.available.d/03f0:4e1d"; }]'';
+        description = ''
+          List of FCC unlock scripts to enable on the system, behaving as described in
+          https://modemmanager.org/docs/modemmanager/fcc-unlock/#integration-with-third-party-fcc-unlock-tools.
+        '';
+      };
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    environment.etc = builtins.listToAttrs (
+      map (
+        e:
+        lib.nameValuePair "ModemManager/fcc-unlock.d/${e.id}" {
+          source = e.path;
+        }
+      ) cfg.fccUnlockScripts
+    );
+
+    systemd.services.ModemManager = {
+      aliases = [ "dbus-org.freedesktop.ModemManager1.service" ];
+      path = lib.optionals (cfg.fccUnlockScripts != [ ]) [
+        pkgs.libqmi
+        pkgs.libmbim
+      ];
+    };
+
+    /*
+      [modem-manager]
+      Identity=unix-group:networkmanager
+      Action=org.freedesktop.ModemManager*
+      ResultAny=yes
+      ResultInactive=no
+      ResultActive=yes
+    */
+    security.polkit.enable = true;
+    security.polkit.extraConfig = ''
+      polkit.addRule(function(action, subject) {
+        if (
+          subject.isInGroup("networkmanager")
+          && action.id.indexOf("org.freedesktop.ModemManager") == 0
+          )
+            { return polkit.Result.YES; }
+      });
+    '';
+
+    environment.systemPackages = [ pkgs.modemmanager ];
+    systemd.packages = [ pkgs.modemmanager ];
+    services.dbus.packages = [ pkgs.modemmanager ];
+    services.udev.packages = [ pkgs.modemmanager ];
+  };
+}
diff --git a/nixos/modules/services/networking/networkmanager.nix b/nixos/modules/services/networking/networkmanager.nix
index dedd53e345fe..deeab7e72efd 100644
--- a/nixos/modules/services/networking/networkmanager.nix
+++ b/nixos/modules/services/networking/networkmanager.nix
@@ -43,21 +43,13 @@ let
     ResultAny=yes
     ResultInactive=no
     ResultActive=yes
-
-    [modem-manager]
-    Identity=unix-group:networkmanager
-    Action=org.freedesktop.ModemManager*
-    ResultAny=yes
-    ResultInactive=no
-    ResultActive=yes
   */
   polkitConf = ''
     polkit.addRule(function(action, subject) {
       if (
         subject.isInGroup("networkmanager")
-        && (action.id.indexOf("org.freedesktop.NetworkManager.") == 0
-            || action.id.indexOf("org.freedesktop.ModemManager")  == 0
-        ))
+        && action.id.indexOf("org.freedesktop.NetworkManager.") == 0
+        )
           { return polkit.Result.YES; }
     });
   '';
@@ -115,7 +107,6 @@ let
   };
 
   packages = [
-    pkgs.modemmanager
     pkgs.networkmanager
   ]
   ++ cfg.plugins
@@ -358,26 +349,6 @@ in
         '';
       };
 
-      fccUnlockScripts = mkOption {
-        type = types.listOf (types.submodule {
-          options = {
-            id = mkOption {
-              type = types.str;
-              description = "vid:pid of either the PCI or USB vendor and product ID";
-            };
-            path = mkOption {
-              type = types.path;
-              description = "Path to the unlock script";
-            };
-          };
-        });
-        default = [ ];
-        example = literalExpression ''[{ id = "03f0:4e1d"; path = "''${pkgs.modemmanager}/share/ModemManager/fcc-unlock.available.d/03f0:4e1d"; }]'';
-        description = ''
-          List of FCC unlock scripts to enable on the system, behaving as described in
-          https://modemmanager.org/docs/modemmanager/fcc-unlock/#integration-with-third-party-fcc-unlock-tools.
-        '';
-      };
       ensureProfiles = {
         profiles = with lib.types; mkOption {
           type = attrsOf (submodule {
@@ -480,7 +451,7 @@ in
       might conflict with vendor-provided unlock scripts, and should
       be a conscious decision on a per-device basis.
       Instead it's recommended to use the
-      `networking.networkmanager.fccUnlockScripts` option.
+      `networking.modemmanager.fccUnlockScripts` option.
     '')
     (mkRemovedOptionModule [ "networking" "networkmanager" "dynamicHosts" ] ''
       This option was removed because allowing (multiple) regular users to
@@ -493,6 +464,10 @@ in
     (mkRemovedOptionModule [ "networking" "networkmanager" "firewallBackend" ] ''
       This option was removed as NixOS is now using iptables-nftables-compat even when using iptables, therefore Networkmanager now uses the nftables backend unconditionally.
     '')
+    (mkRenamedOptionModule
+      [ "networking" "networkmanager" "fccUnlockScripts" ]
+      [ "networking" "modemmanager" "fccUnlockScripts" ]
+    )
   ];
 
 
@@ -526,11 +501,6 @@ in
         source = "${pkg}/lib/NetworkManager/${pkg.networkManagerPlugin}";
       })
       cfg.plugins)
-    // builtins.listToAttrs (map
-      (e: nameValuePair "ModemManager/fcc-unlock.d/${e.id}" {
-        source = e.path;
-      })
-      cfg.fccUnlockScripts)
     // optionalAttrs (cfg.appendNameservers != [ ] || cfg.insertNameservers != [ ])
       {
         "NetworkManager/dispatcher.d/02overridedns".source = overrideNameserversScript;
@@ -590,11 +560,6 @@ in
       wantedBy = [ "network-online.target" ];
     };
 
-    systemd.services.ModemManager = {
-      aliases = [ "dbus-org.freedesktop.ModemManager1.service" ];
-      path = lib.optionals (cfg.fccUnlockScripts != []) [ pkgs.libqmi pkgs.libmbim ];
-    };
-
     systemd.services.NetworkManager-dispatcher = {
       wantedBy = [ "network.target" ];
       restartTriggers = [ configFile overrideNameserversScript ];
@@ -654,6 +619,8 @@ in
       })
 
       {
+        modemmanager.enable = lib.mkDefault true;
+
         networkmanager.connectionConfig = {
           "ethernet.cloned-mac-address" = cfg.ethernet.macAddress;
           "wifi.cloned-mac-address" = cfg.wifi.macAddress;