From ec6e4db6e413219fd55ba52d207de4d59a356057 Mon Sep 17 00:00:00 2001 From: Silvan Mosberger Date: Sat, 7 Mar 2020 01:53:31 +0100 Subject: [PATCH 1/3] nixos/networking: Add hostFiles option When blocklists are built with a derivation, using extraHosts would require IFD, since the result of the derivation needs to be converted to a string again. By introducing this option no IFD is needed for such use-cases, since the fetched files can be assigned directly. --- nixos/modules/config/networking.nix | 27 +++++++++++++++++++++------ 1 file changed, 21 insertions(+), 6 deletions(-) diff --git a/nixos/modules/config/networking.nix b/nixos/modules/config/networking.nix index 81427bb8ee64..dd36696b94d2 100644 --- a/nixos/modules/config/networking.nix +++ b/nixos/modules/config/networking.nix @@ -35,12 +35,22 @@ in ''; }; + networking.hostFiles = lib.mkOption { + type = types.listOf types.path; + defaultText = lib.literalExample "Hosts from `networking.hosts` and `networking.extraHosts`"; + example = lib.literalExample ''[ "''${pkgs.my-blocklist-package}/share/my-blocklist/hosts" ]''; + description = '' + Files that should be concatenated together to form /etc/hosts. + ''; + }; + networking.extraHosts = lib.mkOption { type = types.lines; default = ""; example = "192.168.0.1 lanlocalhost"; description = '' Additional verbatim entries to be appended to /etc/hosts. + For adding hosts from derivation results, use instead. ''; }; @@ -159,6 +169,15 @@ in "::1" = [ "localhost" ]; }; + networking.hostFiles = let + stringHosts = + let + oneToString = set: ip: ip + " " + concatStringsSep " " set.${ip} + "\n"; + allToString = set: concatMapStrings (oneToString set) (attrNames set); + in pkgs.writeText "string-hosts" (allToString (filterAttrs (_: v: v != []) cfg.hosts)); + extraHosts = pkgs.writeText "extra-hosts" cfg.extraHosts; + in mkBefore [ stringHosts extraHosts ]; + environment.etc = { # /etc/services: TCP/UDP port assignments. services.source = pkgs.iana-etc + "/etc/services"; @@ -167,12 +186,8 @@ in protocols.source = pkgs.iana-etc + "/etc/protocols"; # /etc/hosts: Hostname-to-IP mappings. - hosts.text = let - oneToString = set: ip: ip + " " + concatStringsSep " " set.${ip}; - allToString = set: concatMapStringsSep "\n" (oneToString set) (attrNames set); - in '' - ${allToString (filterAttrs (_: v: v != []) cfg.hosts)} - ${cfg.extraHosts} + hosts.source = pkgs.runCommandNoCC "hosts" {} '' + cat ${escapeShellArgs cfg.hostFiles} > $out ''; # /etc/host.conf: resolver configuration file From 1906320e68f04664f3bfebffb786db80deefb16f Mon Sep 17 00:00:00 2001 From: Silvan Mosberger Date: Sat, 7 Mar 2020 02:01:19 +0100 Subject: [PATCH 2/3] nixos/cjdns: Don't use IFD for extra hosts --- nixos/modules/services/networking/cjdns.nix | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/nixos/modules/services/networking/cjdns.nix b/nixos/modules/services/networking/cjdns.nix index 3fb85b16cbe2..5f912a57845f 100644 --- a/nixos/modules/services/networking/cjdns.nix +++ b/nixos/modules/services/networking/cjdns.nix @@ -29,17 +29,13 @@ let }; # Additional /etc/hosts entries for peers with an associated hostname - cjdnsExtraHosts = import (pkgs.runCommand "cjdns-hosts" {} - # Generate a builder that produces an output usable as a Nix string value - '' - exec >$out - echo \'\' - ${concatStringsSep "\n" (mapAttrsToList (k: v: - optionalString (v.hostname != "") - "echo $(${pkgs.cjdns}/bin/publictoip6 ${v.publicKey}) ${v.hostname}") - (cfg.ETHInterface.connectTo // cfg.UDPInterface.connectTo))} - echo \'\' - ''); + cjdnsExtraHosts = pkgs.runCommandNoCC "cjdns-hosts" {} '' + exec >$out + ${concatStringsSep "\n" (mapAttrsToList (k: v: + optionalString (v.hostname != "") + "echo $(${pkgs.cjdns}/bin/publictoip6 ${v.publicKey}) ${v.hostname}") + (cfg.ETHInterface.connectTo // cfg.UDPInterface.connectTo))} + ''; parseModules = x: x // { connectTo = mapAttrs (name: value: { inherit (value) password publicKey; }) x.connectTo; }; @@ -278,7 +274,7 @@ in }; }; - networking.extraHosts = mkIf cfg.addExtraHosts cjdnsExtraHosts; + networking.hostFiles = mkIf cfg.addExtraHosts [ cjdnsExtraHosts ]; assertions = [ { assertion = ( cfg.ETHInterface.bind != "" || cfg.UDPInterface.bind != "" || cfg.confFile != null ); From 64ee425a01fb16f4ceaf09ad1dffe596d6845096 Mon Sep 17 00:00:00 2001 From: Silvan Mosberger Date: Sat, 7 Mar 2020 02:01:41 +0100 Subject: [PATCH 3/3] nixos/cjdns: Fix connectTo example rendering --- nixos/modules/services/networking/cjdns.nix | 32 ++++++++++++--------- 1 file changed, 18 insertions(+), 14 deletions(-) diff --git a/nixos/modules/services/networking/cjdns.nix b/nixos/modules/services/networking/cjdns.nix index 5f912a57845f..5f8ac96b2292 100644 --- a/nixos/modules/services/networking/cjdns.nix +++ b/nixos/modules/services/networking/cjdns.nix @@ -140,13 +140,15 @@ in connectTo = mkOption { type = types.attrsOf ( types.submodule ( connectToSubmodule ) ); default = { }; - example = { - "192.168.1.1:27313" = { - hostname = "homer.hype"; - password = "5kG15EfpdcKNX3f2GSQ0H1HC7yIfxoCoImnO5FHM"; - publicKey = "371zpkgs8ss387tmr81q04mp0hg1skb51hw34vk1cq644mjqhup0.k"; - }; - }; + example = literalExample '' + { + "192.168.1.1:27313" = { + hostname = "homer.hype"; + password = "5kG15EfpdcKNX3f2GSQ0H1HC7yIfxoCoImnO5FHM"; + publicKey = "371zpkgs8ss387tmr81q04mp0hg1skb51hw34vk1cq644mjqhup0.k"; + }; + } + ''; description = '' Credentials for making UDP tunnels. ''; @@ -185,13 +187,15 @@ in connectTo = mkOption { type = types.attrsOf ( types.submodule ( connectToSubmodule ) ); default = { }; - example = { - "01:02:03:04:05:06" = { - hostname = "homer.hype"; - password = "5kG15EfpdcKNX3f2GSQ0H1HC7yIfxoCoImnO5FHM"; - publicKey = "371zpkgs8ss387tmr81q04mp0hg1skb51hw34vk1cq644mjqhup0.k"; - }; - }; + example = literalExample '' + { + "01:02:03:04:05:06" = { + hostname = "homer.hype"; + password = "5kG15EfpdcKNX3f2GSQ0H1HC7yIfxoCoImnO5FHM"; + publicKey = "371zpkgs8ss387tmr81q04mp0hg1skb51hw34vk1cq644mjqhup0.k"; + }; + } + ''; description = '' Credentials for connecting look similar to UDP credientials except they begin with the mac address.