summaryrefslogtreecommitdiffstats
path: root/nixos/modules/services/networking/networkmanager.nix
diff options
context:
space:
mode:
authorBenjamin Staffin <benley@gmail.com>2018-06-29 13:41:46 -0400
committerGitHub <noreply@github.com>2018-06-29 13:41:46 -0400
commitdca7e24a11940477f6a3568fc49bade96ca59514 (patch)
treee59eb29e5bf05e7dbaf62c4539ca9d19a6725383 /nixos/modules/services/networking/networkmanager.nix
parent25342cd6bd46f12e7e3eda17845615870dc74ee5 (diff)
networkmanager: Expand dns description, integrate with other services (#41898)
Rather than special-casing the dns options in networkmanager.nix, use the module system to let unbound and systemd-resolved contribute to the newtorkmanager config.
Diffstat (limited to 'nixos/modules/services/networking/networkmanager.nix')
-rw-r--r--nixos/modules/services/networking/networkmanager.nix85
1 files changed, 66 insertions, 19 deletions
diff --git a/nixos/modules/services/networking/networkmanager.nix b/nixos/modules/services/networking/networkmanager.nix
index 816234506593..4e51725b19de 100644
--- a/nixos/modules/services/networking/networkmanager.nix
+++ b/nixos/modules/services/networking/networkmanager.nix
@@ -9,18 +9,11 @@ let
# /var/lib/misc is for dnsmasq.leases.
stateDirs = "/var/lib/NetworkManager /var/lib/dhclient /var/lib/misc";
- dns =
- if cfg.dns == "none" then "none"
- else if cfg.dns == "dnsmasq" then "dnsmasq"
- else if config.services.resolved.enable then "systemd-resolved"
- else if config.services.unbound.enable then "unbound"
- else "default";
-
configFile = writeText "NetworkManager.conf" ''
[main]
plugins=keyfile
dhcp=${cfg.dhcp}
- dns=${dns}
+ dns=${cfg.dns}
[keyfile]
${optionalString (cfg.unmanaged != [])
@@ -217,19 +210,73 @@ in {
};
dns = mkOption {
- type = types.enum [ "auto" "dnsmasq" "none" ];
- default = "auto";
+ type = types.enum [ "default" "dnsmasq" "unbound" "systemd-resolved" "none" ];
+ default = "default";
description = ''
+ Set the DNS (<literal>resolv.conf</literal>) processing mode.
+ </para>
+ <para>
Options:
- - auto: Check for systemd-resolved, unbound, or use default.
- - dnsmasq:
- Enable NetworkManager's dnsmasq integration. NetworkManager will run
- dnsmasq as a local caching nameserver, using a "split DNS"
- configuration if you are connected to a VPN, and then update
- resolv.conf to point to the local nameserver.
- - none:
- Disable NetworkManager's DNS integration completely.
- It will not touch your /etc/resolv.conf.
+ <variablelist>
+ <varlistentry>
+ <term><literal>"default"</literal></term>
+ <listitem><para>
+ NetworkManager will update <literal>/etc/resolv.conf</literal> to
+ reflect the nameservers provided by currently active connections.
+ </para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><literal>"dnsmasq"</literal></term>
+ <listitem>
+ <para>
+ Enable NetworkManager's dnsmasq integration. NetworkManager will
+ run dnsmasq as a local caching nameserver, using a "split DNS"
+ configuration if you are connected to a VPN, and then update
+ <literal>resolv.conf</literal> to point to the local nameserver.
+ </para>
+ <para>
+ It is possible to pass custom options to the dnsmasq instance by
+ adding them to files in the
+ <literal>/etc/NetworkManager/dnsmasq.d/</literal> directory.
+ </para>
+ <para>
+ When multiple upstream servers are available, dnsmasq will
+ initially contact them in parallel and then use the fastest to
+ respond, probing again other servers after some time. This
+ behavior can be modified passing the
+ <literal>all-servers</literal> or <literal>strict-order</literal>
+ options to dnsmasq (see the manual page for more details).
+ </para>
+ <para>
+ Note that this option causes NetworkManager to launch and manage
+ its own instance of the dnsmasq daemon, which is
+ <emphasis>not</emphasis> the same as setting
+ <literal>services.dnsmasq.enable = true;</literal>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><literal>"unbound"</literal></term>
+ <listitem><para>
+ NetworkManager will talk to unbound and dnssec-triggerd,
+ providing a "split DNS" configuration with DNSSEC support.
+ <literal>/etc/resolv.conf</literal> will be managed by
+ dnssec-trigger daemon.
+ </para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><literal>"systemd-resolved"</literal></term>
+ <listitem><para>
+ NetworkManager will push the DNS configuration to systemd-resolved.
+ </para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><literal>"none"</literal></term>
+ <listitem><para>
+ NetworkManager will not modify resolv.conf.
+ </para></listitem>
+ </varlistentry>
+ </variablelist>
'';
};