From dca7e24a11940477f6a3568fc49bade96ca59514 Mon Sep 17 00:00:00 2001 From: Benjamin Staffin Date: Fri, 29 Jun 2018 13:41:46 -0400 Subject: networkmanager: Expand dns description, integrate with other services (#41898) Rather than special-casing the dns options in networkmanager.nix, use the module system to let unbound and systemd-resolved contribute to the newtorkmanager config. --- .../modules/services/networking/networkmanager.nix | 85 +++++++++++++++++----- 1 file changed, 66 insertions(+), 19 deletions(-) (limited to 'nixos/modules/services/networking/networkmanager.nix') diff --git a/nixos/modules/services/networking/networkmanager.nix b/nixos/modules/services/networking/networkmanager.nix index 816234506593..4e51725b19de 100644 --- a/nixos/modules/services/networking/networkmanager.nix +++ b/nixos/modules/services/networking/networkmanager.nix @@ -9,18 +9,11 @@ let # /var/lib/misc is for dnsmasq.leases. stateDirs = "/var/lib/NetworkManager /var/lib/dhclient /var/lib/misc"; - dns = - if cfg.dns == "none" then "none" - else if cfg.dns == "dnsmasq" then "dnsmasq" - else if config.services.resolved.enable then "systemd-resolved" - else if config.services.unbound.enable then "unbound" - else "default"; - configFile = writeText "NetworkManager.conf" '' [main] plugins=keyfile dhcp=${cfg.dhcp} - dns=${dns} + dns=${cfg.dns} [keyfile] ${optionalString (cfg.unmanaged != []) @@ -217,19 +210,73 @@ in { }; dns = mkOption { - type = types.enum [ "auto" "dnsmasq" "none" ]; - default = "auto"; + type = types.enum [ "default" "dnsmasq" "unbound" "systemd-resolved" "none" ]; + default = "default"; description = '' + Set the DNS (resolv.conf) processing mode. + + Options: - - auto: Check for systemd-resolved, unbound, or use default. - - dnsmasq: - Enable NetworkManager's dnsmasq integration. NetworkManager will run - dnsmasq as a local caching nameserver, using a "split DNS" - configuration if you are connected to a VPN, and then update - resolv.conf to point to the local nameserver. - - none: - Disable NetworkManager's DNS integration completely. - It will not touch your /etc/resolv.conf. + + + "default" + + NetworkManager will update /etc/resolv.conf to + reflect the nameservers provided by currently active connections. + + + + "dnsmasq" + + + Enable NetworkManager's dnsmasq integration. NetworkManager will + run dnsmasq as a local caching nameserver, using a "split DNS" + configuration if you are connected to a VPN, and then update + resolv.conf to point to the local nameserver. + + + It is possible to pass custom options to the dnsmasq instance by + adding them to files in the + /etc/NetworkManager/dnsmasq.d/ directory. + + + When multiple upstream servers are available, dnsmasq will + initially contact them in parallel and then use the fastest to + respond, probing again other servers after some time. This + behavior can be modified passing the + all-servers or strict-order + options to dnsmasq (see the manual page for more details). + + + Note that this option causes NetworkManager to launch and manage + its own instance of the dnsmasq daemon, which is + not the same as setting + services.dnsmasq.enable = true;. + + + + + "unbound" + + NetworkManager will talk to unbound and dnssec-triggerd, + providing a "split DNS" configuration with DNSSEC support. + /etc/resolv.conf will be managed by + dnssec-trigger daemon. + + + + "systemd-resolved" + + NetworkManager will push the DNS configuration to systemd-resolved. + + + + "none" + + NetworkManager will not modify resolv.conf. + + + ''; }; -- cgit v1.2.3