public
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #62153 from WilliButz/avahi-refactor 

avahi: set service directory and refactor module
This commit is contained in:
Robin Gloster 2019-06-11 14:04:33 +00:00 committed by GitHub
parent c079c8c394 dbf4be4642
commit 68c30f0d9b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 246 additions and 197 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
nixos/doc/manual/release-notes/rl-1909.xml
View File

@ -259,6 +259,18 @@
(<literal>/var/lib/systemd/timesync</literal>), if required. (<literal>/var/lib/systemd/timesync</literal>), if required.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
The package <literal>avahi</literal> is now built to look up service
definitions from <literal>/etc/avahi/services</literal> instead of its
output directory in the nix store. Accordingly the module
<option>avahi</option> now supports custom service definitions via
<option>services.avahi.extraServiceFiles</option>, which are then placed
in the aforementioned directory. See <citerefentry>
<refentrytitle>avahi.service</refentrytitle><manvolnum>5</manvolnum>
</citerefentry> for more information on custom service definitions.
</para>
</listitem>
</itemizedlist> </itemizedlist>
</section> </section>
</section> </section>

4
nixos/modules/misc/ids.nix
View File

@ -44,7 +44,7 @@
vsftpd = 7; vsftpd = 7;
ftp = 8; ftp = 8;
bitlbee = 9; bitlbee = 9;
avahi = 10; #avahi = 10; # removed 2019-05-22
nagios = 11; nagios = 11;
atd = 12; atd = 12;
postfix = 13; postfix = 13;
@ -358,7 +358,7 @@
vsftpd = 7; vsftpd = 7;
ftp = 8; ftp = 8;
bitlbee = 9; bitlbee = 9;
avahi = 10; #avahi = 10; # removed 2019-05-22
#nagios = 11; # unused #nagios = 11; # unused
atd = 12; atd = 12;
postfix = 13; postfix = 13;

160
nixos/modules/services/networking/avahi-daemon.nix
View File

@ -1,10 +1,8 @@
# Avahi daemon.
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib; with lib;
let let
cfg = config.services.avahi; cfg = config.services.avahi;
yesNo = yes : if yes then "yes" else "no"; yesNo = yes : if yes then "yes" else "no";
@ -39,18 +37,11 @@ let
enable-reflector=${yesNo reflector} enable-reflector=${yesNo reflector}
${extraConfig} ${extraConfig}
''; '';
in in
{ {
options.services.avahi = {
###### interface
options = {
services.avahi = {
enable = mkOption { enable = mkOption {
type = types.bool;
default = false; default = false;
description = '' description = ''
Whether to run the Avahi daemon, which allows Avahi clients Whether to run the Avahi daemon, which allows Avahi clients
@ -62,9 +53,11 @@ in
hostName = mkOption { hostName = mkOption {
type = types.str; type = types.str;
default = config.networking.hostName;
defaultText = literalExample "config.networking.hostName";
description = '' description = ''
Host name advertised on the LAN. If not set, avahi will use the value Host name advertised on the LAN. If not set, avahi will use the value
of config.networking.hostName. of <option>config.networking.hostName</option>.
''; '';
}; };
@ -77,6 +70,7 @@ in
}; };
browseDomains = mkOption { browseDomains = mkOption {
type = types.listOf types.str;
default = [ ]; default = [ ];
example = [ "0pointer.de" "zeroconf.org" ]; example = [ "0pointer.de" "zeroconf.org" ];
description = '' description = ''
@ -85,13 +79,15 @@ in
}; };
ipv4 = mkOption { ipv4 = mkOption {
type = types.bool;
default = true; default = true;
description = ''Whether to use IPv4''; description = "Whether to use IPv4.";
}; };
ipv6 = mkOption { ipv6 = mkOption {
type = types.bool;
default = false; default = false;
description = ''Whether to use IPv6''; description = "Whether to use IPv6.";
}; };
interfaces = mkOption { interfaces = mkOption {
@ -99,67 +95,112 @@ in
default = null; default = null;
description = '' description = ''
List of network interfaces that should be used by the <command>avahi-daemon</command>. List of network interfaces that should be used by the <command>avahi-daemon</command>.
Other interfaces will be ignored. If <literal>null</literal> all local interfaces Other interfaces will be ignored. If <literal>null</literal>, all local interfaces
except loopback and point-to-point will be used. except loopback and point-to-point will be used.
''; '';
}; };
openFirewall = mkOption {
type = types.bool;
default = true;
description = ''
Whether to open the firewall for UDP port 5353.
'';
};
allowPointToPoint = mkOption { allowPointToPoint = mkOption {
type = types.bool;
default = false; default = false;
description= '' description= ''
Whether to use POINTTOPOINT interfaces. Might make mDNS unreliable due to usually large Whether to use POINTTOPOINT interfaces. Might make mDNS unreliable due to usually large
latencies with such links and opens a potential security hole by allowing mDNS access from Internet latencies with such links and opens a potential security hole by allowing mDNS access from Internet
connections. Use with care and YMMV! connections.
''; '';
}; };
wideArea = mkOption { wideArea = mkOption {
type = types.bool;
default = true; default = true;
description = ''Whether to enable wide-area service discovery.''; description = "Whether to enable wide-area service discovery.";
}; };
reflector = mkOption { reflector = mkOption {
type = types.bool;
default = false; default = false;
description = ''Reflect incoming mDNS requests to all allowed network interfaces.''; description = "Reflect incoming mDNS requests to all allowed network interfaces.";
};
extraServiceFiles = mkOption {
type = with types; attrsOf (either str path);
default = {};
example = literalExample ''
{
ssh = "''${pkgs.avahi}/etc/avahi/services/ssh.service";
smb = '''
<?xml version="1.0" standalone='no'?><!--*-nxml-*-->
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
<name replace-wildcards="yes">%h</name>
<service>
<type>_smb._tcp</type>
<port>445</port>
</service>
</service-group>
''';
}
'';
description = ''
Specify custom service definitions which are placed in the avahi service directory.
See the <citerefentry><refentrytitle>avahi.service</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> manpage for detailed information.
'';
}; };
publish = { publish = {
enable = mkOption { enable = mkOption {
type = types.bool;
default = false; default = false;
description = ''Whether to allow publishing in general.''; description = "Whether to allow publishing in general.";
}; };
userServices = mkOption { userServices = mkOption {
type = types.bool;
default = false; default = false;
description = ''Whether to publish user services. Will set <literal>addresses=true</literal>.''; description = "Whether to publish user services. Will set <literal>addresses=true</literal>.";
}; };
addresses = mkOption { addresses = mkOption {
type = types.bool;
default = false; default = false;
description = ''Whether to register mDNS address records for all local IP addresses.''; description = "Whether to register mDNS address records for all local IP addresses.";
}; };
hinfo = mkOption { hinfo = mkOption {
type = types.bool;
default = false; default = false;
description = '' description = ''
Whether to register an mDNS HINFO record which contains information about the Whether to register a mDNS HINFO record which contains information about the
local operating system and CPU. local operating system and CPU.
''; '';
}; };
workstation = mkOption { workstation = mkOption {
type = types.bool;
default = false; default = false;
description = ''Whether to register a service of type "_workstation._tcp" on the local LAN.''; description = ''
Whether to register a service of type "_workstation._tcp" on the local LAN.
'';
}; };
domain = mkOption { domain = mkOption {
type = types.bool;
default = false; default = false;
description = ''Whether to announce the locally used domain name for browsing by other hosts.''; description = "Whether to announce the locally used domain name for browsing by other hosts.";
}; };
}; };
nssmdns = mkOption { nssmdns = mkOption {
type = types.bool;
default = false; default = false;
description = '' description = ''
Whether to enable the mDNS NSS (Name Service Switch) plug-in. Whether to enable the mDNS NSS (Name Service Switch) plug-in.
@ -169,8 +210,8 @@ in
}; };
cacheEntriesMax = mkOption { cacheEntriesMax = mkOption {
default = null;
type = types.nullOr types.int; type = types.nullOr types.int;
default = null;
description = '' description = ''
Number of resource records to be cached per interface. Use 0 to Number of resource records to be cached per interface. Use 0 to
disable caching. Avahi daemon defaults to 4096 if not set. disable caching. Avahi daemon defaults to 4096 if not set.
@ -178,76 +219,63 @@ in
}; };
extraConfig = mkOption { extraConfig = mkOption {
default = "";
type = types.lines; type = types.lines;
default = "";
description = '' description = ''
Extra config to append to avahi-daemon.conf. Extra config to append to avahi-daemon.conf.
''; '';
}; };
}; };
};
###### implementation
config = mkIf cfg.enable { config = mkIf cfg.enable {
users.users.avahi = {
services.avahi.hostName = mkDefault config.networking.hostName; description = "avahi-daemon privilege separation user";
users.users = singleton
{ name = "avahi";
uid = config.ids.uids.avahi;
description = "`avahi-daemon' privilege separation user";
home = "/var/empty"; home = "/var/empty";
group = "avahi";
isSystemUser = true;
}; };
users.groups = singleton users.groups.avahi = {};
{ name = "avahi";
gid = config.ids.gids.avahi;
};
system.nssModules = optional cfg.nssmdns pkgs.nssmdns; system.nssModules = optional cfg.nssmdns pkgs.nssmdns;
environment.systemPackages = [ pkgs.avahi ]; environment.systemPackages = [ pkgs.avahi ];
systemd.sockets.avahi-daemon = environment.etc = (mapAttrs' (n: v: nameValuePair
{ description = "Avahi mDNS/DNS-SD Stack Activation Socket"; "avahi/services/${n}.service"
{ ${if types.path.check v then "source" else "text"} = v; }
) cfg.extraServiceFiles);
systemd.sockets.avahi-daemon = {
description = "Avahi mDNS/DNS-SD Stack Activation Socket";
listenStreams = [ "/run/avahi-daemon/socket" ]; listenStreams = [ "/run/avahi-daemon/socket" ];
wantedBy = [ "sockets.target" ]; wantedBy = [ "sockets.target" ];
}; };
systemd.services.avahi-daemon = systemd.tmpfiles.rules = [ "d /run/avahi-daemon - avahi avahi -" ];
{ description = "Avahi mDNS/DNS-SD Stack";
systemd.services.avahi-daemon = {
description = "Avahi mDNS/DNS-SD Stack";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
requires = [ "avahi-daemon.socket" ]; requires = [ "avahi-daemon.socket" ];
serviceConfig."NotifyAccess" = "main"; # Make NSS modules visible so that `avahi_nss_support ()' can
serviceConfig."BusName" = "org.freedesktop.Avahi"; # return a sensible value.
serviceConfig."Type" = "dbus"; environment.LD_LIBRARY_PATH = config.system.nssModules.path;
path = [ pkgs.coreutils pkgs.avahi ]; path = [ pkgs.coreutils pkgs.avahi ];
preStart = "mkdir -p /run/avahi-daemon"; serviceConfig = {
NotifyAccess = "main";
script = BusName = "org.freedesktop.Avahi";
'' Type = "dbus";
# Make NSS modules visible so that `avahi_nss_support ()' can ExecStart = "${pkgs.avahi}/sbin/avahi-daemon --syslog -f ${avahiDaemonConf}";
# return a sensible value. };
export LD_LIBRARY_PATH="${config.system.nssModules.path}"
exec ${pkgs.avahi}/sbin/avahi-daemon --syslog -f "${avahiDaemonConf}"
'';
}; };
services.dbus.enable = true; services.dbus.enable = true;
services.dbus.packages = [ pkgs.avahi ]; services.dbus.packages = [ pkgs.avahi ];
# Enabling Avahi without exposing it in the firewall doesn't make networking.firewall.allowedUDPPorts = mkIf cfg.openFirewall [ 5353 ];
# sense.
networking.firewall.allowedUDPPorts = [ 5353 ];
}; };
} }

7
nixos/tests/avahi.nix
View File

@ -15,6 +15,7 @@ import ./make-test.nix ({ pkgs, ... } : {
publish.enable = true; publish.enable = true;
publish.userServices = true; publish.userServices = true;
publish.workstation = true; publish.workstation = true;
extraServiceFiles.ssh = "${pkgs.avahi}/etc/avahi/services/ssh.service";
}; };
}; };
in { in {
@ -56,5 +57,11 @@ import ./make-test.nix ({ pkgs, ... } : {
$one->succeed("getent hosts two.local >&2"); $one->succeed("getent hosts two.local >&2");
$two->succeed("getent hosts one.local >&2"); $two->succeed("getent hosts one.local >&2");
$two->succeed("getent hosts two.local >&2"); $two->succeed("getent hosts two.local >&2");
# extra service definitions
$one->succeed("avahi-browse -r -t _ssh._tcp | tee out >&2");
$one->succeed("test `wc -l < out` -gt 0");
$two->succeed("avahi-browse -r -t _ssh._tcp | tee out >&2");
$two->succeed("test `wc -l < out` -gt 0");
''; '';
}) })

2
pkgs/development/libraries/avahi/default.nix
View File

@ -50,6 +50,8 @@ stdenv.mkDerivation rec {
# autoipd won't build on darwin # autoipd won't build on darwin
++ stdenv.lib.optional stdenv.isDarwin "--disable-autoipd"; ++ stdenv.lib.optional stdenv.isDarwin "--disable-autoipd";
NIX_CFLAGS_COMPILE = "-DAVAHI_SERVICE_DIR=\"/etc/avahi/services\"";
preBuild = stdenv.lib.optionalString stdenv.isDarwin '' preBuild = stdenv.lib.optionalString stdenv.isDarwin ''
sed -i '20 i\ sed -i '20 i\
#define __APPLE_USE_RFC_2292' \ #define __APPLE_USE_RFC_2292' \