about summary refs log tree commit diff
path: root/nixos
diff options
context:
space:
mode:
authorFrederik Rietdijk <freddyrietdijk@fridh.nl>2021-07-29 10:45:20 +0200
committerGitHub <noreply@github.com>2021-07-29 10:45:20 +0200
commit38887017165dd4fd3b521b19756af1606bc179e2 (patch)
treeb451f771a07cd3c31630ca848c3c2ba052420bfe /nixos
parenta5257a7f72c36bd4d69c9ef39068bfa54817ae41 (diff)
parent36f70c96379856a37de23a7ffa51eac40f12706e (diff)
Merge pull request #131345 from NixOS/staging-next
Staging next
Diffstat (limited to 'nixos')
-rw-r--r--nixos/modules/services/networking/networkmanager.nix10
-rw-r--r--nixos/modules/services/networking/nftables.nix1
-rw-r--r--nixos/tests/all-tests.nix1
-rw-r--r--nixos/tests/kbd-update-search-paths-patch.nix18
4 files changed, 30 insertions, 0 deletions
diff --git a/nixos/modules/services/networking/networkmanager.nix b/nixos/modules/services/networking/networkmanager.nix
index 790de4ace012a..c8861171dd6c9 100644
--- a/nixos/modules/services/networking/networkmanager.nix
+++ b/nixos/modules/services/networking/networkmanager.nix
@@ -48,6 +48,7 @@ let
       rc-manager =
         if config.networking.resolvconf.enable then "resolvconf"
         else "unmanaged";
+      firewall-backend = cfg.firewallBackend;
     })
     (mkSection "keyfile" {
       unmanaged-devices =
@@ -243,6 +244,15 @@ in {
         '';
       };
 
+      firewallBackend = mkOption {
+        type = types.enum [ "iptables" "nftables" "none" ];
+        default = "iptables";
+        description = ''
+          Which firewall backend should be used for configuring masquerading with shared mode.
+          If set to none, NetworkManager doesn't manage the configuration at all.
+        '';
+      };
+
       logLevel = mkOption {
         type = types.enum [ "OFF" "ERR" "WARN" "INFO" "DEBUG" "TRACE" ];
         default = "WARN";
diff --git a/nixos/modules/services/networking/nftables.nix b/nixos/modules/services/networking/nftables.nix
index cb75142965eae..72f37c32253e5 100644
--- a/nixos/modules/services/networking/nftables.nix
+++ b/nixos/modules/services/networking/nftables.nix
@@ -103,6 +103,7 @@ in
     }];
     boot.blacklistedKernelModules = [ "ip_tables" ];
     environment.systemPackages = [ pkgs.nftables ];
+    networking.networkmanager.firewallBackend = mkDefault "nftables";
     systemd.services.nftables = {
       description = "nftables firewall";
       before = [ "network-pre.target" ];
diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix
index d6ef7d42431f5..ae2aff2226b33 100644
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@@ -204,6 +204,7 @@ in
   k3s = handleTest ./k3s.nix {};
   kafka = handleTest ./kafka.nix {};
   kbd-setfont-decompress = handleTest ./kbd-setfont-decompress.nix {};
+  kbd-update-search-paths-patch = handleTest ./kbd-update-search-paths-patch.nix {};
   kea = handleTest ./kea.nix {};
   keepalived = handleTest ./keepalived.nix {};
   keepassxc = handleTest ./keepassxc.nix {};
diff --git a/nixos/tests/kbd-update-search-paths-patch.nix b/nixos/tests/kbd-update-search-paths-patch.nix
new file mode 100644
index 0000000000000..2967ee4890376
--- /dev/null
+++ b/nixos/tests/kbd-update-search-paths-patch.nix
@@ -0,0 +1,18 @@
+import ./make-test-python.nix ({ pkgs, ... }: {
+  name = "kbd-update-search-paths-patch";
+
+  machine = { pkgs, options, ... }: {
+    console = {
+      packages = options.console.packages.default ++ [ pkgs.terminus_font ];
+    };
+  };
+
+  testScript = ''
+    command = "${pkgs.kbd}/bin/setfont ter-112n 2>&1"
+    (status, out) = machine.execute(command)
+    pattern = re.compile(r".*Unable to find file:.*")
+    match = pattern.match(out)
+    if match:
+        raise Exception("command `{}` failed".format(command))
+  '';
+})
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-14 04:54:36 +0000