diff options
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/networking/networkmanager.nix | 10 | ||||
-rw-r--r-- | nixos/modules/services/networking/nftables.nix | 1 | ||||
-rw-r--r-- | nixos/tests/all-tests.nix | 1 | ||||
-rw-r--r-- | nixos/tests/kbd-update-search-paths-patch.nix | 18 |
4 files changed, 30 insertions, 0 deletions
diff --git a/nixos/modules/services/networking/networkmanager.nix b/nixos/modules/services/networking/networkmanager.nix index 064018057cd..4be9fc952a8 100644 --- a/nixos/modules/services/networking/networkmanager.nix +++ b/nixos/modules/services/networking/networkmanager.nix @@ -49,6 +49,7 @@ let rc-manager = if config.networking.resolvconf.enable then "resolvconf" else "unmanaged"; + firewall-backend = cfg.firewallBackend; }) (mkSection "keyfile" { unmanaged-devices = @@ -244,6 +245,15 @@ in { ''; }; + firewallBackend = mkOption { + type = types.enum [ "iptables" "nftables" "none" ]; + default = "iptables"; + description = '' + Which firewall backend should be used for configuring masquerading with shared mode. + If set to none, NetworkManager doesn't manage the configuration at all. + ''; + }; + logLevel = mkOption { type = types.enum [ "OFF" "ERR" "WARN" "INFO" "DEBUG" "TRACE" ]; default = "WARN"; diff --git a/nixos/modules/services/networking/nftables.nix b/nixos/modules/services/networking/nftables.nix index cb75142965e..72f37c32253 100644 --- a/nixos/modules/services/networking/nftables.nix +++ b/nixos/modules/services/networking/nftables.nix @@ -103,6 +103,7 @@ in }]; boot.blacklistedKernelModules = [ "ip_tables" ]; environment.systemPackages = [ pkgs.nftables ]; + networking.networkmanager.firewallBackend = mkDefault "nftables"; systemd.services.nftables = { description = "nftables firewall"; before = [ "network-pre.target" ]; diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index d6ef7d42431..ae2aff2226b 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -204,6 +204,7 @@ in k3s = handleTest ./k3s.nix {}; kafka = handleTest ./kafka.nix {}; kbd-setfont-decompress = handleTest ./kbd-setfont-decompress.nix {}; + kbd-update-search-paths-patch = handleTest ./kbd-update-search-paths-patch.nix {}; kea = handleTest ./kea.nix {}; keepalived = handleTest ./keepalived.nix {}; keepassxc = handleTest ./keepassxc.nix {}; diff --git a/nixos/tests/kbd-update-search-paths-patch.nix b/nixos/tests/kbd-update-search-paths-patch.nix new file mode 100644 index 00000000000..2967ee48903 --- /dev/null +++ b/nixos/tests/kbd-update-search-paths-patch.nix @@ -0,0 +1,18 @@ +import ./make-test-python.nix ({ pkgs, ... }: { + name = "kbd-update-search-paths-patch"; + + machine = { pkgs, options, ... }: { + console = { + packages = options.console.packages.default ++ [ pkgs.terminus_font ]; + }; + }; + + testScript = '' + command = "${pkgs.kbd}/bin/setfont ter-112n 2>&1" + (status, out) = machine.execute(command) + pattern = re.compile(r".*Unable to find file:.*") + match = pattern.match(out) + if match: + raise Exception("command `{}` failed".format(command)) + ''; +}) |