From 65c1c6525b7d2a57a7204410f7b155c11afee628 Mon Sep 17 00:00:00 2001
From: Rickard Nilsson <rickynils@gmail.com>
Date: Wed, 19 Sep 2012 14:13:34 +0200
Subject: [PATCH] network-manager: Big overhaul

  * Add group 'networkmanager' and implement polkit configuration
    that allows users in this group to make persistent, system-wide
    changes to NetworkManager settings.

  * Add support for ModemManager. 3G modems should work out of the
    box now (it does for me...). This introduces a dependency on
    pkgs.modemmanager.

  * Write NetworkManger config file to Nix store, and let the
    daemon use it from there.
---
 modules/misc/ids.nix                          |   1 +
 .../services/networking/networkmanager.nix    | 120 ++++++++++++------
 2 files changed, 79 insertions(+), 42 deletions(-)

diff --git a/modules/misc/ids.nix b/modules/misc/ids.nix
index ea28162686eb..ca5d2051af2e 100644
--- a/modules/misc/ids.nix
+++ b/modules/misc/ids.nix
@@ -126,6 +126,7 @@ in
     clamav = 51;
     fprot = 52;
     wwwrun = 54;
+    networkmanager = 56;
 
     # When adding a gid, make sure it doesn't match an existing uid.
 
diff --git a/modules/services/networking/networkmanager.nix b/modules/services/networking/networkmanager.nix
index c33bbad83b36..591f34ceee75 100644
--- a/modules/services/networking/networkmanager.nix
+++ b/modules/services/networking/networkmanager.nix
@@ -3,12 +3,47 @@
 with pkgs.lib;
 
 let
+  cfg = config.networking.networkmanager;
 
-  stateDir = "/var/lib/NetworkManager";
+  stateDirs = "/var/lib/NetworkManager /var/lib/dhclient";
 
-in
+  configFile = pkgs.writeText "NetworkManager.conf" ''
+    [main]
+    plugins=keyfile
 
-{
+    [keyfile]
+    ${optionalString (config.networking.hostName != "") ''
+      hostname=${config.networking.hostName}
+    ''}
+
+    [logging]
+    level=WARN
+  '';
+
+  polkitConf = ''
+    [network-manager]
+    Identity=unix-group:networkmanager
+    Action=org.freedesktop.NetworkManager.*
+    ResultAny=yes
+    ResultInactive=no
+    ResultActive=yes
+
+    [modem-manager]
+    Identity=unix-group:networkmanager
+    Action=org.freedesktop.ModemManager.*
+    ResultAny=yes
+    ResultInactive=no
+    ResultActive=yes
+  '';
+
+  ipUpScript = pkgs.writeScript "01nixos-ip-up" ''
+    #!/bin/sh
+    if test "$2" = "up"; then
+      ${pkgs.upstart}/sbin/initctl emit ip-up "IFACE=$1"
+    fi
+  '';
+
+in {
 
   ###### interface
 
@@ -20,61 +55,62 @@ in
       description = ''
         Whether to use NetworkManager to obtain an IP adress and other
         configuration for all network interfaces that are not manually
-        configured.
+        configured. If enabled, a group <literal>networkmanager</literal>
+        will be created. Add all users that should have permission
+        to change network settings to this group.
       '';
     };
 
     networking.networkmanager.packages = mkOption {
-      default = [ pkgs.networkmanager ];
-      description =
-        ''
-          Packages providing NetworkManager plugins.
-        '';
+      default = [ ];
+      description = ''
+        Extra packages that provide NetworkManager plugins.
+      '';
+      merge = mergeListOption;
+      apply = list: [ pkgs.networkmanager pkgs.modemmanager ] ++ list;
     };
   };
 
 
   ###### implementation
 
-  config = mkIf config.networking.networkmanager.enable {
+  config = mkIf cfg.enable {
 
-    jobs.networkmanager =
-      { startOn = "started network-interfaces";
-        stopOn = "stopping network-interfaces";
+    environment.etc = singleton {
+      source = ipUpScript;
+      target = "NetworkManager/dispatcher.d/01nixos-ip-up";
+    };
 
-        script =
-          ''
-            mkdir -m 755 -p /etc/NetworkManager
-            mkdir -m 700 -p /etc/NetworkManager/system-connections
-            mkdir -m 755 -p ${stateDir}
+    environment.systemPackages = cfg.packages;
 
-            if [[ ! -f /etc/NetworkManager/NetworkManager.conf ]]; then
-            cat <<-EOF > /etc/NetworkManager/NetworkManager.conf
-            [main]
-            plugins=keyfile
-            EOF
-            fi
+    users.extraGroups = singleton {
+      name = "networkmanager";
+      gid = config.ids.gids.networkmanager;
+    };
 
-            exec ${pkgs.networkmanager}/sbin/NetworkManager --no-daemon
-          '';
-      };
+    jobs.networkmanager = {
+      startOn = "started network-interfaces";
+      stopOn = "stopping network-interfaces";
+
+      path = [ pkgs.networkmanager ];
+
+      preStart = ''
+        mkdir -m 755 -p /etc/NetworkManager
+        mkdir -m 700 -p /etc/NetworkManager/system-connections
+        mkdir -m 755 -p ${stateDirs}
+      '';
+
+       exec = "NetworkManager --config=${configFile} --no-daemon";
+    };
 
-    environment.systemPackages = config.networking.networkmanager.packages;
-    services.dbus.packages = config.networking.networkmanager.packages;
     networking.useDHCP = false;
 
-    environment.etc = [
-      {
-        source = pkgs.writeScript "01nixos-ip-up"
-          ''
-          #!/bin/sh
-          if test "$2" = "up"; then
-            ${pkgs.upstart}/sbin/initctl emit ip-up "IFACE=$1"
-          fi
-          '';
-        target = "NetworkManager/dispatcher.d/01nixos-ip-up";
-      }
-    ];
+    networking.wireless.enable = true;
+
+    security.polkit.permissions = polkitConf;
+
+    services.dbus.packages = cfg.packages;
+
+    services.udev.packages = cfg.packages;
   };
 }
-