diff --git a/nixos/doc/manual/release-notes/rl-2311.section.md b/nixos/doc/manual/release-notes/rl-2311.section.md index e4e2c49859b3..d19437dbdecc 100644 --- a/nixos/doc/manual/release-notes/rl-2311.section.md +++ b/nixos/doc/manual/release-notes/rl-2311.section.md @@ -72,6 +72,8 @@ - PHP now defaults to PHP 8.2, updated from 8.1. +- The ISC DHCP package and corresponding module have been removed, because they are end of life upstream. See https://www.isc.org/blogs/isc-dhcp-eol/ for details and switch to a different DHCP implementation like kea or dnsmasq. + - `util-linux` is now supported on Darwin and is no longer an alias to `unixtools`. Use the `unixtools.util-linux` package for access to the Apple variants of the utilities. - `services.keyd` changed API. Now you can create multiple configuration files. diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index e4e5fa97608a..d3b4ace7e9b0 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -864,7 +864,6 @@ ./services/networking/croc.nix ./services/networking/dante.nix ./services/networking/dhcpcd.nix - ./services/networking/dhcpd.nix ./services/networking/dnscache.nix ./services/networking/dnscrypt-proxy2.nix ./services/networking/dnscrypt-wrapper.nix diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index a32d433bbdde..45014ed3c68e 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -114,6 +114,16 @@ in (mkRemovedOptionModule [ "services" "rtsp-simple-server" ] "Package has been completely rebranded by upstream as mediamtx, and thus the service and the package were renamed in NixOS as well.") (mkRemovedOptionModule [ "i18n" "inputMethod" "fcitx" ] "The fcitx module has been removed. Please use fcitx5 instead") + (mkRemovedOptionModule [ "services" "dhcpd4" ] '' + The dhcpd4 module has been removed because ISC DHCP reached its end of life. + See https://www.isc.org/blogs/isc-dhcp-eol/ for details. + Please switch to a different implementation like kea or dnsmasq. + '') + (mkRemovedOptionModule [ "services" "dhcpd6" ] '' + The dhcpd6 module has been removed because ISC DHCP reached its end of life. + See https://www.isc.org/blogs/isc-dhcp-eol/ for details. + Please switch to a different implementation like kea or dnsmasq. + '') # Do NOT add any option renames here, see top of the file ]; diff --git a/nixos/modules/services/networking/dhcpd.nix b/nixos/modules/services/networking/dhcpd.nix deleted file mode 100644 index a981a255c3ee..000000000000 --- a/nixos/modules/services/networking/dhcpd.nix +++ /dev/null @@ -1,230 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - - cfg4 = config.services.dhcpd4; - cfg6 = config.services.dhcpd6; - - writeConfig = postfix: cfg: pkgs.writeText "dhcpd.conf" - '' - default-lease-time 600; - max-lease-time 7200; - ${optionalString (!cfg.authoritative) "not "}authoritative; - ddns-update-style interim; - log-facility local1; # see dhcpd.nix - - ${cfg.extraConfig} - - ${lib.concatMapStrings - (machine: '' - host ${machine.hostName} { - hardware ethernet ${machine.ethernetAddress}; - fixed-address${ - optionalString (postfix == "6") postfix - } ${machine.ipAddress}; - } - '') - cfg.machines - } - ''; - - dhcpdService = postfix: cfg: - let - configFile = - if cfg.configFile != null - then cfg.configFile - else writeConfig postfix cfg; - leaseFile = "/var/lib/dhcpd${postfix}/dhcpd.leases"; - args = [ - "@${pkgs.dhcp}/sbin/dhcpd" "dhcpd${postfix}" "-${postfix}" - "-pf" "/run/dhcpd${postfix}/dhcpd.pid" - "-cf" configFile - "-lf" leaseFile - ] ++ cfg.extraFlags - ++ cfg.interfaces; - in - optionalAttrs cfg.enable { - "dhcpd${postfix}" = { - description = "DHCPv${postfix} server"; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - - preStart = "touch ${leaseFile}"; - serviceConfig = { - ExecStart = concatMapStringsSep " " escapeShellArg args; - Type = "forking"; - Restart = "always"; - DynamicUser = true; - User = "dhcpd"; - Group = "dhcpd"; - AmbientCapabilities = [ - "CAP_NET_RAW" # to send ICMP messages - "CAP_NET_BIND_SERVICE" # to bind on DHCP port (67) - ]; - StateDirectory = "dhcpd${postfix}"; - RuntimeDirectory = "dhcpd${postfix}"; - PIDFile = "/run/dhcpd${postfix}/dhcpd.pid"; - }; - }; - }; - - machineOpts = { ... }: { - - options = { - - hostName = mkOption { - type = types.str; - example = "foo"; - description = lib.mdDoc '' - Hostname which is assigned statically to the machine. - ''; - }; - - ethernetAddress = mkOption { - type = types.str; - example = "00:16:76:9a:32:1d"; - description = lib.mdDoc '' - MAC address of the machine. - ''; - }; - - ipAddress = mkOption { - type = types.str; - example = "192.168.1.10"; - description = lib.mdDoc '' - IP address of the machine. - ''; - }; - - }; - }; - - dhcpConfig = postfix: { - - enable = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc '' - Whether to enable the DHCPv${postfix} server. - ''; - }; - - extraConfig = mkOption { - type = types.lines; - default = ""; - example = '' - option subnet-mask 255.255.255.0; - option broadcast-address 192.168.1.255; - option routers 192.168.1.5; - option domain-name-servers 130.161.158.4, 130.161.33.17, 130.161.180.1; - option domain-name "example.org"; - subnet 192.168.1.0 netmask 255.255.255.0 { - range 192.168.1.100 192.168.1.200; - } - ''; - description = lib.mdDoc '' - Extra text to be appended to the DHCP server configuration - file. Currently, you almost certainly need to specify something - there, such as the options specifying the subnet mask, DNS servers, - etc. - ''; - }; - - extraFlags = mkOption { - type = types.listOf types.str; - default = []; - description = lib.mdDoc '' - Additional command line flags to be passed to the dhcpd daemon. - ''; - }; - - configFile = mkOption { - type = types.nullOr types.path; - default = null; - description = lib.mdDoc '' - The path of the DHCP server configuration file. If no file - is specified, a file is generated using the other options. - ''; - }; - - interfaces = mkOption { - type = types.listOf types.str; - default = ["eth0"]; - description = lib.mdDoc '' - The interfaces on which the DHCP server should listen. - ''; - }; - - machines = mkOption { - type = with types; listOf (submodule machineOpts); - default = []; - example = [ - { hostName = "foo"; - ethernetAddress = "00:16:76:9a:32:1d"; - ipAddress = "192.168.1.10"; - } - { hostName = "bar"; - ethernetAddress = "00:19:d1:1d:c4:9a"; - ipAddress = "192.168.1.11"; - } - ]; - description = lib.mdDoc '' - A list mapping Ethernet addresses to IPv${postfix} addresses for the - DHCP server. - ''; - }; - - authoritative = mkOption { - type = types.bool; - default = true; - description = lib.mdDoc '' - Whether the DHCP server shall send DHCPNAK messages to misconfigured - clients. If this is not done, clients may be unable to get a correct - IP address after changing subnets until their old lease has expired. - ''; - }; - - }; - -in - -{ - - imports = [ - (mkRenamedOptionModule [ "services" "dhcpd" ] [ "services" "dhcpd4" ]) - ] ++ flip map [ "4" "6" ] (postfix: - mkRemovedOptionModule [ "services" "dhcpd${postfix}" "stateDir" ] '' - The DHCP server state directory is now managed with the systemd's DynamicUser mechanism. - This means the directory is named after the service (dhcpd${postfix}), created under - /var/lib/private/ and symlinked to /var/lib/. - '' - ); - - ###### interface - - options = { - - services.dhcpd4 = dhcpConfig "4"; - services.dhcpd6 = dhcpConfig "6"; - - }; - - - ###### implementation - - config = mkIf (cfg4.enable || cfg6.enable) { - - systemd.services = dhcpdService "4" cfg4 // dhcpdService "6" cfg6; - - warnings = [ - '' - The dhcpd4 and dhcpd6 modules will be removed from NixOS 23.11, because ISC DHCP reached its end of life. - See https://www.isc.org/blogs/isc-dhcp-eol/ for details. - Please switch to a different implementation like kea, systemd-networkd or dnsmasq. - '' - ]; - }; - -}