modules/avahi: Sync module defaults with upstream #361191
Conversation
github-actions
bot
added
6.topic: nixos
github-actions
bot
added
10.rebuild-darwin: 0
| @@ -227,7 +227,7 @@ in | |||
|
|
|||
| nssmdns6 = lib.mkOption { | |||
| type = lib.types.bool; | |||
| default = false; | |||
| default = true; | |||
There was a problem hiding this comment.
| default = true; | |
| default = false; |
see description
| description = "Whether to announce the locally used domain name for browsing by other hosts."; | ||
| }; | ||
| }; | ||
|
|
||
| nssmdns4 = lib.mkOption { | ||
| type = lib.types.bool; | ||
| default = false; | ||
| default = true; |
There was a problem hiding this comment.
This is the only option I have ever enabled on any of my clients. I think all the others are just announcing information into the network you are connecting to for no good reason and especially on public wifi we don't want to announce cpu information or why would we?
There was a problem hiding this comment.
especially on public wifi we don't want to announce cpu information or why would we?
I agree that probably nobody cares about CPU information on a public Wi-Fi. However, I don't see where this does any harm.
There was a problem hiding this comment.
Tracking, mostly. Fingerprinting can involve basically any details of your system, so exposing as little of that as possible is valuable.
There was a problem hiding this comment.
What is the use case to publish those information? Why should it be enabled by default if we don't know why we enabled it?
Also do we really want to expand the output of avahi-browse -a with services and information that we coulnd't come up with a reason?
We probably want to change nssmdns4 to default to yes because that is the most common usecase for avahi and without it, it doesn't do much but I cannot follow why we should change all the other options.
| @@ -175,25 +175,25 @@ in | |||
| publish = { | |||
| enable = lib.mkOption { | |||
| type = lib.types.bool; | |||
| default = false; | |||
| default = true; | |||
There was a problem hiding this comment.
and this I only ever enabled on machines like audio or print servers.
|
This change reduces setup friction for most users that simply expect a working default avahi configuration when setting For most modules, NixOS users only need to activate the corresponding @SuperSandro2000 Please keep in mind, this PR does not suggest enabling avahi by default. Users that want to use avahi and have concerns can still review the default configuration - as they would do on any other distribution. |
frederictobiasc
force-pushed
the
avahi-defaults
branch
from
171007b to
b37470f
Compare
That is not really true. For example many webservices require you to set a domain and sometimes even outright refuse to evaluate if that is not given.
The default configuration shouldn't be like: you are almost certainly required to turn this off, to have a good and reasonable experience just because upstream has this or that default. We don't need to copy the bad parts of other distros where you first need to change all the defaults because they suck and are known to be bad defaults. |
| description = "Whether to publish user services. Will set `addresses=true`."; | ||
| }; | ||
|
|
||
| addresses = lib.mkOption { | ||
| type = lib.types.bool; | ||
| default = false; | ||
| default = true; | ||
| description = "Whether to register mDNS address records for all local IP addresses."; | ||
| }; | ||
|
|
||
| hinfo = lib.mkOption { |
There was a problem hiding this comment.
There was a problem hiding this comment.
You're correct. I compared with https://linux.die.net/man/5/avahi-daemon.conf, but the rendered manual targets an older avahi version.
Updated it accordingly.
| workstation = lib.mkOption { | ||
| type = lib.types.bool; | ||
| default = false; | ||
| default = true; | ||
| description = '' | ||
| Whether to register a service of type "_workstation._tcp" on the local LAN. | ||
| ''; |
There was a problem hiding this comment.
There was a problem hiding this comment.
As with hinfo, I updated it. Thanks for pointing it out.
| description = "Whether to allow publishing in general."; | ||
| }; | ||
|
|
||
| userServices = lib.mkOption { | ||
| type = lib.types.bool; | ||
| default = false; | ||
| default = true; | ||
| description = "Whether to publish user services. Will set `addresses=true`."; | ||
| }; | ||
|
|
||
| addresses = lib.mkOption { |
There was a problem hiding this comment.
This reads like it should only be enabled on publishing servers https://github.com/avahi/avahi/blob/1dade81cbf4d3e3f49784e44e543cd77046c79df/man/avahi-daemon.conf.5.xml.in#L243-L248
There was a problem hiding this comment.
No, this is also required to reply to mDNS requests.
| userServices = lib.mkOption { | ||
| type = lib.types.bool; | ||
| default = false; | ||
| default = true; | ||
| description = "Whether to publish user services. Will set `addresses=true`."; | ||
| }; |
There was a problem hiding this comment.
this reads like it is security relevant https://github.com/avahi/avahi/blob/1dade81cbf4d3e3f49784e44e543cd77046c79df/man/avahi-daemon.conf.5.xml.in#L226-L230
There was a problem hiding this comment.
There are no default user services. Check extraServiceFiles.
wegank
added
the
2.status: merge conflict
frederictobiasc
force-pushed
the
avahi-defaults
branch
from
b37470f to
25a5efb
Compare
ofborg
bot
removed
the
2.status: merge conflict
This contribution syncs the module's default with upstream avahi's defaults.
frederictobiasc
force-pushed
the
avahi-defaults
branch
from
25a5efb to
12c3e67
Compare
This contribution syncs the module's defaults with upstream (
man avahi-daemon.conf) defaults.Motivation is to reduce the effort for getting a standard mdns configuration.
Additionally, this contribution enables
nssmdnsby default.Things done
nix.conf? (See Nix manual)sandbox = relaxedsandbox = truenix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/)CC: @fpletz @SuperSandro2000
Add a 👍 reaction to pull requests you find important.