Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

modules/avahi: Sync module defaults with upstream #361191

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

modules/avahi: Sync module defaults with upstream #361191

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions nixos/doc/manual/release-notes/rl-2505.section.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -378,6 +378,8 @@

Note that all provided plugins must have versions/tags (string after `@`), even if upstream repo does not tag each release. For untagged plugins, you can either create an empty Go project and run `go get <plugin>` and see changes in `go.mod` to get the pseudo-version number, or provide a commit hash in place of version/tag for the first run, and update the plugin string based on the error output.

- The defaults of `services.avahi.publish` have been updated to upstream's default.

- KDE Partition Manager `partitionmanager`'s support for ReiserFS is removed.
ReiserFS has not been actively maintained for many years. It has been marked as obsolete since Linux 6.6, and
[is removed](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c01f664e4ca210823b7594b50669bbd9b0a3c3b0)
Expand Down
10 changes: 5 additions & 5 deletions nixos/modules/services/networking/avahi-daemon.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -175,19 +175,19 @@ in
publish = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
default = true;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

and this I only ever enabled on machines like audio or print servers.

description = "Whether to allow publishing in general.";
};

userServices = lib.mkOption {
type = lib.types.bool;
default = false;
default = true;
description = "Whether to publish user services. Will set `addresses=true`.";
};
Comment on lines 182 to 186
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this reads like it is security relevant https://github.com/avahi/avahi/blob/1dade81cbf4d3e3f49784e44e543cd77046c79df/man/avahi-daemon.conf.5.xml.in#L226-L230

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are no default user services. Check extraServiceFiles.


addresses = lib.mkOption {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This reads like it should only be enabled on publishing servers https://github.com/avahi/avahi/blob/1dade81cbf4d3e3f49784e44e543cd77046c79df/man/avahi-daemon.conf.5.xml.in#L243-L248

Copy link
Contributor Author

@frederictobiasc frederictobiasc Jan 13, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, this is also required to reply to mDNS requests.

type = lib.types.bool;
default = false;
default = true;
description = "Whether to register mDNS address records for all local IP addresses.";
};

Expand All @@ -210,14 +210,14 @@ in

domain = lib.mkOption {
type = lib.types.bool;
default = false;
default = true;
description = "Whether to announce the locally used domain name for browsing by other hosts.";
};
};

nssmdns4 = lib.mkOption {
type = lib.types.bool;
default = false;
default = true;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the only option I have ever enabled on any of my clients. I think all the others are just announcing information into the network you are connecting to for no good reason and especially on public wifi we don't want to announce cpu information or why would we?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

especially on public wifi we don't want to announce cpu information or why would we?

I agree that probably nobody cares about CPU information on a public Wi-Fi. However, I don't see where this does any harm.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tracking, mostly. Fingerprinting can involve basically any details of your system, so exposing as little of that as possible is valuable.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is the use case to publish those information? Why should it be enabled by default if we don't know why we enabled it?

Also do we really want to expand the output of avahi-browse -a with services and information that we coulnd't come up with a reason?

We probably want to change nssmdns4 to default to yes because that is the most common usecase for avahi and without it, it doesn't do much but I cannot follow why we should change all the other options.

description = ''
Whether to enable the mDNS NSS (Name Service Switch) plug-in for IPv4.
Enabling it allows applications to resolve names in the `.local`
Expand Down