nixos/dhcpcd: fix updating resolv.conf when using systemd-resolved

Fix the regression between NixOS 24.05 and 24.11 where using dhcpcd (e.g. networking.useDHCP) and systemd-resolved (services.resolved.enable) result in no "search" entry getting added to /etc/resolv.conf, and dhcpcd logging the following error: $ systemctl status dhcpcd [...] dhcpcd[2896]: Failed to set DNS configuration: Interactive authentication required. Fix it by adding a polkit rule that gives the required permissions to the 'dhcpcd' user to manipulate resolved. The rule was made by using polkit logging and allowing each action.id until the above error went away, and /etc/resolv.conf got the correct search entry.
2025-01-04 22:10:01 +01:00 · 2025-01-04 22:10:01 +01:00 · cc5645c6e0
commit cc5645c6e0
parent 6dd85fe299
1 changed files with 12 additions and 0 deletions
--- a/nixos/modules/services/networking/dhcpcd.nix
+++ b/nixos/modules/services/networking/dhcpcd.nix
@ -303,6 +303,18 @@ in
        /run/current-system/systemd/bin/systemctl reload dhcpcd.service
      '';

+    security.polkit.extraConfig = lib.mkIf config.services.resolved.enable ''
+      polkit.addRule(function(action, subject) {
+          if (action.id == 'org.freedesktop.resolve1.revert' ||
+              action.id == 'org.freedesktop.resolve1.set-dns-servers' ||
+              action.id == 'org.freedesktop.resolve1.set-domains') {
+              if (subject.user == '${config.systemd.services.dhcpcd.serviceConfig.User}') {
+                  return polkit.Result.YES;
+              }
+          }
+      });
+    '';
+
  };

 }