nixos/dhcpcd: fix updating resolv.conf when using systemd-resolved

Fix the regression between NixOS 24.05 and 24.11 where using dhcpcd (e.g. networking.useDHCP) and systemd-resolved (services.resolved.enable) result in no "search" entry getting added to /etc/resolv.conf, and dhcpcd logging the following error: $ systemctl status dhcpcd [...] dhcpcd[2896]: Failed to set DNS configuration: Interactive authentication required. Fix it by adding a polkit rule that gives the required permissions to the 'dhcpcd' user to manipulate resolved. The rule was made by using polkit logging and allowing each action.id until the above error went away, and /etc/resolv.conf got the correct search entry.
NixOS · Jan 4, 2025 · 452b00c · 452b00c
1 parent a278711
commit 452b00c
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/nixos/modules/services/networking/dhcpcd.nix b/nixos/modules/services/networking/dhcpcd.nix
@@ -303,6 +303,18 @@ in
         /run/current-system/systemd/bin/systemctl reload dhcpcd.service
       '';
 
+    security.polkit.extraConfig = lib.mkIf config.services.resolved.enable ''
+      polkit.addRule(function(action, subject) {
+          if (action.id == 'org.freedesktop.resolve1.revert' ||
+              action.id == 'org.freedesktop.resolve1.set-dns-servers' ||
+              action.id == 'org.freedesktop.resolve1.set-domains') {
+              if (subject.user == '${config.systemd.services.dhcpcd.serviceConfig.User}') {
+                  return polkit.Result.YES;
+              }
+          }
+      });
+    '';
+
   };
 
 }