Add networking.hosts and .hostFiles from nixos

[ibizaman]

This code was taken nearly verbatim from
https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/config/networking.nix

The few changes were related to making the default /etc/hosts match the Apple's stock one. This implied no 127.0.0.2 and forcing the IPV6 ::1 entry.

[willemml]

Possible duplicate of #807? (my PR is older and doesn't have tests though, so maybe this should be preferred)

[ibizaman]

Sorry @willemml I missed your PR. I didn’t intend to duplicate work.

[secana]

This PR seems fine but is blocked as a review is required. How can we help to get it merged?

[niklasravnsborg]

Oh this would be awesome :)

[Enzime]

Can you rebase this PR?

[ibizaman]

@Enzime rebasing is done. I tried to do the hash thing but I think I got it wrong.

I did cp /etc/hosts hosts, edited the file to remove the modifications I made, then sha256sum hosts and that's the hash I used. I suppose the hash is wrong though? Could someone provide me with the hash of a stock /etc/hosts file?

[emilazy]

It looks right to me:

emily@yuyuko ~> cat /etc/hosts
##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting.  Do not change this entry.
##
127.0.0.1	localhost
255.255.255.255	broadcasthost
::1             localhost
emily@yuyuko ~> shasum -a 256 /etc/hosts
c7dd0e2ed261ce76d76f852596c5b54026b9a894fa481381ffd399b556c0e2da  /etc/hosts

[emilazy]

However the file in doc/ seems to be missing the trailing newline.

[ibizaman]

@emilazy good catch! Indeed:

Without the newline:

$ sha256sum doc/known-files/c7dd0e2ed261ce76d76f852596c5b54026b9a894fa481381ffd399b556c0e2da
1b6fb3e08d41ae31b6bfe1f66fecf3ef53e302047993f6235570bc9391f291bb  doc/known-files/c7dd0e2ed261ce76d76f852596c5b54026b9a894fa481381ffd399b556c0e2da

With:

$ sha256sum doc/known-files/c7dd0e2ed261ce76d76f852596c5b54026b9a894fa481381ffd399b556c0e2da
c7dd0e2ed261ce76d76f852596c5b54026b9a894fa481381ffd399b556c0e2da  doc/known-files/c7dd0e2ed261ce76d76f852596c5b54026b9a894fa481381ffd399b556c0e2da

[Enzime]

Looks like the tests are broken now

[ibizaman]

@Enzime indeed 😞 I have two questions related to the two failures I see.

How can I fix the /etc/hosts file exists issue? Does the error now come from me including a wrong /etc/hosts file? How can I print the /etc/hosts file from CI?

I looked and looked at the test output and can’t see the error printed out. How can I run the tests locally if I use flakes? I tried a few command line incantations but I can’t seem to make it right.

[Enzime]

The ability to run the tests through a flake interface will be added in #1140, until that's merged you can run your test locally with nix-build release.nix -A tests.networking-hosts

I've accessed the GitHub runner through tmate (I suspect only maintainers have access but I'm not sure, it's the last step in the install-against-stable and install-against-unstable jobs that runs if the job failed) and extracted the /etc/hosts file:

$ cat /etc/hosts
##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting.  Do not change this entry.
##
127.0.0.1	localhost
255.255.255.255	broadcasthost
::1             localhost
192.168.64.25 Mac-1730942908330.local Mac-1730942908330
192.168.64.25 Mac-1730942908330.local Mac-1730942908330
$ shasum -a 256 /etc/hosts
31ce667128143b67ac1e7c3b64fda0891d4ff011259c48e6c9bdbd704bc29118  /etc/hosts

I suspect that every GitHub Mac will have a different /etc/hosts so you'll most likely need to update these lines to generate a hash of /etc/hosts and set environment.etc.hosts.knownSha256Sums = [ ... ] like is already done with nix.conf:

nix-darwin/.github/workflows/test.yml

Lines 143 to 146 in 98e7dba

	nixConfHash=$(shasum -a 256 /etc/nix/nix.conf | cut -d ' ' -f 1)
	/usr/bin/sed -i.bak \
	"s/# nix.package = pkgs.nix;/nix.settings.access-tokens = [ \"github.com=\${{ secrets.GITHUB_TOKEN }}\" ]; environment.etc.\"nix\/nix.conf\".knownSha256Hashes = [ \"$nixConfHash\" ];/" \
	flake.nix

[Enzime]

Also if you could rebase this PR that would be great, let us know if you're still interested in working on this PR

[emilazy]

Probably simplest to just move the config files out of the way rather than hashing them.

[Enzime]

In the case of nix.conf I chose to hash it because of access-tokens and the changes get reflected immediately when I last tested but that should be fine for /etc/hosts

[Teebor-Choka]

I'd love this functionality, any ETA on finalizing this PR and merging it, please?

[Enzime]

There hasn't been @ibizaman in 3 weeks so if you're interested in picking up the work, feel free to take the changes in this PR and rebase them on top of master as well as adding the changes mentioned in #939 (comment)

[Teebor-Choka]

There hasn't been @ibizaman in 3 weeks so if you're interested in picking up the work, feel free to take the changes in this PR and rebase them on top of master as well as adding the changes mentioned in #939 (comment)

I'm afraid I'm not at the skill level of debugging and developing nix components at this point, just a happy user.

[ibizaman]

Sorry about the hiatus. I’ll pick this up this week. But of course I don’t mind if someone beats me to it 😛

[ibizaman]

Well it seems I did a bad job rebasing 😅 more rebasing incoming.

[ibizaman]

I'm not sure where the issue comes from. I tried to reproduce locally but I don't have more log output. Any idea?

[Enzime]

Suggested change

	cat $file
	echo "'$(grep '127.0.0.1' $file | head -n1)'"

Should be unnecessary with set -v, not sure if it'll output the value that file gets set to or if you need to use set -x instead

[Enzime]

Suggested change

	if [[ ! $(grep '127.0.0.1' $file | tail -n1) =~ my.super.host$ ]]; then
	grep '127.0.0.1' $file | tail -n1 | grep 'my.super.host$'

set -e should be enabled so if you can construct these as a single chain of commands then if statements shouldn't necessary

[ibizaman]

I verified and indeed if I meddle with the second grep, like replacing host with hst, the test fails.

[Enzime]

Can you squash all the commits into one commit with a commit message like:

networking: add `hosts` option for managing `/etc/hosts`

[Enzime]

Suggested change

	if ! grep '127.0.0.1' $file | head -n1 | grep localhost$; then
	exit 1
	fi
	grep '127.0.0.1' $file | head -n1 | grep localhost$

The if !; then exit isn't necessary

[Enzime]

Can you add a comment explaining where you got this file from, like the macOS version you're running

[Enzime]

Looks like these commands should be indented more

[Samasaur1]

The comment in the default /etc/hosts file

# localhost is used to configure the loopback interface
# when the system is booting.  Do not change this entry.

does make me a little apprehensive about symlinking this into place instead of copying it.

[Teebor-Choka]

Almost there!