From 1d9f622484f00df0a8c00b13f427e4175760cf3c Mon Sep 17 00:00:00 2001
From: Ihar Hrachyshka <ihrachys@redhat.com>
Date: Wed, 26 Feb 2025 09:24:15 -0500
Subject: [PATCH 1/2] Revert "Add networking.hosts and .hostFiles from nixos "

---
 .github/workflows/test.yml                    |  5 +-
 ...2596c5b54026b9a894fa481381ffd399b556c0e2da |  9 ---
 modules/networking/default.nix                | 76 +------------------
 release.nix                                   |  1 -
 tests/networking-hosts.nix                    | 20 -----
 5 files changed, 2 insertions(+), 109 deletions(-)
 delete mode 100644 doc/known-files/c7dd0e2ed261ce76d76f852596c5b54026b9a894fa481381ffd399b556c0e2da
 delete mode 100644 tests/networking-hosts.nix

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 8eab6d35b..d87b76368 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -47,14 +47,12 @@ jobs:
         sudo cp modules/examples/simple.nix /etc/nix-darwin/configuration.nix
 
         nixConfHash=$(shasum -a 256 /etc/nix/nix.conf | cut -d ' ' -f 1)
-        etcHostsHash=$(shasum -a 256 /etc/hosts | cut -d ' ' -f 1)
         sudo /usr/bin/sed -i.bak \
           "s/# programs.fish.enable = true;/ \
             imports = [ \
               ({ options, ... }: { \
                 nix.settings.access-tokens = [ \"github.com=\${{ secrets.GITHUB_TOKEN }}\" ]; \
                 environment.etc.\"nix\/nix.conf\".knownSha256Hashes = [ \"$nixConfHash\" ]; \
-                environment.etc.hosts.knownSha256Hashes = [ \"$etcHostsHash\" ]; \
                 nix.nixPath = \
                   [ { darwin = \"${PWD////\/}\"; } ] \
                   ++ options.nix.nixPath.default; \
@@ -104,9 +102,8 @@ jobs:
         pushd /etc/nix-darwin
           sudo nix flake init -t $darwin
           nixConfHash=$(shasum -a 256 /etc/nix/nix.conf | cut -d ' ' -f 1)
-          etcHostsHash=$(shasum -a 256 /etc/hosts | cut -d ' ' -f 1)
           sudo /usr/bin/sed -i.bak \
-            "s/# programs.fish.enable = true;/nix.settings.access-tokens = [ \"github.com=\${{ secrets.GITHUB_TOKEN }}\" ]; environment.etc.\"nix\/nix.conf\".knownSha256Hashes = [ \"$nixConfHash\" ]; environment.etc.hosts.knownSha256Hashes = [ \"$etcHostsHash\" ];/" \
+            "s/# programs.fish.enable = true;/nix.settings.access-tokens = [ \"github.com=\${{ secrets.GITHUB_TOKEN }}\" ]; environment.etc.\"nix\/nix.conf\".knownSha256Hashes = [ \"$nixConfHash\" ];/" \
             flake.nix
           sudo /usr/bin/sed -i.bak \
             's/darwinConfigurations."simple"/darwinConfigurations."'$(scutil --get LocalHostName)'"/g' \
diff --git a/doc/known-files/c7dd0e2ed261ce76d76f852596c5b54026b9a894fa481381ffd399b556c0e2da b/doc/known-files/c7dd0e2ed261ce76d76f852596c5b54026b9a894fa481381ffd399b556c0e2da
deleted file mode 100644
index 34d006845..000000000
--- a/doc/known-files/c7dd0e2ed261ce76d76f852596c5b54026b9a894fa481381ffd399b556c0e2da
+++ /dev/null
@@ -1,9 +0,0 @@
-##
-# Host Database
-#
-# localhost is used to configure the loopback interface
-# when the system is booting.  Do not change this entry.
-##
-127.0.0.1	localhost
-255.255.255.255	broadcasthost
-::1             localhost
diff --git a/modules/networking/default.nix b/modules/networking/default.nix
index 9b697590d..b53a9e4a7 100644
--- a/modules/networking/default.nix
+++ b/modules/networking/default.nix
@@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, ... }:
 
 with lib;
 
@@ -22,8 +22,6 @@ let
       esac
     '') cfg.knownNetworkServices}
   '';
-
-  localhostMultiple = any (elem "localhost") (attrValues (removeAttrs cfg.hosts [ "127.0.0.1" "::1" ]));
 in
 
 {
@@ -107,50 +105,9 @@ in
         Battery powered devices may require being connected to power.
       '';
     };
-
-    networking.hosts = lib.mkOption {
-      type = types.attrsOf (types.listOf types.str);
-      example = literalExpression ''
-        {
-          "127.0.0.1" = [ "foo.bar.baz" ];
-          "192.168.0.2" = [ "fileserver.local" "nameserver.local" ];
-        };
-      '';
-      description = ''
-        Locally defined maps of hostnames to IP addresses.
-      '';
-      default = {};
-    };
-
-    networking.hostFiles = lib.mkOption {
-      type = types.listOf types.path;
-      defaultText = literalMD "Hosts from {option}`networking.hosts` and {option}`networking.extraHosts`";
-      example = literalExpression ''[ "''${pkgs.my-blocklist-package}/share/my-blocklist/hosts" ]'';
-      description = ''
-        Files that should be concatenated together to form {file}`/etc/hosts`.
-      '';
-    };
-
-    networking.extraHosts = lib.mkOption {
-      type = types.lines;
-      default = "";
-      example = "192.168.0.1 lanlocalhost";
-      description = ''
-        Additional verbatim entries to be appended to {file}`/etc/hosts`.
-        For adding hosts from derivation results, use {option}`networking.hostFiles` instead.
-      '';
-    };
   };
 
   config = {
-    assertions = [{
-      assertion = !localhostMultiple;
-      message = ''
-        `networking.hosts` maps "localhost" to something other than "127.0.0.1"
-        or "::1". This will break some applications. Please use
-        `networking.extraHosts` if you really want to add such a mapping.
-      '';
-    }];
 
     warnings = [
       (mkIf (cfg.knownNetworkServices == [] && cfg.dns != []) "networking.knownNetworkServices is empty, dns servers will not be configured.")
@@ -177,36 +134,5 @@ in
       ''}
     '';
 
-    networking.hostFiles = let
-      # Note: localhostHosts has to appear first in /etc/hosts so that 127.0.0.1
-      # resolves back to "localhost" (as some applications assume) instead of
-      # the FQDN!
-      localhostHosts = pkgs.writeText "localhost-hosts" ''
-        ##
-        # Host Database
-        #
-        # localhost is used to configure the loopback interface
-        # when the system is booting.  Do not change this entry.
-        ##
-        127.0.0.1	localhost
-        255.255.255.255	broadcasthost
-        ::1             localhost
-      '';
-      stringHosts =
-        let
-          oneToString = set: ip: ip + " " + concatStringsSep " " set.${ip} + "\n";
-          allToString = set: concatMapStrings (oneToString set) (attrNames set);
-        in pkgs.writeText "string-hosts" (allToString (filterAttrs (_: v: v != []) cfg.hosts));
-      extraHosts = pkgs.writeText "extra-hosts" cfg.extraHosts;
-    in mkBefore [ localhostHosts stringHosts extraHosts ];
-
-    environment.etc.hosts = {
-      knownSha256Hashes = [
-        # Comes from MacOS: Darwin 24.1.0 Darwin Kernel Version 24.1.0.
-        "c7dd0e2ed261ce76d76f852596c5b54026b9a894fa481381ffd399b556c0e2da"
-      ];
-
-      source = pkgs.concatText "hosts" cfg.hostFiles;
-    };
   };
 }
diff --git a/release.nix b/release.nix
index 10856525b..115025eed 100644
--- a/release.nix
+++ b/release.nix
@@ -86,7 +86,6 @@ in {
   tests.launchd-daemons = makeTest ./tests/launchd-daemons.nix;
   tests.launchd-setenv = makeTest ./tests/launchd-setenv.nix;
   tests.networking-hostname = makeTest ./tests/networking-hostname.nix;
-  tests.networking-hosts = makeTest ./tests/networking-hosts.nix;
   tests.networking-networkservices = makeTest ./tests/networking-networkservices.nix;
   tests.nix-enable = makeTest ./tests/nix-enable.nix;
   tests.nixpkgs-overlays = makeTest ./tests/nixpkgs-overlays.nix;
diff --git a/tests/networking-hosts.nix b/tests/networking-hosts.nix
deleted file mode 100644
index 2d73946ec..000000000
--- a/tests/networking-hosts.nix
+++ /dev/null
@@ -1,20 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  networking.hosts = {
-    "127.0.0.1" = [ "my.super.host" ];
-    "10.0.0.1" = [ "my.super.host" "my.other.host" ];
-  };
-
-  test = ''
-    set -v
-    echo checking /etc/hosts file >&2
-
-    file=${config.out}/etc/hosts
-
-    grep '127.0.0.1' $file | head -n1 | grep localhost$
-    grep '127.0.0.1' $file | tail -n1 | grep my.super.host$
-    grep '::1' $file | grep localhost$
-    grep '10.0.0.1' $file | grep my.super.host\ my.other.host$
-  '';
-}

From b1db30ce36f25eb07a7d4832cc2d29b1697c00f1 Mon Sep 17 00:00:00 2001
From: Ihar Hrachyshka <ihar.hrachyshka@gmail.com>
Date: Wed, 26 Feb 2025 16:52:13 -0500
Subject: [PATCH 2/2] networking: Restore the original /etc/hosts on activation

A patch that replaced the original file with a symlink to nix store was
reverted because MacOS Network framework doesn't support symlinks for
the file.

The revert leaves the system without any /etc/hosts file at all though.
To fix this, an activation step is added to restore the original file
from .before-nix-darwin backup, if it exists.

Signed-off-by: Ihar Hrachyshka <ihar.hrachyshka@gmail.com>
---
 modules/networking/default.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/modules/networking/default.nix b/modules/networking/default.nix
index b53a9e4a7..8097e276a 100644
--- a/modules/networking/default.nix
+++ b/modules/networking/default.nix
@@ -132,6 +132,11 @@ in
       ${optionalString (cfg.wakeOnLan.enable != null) ''
         systemsetup -setWakeOnNetworkAccess '${onOff cfg.wakeOnLan.enable}' &> /dev/null
       ''}
+
+      if [ -e /etc/hosts.before-nix-darwin ]; then
+        echo "restoring /etc/hosts..." >&2
+        sudo mv /etc/hosts{.before-nix-darwin,}
+      fi
     '';
 
   };