dnschain nixos module: init

1 files changed, 110 insertions, 0 deletions

diff --git a/nixos/modules/services/networking/dnschain.nix b/nixos/modules/services/networking/dnschain.nix
new file mode 100644
index 000000000000..f17f8c832ee4
--- /dev/null
+++ b/nixos/modules/services/networking/dnschain.nix
@@ -0,0 +1,110 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.services;
+
+  dnschainConf = pkgs.writeText "dnschain.conf" ''
+    [log]
+    level=info
+
+    [dns]
+    host = 127.0.0.1
+    port = 5333
+    oldDNSMethod = NO_OLD_DNS
+    # TODO: check what that address is acutally used for
+    externalIP = 127.0.0.1
+
+    [http]
+    host = 127.0.0.1
+    port=8088
+    tlsPort=4443
+  '';
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.dnschain = {
+
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to run dnschain. That implies running
+          namecoind as well, so make sure to configure
+          it appropriately.
+        '';
+      };
+
+    };
+
+    services.dnsmasq = {
+      resolveDnschainQueries = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Resolve <literal>.bit</literal> top-level domains
+          with dnschain and namecoind.
+        '';
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.dnschain.enable {
+
+    services.namecoind.enable = true;
+
+    services.dnsmasq.servers = optionals cfg.dnsmasq.resolveDnschainQueries [ "/.bit/127.0.0.1#5333" ];
+
+    users.extraUsers = singleton
+      { name = "dnschain";
+        uid = config.ids.uids.dnschain;
+        extraGroups = [ "namecoin" ];
+        description = "Dnschain daemon user";
+        home = "/var/lib/dnschain";
+        createHome = true;
+      };
+
+    systemd.services.dnschain = {
+        description = "Dnschain Daemon";
+        after = [ "namecoind.target" ];
+        wantedBy = [ "multi-user.target" ];
+        path = [ pkgs.openssl ];
+        preStart = ''
+          # Link configuration file into dnschain HOME directory
+          if [ "$(${pkgs.coreutils}/bin/realpath /var/lib/dnschain/.dnschain.conf)" != "${dnschainConf}" ]; then
+              rm -rf /var/lib/dnschain/.dnschain.conf
+              ln -s ${dnschainConf} /var/lib/dnschain/.dnschain.conf
+          fi
+
+          # Create empty namecoin.conf so that dnschain is not
+          # searching for /etc/namecoin/namecoin.conf
+          if [ ! -e /var/lib/dnschain/.namecoin/namecoin.conf ]; then
+              mkdir -p /var/lib/dnschain/.namecoin
+              touch /var/lib/dnschain/.namecoin/namecoin.conf
+          fi
+        '';
+        serviceConfig = {
+          Type = "simple";
+          User = "dnschain";
+          EnvironmentFile = config.services.namecoind.userFile;
+          ExecStart = "${pkgs.dnschain}/bin/dnschain --rpcuser=\${USER} --rpcpassword=\${PASSWORD} --rpcport=8336";
+          ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
+          ExecStop = "${pkgs.coreutils}/bin/kill -KILL $MAINPID";
+        };
+    };
+
+  };
+
+}