diff options
author | Jörg Thalheim <Mic92@users.noreply.github.com> | 2017-09-24 15:39:29 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-09-24 15:39:29 +0100 |
commit | 975c7b22044e7d1568efa2b01d46a4fc917420c7 (patch) | |
tree | 394b3bee06afc898e7a9ea48553f3ef327613c24 /nixos/modules/services/networking | |
parent | 412fa16bffcb915f796e95b12281bc568be7c1ae (diff) | |
parent | 735b41c34f78dc7781cd85d0be6636239af78c4f (diff) | |
download | nixlib-975c7b22044e7d1568efa2b01d46a4fc917420c7.tar nixlib-975c7b22044e7d1568efa2b01d46a4fc917420c7.tar.gz nixlib-975c7b22044e7d1568efa2b01d46a4fc917420c7.tar.bz2 nixlib-975c7b22044e7d1568efa2b01d46a4fc917420c7.tar.lz nixlib-975c7b22044e7d1568efa2b01d46a4fc917420c7.tar.xz nixlib-975c7b22044e7d1568efa2b01d46a4fc917420c7.tar.zst nixlib-975c7b22044e7d1568efa2b01d46a4fc917420c7.zip |
Merge pull request #29450 from jerith666/djb-1709
Add modules for tinydns and dnscache from djbdns
Diffstat (limited to 'nixos/modules/services/networking')
-rw-r--r-- | nixos/modules/services/networking/dnscache.nix | 86 | ||||
-rw-r--r-- | nixos/modules/services/networking/tinydns.nix | 54 |
2 files changed, 140 insertions, 0 deletions
diff --git a/nixos/modules/services/networking/dnscache.nix b/nixos/modules/services/networking/dnscache.nix new file mode 100644 index 000000000000..f782be97f6fa --- /dev/null +++ b/nixos/modules/services/networking/dnscache.nix @@ -0,0 +1,86 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.dnscache; + + dnscache-root = pkgs.runCommand "dnscache-root" {} '' + mkdir -p $out/{servers,ip} + + ${concatMapStrings (ip: '' + echo > "$out/ip/"${lib.escapeShellArg ip} + '') cfg.clientIps} + + ${concatStrings (mapAttrsToList (host: ips: '' + ${concatMapStrings (ip: '' + echo ${lib.escapeShellArg ip} > "$out/servers/"${lib.escapeShellArg host} + '') ips} + '') cfg.domainServers)} + + # djbdns contains an outdated list of root servers; + # if one was not provided in config, provide a current list + if [ ! -e servers/@ ]; then + awk '/^.?.ROOT-SERVERS.NET/ { print $4 }' ${pkgs.dns-root-data}/root.hints > $out/servers/@ + fi + ''; + +in { + + ###### interface + + options = { + services.dnscache = { + enable = mkOption { + default = false; + type = types.bool; + description = "Whether to run the dnscache caching dns server"; + }; + + ip = mkOption { + default = "0.0.0.0"; + type = types.str; + description = "IP address on which to listen for connections"; + }; + + clientIps = mkOption { + default = [ "127.0.0.1" ]; + type = types.listOf types.str; + description = "client IP addresses (or prefixes) from which to accept connections"; + example = ["192.168" "172.23.75.82"]; + }; + + domainServers = mkOption { + default = { }; + type = types.attrsOf (types.listOf types.str); + description = "table of {hostname: server} pairs to use as authoritative servers for hosts (and subhosts)"; + example = { + "example.com" = ["8.8.8.8" "8.8.4.4"]; + }; + }; + }; + }; + + ###### implementation + + config = mkIf config.services.dnscache.enable { + environment.systemPackages = [ pkgs.djbdns ]; + users.extraUsers.dnscache = {}; + + systemd.services.dnscache = { + description = "djbdns dnscache server"; + wantedBy = [ "multi-user.target" ]; + path = with pkgs; [ bash daemontools djbdns ]; + preStart = '' + rm -rf /var/lib/dnscache + dnscache-conf dnscache dnscache /var/lib/dnscache ${config.services.dnscache.ip} + rm -rf /var/lib/dnscache/root + ln -sf ${dnscache-root} /var/lib/dnscache/root + ''; + script = '' + cd /var/lib/dnscache/ + exec ./run + ''; + }; + }; +} diff --git a/nixos/modules/services/networking/tinydns.nix b/nixos/modules/services/networking/tinydns.nix new file mode 100644 index 000000000000..184888ef05da --- /dev/null +++ b/nixos/modules/services/networking/tinydns.nix @@ -0,0 +1,54 @@ +{ config, lib, pkgs, ... }: + +with lib; + +{ + ###### interface + + options = { + services.tinydns = { + enable = mkOption { + default = false; + type = types.bool; + description = "Whether to run the tinydns dns server"; + }; + + data = mkOption { + type = types.lines; + default = ""; + description = "The DNS data to serve, in the format described by tinydns-data(8)"; + }; + + ip = mkOption { + default = "0.0.0.0"; + type = types.str; + description = "IP address on which to listen for connections"; + }; + }; + }; + + ###### implementation + + config = mkIf config.services.tinydns.enable { + environment.systemPackages = [ pkgs.djbdns ]; + + users.extraUsers.tinydns = {}; + + systemd.services.tinydns = { + description = "djbdns tinydns server"; + wantedBy = [ "multi-user.target" ]; + path = with pkgs; [ daemontools djbdns ]; + preStart = '' + rm -rf /var/lib/tinydns + tinydns-conf tinydns tinydns /var/lib/tinydns ${config.services.tinydns.ip} + cd /var/lib/tinydns/root/ + ln -sf ${pkgs.writeText "tinydns-data" config.services.tinydns.data} data + tinydns-data + ''; + script = '' + cd /var/lib/tinydns + exec ./run + ''; + }; + }; +} |