diff options
| author | William A. Kennington III <william@wkennington.com> | 2015-04-04 21:20:04 -0700 |
|---|---|---|
| committer | William A. Kennington III <william@wkennington.com> | 2015-04-04 21:20:07 -0700 |
| commit | b3c423757e9f574ed51e1e5f01c7dfa1777def97 (patch) | |
| tree | 39a176a763680705381ccedb7b8487c1bb2deda3 /nixos | |
| parent | 45b37ca1d820586c2c9b065889ded1a1fe9ffbe6 (diff) | |
| download | nixlib-b3c423757e9f574ed51e1e5f01c7dfa1777def97.tar nixlib-b3c423757e9f574ed51e1e5f01c7dfa1777def97.tar.gz nixlib-b3c423757e9f574ed51e1e5f01c7dfa1777def97.tar.bz2 nixlib-b3c423757e9f574ed51e1e5f01c7dfa1777def97.tar.lz nixlib-b3c423757e9f574ed51e1e5f01c7dfa1777def97.tar.xz nixlib-b3c423757e9f574ed51e1e5f01c7dfa1777def97.tar.zst nixlib-b3c423757e9f574ed51e1e5f01c7dfa1777def97.zip | |
nixos/rdnssd: Major refactoring
This updates rdnssd to the following: * Using the systemd interfaces directly * Using the rdnssd user instead of the root user * Integrating with resolvconf instead of writing directly to /etc/resolv.conf
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/misc/ids.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/services/networking/rdnssd.nix | 50 |
2 files changed, 40 insertions, 12 deletions
diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index acb4af7a933d..c2523a3cc329 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -213,6 +213,7 @@ zope2 = 185; ripple-data-api = 186; mediatomb = 187; + rdnssd = 188; # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! @@ -403,6 +404,7 @@ #zope2 = 185; # unused #ripple-data-api = 186; #unused mediatomb = 187; + #rdnssd = 188; # unused # When adding a gid, make sure it doesn't match an existing # uid. Users and groups with the same name should have equal diff --git a/nixos/modules/services/networking/rdnssd.nix b/nixos/modules/services/networking/rdnssd.nix index 4c1891816e3e..95833d31e99d 100644 --- a/nixos/modules/services/networking/rdnssd.nix +++ b/nixos/modules/services/networking/rdnssd.nix @@ -4,7 +4,12 @@ { config, lib, pkgs, ... }: with lib; - +let + mergeHook = pkgs.writeScript "rdnssd-merge-hook" '' + #! ${pkgs.stdenv.shell} -e + ${pkgs.openresolv}/bin/resolvconf -u + ''; +in { ###### interface @@ -30,18 +35,39 @@ with lib; config = mkIf config.services.rdnssd.enable { - jobs.rdnssd = - { description = "RDNSS daemon"; - - # Start before the network interfaces are brought up so that - # the daemon receives RDNSS advertisements from the kernel. - startOn = "starting network-interfaces"; - - # !!! Should write to /var/run/rdnssd/resolv.conf and run the daemon under another uid. - exec = "${pkgs.ndisc6}/sbin/rdnssd --resolv-file /etc/resolv.conf -u root"; - - daemonType = "fork"; + systemd.services.rdnssd = { + description = "RDNSS daemon"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + preStart = '' + # Create the proper run directory + mkdir -p /run/rdnssd + touch /run/rdnssd/resolv.conf + chown -R rdnssd /run/rdnssd + + # Link the resolvconf interfaces to rdnssd + rm -f /run/resolvconf/interfaces/rdnssd + ln -s /run/rdnssd/resolv.conf /run/resolvconf/interfaces/rdnssd + ${mergeHook} + ''; + + postStop = '' + rm -f /run/resolvconf/interfaces/rdnssd + ${mergeHook} + ''; + + serviceConfig = { + ExecStart = "@${pkgs.ndisc6}/bin/rdnssd rdnssd -p /run/rdnssd/rdnssd.pid -r /run/rdnssd/resolv.conf -u rdnssd -H ${mergeHook}"; + Type = "forking"; + PIDFile = "/run/rdnssd/rdnssd.pid"; }; + }; + + users.extraUsers.rdnssd = { + description = "RDNSSD Daemon User"; + uid = config.ids.uids.rdnssd; + }; }; |