diff options
Diffstat (limited to 'nixos/modules/services/networking')
| -rw-r--r-- | nixos/modules/services/networking/dnscache.nix | 86 | ||||
| -rw-r--r-- | nixos/modules/services/networking/radicale.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/services/networking/tinydns.nix | 54 | ||||
| -rw-r--r-- | nixos/modules/services/networking/wireguard.nix | 12 |
4 files changed, 151 insertions, 3 deletions
diff --git a/nixos/modules/services/networking/dnscache.nix b/nixos/modules/services/networking/dnscache.nix new file mode 100644 index 000000000000..f782be97f6fa --- /dev/null +++ b/nixos/modules/services/networking/dnscache.nix @@ -0,0 +1,86 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.dnscache; + + dnscache-root = pkgs.runCommand "dnscache-root" {} '' + mkdir -p $out/{servers,ip} + + ${concatMapStrings (ip: '' + echo > "$out/ip/"${lib.escapeShellArg ip} + '') cfg.clientIps} + + ${concatStrings (mapAttrsToList (host: ips: '' + ${concatMapStrings (ip: '' + echo ${lib.escapeShellArg ip} > "$out/servers/"${lib.escapeShellArg host} + '') ips} + '') cfg.domainServers)} + + # djbdns contains an outdated list of root servers; + # if one was not provided in config, provide a current list + if [ ! -e servers/@ ]; then + awk '/^.?.ROOT-SERVERS.NET/ { print $4 }' ${pkgs.dns-root-data}/root.hints > $out/servers/@ + fi + ''; + +in { + + ###### interface + + options = { + services.dnscache = { + enable = mkOption { + default = false; + type = types.bool; + description = "Whether to run the dnscache caching dns server"; + }; + + ip = mkOption { + default = "0.0.0.0"; + type = types.str; + description = "IP address on which to listen for connections"; + }; + + clientIps = mkOption { + default = [ "127.0.0.1" ]; + type = types.listOf types.str; + description = "client IP addresses (or prefixes) from which to accept connections"; + example = ["192.168" "172.23.75.82"]; + }; + + domainServers = mkOption { + default = { }; + type = types.attrsOf (types.listOf types.str); + description = "table of {hostname: server} pairs to use as authoritative servers for hosts (and subhosts)"; + example = { + "example.com" = ["8.8.8.8" "8.8.4.4"]; + }; + }; + }; + }; + + ###### implementation + + config = mkIf config.services.dnscache.enable { + environment.systemPackages = [ pkgs.djbdns ]; + users.extraUsers.dnscache = {}; + + systemd.services.dnscache = { + description = "djbdns dnscache server"; + wantedBy = [ "multi-user.target" ]; + path = with pkgs; [ bash daemontools djbdns ]; + preStart = '' + rm -rf /var/lib/dnscache + dnscache-conf dnscache dnscache /var/lib/dnscache ${config.services.dnscache.ip} + rm -rf /var/lib/dnscache/root + ln -sf ${dnscache-root} /var/lib/dnscache/root + ''; + script = '' + cd /var/lib/dnscache/ + exec ./run + ''; + }; + }; +} diff --git a/nixos/modules/services/networking/radicale.nix b/nixos/modules/services/networking/radicale.nix index 56f2e976cff5..391f4bdebbab 100644 --- a/nixos/modules/services/networking/radicale.nix +++ b/nixos/modules/services/networking/radicale.nix @@ -9,7 +9,7 @@ let confFile = pkgs.writeText "radicale.conf" cfg.config; # This enables us to default to version 2 while still not breaking configurations of people with version 1 - defaultPackage = if versionAtLeast "17.09" config.system.stateVersion then { + defaultPackage = if versionAtLeast config.system.stateVersion "17.09" then { pkg = pkgs.radicale2; text = "pkgs.radicale2"; } else { diff --git a/nixos/modules/services/networking/tinydns.nix b/nixos/modules/services/networking/tinydns.nix new file mode 100644 index 000000000000..184888ef05da --- /dev/null +++ b/nixos/modules/services/networking/tinydns.nix @@ -0,0 +1,54 @@ +{ config, lib, pkgs, ... }: + +with lib; + +{ + ###### interface + + options = { + services.tinydns = { + enable = mkOption { + default = false; + type = types.bool; + description = "Whether to run the tinydns dns server"; + }; + + data = mkOption { + type = types.lines; + default = ""; + description = "The DNS data to serve, in the format described by tinydns-data(8)"; + }; + + ip = mkOption { + default = "0.0.0.0"; + type = types.str; + description = "IP address on which to listen for connections"; + }; + }; + }; + + ###### implementation + + config = mkIf config.services.tinydns.enable { + environment.systemPackages = [ pkgs.djbdns ]; + + users.extraUsers.tinydns = {}; + + systemd.services.tinydns = { + description = "djbdns tinydns server"; + wantedBy = [ "multi-user.target" ]; + path = with pkgs; [ daemontools djbdns ]; + preStart = '' + rm -rf /var/lib/tinydns + tinydns-conf tinydns tinydns /var/lib/tinydns ${config.services.tinydns.ip} + cd /var/lib/tinydns/root/ + ln -sf ${pkgs.writeText "tinydns-data" config.services.tinydns.data} data + tinydns-data + ''; + script = '' + cd /var/lib/tinydns + exec ./run + ''; + }; + }; +} diff --git a/nixos/modules/services/networking/wireguard.nix b/nixos/modules/services/networking/wireguard.nix index 4f54b45639f6..eb08e7f90c0d 100644 --- a/nixos/modules/services/networking/wireguard.nix +++ b/nixos/modules/services/networking/wireguard.nix @@ -95,6 +95,14 @@ let type = with types; listOf (submodule peerOpts); }; + allowedIPsAsRoutes = mkOption { + example = false; + default = true; + type = types.bool; + description = '' + Determines whether to add allowed IPs as routes or not. + ''; + }; }; }; @@ -217,11 +225,11 @@ let "${ipCommand} link set up dev ${name}" - (map (peer: + (optionals (values.allowedIPsAsRoutes != false) (map (peer: (map (allowedIP: "${ipCommand} route replace ${allowedIP} dev ${name} table ${values.table}" ) peer.allowedIPs) - ) values.peers) + ) values.peers)) values.postSetup ]); |