diff options
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/installer/cd-dvd/sd-image.nix | 2 | ||||
-rw-r--r-- | nixos/modules/misc/ids.nix | 2 | ||||
-rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/networking/corerad.nix | 43 | ||||
-rw-r--r-- | nixos/modules/services/networking/dnschain.nix | 184 | ||||
-rw-r--r-- | nixos/modules/services/networking/namecoind.nix | 5 | ||||
-rw-r--r-- | nixos/modules/system/boot/networkd.nix | 10 | ||||
-rw-r--r-- | nixos/modules/system/boot/resolved.nix | 1 | ||||
-rw-r--r-- | nixos/modules/system/boot/timesyncd.nix | 1 |
9 files changed, 52 insertions, 197 deletions
diff --git a/nixos/modules/installer/cd-dvd/sd-image.nix b/nixos/modules/installer/cd-dvd/sd-image.nix index 589bf74263b9..98c12e30633c 100644 --- a/nixos/modules/installer/cd-dvd/sd-image.nix +++ b/nixos/modules/installer/cd-dvd/sd-image.nix @@ -190,7 +190,7 @@ in fsck.vfat -vn firmware_part.img dd conv=notrunc if=firmware_part.img of=$img seek=$START count=$SECTORS if test -n "$compressImage"; then - zstd -T$NIX_BUILD_CORES $img + zstd -T$NIX_BUILD_CORES --rm $img fi ''; }) {}; diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index 85e5534e906f..3409e7ba22ea 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -239,7 +239,6 @@ in shout = 206; gateone = 207; namecoin = 208; - dnschain = 209; #lxd = 210; # unused kibana = 211; xtreemfs = 212; @@ -549,7 +548,6 @@ in #shout = 206; #unused gateone = 207; namecoin = 208; - #dnschain = 209; #unused lxd = 210; # unused #kibana = 211; xtreemfs = 212; diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 5c5281b730f3..321fec5fb517 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -602,7 +602,6 @@ ./services/networking/dhcpcd.nix ./services/networking/dhcpd.nix ./services/networking/dnscache.nix - ./services/networking/dnschain.nix ./services/networking/dnscrypt-proxy2.nix ./services/networking/dnscrypt-wrapper.nix ./services/networking/dnsdist.nix diff --git a/nixos/modules/services/networking/corerad.nix b/nixos/modules/services/networking/corerad.nix index 1a2c4aec6651..2d4d414aae10 100644 --- a/nixos/modules/services/networking/corerad.nix +++ b/nixos/modules/services/networking/corerad.nix @@ -4,14 +4,48 @@ with lib; let cfg = config.services.corerad; + + writeTOML = name: x: + pkgs.runCommandNoCCLocal name { } '' + echo '${builtins.toJSON x}' | ${pkgs.go-toml}/bin/jsontoml > $out + ''; + in { - meta = { - maintainers = with maintainers; [ mdlayher ]; - }; + meta.maintainers = with maintainers; [ mdlayher ]; options.services.corerad = { enable = mkEnableOption "CoreRAD IPv6 NDP RA daemon"; + settings = mkOption { + type = types.uniq types.attrs; + example = literalExample '' + { + interfaces = [ + # eth0 is an upstream interface monitoring for IPv6 router advertisements. + { + name = "eth0"; + monitor = true; + } + # eth1 is a downstream interface advertising IPv6 prefixes for SLAAC. + { + name = "eth1"; + advertise = true; + prefix = [{ prefix = "::/64"; }]; + } + ]; + # Optionally enable Prometheus metrics. + debug = { + address = "localhost:9430"; + prometheus = true; + }; + } + ''; + description = '' + Configuration for CoreRAD, see <link xlink:href="https://github.com/mdlayher/corerad/blob/master/internal/config/default.toml"/> + for supported values. Ignored if configFile is set. + ''; + }; + configFile = mkOption { type = types.path; example = literalExample "\"\${pkgs.corerad}/etc/corerad/corerad.toml\""; @@ -27,6 +61,9 @@ in { }; config = mkIf cfg.enable { + # Prefer the config file over settings if both are set. + services.corerad.configFile = mkDefault (writeTOML "corerad.toml" cfg.settings); + systemd.services.corerad = { description = "CoreRAD IPv6 NDP RA daemon"; after = [ "network.target" ]; diff --git a/nixos/modules/services/networking/dnschain.nix b/nixos/modules/services/networking/dnschain.nix deleted file mode 100644 index 003609ea7054..000000000000 --- a/nixos/modules/services/networking/dnschain.nix +++ /dev/null @@ -1,184 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - cfgs = config.services; - cfg = cfgs.dnschain; - - dataDir = "/var/lib/dnschain"; - username = "dnschain"; - - configFile = pkgs.writeText "dnschain.conf" '' - [log] - level = info - - [dns] - host = ${cfg.dns.address} - port = ${toString cfg.dns.port} - oldDNSMethod = NO_OLD_DNS - externalIP = ${cfg.dns.externalAddress} - - [http] - host = ${cfg.api.hostname} - port = ${toString cfg.api.port} - tlsPort = ${toString cfg.api.tlsPort} - - ${cfg.extraConfig} - ''; - -in - -{ - - ###### interface - - options = { - - services.dnschain = { - - enable = mkEnableOption '' - DNSChain, a blockchain based DNS + HTTP server. - To resolve .bit domains set <literal>services.namecoind.enable = true;</literal> - and an RPC username/password. - ''; - - dns.address = mkOption { - type = types.str; - default = "127.0.0.1"; - description = '' - The IP address the DNSChain resolver will bind to. - Leave this unchanged if you do not wish to directly expose the resolver. - ''; - }; - - dns.externalAddress = mkOption { - type = types.str; - default = cfg.dns.address; - description = '' - The IP address used by clients to reach the resolver and the value of - the <literal>namecoin.dns</literal> record. Set this in case the bind address - is not the actual IP address (e.g. the machine is behind a NAT). - ''; - }; - - dns.port = mkOption { - type = types.int; - default = 5333; - description = '' - The port the DNSChain resolver will bind to. - ''; - }; - - api.hostname = mkOption { - type = types.str; - default = "0.0.0.0"; - description = '' - The hostname (or IP address) the DNSChain API server will bind to. - ''; - }; - - api.port = mkOption { - type = types.int; - default = 8080; - description = '' - The port the DNSChain API server (HTTP) will bind to. - ''; - }; - - api.tlsPort = mkOption { - type = types.int; - default = 4433; - description = '' - The port the DNSChain API server (HTTPS) will bind to. - ''; - }; - - extraConfig = mkOption { - type = types.lines; - default = ""; - example = '' - [log] - level = debug - ''; - description = '' - Additional options that will be appended to the configuration file. - ''; - }; - - }; - - services.dnsmasq.resolveDNSChainQueries = mkOption { - type = types.bool; - default = false; - description = '' - Resolve <literal>.bit</literal> top-level domains using DNSChain and namecoin. - ''; - }; - - services.pdns-recursor.resolveDNSChainQueries = mkOption { - type = types.bool; - default = false; - description = '' - Resolve <literal>.bit</literal> top-level domains using DNSChain and namecoin. - ''; - }; - - }; - - - ###### implementation - - config = mkIf cfg.enable { - - services.dnsmasq.servers = optionals cfgs.dnsmasq.resolveDNSChainQueries - [ "/.bit/127.0.0.1#${toString cfg.dns.port}" - "/.dns/127.0.0.1#${toString cfg.dns.port}" - ]; - - services.pdns-recursor = mkIf cfgs.pdns-recursor.resolveDNSChainQueries { - forwardZonesRecurse = - { bit = "127.0.0.1:${toString cfg.dns.port}"; - dns = "127.0.0.1:${toString cfg.dns.port}"; - }; - luaConfig ='' - addNTA("bit", "namecoin doesn't support DNSSEC") - addNTA("dns", "namecoin doesn't support DNSSEC") - ''; - }; - - users.users.${username} = { - description = "DNSChain daemon user"; - home = dataDir; - createHome = true; - uid = config.ids.uids.dnschain; - extraGroups = optional cfgs.namecoind.enable "namecoin"; - }; - - systemd.services.dnschain = { - description = "DNSChain daemon"; - after = optional cfgs.namecoind.enable "namecoind.target"; - wantedBy = [ "multi-user.target" ]; - - serviceConfig = { - User = "dnschain"; - Restart = "on-failure"; - ExecStart = "${pkgs.nodePackages.dnschain}/bin/dnschain"; - }; - - preStart = '' - # Link configuration file into dnschain home directory - configPath=${dataDir}/.dnschain/dnschain.conf - mkdir -p ${dataDir}/.dnschain - if [ "$(realpath $configPath)" != "${configFile}" ]; then - rm -f $configPath - ln -s ${configFile} $configPath - fi - ''; - }; - - }; - - meta.maintainers = with lib.maintainers; [ rnhmjoj ]; - -} diff --git a/nixos/modules/services/networking/namecoind.nix b/nixos/modules/services/networking/namecoind.nix index ead7f0859434..6ca99e1321bd 100644 --- a/nixos/modules/services/networking/namecoind.nix +++ b/nixos/modules/services/networking/namecoind.nix @@ -149,11 +149,6 @@ in config = mkIf cfg.enable { - services.dnschain.extraConfig = '' - [namecoin] - config = ${configFile} - ''; - users.users.namecoin = { uid = config.ids.uids.namecoin; description = "Namecoin daemon user"; diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index 9b34b12e73a5..b0545363b330 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -1178,14 +1178,22 @@ in users.users.systemd-network.group = "systemd-network"; systemd.additionalUpstreamSystemUnits = [ - "systemd-networkd.service" "systemd-networkd-wait-online.service" + "systemd-networkd-wait-online.service" + "systemd-networkd.service" + "systemd-networkd.socket" ]; systemd.network.units = mapAttrs' (n: v: nameValuePair "${n}.netdev" (netdevToUnit n v)) cfg.netdevs // mapAttrs' (n: v: nameValuePair "${n}.network" (networkToUnit n v)) cfg.networks; + # systemd-networkd is socket-activated by kernel netlink route change + # messages. It is important to have systemd buffer those on behalf of + # networkd. + systemd.sockets.systemd-networkd.wantedBy = [ "sockets.target" ]; + systemd.services.systemd-networkd = { wantedBy = [ "multi-user.target" ]; + aliases = [ "dbus-org.freedesktop.network1.service" ]; restartTriggers = map (x: x.source) (attrValues unitFiles); # prevent race condition with interface renaming (#39069) requires = [ "systemd-udev-settle.service" ]; diff --git a/nixos/modules/system/boot/resolved.nix b/nixos/modules/system/boot/resolved.nix index b7aaef575ac1..b024f9cf5ee9 100644 --- a/nixos/modules/system/boot/resolved.nix +++ b/nixos/modules/system/boot/resolved.nix @@ -148,6 +148,7 @@ in systemd.services.systemd-resolved = { wantedBy = [ "multi-user.target" ]; + aliases = [ "dbus-org.freedesktop.resolve1.service" ]; restartTriggers = [ config.environment.etc."systemd/resolved.conf".source ]; }; diff --git a/nixos/modules/system/boot/timesyncd.nix b/nixos/modules/system/boot/timesyncd.nix index 9e2f36ca01f8..35fb5578b070 100644 --- a/nixos/modules/system/boot/timesyncd.nix +++ b/nixos/modules/system/boot/timesyncd.nix @@ -41,6 +41,7 @@ with lib; systemd.services.systemd-timesyncd = { wantedBy = [ "sysinit.target" ]; + aliases = [ "dbus-org.freedesktop.timesync1.service" ]; restartTriggers = [ config.environment.etc."systemd/timesyncd.conf".source ]; }; |