1 files changed, 25 insertions, 0 deletions

diff --git a/nixpkgs/pkgs/tools/networking/unbound/default.nix b/nixpkgs/pkgs/tools/networking/unbound/default.nix
index a24ac1f38888..393756a9b2ab 100644
--- a/nixpkgs/pkgs/tools/networking/unbound/default.nix
+++ b/nixpkgs/pkgs/tools/networking/unbound/default.nix
@@ -5,9 +5,13 @@
 , nettle
 , expat
 , libevent
+, libsodium
+, protobufc
+, hiredis
 , dns-root-data
 , pkg-config
 , makeWrapper
+, symlinkJoin
   #
   # By default unbound will not be built with systemd support. Unbound is a very
   # commmon dependency. The transitive dependency closure of systemd also
@@ -21,6 +25,11 @@
 , systemd ? null
   # optionally support DNS-over-HTTPS as a server
 , withDoH ? false
+, withECS ? false
+, withDNSCrypt ? false
+, withDNSTAP ? false
+, withTFO ? false
+, withRedis ? false
 , libnghttp2
 }:
 
@@ -57,8 +66,24 @@ stdenv.mkDerivation rec {
     "--enable-systemd"
   ] ++ lib.optionals withDoH [
     "--with-libnghttp2=${libnghttp2.dev}"
+  ] ++ lib.optionals withECS [
+    "--enable-subnet"
+  ] ++ lib.optionals withDNSCrypt [
+    "--enable-dnscrypt"
+    "--with-libsodium=${symlinkJoin { name = "libsodium-full"; paths = [ libsodium.dev libsodium.out ]; }}"
+  ] ++ lib.optionals withDNSTAP [
+    "--enable-dnstap"
+    "--with-protobuf-c=${protobufc}"
+  ] ++ lib.optionals withTFO [
+    "--enable-tfo-client"
+    "--enable-tfo-server"
+  ] ++ lib.optionals withRedis [
+    "--enable-cachedb"
+    "--with-libhiredis=${hiredis}"
   ];
 
+  PROTOC_C = if withDNSTAP then "${protobufc}/bin/protoc-c" else null;
+
   # Remove references to compile-time dependencies that are included in the configure flags
   postConfigure = let
     inherit (builtins) storeDir;