nixpkgs/nixos/modules/services/networking/routedns.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84

{ config
, lib
, pkgs
, ...
}:

with lib;

let
  cfg = config.services.routedns;
  settingsFormat = pkgs.formats.toml { };
in
{
  options.services.routedns = {
    enable = mkEnableOption (lib.mdDoc "RouteDNS - DNS stub resolver, proxy and router");

    settings = mkOption {
      type = settingsFormat.type;
      example = literalExpression ''
        {
          resolvers.cloudflare-dot = {
            address = "1.1.1.1:853";
            protocol = "dot";
          };
          groups.cloudflare-cached = {
            type = "cache";
            resolvers = ["cloudflare-dot"];
          };
          listeners.local-udp = {
            address = "127.0.0.1:53";
            protocol = "udp";
            resolver = "cloudflare-cached";
          };
          listeners.local-tcp = {
            address = "127.0.0.1:53";
            protocol = "tcp";
            resolver = "cloudflare-cached";
          };
        }
      '';
      description = lib.mdDoc ''
        Configuration for RouteDNS, see <https://github.com/folbricht/routedns/blob/master/doc/configuration.md>
        for more information.
      '';
    };

    configFile = mkOption {
      default = settingsFormat.generate "routedns.toml" cfg.settings;
      defaultText = "A RouteDNS configuration file automatically generated by values from services.routedns.*";
      type = types.path;
      example = literalExpression ''"''${pkgs.routedns}/cmd/routedns/example-config/use-case-1.toml"'';
      description = lib.mdDoc "Path to RouteDNS TOML configuration file.";
    };

    package = mkOption {
      default = pkgs.routedns;
      defaultText = literalExpression "pkgs.routedns";
      type = types.package;
      description = lib.mdDoc "RouteDNS package to use.";
    };
  };

  config = mkIf cfg.enable {
    systemd.services.routedns = {
      description = "RouteDNS - DNS stub resolver, proxy and router";
      after = [ "network.target" ]; # in case a bootstrap resolver is used, this might fail a few times until the respective server is actually reachable
      wantedBy = [ "multi-user.target" ];
      wants = [ "network.target" ];
      startLimitIntervalSec = 30;
      startLimitBurst = 5;
      serviceConfig = {
        Restart = "on-failure";
        RestartSec = "5s";
        LimitNPROC = 512;
        LimitNOFILE = 1048576;
        DynamicUser = true;
        AmbientCapabilities = "CAP_NET_BIND_SERVICE";
        NoNewPrivileges = true;
        ExecStart = "${getBin cfg.package}/bin/routedns -l 4 ${cfg.configFile}";
      };
    };
  };
  meta.maintainers = with maintainers; [ jsimonetti ];
}