trust-dns: asSystemResolver: listen also on ipv6 address

2024-05-14 23:38:01 +00:00
parent d5e8974a4a
commit 66f73c92bd
1 changed files with 12 additions and 2 deletions
--- a/modules/services/trust-dns/default.nix
+++ b/modules/services/trust-dns/default.nix
@@ -17,7 +17,14 @@ let
        type = types.listOf types.str;
        default = [ "127.0.0.1" ];
        description = ''
-          IP addresses to serve requests from.
+          IPv4 addresses to serve requests from.
+        '';
+      };
+      listenAddrsIpv6 = mkOption {
+        type = types.listOf types.str;
+        default = [ ];
+        description = ''
+          IPv6 addresses to serve requests from.
        '';
      };
      substitutions = mkOption {
@@ -78,13 +85,14 @@ let
    };
  });

-  mkSystemdService = flavor: { includes, listenAddrsIpv4, port, substitutions, extraConfig, ... }: let
+  mkSystemdService = flavor: { includes, listenAddrsIpv4, listenAddrsIpv6, port, substitutions, extraConfig, ... }: let
    sed = "${pkgs.gnused}/bin/sed";
    configTemplate = toml.generate "trust-dns-${flavor}.toml" (
      (
        lib.filterAttrsRecursive (_: v: v != null) config.services.trust-dns.settings
      ) // {
        listen_addrs_ipv4 = listenAddrsIpv4;
+        listen_addrs_ipv6 = listenAddrsIpv6;
      } // extraConfig
    );
    configPath = "/var/lib/trust-dns/${flavor}-config.toml";
@@ -212,12 +220,14 @@ in

    sane.services.trust-dns.instances.localhost = lib.mkIf cfg.asSystemResolver {
      listenAddrsIpv4 = [ "127.0.0.1" ];
+      listenAddrsIpv6 = [ "::1" ];
      enableRecursiveResolver = true;
      # append zones discovered via DHCP to the resolver config.
      includes = [ "/var/lib/trust-dns/dhcp-configs/*" ];
    };
    networking.nameservers = lib.mkIf cfg.asSystemResolver [
      "127.0.0.1"
+      "::1"
    ];
    services.resolved.enable = lib.mkIf cfg.asSystemResolver (lib.mkForce false);
  };