apply patch for when trust-dns is renamed to hickory-dns

2024-06-01 17:07:44 +00:00 · 2024-06-01 17:07:44 +00:00 · f0128b9496
commit f0128b9496
parent 368169d48d
2 changed files with 24 additions and 4 deletions
--- a/modules/services/trust-dns/default.nix
+++ b/modules/services/trust-dns/default.nix
@ -117,9 +117,9 @@ let
      '') dns.zones
    );

-    serviceConfig = config.systemd.services.trust-dns.serviceConfig // {
+    serviceConfig = (config.systemd.services.hickory-dns or config.systemd.services.trust-dns).serviceConfig // {
      ExecStart = lib.escapeShellArgs ([
-        "${config.services.trust-dns.package}/bin/${config.services.trust-dns.package.meta.mainProgram}"
+        "${lib.getExe config.services.trust-dns.package}"
        "--port"     (builtins.toString port)
        "--zonedir"  "/var/lib/trust-dns/${flavor}"
        "--config"   "${configPath}"
@ -131,7 +131,7 @@ let
      # servo/dyn-dns needs /var/lib/uninsane/wan.txt.
      # this might not exist on other systems,
      # so just bind the deepest path which is guaranteed to exist.
-      ReadOnlyPaths = [ "/var/lib" ];
+      ReadOnlyPaths = [ "/var/lib" ];  #< TODO: scope this down!
    } // lib.optionalAttrs cfg.asSystemResolver {
      # allow the group to write trust-dns state (needed by NetworkManager hook)
      StateDirectoryMode = "775";
@ -184,9 +184,10 @@ in
          rev = "67649863faf2e08f63963a96a491a4025aaf8ed6";
          hash = "sha256-vmVY8C0cCCFxy/4+g1vKZsAD5lMaufIExnFaSVVAhGM=";
        };
-        cargoHash = "sha256-FEjNxv1iu27SXQhz1+Aehs4es8VxT1BPz5uZq8TcG/k=";
+        cargoHash = "sha256-NoWrQgTPOp99pEs73VQrfeU3m8fny2s20Mf9qxwiPtQ=";
      });
    };
+    services.trust-dns.settings.directory = "/var/lib/trust-dns";

    users.groups.trust-dns = {};
    users.users.trust-dns = {
@ -196,6 +197,18 @@ in

    systemd.services = lib.mkMerge [
      {
+        hickory-dns.enable = false;
+        hickory-dns.serviceConfig = {
+          DynamicUser = lib.mkForce false;
+          User = "trust-dns";
+          Group = "trust-dns";
+          wantedBy = lib.mkForce [];
+          # there can be a lot of restarts as interfaces toggle,
+          # particularly around the DHCP/NetworkManager stuff.
+          StartLimitBurst = 60;
+          StateDirectory = lib.mkForce "trust-dns";
+        };
+
        trust-dns.enable = false;
        trust-dns.serviceConfig = {
          DynamicUser = lib.mkForce false;
@ -205,6 +218,7 @@ in
          # there can be a lot of restarts as interfaces toggle,
          # particularly around the DHCP/NetworkManager stuff.
          StartLimitBurst = 60;
+          StateDirectory = lib.mkForce "trust-dns";
        };
        # trust-dns.unitConfig.StartLimitIntervalSec = 60;
      }
--- a/nixpatches/list.nix
+++ b/nixpatches/list.nix
@ -32,6 +32,12 @@ in [
  # etc, where "date" is like "20240228181608"
  # and can be found with `nix-repl  > :lf .  > lastModifiedDate`

+  (fetchpatch' {
+    title = "trust-dns: rebrand as hickory-dns";
+    saneCommit = "a7613d50c58b5612a7b806ce1375d8bf0485ab55";
+    hash = "sha256-N4DfNhCeg9etVeTPVzJ73CwiZzf43SozK8nrfXIm0uQ=";
+  })
+
  (fetchpatch' {
    title = "libphonenumber: fix cross compilation";
    prUrl = "https://github.com/NixOS/nixpkgs/pull/316094";