From f0128b9496548dd14863a9f782f4ab568116b002 Mon Sep 17 00:00:00 2001
From: Colin <colin@uninsane.org>
Date: Sat, 1 Jun 2024 17:07:44 +0000
Subject: [PATCH] apply patch for when trust-dns is renamed to hickory-dns

---
 modules/services/trust-dns/default.nix | 22 ++++++++++++++++++----
 nixpatches/list.nix                    |  6 ++++++
 2 files changed, 24 insertions(+), 4 deletions(-)

diff --git a/modules/services/trust-dns/default.nix b/modules/services/trust-dns/default.nix
index f9573c2b..01b8e885 100644
--- a/modules/services/trust-dns/default.nix
+++ b/modules/services/trust-dns/default.nix
@@ -117,9 +117,9 @@ let
       '') dns.zones
     );
 
-    serviceConfig = config.systemd.services.trust-dns.serviceConfig // {
+    serviceConfig = (config.systemd.services.hickory-dns or config.systemd.services.trust-dns).serviceConfig // {
       ExecStart = lib.escapeShellArgs ([
-        "${config.services.trust-dns.package}/bin/${config.services.trust-dns.package.meta.mainProgram}"
+        "${lib.getExe config.services.trust-dns.package}"
         "--port"     (builtins.toString port)
         "--zonedir"  "/var/lib/trust-dns/${flavor}"
         "--config"   "${configPath}"
@@ -131,7 +131,7 @@ let
       # servo/dyn-dns needs /var/lib/uninsane/wan.txt.
       # this might not exist on other systems,
       # so just bind the deepest path which is guaranteed to exist.
-      ReadOnlyPaths = [ "/var/lib" ];
+      ReadOnlyPaths = [ "/var/lib" ];  #< TODO: scope this down!
     } // lib.optionalAttrs cfg.asSystemResolver {
       # allow the group to write trust-dns state (needed by NetworkManager hook)
       StateDirectoryMode = "775";
@@ -184,9 +184,10 @@ in
           rev = "67649863faf2e08f63963a96a491a4025aaf8ed6";
           hash = "sha256-vmVY8C0cCCFxy/4+g1vKZsAD5lMaufIExnFaSVVAhGM=";
         };
-        cargoHash = "sha256-FEjNxv1iu27SXQhz1+Aehs4es8VxT1BPz5uZq8TcG/k=";
+        cargoHash = "sha256-NoWrQgTPOp99pEs73VQrfeU3m8fny2s20Mf9qxwiPtQ=";
       });
     };
+    services.trust-dns.settings.directory = "/var/lib/trust-dns";
 
     users.groups.trust-dns = {};
     users.users.trust-dns = {
@@ -196,6 +197,18 @@ in
 
     systemd.services = lib.mkMerge [
       {
+        hickory-dns.enable = false;
+        hickory-dns.serviceConfig = {
+          DynamicUser = lib.mkForce false;
+          User = "trust-dns";
+          Group = "trust-dns";
+          wantedBy = lib.mkForce [];
+          # there can be a lot of restarts as interfaces toggle,
+          # particularly around the DHCP/NetworkManager stuff.
+          StartLimitBurst = 60;
+          StateDirectory = lib.mkForce "trust-dns";
+        };
+
         trust-dns.enable = false;
         trust-dns.serviceConfig = {
           DynamicUser = lib.mkForce false;
@@ -205,6 +218,7 @@ in
           # there can be a lot of restarts as interfaces toggle,
           # particularly around the DHCP/NetworkManager stuff.
           StartLimitBurst = 60;
+          StateDirectory = lib.mkForce "trust-dns";
         };
         # trust-dns.unitConfig.StartLimitIntervalSec = 60;
       }
diff --git a/nixpatches/list.nix b/nixpatches/list.nix
index 677cff1d..089cdc9d 100644
--- a/nixpatches/list.nix
+++ b/nixpatches/list.nix
@@ -32,6 +32,12 @@ in [
   # etc, where "date" is like "20240228181608"
   # and can be found with `nix-repl  > :lf .  > lastModifiedDate`
 
+  (fetchpatch' {
+    title = "trust-dns: rebrand as hickory-dns";
+    saneCommit = "a7613d50c58b5612a7b806ce1375d8bf0485ab55";
+    hash = "sha256-N4DfNhCeg9etVeTPVzJ73CwiZzf43SozK8nrfXIm0uQ=";
+  })
+
   (fetchpatch' {
     title = "libphonenumber: fix cross compilation";
     prUrl = "https://github.com/NixOS/nixpkgs/pull/316094";