colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
ec3a7067b6
nix-files/modules/services/trust-dns.nix
Colin 4fd4efa22f DNS: split the zone generation out of trust-dns 
this is in preparation for upstreaming parts of this into nixpkgs
2023-06-08 00:32:28 +00:00

116 lines
3.3 KiB
Nix
Raw Blame History

{ config, lib, pkgs, ... }:
# TODO: consider using this library for .zone file generation:
# - <https://github.com/kirelagin/dns.nix>
with lib;
let
cfg = config.sane.services.trust-dns;
toml = pkgs.formats.toml { };
configFile = toml.generate "trust-dns.toml" {
listen_addrs_ipv4 = cfg.listenAddrsIPv4;
zones = attrValues (
mapAttrs (zname: zcfg: rec {
zone = if zcfg.name == null then zname else zcfg.name;
zone_type = "Primary";
file = zcfg.file;
}) cfg.zones
);
};
in
{
options = {
sane.services.trust-dns = {
enable = mkOption {
default = false;
type = types.bool;
};
package = mkOption {
type = types.package;
default = pkgs.trust-dns;
description = ''
trust-dns package to use.
should provide bin/named, which will be invoked with --config x and --zonedir d and maybe -q.
'';
};
listenAddrsIPv4 = mkOption {
type = types.listOf types.str;
default = [];
description = "array of ipv4 addresses on which to listen for DNS queries";
};
quiet = mkOption {
type = types.bool;
default = false;
};
zonedir = mkOption {
type = types.nullOr types.str;
default = "/";
description = ''
where the `file` option in zones.* is relative to.
'';
};
# reference <nixpkgs:nixos/modules/services/web-servers/nginx/vhost-options.nix>
zones = mkOption {
type = types.attrsOf (types.submodule ({ config, name, ... }: {
options = {
name = mkOption {
type = types.nullOr types.str;
description = "zone name. defaults to the attribute name in zones";
default = name;
};
text = mkOption {
type = types.nullOr types.lines;
default = null;
};
file = mkOption {
type = types.nullOr (types.either types.path types.str);
description = ''
path to a .zone file.
if omitted, will be generated from the `text` option.
'';
};
};
config = {
file = lib.mkIf (config.text != null) (pkgs.writeText "${config.name}.zone" config.text);
};
}));
default = {};
description = "Declarative zone config";
};
};
};
config = mkIf cfg.enable {
sane.ports.ports."53" = {
protocol = [ "udp" "tcp" ];
visibleTo.lan = true;
visibleTo.wan = true;
description = "colin-dns-hosting";
};
systemd.services.trust-dns = {
description = "trust-dns DNS server";
serviceConfig = {
ExecStart =
let
flags = lib.optional cfg.quiet "-q" ++
lib.optionals (cfg.zonedir != null) [ "--zonedir" cfg.zonedir ];
flagsStr = builtins.concatStringsSep " " flags;
in ''
${cfg.package}/bin/named \
--config ${configFile} \
${flagsStr}
'';
Type = "simple";
Restart = "on-failure";
RestartSec = "10s";
# TODO: hardening (like, don't run as root!)
};
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
};
};
}
Reference in New Issue View Git Blame Copy Permalink