colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/dnsdist: use upstream systemd unit

Browse Source
This commit is contained in:
Aaron Andersen 2020-10-08 19:17:19 -04:00
parent 4d15ce5d15
commit f4ff303c3b
1 changed files with 8 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
nixos/modules/services/networking/dnsdist.nix
View File

@ -7,7 +7,7 @@ let
configFile = pkgs.writeText "dndist.conf" '' configFile = pkgs.writeText "dndist.conf" ''
setLocal('${cfg.listenAddress}:${toString cfg.listenPort}') setLocal('${cfg.listenAddress}:${toString cfg.listenPort}')
${cfg.extraConfig} ${cfg.extraConfig}
''; '';
in { in {
options = { options = {
services.dnsdist = { services.dnsdist = {
@ -35,25 +35,18 @@ in {
}; };
}; };
config = mkIf config.services.dnsdist.enable { config = mkIf cfg.enable {
systemd.packages = [ pkgs.dnsdist ];
systemd.services.dnsdist = { systemd.services.dnsdist = {
description = "dnsdist load balancer";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = ["network.target"];
serviceConfig = { serviceConfig = {
Restart="on-failure";
RestartSec="1";
DynamicUser = true; DynamicUser = true;
StartLimitInterval="0";
PrivateDevices=true; # upstream overrides for better nixos compatibility
AmbientCapabilities="CAP_NET_BIND_SERVICE"; ExecStartPre = [ "" "${pkgs.dnsdist}/bin/dnsdist --check-config --config ${configFile}" ];
CapabilityBoundingSet="CAP_NET_BIND_SERVICE"; ExecStart = [ "" "${pkgs.dnsdist}/bin/dnsdist --supervised --disable-syslog --config ${configFile}" ];
ExecStart = "${pkgs.dnsdist}/bin/dnsdist --supervised --disable-syslog --config ${configFile}";
ProtectHome=true;
RestrictAddressFamilies="AF_UNIX AF_INET AF_INET6";
LimitNOFILE="16384";
TasksMax="8192";
}; };
}; };
}; };