mirror of
https://github.com/SebastianWendel/nixpkgs.git
synced 2024-09-20 04:19:00 +02:00
dnschain nixos module: init
This commit is contained in:
parent
8db7c14e56
commit
684cd17ff5
|
@ -230,6 +230,7 @@
|
||||||
shout = 206;
|
shout = 206;
|
||||||
gateone = 207;
|
gateone = 207;
|
||||||
namecoin = 208;
|
namecoin = 208;
|
||||||
|
dnschain = 209;
|
||||||
|
|
||||||
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
|
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
|
||||||
|
|
||||||
|
@ -438,6 +439,7 @@
|
||||||
#shout = 206; #unused
|
#shout = 206; #unused
|
||||||
gateone = 207;
|
gateone = 207;
|
||||||
namecoin = 208;
|
namecoin = 208;
|
||||||
|
#dnschain = 209; #unused
|
||||||
|
|
||||||
# When adding a gid, make sure it doesn't match an existing
|
# When adding a gid, make sure it doesn't match an existing
|
||||||
# uid. Users and groups with the same name should have equal
|
# uid. Users and groups with the same name should have equal
|
||||||
|
|
|
@ -275,6 +275,7 @@
|
||||||
./services/networking/ddclient.nix
|
./services/networking/ddclient.nix
|
||||||
./services/networking/dhcpcd.nix
|
./services/networking/dhcpcd.nix
|
||||||
./services/networking/dhcpd.nix
|
./services/networking/dhcpd.nix
|
||||||
|
./services/networking/dnschain.nix
|
||||||
./services/networking/dnscrypt-proxy.nix
|
./services/networking/dnscrypt-proxy.nix
|
||||||
./services/networking/dnsmasq.nix
|
./services/networking/dnsmasq.nix
|
||||||
./services/networking/docker-registry-server.nix
|
./services/networking/docker-registry-server.nix
|
||||||
|
|
110
nixos/modules/services/networking/dnschain.nix
Normal file
110
nixos/modules/services/networking/dnschain.nix
Normal file
|
@ -0,0 +1,110 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.services;
|
||||||
|
|
||||||
|
dnschainConf = pkgs.writeText "dnschain.conf" ''
|
||||||
|
[log]
|
||||||
|
level=info
|
||||||
|
|
||||||
|
[dns]
|
||||||
|
host = 127.0.0.1
|
||||||
|
port = 5333
|
||||||
|
oldDNSMethod = NO_OLD_DNS
|
||||||
|
# TODO: check what that address is acutally used for
|
||||||
|
externalIP = 127.0.0.1
|
||||||
|
|
||||||
|
[http]
|
||||||
|
host = 127.0.0.1
|
||||||
|
port=8088
|
||||||
|
tlsPort=4443
|
||||||
|
'';
|
||||||
|
|
||||||
|
in
|
||||||
|
|
||||||
|
{
|
||||||
|
|
||||||
|
###### interface
|
||||||
|
|
||||||
|
options = {
|
||||||
|
|
||||||
|
services.dnschain = {
|
||||||
|
|
||||||
|
enable = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = ''
|
||||||
|
Whether to run dnschain. That implies running
|
||||||
|
namecoind as well, so make sure to configure
|
||||||
|
it appropriately.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
services.dnsmasq = {
|
||||||
|
resolveDnschainQueries = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = ''
|
||||||
|
Resolve <literal>.bit</literal> top-level domains
|
||||||
|
with dnschain and namecoind.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
###### implementation
|
||||||
|
|
||||||
|
config = mkIf cfg.dnschain.enable {
|
||||||
|
|
||||||
|
services.namecoind.enable = true;
|
||||||
|
|
||||||
|
services.dnsmasq.servers = optionals cfg.dnsmasq.resolveDnschainQueries [ "/.bit/127.0.0.1#5333" ];
|
||||||
|
|
||||||
|
users.extraUsers = singleton
|
||||||
|
{ name = "dnschain";
|
||||||
|
uid = config.ids.uids.dnschain;
|
||||||
|
extraGroups = [ "namecoin" ];
|
||||||
|
description = "Dnschain daemon user";
|
||||||
|
home = "/var/lib/dnschain";
|
||||||
|
createHome = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services.dnschain = {
|
||||||
|
description = "Dnschain Daemon";
|
||||||
|
after = [ "namecoind.target" ];
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
path = [ pkgs.openssl ];
|
||||||
|
preStart = ''
|
||||||
|
# Link configuration file into dnschain HOME directory
|
||||||
|
if [ "$(${pkgs.coreutils}/bin/realpath /var/lib/dnschain/.dnschain.conf)" != "${dnschainConf}" ]; then
|
||||||
|
rm -rf /var/lib/dnschain/.dnschain.conf
|
||||||
|
ln -s ${dnschainConf} /var/lib/dnschain/.dnschain.conf
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Create empty namecoin.conf so that dnschain is not
|
||||||
|
# searching for /etc/namecoin/namecoin.conf
|
||||||
|
if [ ! -e /var/lib/dnschain/.namecoin/namecoin.conf ]; then
|
||||||
|
mkdir -p /var/lib/dnschain/.namecoin
|
||||||
|
touch /var/lib/dnschain/.namecoin/namecoin.conf
|
||||||
|
fi
|
||||||
|
'';
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "simple";
|
||||||
|
User = "dnschain";
|
||||||
|
EnvironmentFile = config.services.namecoind.userFile;
|
||||||
|
ExecStart = "${pkgs.dnschain}/bin/dnschain --rpcuser=\${USER} --rpcpassword=\${PASSWORD} --rpcport=8336";
|
||||||
|
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
|
||||||
|
ExecStop = "${pkgs.coreutils}/bin/kill -KILL $MAINPID";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
}
|
Loading…
Reference in a new issue