unbound: optionally support DNS-over-HTTPS

unbound can be used as a DNS-over-HTTPS (DoH) server. This is a blog post introducing the feature: https://www.nlnetlabs.nl/news/2020/Oct/08/unbound-1.12.0-released/
2024-09-21 12:59:04 +02:00 · 2021-01-01 18:54:33 +01:00 · 2021-01-01 18:54:33 +01:00 · a40f86e390
parent e7433051b6
commit a40f86e390
1 changed files with 8 additions and 1 deletions
--- a/pkgs/tools/networking/unbound/default.nix
+++ b/pkgs/tools/networking/unbound/default.nix
@ -18,6 +18,9 @@
  #
 , withSystemd ? false
 , systemd ? null
+  # optionally support DNS-over-HTTPS as a server
+, withDoH ? false
+, libnghttp2
 }:

 stdenv.mkDerivation rec {
@ -31,7 +34,9 @@ stdenv.mkDerivation rec {

  outputs = [ "out" "lib" "man" ]; # "dev" would only split ~20 kB

-  buildInputs = [ openssl nettle expat libevent ] ++ lib.optionals withSystemd [ pkg-config systemd ];
+  buildInputs = [ openssl nettle expat libevent ]
+    ++ lib.optionals withSystemd [ pkg-config systemd ]
+    ++ lib.optionals withDoH [ libnghttp2 ];

  configureFlags = [
    "--with-ssl=${openssl.dev}"
@ -47,6 +52,8 @@ stdenv.mkDerivation rec {
    "--disable-flto"
  ] ++ lib.optionals withSystemd [
    "--enable-systemd"
+  ] ++ lib.optionals withDoH [
+    "--with-libnghttp2=${libnghttp2.dev}"
  ];

  installFlags = [ "configfile=\${out}/etc/unbound/unbound.conf" ];