ilyakooo0/nixpkgs
1
0
Fork 0
mirror of https://github.com/ilyakooo0/nixpkgs.git synced 2024-11-17 06:06:13 +03:00
Code Issues Projects Releases Wiki Activity

nixos/kresd: add listenDoH option

Browse Source
This commit is contained in:
Jörg Thalheim 2020-01-23 19:19:14 +00:00
parent bfa278ee5a
commit 2685806371
No known key found for this signature in database
GPG Key ID: 003F2096411B5F92
1 changed files with 29 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
nixos/modules/services/networking/kresd.nix
View File

@ -5,12 +5,15 @@ with lib;
let
cfg = config.services.kresd;
package = pkgs.knot-resolver;
configFile = pkgs.writeText "kresd.conf" ''
${optionalString (cfg.listenDoH != []) "modules.load('http')"}
${cfg.extraConfig};
'';
configFile = pkgs.writeText "kresd.conf" cfg.extraConfig;
in
{
package = pkgs.knot-resolver.override {
extraFeatures = cfg.listenDoH != [];
};
in {
meta.maintainers = [ maintainers.vcunat /* upstream developer */ ];
imports = [
@ -67,6 +70,15 @@ in
For detailed syntax see ListenStream in man systemd.socket.
'';
};
listenDoH = mkOption {
type = with types; listOf str;
default = [];
example = [ "198.51.100.1:443" "[2001:db8::1]:443" "443" ];
description = ''
Addresses and ports on which kresd should provide DNS over HTTPS (see RFC 7858).
For detailed syntax see ListenStream in man systemd.socket.
'';
};
# TODO: perhaps options for more common stuff like cache size or forwarding
};
@ -104,6 +116,18 @@ in
};
};
systemd.sockets.kresd-doh = mkIf (cfg.listenDoH != []) rec {
wantedBy = [ "sockets.target" ];
before = wantedBy;
partOf = [ "kresd.socket" ];
listenStreams = cfg.listenDoH;
socketConfig = {
FileDescriptorName = "doh";
FreeBind = true;
Service = "kresd.service";
};
};
systemd.sockets.kresd-control = rec {
wantedBy = [ "sockets.target" ];
before = wantedBy;