ilyakooo0/nixpkgs
1
0
Fork 0
mirror of https://github.com/ilyakooo0/nixpkgs.git synced 2024-11-16 18:37:04 +03:00
Code Issues Projects Releases Wiki Activity

nixos/powerdns: use upstream systemd unit

Browse Source
This commit is contained in:
Aaron Andersen 2020-10-14 20:25:38 -04:00
parent 603f0dcae8
commit 4f5d3794d3
1 changed files with 19 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
nixos/modules/services/networking/powerdns.nix
View File

@ -8,42 +8,40 @@ let
in {
options = {
services.powerdns = {
enable = mkEnableOption "Powerdns domain name server";
enable = mkEnableOption "PowerDNS domain name server";
extraConfig = mkOption {
type = types.lines;
default = "launch=bind";
description = ''
Extra lines to be added verbatim to pdns.conf.
Powerdns will chroot to /var/lib/powerdns.
So any file, powerdns is supposed to be read,
should be in /var/lib/powerdns and needs to specified
relative to the chroot.
PowerDNS configuration. Refer to
<link xlink:href="https://doc.powerdns.com/authoritative/settings.html"/>
for details on supported values.
'';
};
};
};
config = mkIf config.services.powerdns.enable {
config = mkIf cfg.enable {
systemd.packages = [ pkgs.powerdns ];
systemd.services.pdns = {
unitConfig.Documentation = "man:pdns_server(1) man:pdns_control(1)";
description = "Powerdns name server";
wantedBy = [ "multi-user.target" ];
after = ["network.target" "mysql.service" "postgresql.service" "openldap.service"];
after = [ "network.target" "mysql.service" "postgresql.service" "openldap.service" ];
serviceConfig = {
Restart="on-failure";
RestartSec="1";
StartLimitInterval="0";
PrivateDevices=true;
CapabilityBoundingSet="CAP_CHOWN CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT";
NoNewPrivileges=true;
ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p /var/lib/powerdns";
ExecStart = "${pkgs.powerdns}/bin/pdns_server --setuid=nobody --setgid=nogroup --chroot=/var/lib/powerdns --socket-dir=/ --daemon=no --guardian=no --disable-syslog --write-pid=no --config-dir=${configDir}";
ProtectSystem="full";
ProtectHome=true;
RestrictAddressFamilies="AF_UNIX AF_INET AF_INET6";
ExecStart = [ "" "${pkgs.powerdns}/bin/pdns_server --config-dir=${configDir} --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no" ];
};
};
users.users.pdns = {
isSystemUser = true;
group = "pdns";
description = "PowerDNS";
};
users.groups.pdns = {};
};
}