mirror of
https://github.com/ilyakooo0/nixpkgs.git
synced 2024-12-25 12:22:37 +03:00
dnschain nixos module: init
This commit is contained in:
parent
8db7c14e56
commit
684cd17ff5
@ -230,6 +230,7 @@
|
||||
shout = 206;
|
||||
gateone = 207;
|
||||
namecoin = 208;
|
||||
dnschain = 209;
|
||||
|
||||
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
|
||||
|
||||
@ -438,6 +439,7 @@
|
||||
#shout = 206; #unused
|
||||
gateone = 207;
|
||||
namecoin = 208;
|
||||
#dnschain = 209; #unused
|
||||
|
||||
# When adding a gid, make sure it doesn't match an existing
|
||||
# uid. Users and groups with the same name should have equal
|
||||
|
@ -275,6 +275,7 @@
|
||||
./services/networking/ddclient.nix
|
||||
./services/networking/dhcpcd.nix
|
||||
./services/networking/dhcpd.nix
|
||||
./services/networking/dnschain.nix
|
||||
./services/networking/dnscrypt-proxy.nix
|
||||
./services/networking/dnsmasq.nix
|
||||
./services/networking/docker-registry-server.nix
|
||||
|
110
nixos/modules/services/networking/dnschain.nix
Normal file
110
nixos/modules/services/networking/dnschain.nix
Normal file
@ -0,0 +1,110 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services;
|
||||
|
||||
dnschainConf = pkgs.writeText "dnschain.conf" ''
|
||||
[log]
|
||||
level=info
|
||||
|
||||
[dns]
|
||||
host = 127.0.0.1
|
||||
port = 5333
|
||||
oldDNSMethod = NO_OLD_DNS
|
||||
# TODO: check what that address is acutally used for
|
||||
externalIP = 127.0.0.1
|
||||
|
||||
[http]
|
||||
host = 127.0.0.1
|
||||
port=8088
|
||||
tlsPort=4443
|
||||
'';
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
|
||||
###### interface
|
||||
|
||||
options = {
|
||||
|
||||
services.dnschain = {
|
||||
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to run dnschain. That implies running
|
||||
namecoind as well, so make sure to configure
|
||||
it appropriately.
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
services.dnsmasq = {
|
||||
resolveDnschainQueries = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Resolve <literal>.bit</literal> top-level domains
|
||||
with dnschain and namecoind.
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
|
||||
###### implementation
|
||||
|
||||
config = mkIf cfg.dnschain.enable {
|
||||
|
||||
services.namecoind.enable = true;
|
||||
|
||||
services.dnsmasq.servers = optionals cfg.dnsmasq.resolveDnschainQueries [ "/.bit/127.0.0.1#5333" ];
|
||||
|
||||
users.extraUsers = singleton
|
||||
{ name = "dnschain";
|
||||
uid = config.ids.uids.dnschain;
|
||||
extraGroups = [ "namecoin" ];
|
||||
description = "Dnschain daemon user";
|
||||
home = "/var/lib/dnschain";
|
||||
createHome = true;
|
||||
};
|
||||
|
||||
systemd.services.dnschain = {
|
||||
description = "Dnschain Daemon";
|
||||
after = [ "namecoind.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
path = [ pkgs.openssl ];
|
||||
preStart = ''
|
||||
# Link configuration file into dnschain HOME directory
|
||||
if [ "$(${pkgs.coreutils}/bin/realpath /var/lib/dnschain/.dnschain.conf)" != "${dnschainConf}" ]; then
|
||||
rm -rf /var/lib/dnschain/.dnschain.conf
|
||||
ln -s ${dnschainConf} /var/lib/dnschain/.dnschain.conf
|
||||
fi
|
||||
|
||||
# Create empty namecoin.conf so that dnschain is not
|
||||
# searching for /etc/namecoin/namecoin.conf
|
||||
if [ ! -e /var/lib/dnschain/.namecoin/namecoin.conf ]; then
|
||||
mkdir -p /var/lib/dnschain/.namecoin
|
||||
touch /var/lib/dnschain/.namecoin/namecoin.conf
|
||||
fi
|
||||
'';
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
User = "dnschain";
|
||||
EnvironmentFile = config.services.namecoind.userFile;
|
||||
ExecStart = "${pkgs.dnschain}/bin/dnschain --rpcuser=\${USER} --rpcpassword=\${PASSWORD} --rpcport=8336";
|
||||
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
|
||||
ExecStop = "${pkgs.coreutils}/bin/kill -KILL $MAINPID";
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
}
|
Loading…
Reference in New Issue
Block a user