dnschain nixos module: init

This commit is contained in:
Thomas Strobel 2015-09-10 18:10:06 +02:00
parent 8db7c14e56
commit 684cd17ff5
3 changed files with 113 additions and 0 deletions

View File

@ -230,6 +230,7 @@
shout = 206;
gateone = 207;
namecoin = 208;
dnschain = 209;
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
@ -438,6 +439,7 @@
#shout = 206; #unused
gateone = 207;
namecoin = 208;
#dnschain = 209; #unused
# When adding a gid, make sure it doesn't match an existing
# uid. Users and groups with the same name should have equal

View File

@ -275,6 +275,7 @@
./services/networking/ddclient.nix
./services/networking/dhcpcd.nix
./services/networking/dhcpd.nix
./services/networking/dnschain.nix
./services/networking/dnscrypt-proxy.nix
./services/networking/dnsmasq.nix
./services/networking/docker-registry-server.nix

View File

@ -0,0 +1,110 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services;
dnschainConf = pkgs.writeText "dnschain.conf" ''
[log]
level=info
[dns]
host = 127.0.0.1
port = 5333
oldDNSMethod = NO_OLD_DNS
# TODO: check what that address is acutally used for
externalIP = 127.0.0.1
[http]
host = 127.0.0.1
port=8088
tlsPort=4443
'';
in
{
###### interface
options = {
services.dnschain = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to run dnschain. That implies running
namecoind as well, so make sure to configure
it appropriately.
'';
};
};
services.dnsmasq = {
resolveDnschainQueries = mkOption {
type = types.bool;
default = false;
description = ''
Resolve <literal>.bit</literal> top-level domains
with dnschain and namecoind.
'';
};
};
};
###### implementation
config = mkIf cfg.dnschain.enable {
services.namecoind.enable = true;
services.dnsmasq.servers = optionals cfg.dnsmasq.resolveDnschainQueries [ "/.bit/127.0.0.1#5333" ];
users.extraUsers = singleton
{ name = "dnschain";
uid = config.ids.uids.dnschain;
extraGroups = [ "namecoin" ];
description = "Dnschain daemon user";
home = "/var/lib/dnschain";
createHome = true;
};
systemd.services.dnschain = {
description = "Dnschain Daemon";
after = [ "namecoind.target" ];
wantedBy = [ "multi-user.target" ];
path = [ pkgs.openssl ];
preStart = ''
# Link configuration file into dnschain HOME directory
if [ "$(${pkgs.coreutils}/bin/realpath /var/lib/dnschain/.dnschain.conf)" != "${dnschainConf}" ]; then
rm -rf /var/lib/dnschain/.dnschain.conf
ln -s ${dnschainConf} /var/lib/dnschain/.dnschain.conf
fi
# Create empty namecoin.conf so that dnschain is not
# searching for /etc/namecoin/namecoin.conf
if [ ! -e /var/lib/dnschain/.namecoin/namecoin.conf ]; then
mkdir -p /var/lib/dnschain/.namecoin
touch /var/lib/dnschain/.namecoin/namecoin.conf
fi
'';
serviceConfig = {
Type = "simple";
User = "dnschain";
EnvironmentFile = config.services.namecoind.userFile;
ExecStart = "${pkgs.dnschain}/bin/dnschain --rpcuser=\${USER} --rpcpassword=\${PASSWORD} --rpcport=8336";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
ExecStop = "${pkgs.coreutils}/bin/kill -KILL $MAINPID";
};
};
};
}