diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index 0d7b1c4f222f..6819f3ac0ec6 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -230,6 +230,7 @@ shout = 206; gateone = 207; namecoin = 208; + dnschain = 209; # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! @@ -438,6 +439,7 @@ #shout = 206; #unused gateone = 207; namecoin = 208; + #dnschain = 209; #unused # When adding a gid, make sure it doesn't match an existing # uid. Users and groups with the same name should have equal diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 17243882e77d..f1494c3b4afb 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -275,6 +275,7 @@ ./services/networking/ddclient.nix ./services/networking/dhcpcd.nix ./services/networking/dhcpd.nix + ./services/networking/dnschain.nix ./services/networking/dnscrypt-proxy.nix ./services/networking/dnsmasq.nix ./services/networking/docker-registry-server.nix diff --git a/nixos/modules/services/networking/dnschain.nix b/nixos/modules/services/networking/dnschain.nix new file mode 100644 index 000000000000..f17f8c832ee4 --- /dev/null +++ b/nixos/modules/services/networking/dnschain.nix @@ -0,0 +1,110 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services; + + dnschainConf = pkgs.writeText "dnschain.conf" '' + [log] + level=info + + [dns] + host = 127.0.0.1 + port = 5333 + oldDNSMethod = NO_OLD_DNS + # TODO: check what that address is acutally used for + externalIP = 127.0.0.1 + + [http] + host = 127.0.0.1 + port=8088 + tlsPort=4443 + ''; + +in + +{ + + ###### interface + + options = { + + services.dnschain = { + + enable = mkOption { + type = types.bool; + default = false; + description = '' + Whether to run dnschain. That implies running + namecoind as well, so make sure to configure + it appropriately. + ''; + }; + + }; + + services.dnsmasq = { + resolveDnschainQueries = mkOption { + type = types.bool; + default = false; + description = '' + Resolve .bit top-level domains + with dnschain and namecoind. + ''; + }; + + }; + + }; + + + ###### implementation + + config = mkIf cfg.dnschain.enable { + + services.namecoind.enable = true; + + services.dnsmasq.servers = optionals cfg.dnsmasq.resolveDnschainQueries [ "/.bit/127.0.0.1#5333" ]; + + users.extraUsers = singleton + { name = "dnschain"; + uid = config.ids.uids.dnschain; + extraGroups = [ "namecoin" ]; + description = "Dnschain daemon user"; + home = "/var/lib/dnschain"; + createHome = true; + }; + + systemd.services.dnschain = { + description = "Dnschain Daemon"; + after = [ "namecoind.target" ]; + wantedBy = [ "multi-user.target" ]; + path = [ pkgs.openssl ]; + preStart = '' + # Link configuration file into dnschain HOME directory + if [ "$(${pkgs.coreutils}/bin/realpath /var/lib/dnschain/.dnschain.conf)" != "${dnschainConf}" ]; then + rm -rf /var/lib/dnschain/.dnschain.conf + ln -s ${dnschainConf} /var/lib/dnschain/.dnschain.conf + fi + + # Create empty namecoin.conf so that dnschain is not + # searching for /etc/namecoin/namecoin.conf + if [ ! -e /var/lib/dnschain/.namecoin/namecoin.conf ]; then + mkdir -p /var/lib/dnschain/.namecoin + touch /var/lib/dnschain/.namecoin/namecoin.conf + fi + ''; + serviceConfig = { + Type = "simple"; + User = "dnschain"; + EnvironmentFile = config.services.namecoind.userFile; + ExecStart = "${pkgs.dnschain}/bin/dnschain --rpcuser=\${USER} --rpcpassword=\${PASSWORD} --rpcport=8336"; + ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; + ExecStop = "${pkgs.coreutils}/bin/kill -KILL $MAINPID"; + }; + }; + + }; + +}