powerdns: init at 4.0.1

fixes #18703

nixos/modules/module-list.nix

@@ -386,6 +386,7 @@
   ./services/networking/ostinato.nix
   ./services/networking/pdnsd.nix
   ./services/networking/polipo.nix
+  ./services/networking/powerdns.nix
   ./services/networking/pptpd.nix
   ./services/networking/prayer.nix
   ./services/networking/privoxy.nix

nixos/modules/services/networking/powerdns.nix

@@ -0,0 +1,50 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.services.powerdns;
+  configDir = pkgs.writeTextDir "pdns.conf" "${cfg.extraConfig}";
+in {
+  options = {
+    services.powerdns = {
+      enable = mkEnableOption "Powerdns domain name server";
+
+      extraConfig = mkOption {
+        type = types.lines;
+        default = "launch=bind";
+        description = ''
+          Extra lines to be added verbatim to pdns.conf.
+          Powerdns will chroot to /var/lib/powerdns.
+          So any file, powerdns is supposed to be read,
+          should be in /var/lib/powerdns and needs to specified
+          relative to the chroot.
+        '';
+      };
+    };
+  };
+
+  config = mkIf config.services.powerdns.enable {
+    systemd.services.pdns = {
+      unitConfig.Documentation = "man:pdns_server(1) man:pdns_control(1)";
+      description = "Powerdns name server";
+      wantedBy = [ "multi-user.target" ];
+      after = ["network.target" "mysql.service" "postgresql.service" "openldap.service"];
+
+      serviceConfig = {
+        Restart="on-failure";
+        RestartSec="1";
+        StartLimitInterval="0";
+        PrivateTmp=true;
+        PrivateDevices=true;
+        CapabilityBoundingSet="CAP_CHOWN CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT";
+        NoNewPrivileges=true;
+        ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p /var/lib/powerdns";
+        ExecStart = "${pkgs.powerdns}/bin/pdns_server --setuid=nobody --setgid=nogroup --chroot=/var/lib/powerdns --socket-dir=/ --daemon=no --guardian=no --disable-syslog --write-pid=no --config-dir=${configDir}";
+        ProtectSystem="full";
+        ProtectHome=true;
+        RestrictAddressFamilies="AF_UNIX AF_INET AF_INET6";
+      };
+    };
+  };
+}

pkgs/servers/dns/powerdns/default.nix

@@ -0,0 +1,41 @@
+{ stdenv, fetchurl, pkgconfig,
+  boost, libyamlcpp, libsodium, sqlite, protobuf,
+  libmysql, postgresql, lua, openldap, geoip, curl
+}:
+
+stdenv.mkDerivation rec {
+  name = "powerdns-${version}";
+  version = "4.0.1";
+
+  src = fetchurl {
+    url = "http://downloads.powerdns.com/releases/pdns-${version}.tar.bz2";
+    sha256 = "1mzdj5077cn6cip51sxknz5hx0cyqlsrix39b7l30i36lvafx4fi";
+  };
+
+  buildInputs = [ boost libmysql postgresql lua openldap sqlite protobuf geoip libyamlcpp pkgconfig libsodium curl ];
+
+  # nix destroy with-modules arguments, when using configureFlags
+  preConfigure = ''
+    configureFlagsArray=(
+      "--with-modules=bind gmysql geoip gpgsql gsqlite3 ldap lua pipe random remote"
+      --with-sqlite3
+      --with-socketdir=/var/lib/powerdns
+      --enable-libsodium
+      --enable-tools
+      --disable-dependency-tracking
+      --disable-silent-rules
+      --enable-reproducible
+      --enable-unit-tests
+    )
+  '';
+  checkPhase = "make check";
+
+  meta = with stdenv.lib; {
+    description = "Authoritative DNS server";
+    homepage = http://www.powerdns.com/;
+    platforms = platforms.linux;
+    # cannot find postgresql libs on macos x
+    license = licenses.gpl2;
+    maintainers = [ maintainers.mic92 ];
+  };
+}

pkgs/top-level/all-packages.nix

@@ -11668,6 +11668,8 @@ in
 
   policycoreutils = callPackage ../os-specific/linux/policycoreutils { };
 
+  powerdns = callPackage ../servers/dns/powerdns { };
+
   powertop = callPackage ../os-specific/linux/powertop { };
 
   prayer = callPackage ../servers/prayer { };