diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index 280e8d7238b8..5b4cb54517ca 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -218,6 +218,7 @@ plex = 193; bird = 195; grafana = 196; + skydns = 197; # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! @@ -414,6 +415,7 @@ sabnzbd = 194; bird = 195; #grafana = 196; #unused + #skydns = 197; #unused # When adding a gid, make sure it doesn't match an existing # uid. Users and groups with the same name should have equal diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 6225c568dfc5..fa39a5d94321 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -318,6 +318,7 @@ ./services/networking/sabnzbd.nix ./services/networking/searx.nix ./services/networking/seeks.nix + ./services/networking/skydns.nix ./services/networking/spiped.nix ./services/networking/sslh.nix ./services/networking/ssh/lshd.nix diff --git a/nixos/modules/services/networking/skydns.nix b/nixos/modules/services/networking/skydns.nix new file mode 100644 index 000000000000..2d0129d63101 --- /dev/null +++ b/nixos/modules/services/networking/skydns.nix @@ -0,0 +1,91 @@ +{ config, pkgs, lib, ... }: + +with lib; + +let + cfg = config.services.skydns; + +in { + options.services.skydns = { + enable = mkEnableOption "Whether to enable skydns service."; + + etcd = { + machines = mkOption { + default = [ "http://localhost:4001" ]; + type = types.listOf types.str; + description = "Skydns list of etcd endpoints to connect to."; + }; + + tlsKey = mkOption { + default = null; + type = types.nullOr types.path; + description = "Skydns path of TLS client certificate - private key."; + }; + + tlsPem = mkOption { + default = null; + type = types.nullOr types.path; + description = "Skydns path of TLS client certificate - public key."; + }; + + caCert = mkOption { + default = null; + type = types.nullOr types.path; + description = "Skydns path of TLS certificate authority public key."; + }; + }; + + address = mkOption { + default = "0.0.0.0:53"; + type = types.str; + description = "Skydns address to bind to."; + }; + + domain = mkOption { + default = "skydns.local."; + type = types.str; + description = "Skydns default domain if not specified by etcd config."; + }; + + nameservers = mkOption { + default = map (n: n + ":53") config.networking.nameservers; + type = types.listOf types.str; + description = "Skydns list of nameservers to forward DNS requests to when not authoritative for a domain."; + example = ["8.8.8.8:53" "8.8.4.4:53"]; + }; + + package = mkOption { + default = pkgs.goPackages.skydns; + type = types.package; + description = "Skydns package to use."; + }; + + extraConfig = mkOption { + default = {}; + type = types.attrsOf types.str; + description = "Skydns attribute set of extra config options passed as environemnt variables."; + }; + }; + + config = mkIf (cfg.enable) { + systemd.services.skydns = { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" "etcd.service" ]; + description = "Skydns Service"; + environment = { + ETCD_MACHINES = concatStringsSep "," cfg.etcd.machines; + ETCD_TLSKEY = cfg.etcd.tlsKey; + ETCD_TLSPEM = cfg.etcd.tlsPem; + ETCD_CACERT = cfg.etcd.caCert; + SKYDNS_ADDR = cfg.address; + SKYDNS_DOMAIN = cfg.domain; + SKYDNS_NAMESERVER = concatStringsSep "," cfg.nameservers; + }; + serviceConfig = { + ExecStart = "${cfg.package}/bin/skydns"; + }; + }; + + environment.systemPackages = [ cfg.package ]; + }; +}