ilyakooo0/nixpkgs
1
0
Fork 0
mirror of https://github.com/ilyakooo0/nixpkgs.git synced 2024-11-18 02:05:51 +03:00
Code Issues Projects Releases Wiki Activity

dnschain service: overhaul option interface & implementation

Browse Source 
Closes https://github.com/NixOS/nixpkgs/pull/22041
This commit is contained in:
rnhmjoj 2017-01-18 19:47:29 +01:00 committed by Joachim Fasting
parent 0788889220
commit f7d49037a4
No known key found for this signature in database
GPG Key ID: 7544761007FE4E08
1 changed files with 119 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

181
nixos/modules/services/networking/dnschain.nix
View File

@ -3,23 +3,28 @@
with lib;
let
cfg = config.services;
cfgs = config.services;
cfg = cfgs.dnschain;
dnschainConf = pkgs.writeText "dnschain.conf" ''
dataDir = "/var/lib/dnschain";
username = "dnschain";
configFile = pkgs.writeText "dnschain.conf" ''
[log]
level=info
level = info
[dns]
host = 127.0.0.1
port = 5333
host = ${cfg.dns.address}
port = ${toString cfg.dns.port}
oldDNSMethod = NO_OLD_DNS
# TODO: check what that address is acutally used for
externalIP = 127.0.0.1
externalIP = ${cfg.dns.address}
[http]
host = 127.0.0.1
port=8088
tlsPort=4443
host = ${cfg.api.hostname}
port = ${toString cfg.api.port}
tlsPort = ${toString cfg.api.tlsPort}
${cfg.extraConfig}
'';
in
@ -32,28 +37,81 @@ in
services.dnschain = {
enable = mkOption {
type = types.bool;
default = false;
enable = mkEnableOption ''
DNSChain, a blockchain based DNS + HTTP server.
To resolve .bit domains set <literal>services.namecoind.enable = true;</literal>
and an RPC username/password.
'';
dns.address = mkOption {
type = types.str;
default = "127.0.0.1";
description = ''
Whether to run dnschain. That implies running
namecoind as well, so make sure to configure
it appropriately.
The IP address that will be used to reach this machine.
Leave this unchanged if you do not wish to directly expose the DNSChain resolver.
'';
};
dns.port = mkOption {
type = types.int;
default = 5333;
description = ''
The port the DNSChain resolver will bind to.
'';
};
api.hostname = mkOption {
type = types.str;
default = "0.0.0.0";
description = ''
The hostname (or IP address) the DNSChain API server will bind to.
'';
};
api.port = mkOption {
type = types.int;
default = 8080;
description = ''
The port the DNSChain API server (HTTP) will bind to.
'';
};
api.tlsPort = mkOption {
type = types.int;
default = 4433;
description = ''
The port the DNSChain API server (HTTPS) will bind to.
'';
};
extraConfig = mkOption {
type = types.lines;
default = "";
example = ''
[log]
level = debug
'';
description = ''
Additional options that will be appended to the configuration file.
'';
};
};
services.dnsmasq = {
resolveDnschainQueries = mkOption {
type = types.bool;
default = false;
description = ''
Resolve <literal>.bit</literal> top-level domains
with dnschain and namecoind.
'';
};
services.dnsmasq.resolveDNSChainQueries = mkOption {
type = types.bool;
default = false;
description = ''
Resolve <literal>.bit</literal> top-level domains using DNSChain and namecoin.
'';
};
services.pdns-recursor.resolveDNSChainQueries = mkOption {
type = types.bool;
default = false;
description = ''
Resolve <literal>.bit</literal> top-level domains using DNSChain and namecoin.
'';
};
};
@ -61,48 +119,47 @@ in
###### implementation
config = mkIf cfg.dnschain.enable {
config = mkIf cfg.enable {
services.namecoind.enable = true;
services.dnsmasq.servers = optionals cfgs.dnsmasq.resolveDNSChainQueries
[ "/.bit/127.0.0.1#${toString cfg.dns.port}"
"/.dns/127.0.0.1#${toString cfg.dns.port}"
];
services.dnsmasq.servers = optionals cfg.dnsmasq.resolveDnschainQueries [ "/.bit/127.0.0.1#5333" ];
users.extraUsers = singleton
{ name = "dnschain";
uid = config.ids.uids.dnschain;
extraGroups = [ "namecoin" ];
description = "Dnschain daemon user";
home = "/var/lib/dnschain";
createHome = true;
services.pdns-recursor.forwardZones = mkIf cfgs.pdns-recursor.resolveDNSChainQueries
{ bit = "127.0.0.1:${toString cfg.dns.port}";
dns = "127.0.0.1:${toString cfg.dns.port}";
};
systemd.services.dnschain = {
description = "Dnschain Daemon";
after = [ "namecoind.target" ];
wantedBy = [ "multi-user.target" ];
path = [ pkgs.openssl ];
preStart = ''
# Link configuration file into dnschain HOME directory
if [ "$(${pkgs.coreutils}/bin/realpath /var/lib/dnschain/.dnschain.conf)" != "${dnschainConf}" ]; then
rm -rf /var/lib/dnschain/.dnschain.conf
ln -s ${dnschainConf} /var/lib/dnschain/.dnschain.conf
fi
users.extraUsers = singleton {
name = username;
description = "DNSChain daemon user";
home = dataDir;
createHome = true;
uid = config.ids.uids.dnschain;
extraGroups = optional cfgs.namecoind.enable "namecoin";
};
# Create empty namecoin.conf so that dnschain is not
# searching for /etc/namecoin/namecoin.conf
if [ ! -e /var/lib/dnschain/.namecoin/namecoin.conf ]; then
mkdir -p /var/lib/dnschain/.namecoin
touch /var/lib/dnschain/.namecoin/namecoin.conf
fi
'';
serviceConfig = {
Type = "simple";
User = "dnschain";
EnvironmentFile = config.services.namecoind.userFile;
ExecStart = "${pkgs.dnschain}/bin/dnschain --rpcuser=\${USER} --rpcpassword=\${PASSWORD} --rpcport=8336";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
ExecStop = "${pkgs.coreutils}/bin/kill -KILL $MAINPID";
};
systemd.services.dnschain = {
description = "DNSChain daemon";
after = optional cfgs.namecoind.enable "namecoind.target";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = "dnschain";
Restart = "on-failure";
ExecStart = "${pkgs.dnschain}/bin/dnschain";
};
preStart = ''
# Link configuration file into dnschain home directory
configPath=${dataDir}/.dnschain/dnschain.conf
mkdir -p ${dataDir}/.dnschain
if [ "$(realpath $configPath)" != "${configFile}" ]; then
rm -f $configPath
ln -s ${configFile} $configPath
fi
'';
};
};